All of my microsoft office icons changed

[jbobo348]

I've ran avast and malwarebytes on my computer and they both found stuff. But all of my microsoft office documents icons are still messed up. I can open them but they look like the picture that I've attached.  Under my C: Drive I have a bunch of weird folders that have names like 2fb70cb04af271d2e88aed21f2521910 and there is about 30 folders like that. Inside the one that I just gave you it has $shtdwn$.req, MRT, mrt.exe._p, and mrtstub. Please help!

[kevinf80]

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Please open Malwarebytes Anti-Malware.

• On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". <---- Very Important
• Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• With some infections, you may or may not see this message box.
  
          'Could not load DDA driver'
• Click 'Yes' to this message, to allow the driver to load after a restart.
• Allow the computer to restart. Continue with the rest of these instructions.
• When the scan is complete, click Apply Actions.
• Wait for the prompt to restart the computer to appear, then click on Yes.
• After the restart once you are back at your desktop, open MBAM once more.
  

To get the log from Malwarebytes do the following:

• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click Export > From export you have three options:
  
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
• Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
  

If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

• Double-click mbam-setup and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish. Follow the instructions above....
  

Next,

Download AdwCleaner by Xplode onto your Desktop.

• Double click on Adwcleaner.exe to run the tool.
• Click on the Scan in the Actions box
• Please wait fot the scan to finish..
• When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
• Click on the Cleaning box.
• Next click OK on the "Closing Programs" pop up box.
• Click OK on the Information box & again OK to allow the necessary reboot
• After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...
  

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
• Make sure Addition.txt is checkmarked under "Optional scans"
• Press Scan button to run the tool....
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The tool will also make a log named (Addition.txt) Please attach those logs to your reply.
  

Let me see those logs in your next reply...

Thank you,

Kevin...
 

[jbobo348]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 2/12/2016

Scan Time: 8:09 AM

Logfile: 

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2016.02.12.02

Rootkit Database: v2016.02.08.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x86

File System: NTFS

User: Lena

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 337986

Time Elapsed: 52 min, 55 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[jbobo348]

# AdwCleaner v5.033 - Logfile created 12/02/2016 at 09:29:06

# Updated 07/02/2016 by Xplode

# Database : 2016-02-07.2 [server]

# Operating system : Windows 7 Professional Service Pack 1 (x86)

# Username : Lena - LENA-PC

# Running from : C:\Users\Lena\Desktop\Downloads\AdwCleaner.exe

# Option : Cleaning

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

[-] Service Deleted : YahooAUService

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\Program Files\Yahoo!\Companion

[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

[-] Folder Deleted : C:\ProgramData\AVG Secure Search

[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar

[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

[-] Folder Deleted : C:\Users\Lena\AppData\LocalLow\Conduit

[-] Folder Deleted : C:\Users\Lena\AppData\LocalLow\wiseconvert

[-] Folder Deleted : C:\Users\Lena\AppData\LocalLow\Yahoo!\Companion

[-] Folder Deleted : C:\Users\Lena\AppData\LocalLow\YahooCouponAddOn

 

***** [ Files ] *****

 

 

***** [ DLLs ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll

[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh

[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKCU\Software\Yahoo\Companion

[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar

[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar

[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion

[-] Key Deleted : HKLM\SOFTWARE\SearchquMediabarTb

[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}

[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion

[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\YFriendsBar

[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD

[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD

[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com

 

***** [ Web browsers ] *****

 

 

*************************

 

:: "Tracing" keys removed

:: Winsock settings cleared

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5317 bytes] ##########

[jbobo348]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-02-2016

Ran by Lena (2016-02-12 09:46:54)

Running from C:\Users\Lena\Desktop\Downloads

Microsoft Windows 7 Professional  Service Pack 1 (X86) (2010-05-12 20:49:10)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-4116772418-655162160-1753580222-500 - Administrator - Disabled)

Guest (S-1-5-21-4116772418-655162160-1753580222-501 - Limited - Disabled)

Lena (S-1-5-21-4116772418-655162160-1753580222-1000 - Administrator - Enabled) => C:\Users\Lena

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)

Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)

AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6189 - AVG Technologies)

AVG 2015 (Version: 15.0.4522 - AVG Technologies) Hidden

AVG 2015 (Version: 15.0.6189 - AVG Technologies) Hidden

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)

Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)

DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)

EA Download Manager (HKLM\...\EA Download Manager) (Version: 6.0.4.124 - Electronic Arts, Inc.)

EA Download Manager UI (HKLM\...\com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 6.0.4.124 - Electronic Arts)

EA Download Manager UI (Version: 6.0.4 - Electronic Arts) Hidden

Fitbit Connect (HKLM\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)

Garmin Communicator Plugin (HKLM\...\{8ED02445-D491-414C-A56D-2ED6BBB7239A}) (Version: 3.0.1 - Garmin Ltd or its subsidiaries)

Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)

Google Chrome (HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden

GoToMeeting 5.5.0.1133 (HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\GoToMeeting) (Version: 5.5.0.1133 - CitrixOnline)

HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{ECB35FFA-B010-45C5-9AB5-665AC7E27EE2}) (Version: 22.0.334.0 - Hewlett-Packard Co.)

HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)

HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{6BE73D27-5ADC-4AD9-B619-8F5188AFCF9F}) (Version: 22.0.334.0 - Hewlett-Packard Co.)

HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)

HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)

iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)

iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)

MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.)

Online Plug-in (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden

QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)

Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

Self-service Plug-in (Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)

Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

The Sims™ 2 Double Deluxe (HKLM\...\{C22E50B4-B9D0-4a07-B1F3-12362514FEA7}) (Version:  - Electronic Arts)

VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)

Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Chrome\Application\48.0.2564.109\delegate_execute.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1133\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {02F6C99D-B22A-4606-865C-EE94C1FE40CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {0E3C0F78-0722-4E40-9AC8-0C462F1D631E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {11407B25-2166-4023-9730-3A4A3998BD4D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-02-08] (AVAST Software)

Task: {20F40C46-F336-47D2-8195-8B0AF7929C21} - System32\Tasks\{7C23255D-7CA3-4BAD-8E98-A7F21788A2D8} => Chrome.exe 

Task: {2788CCCF-AAE1-4616-A0F6-4E8789A598A1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-08] (AVAST Software)

Task: {3650B140-5163-41AB-BAE6-0E5862E1549F} - System32\Tasks\{052C07D6-8C92-4345-A445-5DD5A94CFC5C} => C:\Program Files\iTunes\iTunes.exe [2015-08-13] (Apple Inc.)

Task: {3B3C326D-7574-423E-80E5-87261232107C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {3FDE49BC-2A1A-45F2-9EE2-0FCCC7FE7104} - System32\Tasks\{FDFAB59F-A8D3-4691-84FD-515401945059} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.2.0.169.404&LastError=12002

Task: {435B97A3-A6F7-48AB-B767-8355E68D02CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4116772418-655162160-1753580222-1000Core => C:\Users\Lena\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {4E811D86-3B1D-43C2-A42D-F966E87E36A3} - System32\Tasks\{C48279B2-756F-4D7F-97D0-DCBED8E06F75} => C:\Program Files\AVG\AVG2015\avgui.exe [2016-02-04] (AVG Technologies CZ, s.r.o.)

Task: {53F24067-2C0A-4477-B156-6A1A6D01FCD9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4116772418-655162160-1753580222-1000UA => C:\Users\Lena\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {55380E5A-8003-4C1C-81DA-CAE7890C7DA6} - System32\Tasks\{55D8708A-F9F8-4C2E-8CBD-7896A4841EAC} => Chrome.exe 

Task: {62A3E549-4E75-499E-B878-4B0CAC9D25A4} - System32\Tasks\{AACF855E-BB48-47A9-979D-0424A9FEC0E8} => Chrome.exe 

Task: {6547248E-3ECD-442A-9BC1-A62146E524E0} - System32\Tasks\{E2925CD5-9C96-49F9-9020-41E90D156961} => Chrome.exe 

Task: {6924B4A1-36B8-4F70-923E-52A79A79646A} - System32\Tasks\{8CCC030A-9CD5-484E-B407-88C3D54491F2} => C:\Program Files\iTunes\iTunes.exe [2015-08-13] (Apple Inc.)

Task: {70BEA12D-4EB9-416A-927C-EC97F0770285} - System32\Tasks\{5E021C3D-0435-4AD5-9E61-6C942CF17F6B} => Chrome.exe 

Task: {7AFD50A8-F687-45B6-95BB-334B5FF1AFF0} - \DTReg -> No File <==== ATTENTION

Task: {80F594EA-95C4-4F54-9A33-A1B05E61E25A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {B2912FD8-321A-485C-9B6E-B2C935466178} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {B51ABEAC-4CBC-4491-8ED2-66700A48E93D} - System32\Tasks\{9ABC865F-A514-4A6D-9187-D6F9577E66CD} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)

Task: {C68E9A1C-593B-4141-AFBC-1478404E241D} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)

Task: {D55625E1-E29E-42C4-8184-066B0A26849E} - System32\Tasks\{B3868327-72DD-470F-96E9-EF52A50380C4} => Chrome.exe 

Task: {EF185EE2-8C13-4793-9216-34D667FBB113} - System32\Tasks\{06A1C31E-94A7-448B-9437-920864AF3CF4} => Chrome.exe 

Task: {FADDA327-A25C-4D0B-A980-64EB7977BD19} - \DTChk -> No File <==== ATTENTION

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4116772418-655162160-1753580222-1000Core.job => C:\Users\Lena\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4116772418-655162160-1753580222-1000UA.job => C:\Users\Lena\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2016-02-08 16:47 - 2016-02-08 16:47 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2016-02-08 16:47 - 2016-02-08 16:47 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-02-12 07:45 - 2016-02-12 07:45 - 02820096 _____ () C:\Program Files\AVAST Software\Avast\defs\16021200\algo.dll

2016-02-08 16:47 - 2016-02-08 16:47 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-10-13 05:46 - 2015-05-15 15:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2016-02-08 16:47 - 2016-02-08 16:47 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2016-02-10 13:24 - 2016-02-09 05:58 - 01632584 _____ () C:\Users\Lena\AppData\Local\Google\Chrome\Application\48.0.2564.109\libglesv2.dll

2016-02-10 13:24 - 2016-02-09 05:58 - 00087880 _____ () C:\Users\Lena\AppData\Local\Google\Chrome\Application\48.0.2564.109\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Users\Lena\Documents\2014 tax information.tiff:3or4kl4x13tuuug3Byamue2s4b

AlternateDataStreams: C:\Users\Lena\Documents\2014 tax information.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (4bb16ff2-b589-41d5-a684-3335b5e6443b) => ""="Service"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.104.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{0376279A-A2C3-46FA-997B-E97656EEF3F7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{543F4F21-9166-4898-BBA2-3D828C44A848}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe

FirewallRules: [uDP Query User{2689D0E9-A0A0-4B5A-8828-825DB13E5476}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe

FirewallRules: [{FC921B4C-735E-4B94-AAB5-9BD9B6F4BA98}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{4F3D5F29-E86E-4740-A4C1-2D422F826ECC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{A49047FA-5EA6-4123-BDEF-82E20E06D4ED}] => (Allow) C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe

FirewallRules: [{FB1FF30D-668D-4415-976F-FD97B5D14482}] => (Allow) C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe

FirewallRules: [{C3EC4B44-48DF-4601-B96B-4D9F513CDEFE}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

FirewallRules: [{24FE6280-4F3F-4CF4-86C0-A4EF76B15932}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe

FirewallRules: [{1FA4D3A6-7CD8-4A73-BCFE-765CAC2AE938}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe

FirewallRules: [{F20B5A04-F4B9-4CE7-B08F-CCDC7546809D}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{0115E73E-A39F-426F-9FEC-E425A78BEE6D}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{E29CC89C-BA16-421D-B77A-DB6B3B1F303E}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe

FirewallRules: [{4ED05BA0-08EA-4572-8093-57432E5D6F49}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe

FirewallRules: [{EF3395CF-DE6A-44A3-9E5B-1349D70DDEC4}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{A80A3B59-C697-47B9-92DA-FBFC91BA86E8}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{1287DA8B-0153-4800-91B8-40FF1F1B5FE6}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe

FirewallRules: [{016052BE-956D-4C7F-B60F-F0A0E778B5D0}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe

FirewallRules: [{1A98304D-4C0E-4CFD-8C84-6C99F3EB912D}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [TCP Query User{25323CB7-5E67-4D97-8892-3C80C11548A5}C:\users\lena\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\lena\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [uDP Query User{3ECF34BF-45EB-4A5F-AFF7-35E6B19C6A88}C:\users\lena\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\lena\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [TCP Query User{332E62E0-270B-4547-AFE4-7AB4202E4EB6}C:\users\lena\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\lena\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [uDP Query User{657EC60F-C343-404C-AE1A-E8549BA319FA}C:\users\lena\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\lena\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [{CDA0B3D3-1E70-4EB7-9E18-5A651C3CDA37}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe

FirewallRules: [{98F963FF-46EF-43CA-845D-9588C58727C8}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe

FirewallRules: [{5A8295EF-1EC7-4E9C-9EDA-107BDE0BA650}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{C1DE0C22-4935-4144-B454-740B9DEE112E}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{984BE290-A585-4AC6-ACE0-41BC1A01EBFC}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe

FirewallRules: [{D85B290F-E6BD-4403-94BB-55DD92DC12D5}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe

 

==================== Restore Points =========================

 

26-01-2016 15:27:43 Scheduled Checkpoint

27-01-2016 16:56:10 Windows Update

28-01-2016 09:11:32 Windows Update

04-02-2016 12:07:17 Scheduled Checkpoint

11-02-2016 14:12:27 Scheduled Checkpoint

12-02-2016 03:02:47 Windows Update

 

==================== Faulty Device Manager Devices =============

 

Name: Lexmark X422

Description: Lexmark X422

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: Lexmark

Service: usbscan

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/12/2016 03:56:02 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Web.DynamicData, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020

 

Error: (02/12/2016 03:51:52 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: ehshell, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020

 

Error: (02/12/2016 03:06:29 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1c48

 

Start Time: 01d1657136cf4d29

 

Termination Time: 156

 

Application Path: C:\Users\Lena\Desktop\Downloads\OTL.exe

 

Report Id:

 

Error: (02/11/2016 09:15:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 58410862

 

Error: (02/11/2016 09:15:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 58410862

 

Error: (02/11/2016 09:15:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/08/2016 04:59:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 31652

 

Error: (02/08/2016 04:59:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 31652

 

Error: (02/08/2016 04:59:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/08/2016 04:59:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15678

 

 

System errors:

=============

Error: (02/12/2016 09:34:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (02/12/2016 09:32:50 AM) (Source: atikmdag) (EventID: 10261) (User: )

Description: Display is not active

 

Error: (02/12/2016 09:32:50 AM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

 

Error: (02/12/2016 09:31:01 AM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: 

%%1056

 

Error: (02/12/2016 09:29:34 AM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 

%%1056

 

Error: (02/12/2016 09:29:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (02/12/2016 09:29:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

Error: (02/12/2016 09:29:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The BBUpdate service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (02/12/2016 09:29:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (02/12/2016 09:29:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Yahoo! Updater service terminated unexpectedly.  It has done this 1 time(s).

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5 CPU M 430 @ 2.27GHz

Percentage of memory in use: 62%

Total physical RAM: 3061.87 MB

Available physical RAM: 1138.46 MB

Total Virtual: 6122.06 MB

Available Virtual: 3691.89 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:463.74 GB) (Free:317.08 GB) NTFS ==>[drive with boot components (obtained from BCD)]

Drive d: (HP_TOOLS) (Fixed) (Total:2 GB) (Free:1.99 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 95AA95AA)

Partition 1: (Active) - (Size=463.7 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=2 GB) - (Type=0C)

 

==================== End of Addition.txt ============================

[kevinf80]

You have not posted the primary log from FRST "FRST.txt" I need to see that log... Logs are saved here: C:\FRST\Logs

 

Also you have two Anti-Virus programs installed and active, that is counterproductive. You will have to remove one asap....

 

Avast removal tool available here: https://www.avast.com/uninstall-utility

 

AVG removal tool available here:  http://www.avg.com/us-en/utilities

 

Is your choice which one to remove...

[jbobo348]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-02-2016

Ran by Lena (2016-02-12 09:46:54)

Running from C:\Users\Lena\Desktop\Downloads

Microsoft Windows 7 Professional  Service Pack 1 (X86) (2010-05-12 20:49:10)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-4116772418-655162160-1753580222-500 - Administrator - Disabled)

Guest (S-1-5-21-4116772418-655162160-1753580222-501 - Limited - Disabled)

Lena (S-1-5-21-4116772418-655162160-1753580222-1000 - Administrator - Enabled) => C:\Users\Lena

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)

Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)

AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6189 - AVG Technologies)

AVG 2015 (Version: 15.0.4522 - AVG Technologies) Hidden

AVG 2015 (Version: 15.0.6189 - AVG Technologies) Hidden

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)

Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)

DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)

EA Download Manager (HKLM\...\EA Download Manager) (Version: 6.0.4.124 - Electronic Arts, Inc.)

EA Download Manager UI (HKLM\...\com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 6.0.4.124 - Electronic Arts)

EA Download Manager UI (Version: 6.0.4 - Electronic Arts) Hidden

Fitbit Connect (HKLM\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)

Garmin Communicator Plugin (HKLM\...\{8ED02445-D491-414C-A56D-2ED6BBB7239A}) (Version: 3.0.1 - Garmin Ltd or its subsidiaries)

Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)

Google Chrome (HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden

GoToMeeting 5.5.0.1133 (HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\GoToMeeting) (Version: 5.5.0.1133 - CitrixOnline)

HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{ECB35FFA-B010-45C5-9AB5-665AC7E27EE2}) (Version: 22.0.334.0 - Hewlett-Packard Co.)

HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)

HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{6BE73D27-5ADC-4AD9-B619-8F5188AFCF9F}) (Version: 22.0.334.0 - Hewlett-Packard Co.)

HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)

HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)

iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)

iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)

MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.)

Online Plug-in (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden

QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)

Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

Self-service Plug-in (Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)

Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

The Sims™ 2 Double Deluxe (HKLM\...\{C22E50B4-B9D0-4a07-B1F3-12362514FEA7}) (Version:  - Electronic Arts)

VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)

Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Chrome\Application\48.0.2564.109\delegate_execute.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1133\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {02F6C99D-B22A-4606-865C-EE94C1FE40CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {0E3C0F78-0722-4E40-9AC8-0C462F1D631E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {11407B25-2166-4023-9730-3A4A3998BD4D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-02-08] (AVAST Software)

Task: {20F40C46-F336-47D2-8195-8B0AF7929C21} - System32\Tasks\{7C23255D-7CA3-4BAD-8E98-A7F21788A2D8} => Chrome.exe 

Task: {2788CCCF-AAE1-4616-A0F6-4E8789A598A1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-08] (AVAST Software)

Task: {3650B140-5163-41AB-BAE6-0E5862E1549F} - System32\Tasks\{052C07D6-8C92-4345-A445-5DD5A94CFC5C} => C:\Program Files\iTunes\iTunes.exe [2015-08-13] (Apple Inc.)

Task: {3B3C326D-7574-423E-80E5-87261232107C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {3FDE49BC-2A1A-45F2-9EE2-0FCCC7FE7104} - System32\Tasks\{FDFAB59F-A8D3-4691-84FD-515401945059} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.2.0.169.404&LastError=12002

Task: {435B97A3-A6F7-48AB-B767-8355E68D02CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4116772418-655162160-1753580222-1000Core => C:\Users\Lena\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {4E811D86-3B1D-43C2-A42D-F966E87E36A3} - System32\Tasks\{C48279B2-756F-4D7F-97D0-DCBED8E06F75} => C:\Program Files\AVG\AVG2015\avgui.exe [2016-02-04] (AVG Technologies CZ, s.r.o.)

Task: {53F24067-2C0A-4477-B156-6A1A6D01FCD9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4116772418-655162160-1753580222-1000UA => C:\Users\Lena\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {55380E5A-8003-4C1C-81DA-CAE7890C7DA6} - System32\Tasks\{55D8708A-F9F8-4C2E-8CBD-7896A4841EAC} => Chrome.exe 

Task: {62A3E549-4E75-499E-B878-4B0CAC9D25A4} - System32\Tasks\{AACF855E-BB48-47A9-979D-0424A9FEC0E8} => Chrome.exe 

Task: {6547248E-3ECD-442A-9BC1-A62146E524E0} - System32\Tasks\{E2925CD5-9C96-49F9-9020-41E90D156961} => Chrome.exe 

Task: {6924B4A1-36B8-4F70-923E-52A79A79646A} - System32\Tasks\{8CCC030A-9CD5-484E-B407-88C3D54491F2} => C:\Program Files\iTunes\iTunes.exe [2015-08-13] (Apple Inc.)

Task: {70BEA12D-4EB9-416A-927C-EC97F0770285} - System32\Tasks\{5E021C3D-0435-4AD5-9E61-6C942CF17F6B} => Chrome.exe 

Task: {7AFD50A8-F687-45B6-95BB-334B5FF1AFF0} - \DTReg -> No File <==== ATTENTION

Task: {80F594EA-95C4-4F54-9A33-A1B05E61E25A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {B2912FD8-321A-485C-9B6E-B2C935466178} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {B51ABEAC-4CBC-4491-8ED2-66700A48E93D} - System32\Tasks\{9ABC865F-A514-4A6D-9187-D6F9577E66CD} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)

Task: {C68E9A1C-593B-4141-AFBC-1478404E241D} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)

Task: {D55625E1-E29E-42C4-8184-066B0A26849E} - System32\Tasks\{B3868327-72DD-470F-96E9-EF52A50380C4} => Chrome.exe 

Task: {EF185EE2-8C13-4793-9216-34D667FBB113} - System32\Tasks\{06A1C31E-94A7-448B-9437-920864AF3CF4} => Chrome.exe 

Task: {FADDA327-A25C-4D0B-A980-64EB7977BD19} - \DTChk -> No File <==== ATTENTION

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4116772418-655162160-1753580222-1000Core.job => C:\Users\Lena\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4116772418-655162160-1753580222-1000UA.job => C:\Users\Lena\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2016-02-08 16:47 - 2016-02-08 16:47 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2016-02-08 16:47 - 2016-02-08 16:47 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-02-12 07:45 - 2016-02-12 07:45 - 02820096 _____ () C:\Program Files\AVAST Software\Avast\defs\16021200\algo.dll

2016-02-08 16:47 - 2016-02-08 16:47 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-10-13 05:46 - 2015-05-15 15:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2016-02-08 16:47 - 2016-02-08 16:47 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2016-02-10 13:24 - 2016-02-09 05:58 - 01632584 _____ () C:\Users\Lena\AppData\Local\Google\Chrome\Application\48.0.2564.109\libglesv2.dll

2016-02-10 13:24 - 2016-02-09 05:58 - 00087880 _____ () C:\Users\Lena\AppData\Local\Google\Chrome\Application\48.0.2564.109\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Users\Lena\Documents\2014 tax information.tiff:3or4kl4x13tuuug3Byamue2s4b

AlternateDataStreams: C:\Users\Lena\Documents\2014 tax information.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (4bb16ff2-b589-41d5-a684-3335b5e6443b) => ""="Service"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.104.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{0376279A-A2C3-46FA-997B-E97656EEF3F7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{543F4F21-9166-4898-BBA2-3D828C44A848}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe

FirewallRules: [uDP Query User{2689D0E9-A0A0-4B5A-8828-825DB13E5476}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe

FirewallRules: [{FC921B4C-735E-4B94-AAB5-9BD9B6F4BA98}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{4F3D5F29-E86E-4740-A4C1-2D422F826ECC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{A49047FA-5EA6-4123-BDEF-82E20E06D4ED}] => (Allow) C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe

FirewallRules: [{FB1FF30D-668D-4415-976F-FD97B5D14482}] => (Allow) C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe

FirewallRules: [{C3EC4B44-48DF-4601-B96B-4D9F513CDEFE}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

FirewallRules: [{24FE6280-4F3F-4CF4-86C0-A4EF76B15932}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe

FirewallRules: [{1FA4D3A6-7CD8-4A73-BCFE-765CAC2AE938}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe

FirewallRules: [{F20B5A04-F4B9-4CE7-B08F-CCDC7546809D}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{0115E73E-A39F-426F-9FEC-E425A78BEE6D}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{E29CC89C-BA16-421D-B77A-DB6B3B1F303E}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe

FirewallRules: [{4ED05BA0-08EA-4572-8093-57432E5D6F49}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe

FirewallRules: [{EF3395CF-DE6A-44A3-9E5B-1349D70DDEC4}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{A80A3B59-C697-47B9-92DA-FBFC91BA86E8}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{1287DA8B-0153-4800-91B8-40FF1F1B5FE6}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe

FirewallRules: [{016052BE-956D-4C7F-B60F-F0A0E778B5D0}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe

FirewallRules: [{1A98304D-4C0E-4CFD-8C84-6C99F3EB912D}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [TCP Query User{25323CB7-5E67-4D97-8892-3C80C11548A5}C:\users\lena\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\lena\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [uDP Query User{3ECF34BF-45EB-4A5F-AFF7-35E6B19C6A88}C:\users\lena\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\lena\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [TCP Query User{332E62E0-270B-4547-AFE4-7AB4202E4EB6}C:\users\lena\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\lena\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [uDP Query User{657EC60F-C343-404C-AE1A-E8549BA319FA}C:\users\lena\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\lena\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [{CDA0B3D3-1E70-4EB7-9E18-5A651C3CDA37}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe

FirewallRules: [{98F963FF-46EF-43CA-845D-9588C58727C8}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe

FirewallRules: [{5A8295EF-1EC7-4E9C-9EDA-107BDE0BA650}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{C1DE0C22-4935-4144-B454-740B9DEE112E}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{984BE290-A585-4AC6-ACE0-41BC1A01EBFC}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe

FirewallRules: [{D85B290F-E6BD-4403-94BB-55DD92DC12D5}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe

 

==================== Restore Points =========================

 

26-01-2016 15:27:43 Scheduled Checkpoint

27-01-2016 16:56:10 Windows Update

28-01-2016 09:11:32 Windows Update

04-02-2016 12:07:17 Scheduled Checkpoint

11-02-2016 14:12:27 Scheduled Checkpoint

12-02-2016 03:02:47 Windows Update

 

==================== Faulty Device Manager Devices =============

 

Name: Lexmark X422

Description: Lexmark X422

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: Lexmark

Service: usbscan

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/12/2016 03:56:02 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Web.DynamicData, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020

 

Error: (02/12/2016 03:51:52 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: ehshell, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020

 

Error: (02/12/2016 03:06:29 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1c48

 

Start Time: 01d1657136cf4d29

 

Termination Time: 156

 

Application Path: C:\Users\Lena\Desktop\Downloads\OTL.exe

 

Report Id:

 

Error: (02/11/2016 09:15:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 58410862

 

Error: (02/11/2016 09:15:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 58410862

 

Error: (02/11/2016 09:15:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/08/2016 04:59:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 31652

 

Error: (02/08/2016 04:59:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 31652

 

Error: (02/08/2016 04:59:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/08/2016 04:59:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15678

 

 

System errors:

=============

Error: (02/12/2016 09:34:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (02/12/2016 09:32:50 AM) (Source: atikmdag) (EventID: 10261) (User: )

Description: Display is not active

 

Error: (02/12/2016 09:32:50 AM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

 

Error: (02/12/2016 09:31:01 AM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: 

%%1056

 

Error: (02/12/2016 09:29:34 AM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 

%%1056

 

Error: (02/12/2016 09:29:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (02/12/2016 09:29:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

Error: (02/12/2016 09:29:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The BBUpdate service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (02/12/2016 09:29:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (02/12/2016 09:29:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Yahoo! Updater service terminated unexpectedly.  It has done this 1 time(s).

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5 CPU M 430 @ 2.27GHz

Percentage of memory in use: 62%

Total physical RAM: 3061.87 MB

Available physical RAM: 1138.46 MB

Total Virtual: 6122.06 MB

Available Virtual: 3691.89 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:463.74 GB) (Free:317.08 GB) NTFS ==>[drive with boot components (obtained from BCD)]

Drive d: (HP_TOOLS) (Fixed) (Total:2 GB) (Free:1.99 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 95AA95AA)

Partition 1: (Active) - (Size=463.7 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=2 GB) - (Type=0C)

 

==================== End of Addition.txt ============================

[jbobo348]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-02-2016
Ran by Lena (administrator) on LENA-PC (12-02-2016 09:45:48)
Running from C:\Users\Lena\Desktop\Downloads
Loaded Profiles: Lena (Available Profiles: Lena)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Elsinore Technologies, Inc.) C:\Users\Lena\AppData\Local\Apps\2.0\6TQVEGJ2.3AV\4543HKZQ.0XH\elsi..tion_d291612c4dce6913_0004.0002_0ccdbbc4ecc55aa5\Elsinore.ScreenConnect.ClientService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(Elsinore Technologies, Inc.) C:\Users\Lena\AppData\Local\Apps\2.0\6TQVEGJ2.3AV\4543HKZQ.0XH\elsi..tion_d291612c4dce6913_0004.0002_0ccdbbc4ecc55aa5\Elsinore.ScreenConnect.WindowsClient.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Elsinore Technologies, Inc.) C:\Users\Lena\AppData\Local\Apps\2.0\6TQVEGJ2.3AV\4543HKZQ.0XH\elsi..tion_d291612c4dce6913_0004.0002_0ccdbbc4ecc55aa5\Elsinore.ScreenConnect.WindowsClient.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Users\Lena\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lena\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lena\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lena\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lena\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lena\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3795880 2016-02-04] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-08] (AVAST Software)
HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [Google Update] => C:\Users\Lena\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-25] (Google Inc.)
HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [DW7] => "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc.)
HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-4116772418-655162160-1753580222-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-02-08] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ATTENTION: There are more than 99 Catalog9 entries. Turn off the whitelisting to see all the entries. You may check Device Manager for presence of unusual amount of "Microsoft 6to4 Adapter" devices.
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.104.1
Tcpip\..\Interfaces\{01E52E2B-1EAA-48D4-9179-FC37F54C04B6}: [DhcpNameServer] 192.168.104.1
Tcpip\..\Interfaces\{AF4C9E75-1B48-46E4-A32A-B95F04665CC9}: [DhcpNameServer] 192.168.104.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4116772418-655162160-1753580222-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-4116772418-655162160-1753580222-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-4116772418-655162160-1753580222-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-4116772418-655162160-1753580222-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4116772418-655162160-1753580222-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4116772418-655162160-1753580222-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-08] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-11] (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-11] (Google Inc.)
Toolbar: HKU\S-1-5-21-4116772418-655162160-1753580222-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-11] (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-09-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2009-05-12] (DivX,Inc.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2011-07-26] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4116772418-655162160-1753580222-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Lena\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-05-02] (Citrix Online)
FF Plugin HKU\S-1-5-21-4116772418-655162160-1753580222-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-4116772418-655162160-1753580222-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-08]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://yahoo.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Lena\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Lena\AppData\Local\Google\Chrome\Application\48.0.2564.109\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Native Client) - C:\Users\Lena\AppData\Local\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lena\AppData\Local\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-09]
CHR Extension: (Avast Online Security) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-09]
CHR Extension: (Skype) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
StartMenuInternet: Google Chrome - C:\Users\Lena\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-08] (AVAST Software)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3646888 2016-02-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2016-02-04] (AVG Technologies CZ, s.r.o.)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1435304 2015-09-11] (Fitbit, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 ScreenConnect Client (4bb16ff2-b589-41d5-a684-3335b5e6443b); C:\Users\Lena\AppData\Local\Apps\2.0\6TQVEGJ2.3AV\4543HKZQ.0XH\elsi..tion_d291612c4dce6913_0004.0002_0ccdbbc4ecc55aa5\Elsinore.ScreenConnect.ClientService.exe [54232 2015-05-07] (Elsinore Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-02-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-02-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-02-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-02-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [812720 2016-02-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-02-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-02-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-02-10] (AVAST Software)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [252336 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [223152 2016-01-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [234416 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [193456 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [230832 2015-08-04] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-02-12] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-12 09:45 - 2016-02-12 09:45 - 00000000 ____D C:\FRST
2016-02-12 09:23 - 2016-02-12 09:29 - 00000000 ____D C:\AdwCleaner
2016-02-12 01:31 - 2016-02-12 02:53 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-02-12 01:31 - 2016-02-12 01:31 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-12 01:21 - 2016-02-12 01:28 - 00002386 _____ C:\Users\Lena\Desktop\unhide.txt
2016-02-11 14:58 - 2016-02-11 14:58 - 00109280 _____ C:\Users\Lena\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-11 10:21 - 2016-02-06 04:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-11 10:21 - 2016-02-06 03:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-11 10:21 - 2016-02-06 03:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-11 10:21 - 2016-02-06 03:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-11 10:21 - 2016-02-06 03:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-11 10:21 - 2016-02-06 02:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-11 10:20 - 2016-01-16 12:42 - 00022464 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-11 10:20 - 2016-01-16 12:34 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-11 10:20 - 2016-01-11 08:07 - 01198080 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-11 10:20 - 2016-01-11 08:07 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-11 10:20 - 2016-01-11 08:07 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-11 10:20 - 2016-01-11 08:07 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-11 10:20 - 2016-01-11 08:07 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-11 10:19 - 2016-01-22 00:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-11 10:19 - 2016-01-22 00:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-11 10:19 - 2016-01-21 23:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-11 10:19 - 2016-01-21 23:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-11 10:19 - 2016-01-16 12:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-11 10:18 - 2016-01-22 00:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-02-11 10:18 - 2016-01-22 00:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-11 10:18 - 2016-01-22 00:09 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-11 10:18 - 2016-01-22 00:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-11 10:18 - 2016-01-22 00:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-11 10:18 - 2016-01-22 00:02 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-11 10:18 - 2016-01-22 00:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-11 10:18 - 2016-01-22 00:02 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-11 10:18 - 2016-01-22 00:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-02-11 10:18 - 2016-01-22 00:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-11 10:18 - 2016-01-21 23:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-11 10:18 - 2016-01-07 11:47 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-11 10:18 - 2016-01-07 11:35 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-11 10:18 - 2016-01-06 12:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-11 10:18 - 2016-01-06 11:56 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-11 10:17 - 2016-01-22 00:13 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-11 10:17 - 2016-01-22 00:13 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-11 10:17 - 2016-01-22 00:06 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-11 10:17 - 2016-01-22 00:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-11 10:17 - 2016-01-22 00:06 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-11 10:17 - 2016-01-22 00:06 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-11 10:17 - 2016-01-22 00:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-11 10:17 - 2016-01-22 00:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-11 10:17 - 2016-01-22 00:05 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-11 10:17 - 2016-01-22 00:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-11 10:17 - 2016-01-22 00:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-11 10:17 - 2016-01-22 00:02 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-11 10:17 - 2016-01-22 00:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-11 10:17 - 2016-01-22 00:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-11 10:17 - 2016-01-22 00:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-11 10:17 - 2016-01-22 00:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 23:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-11 10:17 - 2016-01-21 23:01 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-11 10:17 - 2016-01-21 23:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-11 10:17 - 2016-01-21 22:53 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-11 10:17 - 2016-01-21 22:53 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-11 10:17 - 2016-01-21 22:53 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-11 10:17 - 2016-01-21 22:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-11 10:17 - 2016-01-21 22:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-11 10:17 - 2016-01-21 22:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-11 10:17 - 2016-01-21 22:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-11 10:17 - 2016-01-21 22:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 22:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 22:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-11 10:17 - 2016-01-21 22:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-11 10:16 - 2016-01-22 14:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-11 10:16 - 2016-01-22 00:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-11 10:16 - 2016-01-22 00:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-11 10:16 - 2016-01-22 00:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-11 10:16 - 2016-01-22 00:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-11 10:16 - 2016-01-22 00:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-11 10:16 - 2016-01-22 00:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-11 10:16 - 2016-01-21 23:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-11 10:16 - 2016-01-21 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-11 10:16 - 2016-01-21 23:52 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-11 10:16 - 2016-01-21 23:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-11 10:16 - 2016-01-21 23:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-11 10:16 - 2016-01-21 23:51 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-11 10:16 - 2016-01-21 23:46 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-11 10:16 - 2016-01-21 23:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-11 10:16 - 2016-01-21 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-11 10:16 - 2016-01-21 23:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-11 10:16 - 2016-01-21 23:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-11 10:16 - 2016-01-21 23:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-11 10:16 - 2016-01-21 23:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-11 10:16 - 2016-01-21 23:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-11 10:16 - 2016-01-21 23:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-11 10:16 - 2016-01-21 23:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-11 10:16 - 2016-01-21 23:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-11 10:16 - 2016-01-21 23:25 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-11 10:16 - 2016-01-21 23:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-11 10:16 - 2016-01-21 23:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-11 10:16 - 2016-01-21 23:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-11 10:16 - 2016-01-21 23:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-11 10:12 - 2016-01-11 12:47 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-11 10:12 - 2016-01-11 12:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-11 10:12 - 2016-01-11 12:35 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-11 10:12 - 2016-01-11 12:17 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-11 10:12 - 2016-01-11 12:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-11 10:12 - 2016-01-11 12:14 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-11 10:12 - 2016-01-11 12:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-11 10:12 - 2016-01-11 12:14 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-11 10:12 - 2016-01-11 12:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-11 10:12 - 2016-01-11 12:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-11 10:12 - 2016-01-11 12:14 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-08 16:54 - 2016-02-08 16:47 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-08 16:50 - 2016-02-08 16:50 - 00000000 ____D C:\Users\Lena\AppData\Roaming\AVAST Software
2016-02-08 16:49 - 2016-02-08 16:49 - 00002075 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-02-08 16:49 - 2016-02-08 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-02-08 16:48 - 2016-02-10 12:04 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-02-08 16:48 - 2016-02-08 16:47 - 00812720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-02-08 16:48 - 2016-02-08 16:47 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-02-08 16:48 - 2016-02-08 16:47 - 00127432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-08 16:48 - 2016-02-08 16:47 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-08 16:48 - 2016-02-08 16:47 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-02-08 16:48 - 2016-02-08 16:47 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-08 16:48 - 2016-02-08 16:47 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-08 16:47 - 2016-02-08 16:47 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-08 16:45 - 2016-02-08 16:45 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-08 16:44 - 2016-02-08 16:44 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-27 10:49 - 2015-12-08 15:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-27 10:49 - 2015-12-08 15:53 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-27 10:49 - 2015-11-16 14:12 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-27 10:49 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-27 10:49 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-27 10:49 - 2015-11-13 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-27 10:39 - 2015-12-08 15:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-27 10:39 - 2015-12-08 15:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-27 10:39 - 2015-12-08 15:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-27 10:39 - 2015-12-08 15:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-27 10:39 - 2015-12-08 15:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-27 10:39 - 2015-12-08 15:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-27 10:39 - 2015-12-08 15:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-27 10:39 - 2015-12-08 15:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-27 10:39 - 2015-12-08 15:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-27 10:39 - 2015-12-08 15:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-27 10:39 - 2015-12-08 15:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-27 10:39 - 2015-12-08 15:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-27 10:39 - 2015-12-08 15:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-27 10:39 - 2015-12-08 15:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-27 10:39 - 2015-12-08 15:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-27 10:39 - 2015-12-08 15:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-27 10:39 - 2015-12-08 15:53 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-27 10:39 - 2015-12-08 15:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-27 10:39 - 2015-12-08 15:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-27 10:39 - 2015-12-08 15:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-27 10:39 - 2015-12-08 15:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-27 10:39 - 2015-12-08 15:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-27 10:39 - 2015-12-08 15:53 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-27 10:39 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-27 10:39 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-27 10:39 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-27 10:39 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-27 10:39 - 2015-12-08 15:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-27 10:39 - 2015-12-08 15:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-27 10:39 - 2015-12-08 15:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-27 10:39 - 2015-12-08 15:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-27 10:39 - 2015-12-08 15:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-27 10:39 - 2015-12-08 15:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-27 10:39 - 2015-12-08 15:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-27 10:39 - 2015-12-08 15:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-27 10:39 - 2015-12-08 15:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-27 10:39 - 2015-12-08 15:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-27 10:39 - 2015-12-08 15:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-27 10:39 - 2015-12-08 15:11 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-27 10:39 - 2015-12-08 15:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-22 12:56 - 2016-01-22 12:56 - 00193456 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2016-01-13 13:04 - 2016-01-13 13:04 - 00223152 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-12 09:42 - 2014-06-13 18:22 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-12 09:39 - 2010-05-12 14:52 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-12 09:39 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\inf
2016-02-12 09:34 - 2010-08-25 23:09 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-12 09:32 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-12 09:29 - 2012-11-16 08:33 - 00000000 ____D C:\Users\Lena\AppData\LocalLow\Yahoo!
2016-02-12 09:29 - 2012-11-16 08:32 - 00000000 ____D C:\Program Files\Yahoo!
2016-02-12 09:22 - 2015-07-09 08:11 - 00000000 ____D C:\ProgramData\MFAData
2016-02-12 09:11 - 2009-07-13 22:34 - 00021680 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-12 09:11 - 2009-07-13 22:34 - 00021680 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-12 08:59 - 2010-05-12 09:07 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4116772418-655162160-1753580222-1000UA.job
2016-02-12 08:49 - 2010-08-25 23:09 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-12 04:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2016-02-12 03:43 - 2009-07-13 22:33 - 00408064 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-12 03:40 - 2014-12-17 03:25 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-12 03:40 - 2014-05-06 12:57 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-12 03:40 - 2009-07-14 01:50 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-12 03:23 - 2009-07-13 20:04 - 00000478 _____ C:\Windows\win.ini
2016-02-11 17:22 - 2013-04-15 22:37 - 00000000 ____D C:\Users\Lena\Documents\Outlook Files
2016-02-11 16:58 - 2014-04-23 14:37 - 00000000 ____D C:\Users\Lena\AppData\Local\ACDAB314-575E-45BF-9012-AD930F8893B3.aplzod
2016-02-11 15:23 - 2010-05-12 09:00 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-11 14:59 - 2010-05-12 09:07 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4116772418-655162160-1753580222-1000Core.job
2016-02-11 14:25 - 2010-05-12 09:07 - 00000000 ____D C:\Users\Lena\AppData\Local\Deployment
2016-02-10 13:24 - 2010-05-12 09:09 - 00002321 _____ C:\Users\Lena\Desktop\Google Chrome.lnk
2016-02-10 13:24 - 2010-05-12 09:08 - 00002346 _____ C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-08 16:53 - 2010-05-12 09:07 - 00000000 ____D C:\Users\Lena\AppData\Local\Google
2016-02-08 16:49 - 2015-07-09 08:32 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-08 16:24 - 2014-06-13 18:20 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-08 16:24 - 2014-06-13 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-08 16:24 - 2014-06-13 18:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-02-08 16:21 - 2015-07-09 08:34 - 00000000 ____D C:\Users\Lena\AppData\Local\Avg2015
2016-02-08 11:09 - 2011-06-27 12:53 - 00000000 ____D C:\Users\Lena\Documents\HFALLS
2016-02-08 09:48 - 2015-07-09 08:33 - 00001278 _____ C:\Windows\system32\userawacs.cfg
2016-02-08 09:48 - 2015-07-09 08:32 - 00000230 _____ C:\Windows\system32\usergui.cfg
2016-02-08 09:47 - 2015-07-09 08:32 - 00000854 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2016-02-08 09:47 - 2015-07-09 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-03 09:20 - 2009-07-13 22:53 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-01 09:37 - 2015-07-17 08:32 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-01-28 09:28 - 2011-07-14 19:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-28 09:23 - 2011-07-14 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-28 09:14 - 2013-07-16 16:23 - 00000000 ____D C:\Windows\system32\MRT
2016-01-27 11:40 - 2015-04-17 07:28 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-27 11:40 - 2010-05-12 14:49 - 00000000 ____D C:\Users\Lena
2016-01-27 11:40 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\registration
2016-01-27 11:40 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-27 11:38 - 2010-01-14 20:48 - 00000000 ___RD C:\MSOCache

==================== Files in the root of some directories =======

2013-04-16 10:17 - 2013-04-16 12:36 - 0022605 _____ () C:\Users\Lena\AppData\Roaming\Comma Separated Values (Windows).ADR
2010-08-23 23:11 - 2010-08-23 23:11 - 0000056 _____ () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\AutoRun.exe
C:\Users\Lena\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Lena\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Lena\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Lena\AppData\Local\Temp\EAD1592.exe
C:\Users\Lena\AppData\Local\Temp\EAD29CD.exe
C:\Users\Lena\AppData\Local\Temp\EAD4836.exe
C:\Users\Lena\AppData\Local\Temp\EAD5E64.exe
C:\Users\Lena\AppData\Local\Temp\EAD7B47.exe
C:\Users\Lena\AppData\Local\Temp\EAD7CCD.exe
C:\Users\Lena\AppData\Local\Temp\EAD80C3.exe
C:\Users\Lena\AppData\Local\Temp\EAD8A92.exe
C:\Users\Lena\AppData\Local\Temp\EAD9FA8.exe
C:\Users\Lena\AppData\Local\Temp\EADAD9C.exe
C:\Users\Lena\AppData\Local\Temp\g8oriodx.dll
C:\Users\Lena\AppData\Local\Temp\GUR20D8.exe
C:\Users\Lena\AppData\Local\Temp\installhelper.dll
C:\Users\Lena\AppData\Local\Temp\install_flash_player.exe
C:\Users\Lena\AppData\Local\Temp\IPx86_1033.exe
C:\Users\Lena\AppData\Local\Temp\ose00000.exe
C:\Users\Lena\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Lena\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lena\AppData\Local\Temp\sqlite3.dll
C:\Users\Lena\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Lena\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Lena\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Lena\AppData\Local\Temp\VP6Install.exe
C:\Users\Lena\AppData\Local\Temp\VP6VFW.dll
C:\Users\Lena\AppData\Local\Temp\{370E862D-4CD0-4785-9390-B20085B3771F}-38.0.2125.111_38.0.2125.104_chrome_updater.exe
C:\Users\Lena\AppData\Local\Temp\{5066F11D-C488-4E4F-8E90-833E66A35955}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
C:\Users\Lena\AppData\Local\Temp\{B16681B8-491B-4969-B870-BD1985D3A8C0}-chrome_updater.exe
C:\Users\Lena\AppData\Local\Temp\{B3FB2FC1-DA54-4D80-8FD3-38D6FB1931E0}-23.0.1271.97_23.0.1271.95_chrome_updater.exe
C:\Users\Lena\AppData\Local\Temp\{F04181AC-65C2-47F2-8941-2565CD41B8E9}-29.0.1547.66_29.0.1547.62_chrome_updater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-08 13:56

==================== End of FRST.txt ============================

[jbobo348]

I've also deleted AVG from the computer.

[kevinf80]

Thanks for that update, the logs do indicate a problem with the winsock catalog. It will be necessary to run FRST once more, the settings need to be amended as follows:

 

Open FRST, make sure all entries under "White list" are checkmarked except for "Internet"   Make sure all entries under "Optional scan" are NOT checkmarked except for "Addition.txt" Post the two fresh logs...

 

I`ve attached an image for reference.... Select scan when ready

[jbobo348]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-02-2016

Ran by Lena (administrator) on LENA-PC (12-02-2016 11:53:50)

Running from C:\Users\Lena\Desktop\Downloads

Loaded Profiles: Lena (Available Profiles: Lena)

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe

(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Elsinore Technologies, Inc.) C:\Users\Lena\AppData\Local\Apps\2.0\6TQVEGJ2.3AV\4543HKZQ.0XH\elsi..tion_d291612c4dce6913_0004.0002_0ccdbbc4ecc55aa5\Elsinore.ScreenConnect.ClientService.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe

(Elsinore Technologies, Inc.) C:\Users\Lena\AppData\Local\Apps\2.0\6TQVEGJ2.3AV\4543HKZQ.0XH\elsi..tion_d291612c4dce6913_0004.0002_0ccdbbc4ecc55aa5\Elsinore.ScreenConnect.WindowsClient.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE

(Elsinore Technologies, Inc.) C:\Users\Lena\AppData\Local\Apps\2.0\6TQVEGJ2.3AV\4543HKZQ.0XH\elsi..tion_d291612c4dce6913_0004.0002_0ccdbbc4ecc55aa5\Elsinore.ScreenConnect.WindowsClient.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)

HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)

HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-08] (AVAST Software)

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [Google Update] => C:\Users\Lena\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-25] (Google Inc.)

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [DW7] => "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3414184 2015-09-11] (Fitbit, Inc.)

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-02-08] (AVAST Software)

 

==================== Internet (All) ===========================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ATTENTION: There are more than 99 Catalog9 entries. Turn off the whitelisting to see all the entries. You may check Device Manager for presence of unusual amount of "Microsoft 6to4 Adapter" devices.

Winsock: Catalog5 01 C:\Windows\system32\NLAapi.dll [52224 2012-10-03] (Microsoft Corporation)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [52224 2009-07-13] (Microsoft Corporation)

Winsock: Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation)

Winsock: Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation)

Winsock: Catalog5 05 C:\Windows\system32\wshbth.dll [36352 2010-11-20] (Microsoft Corporation)

Winsock: Catalog5 06 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog5 07 C:\Windows\system32\winrnr.dll [20992 2009-07-13] (Microsoft Corporation)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)

Winsock: Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528 2009-08-18] (Microsoft Corporation)

Winsock: Catalog5 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528 2009-08-18] (Microsoft Corporation)

Winsock: Catalog9 01 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 02 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 03 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 04 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 05 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 06 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 07 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 08 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 09 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 10 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 11 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 12 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 13 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 14 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 15 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 16 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 17 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 18 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 19 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 20 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 21 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 22 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 23 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 24 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 25 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 26 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 27 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 28 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 29 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 30 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 31 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 32 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 33 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 34 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 35 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 36 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 37 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 38 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 39 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 40 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 41 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 42 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 43 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 44 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 45 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 46 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 47 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 48 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 49 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 50 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 51 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 52 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 53 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 54 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 55 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 56 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 57 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 58 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 59 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 60 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 61 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 62 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 63 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 64 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 65 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 66 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 67 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 68 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 69 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 70 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 71 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 72 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 73 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 74 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 75 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 76 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 77 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 78 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 79 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 80 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 81 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 82 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 83 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 84 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 85 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 86 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 87 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 88 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 89 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 90 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 91 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 92 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 93 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 94 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 95 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 96 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 97 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 98 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 99 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000100 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000101 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000102 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000103 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000104 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000105 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000106 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000107 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000108 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000109 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000110 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000111 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000112 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000113 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000114 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000115 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000116 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000117 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000118 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000119 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000120 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000121 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000122 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000123 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000124 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000125 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000126 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000127 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000128 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000129 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000130 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000131 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000132 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000133 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000134 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000135 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000136 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000137 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000138 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000139 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000140 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000141 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000142 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000143 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000144 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000145 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000146 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000147 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000148 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000149 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000150 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000151 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000152 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000153 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000154 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000155 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000156 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000157 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000158 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000159 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000160 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000161 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000162 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000163 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000164 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000165 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000166 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000167 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000168 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000169 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000170 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000171 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000172 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000173 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000174 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000175 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000176 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000177 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000178 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000179 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000180 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000181 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000182 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000183 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000184 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000185 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000186 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000187 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000188 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000189 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000190 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000191 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000192 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000193 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000194 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000195 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000196 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000197 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000198 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000199 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000200 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000201 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000202 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000203 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000204 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000205 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000206 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000207 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000208 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000209 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000210 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000211 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000212 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000213 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000214 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000215 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000216 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000217 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000218 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000219 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000220 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000221 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000222 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000223 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000224 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000225 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000226 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000227 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000228 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000229 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000230 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000231 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000232 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000233 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000234 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000235 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000236 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000237 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000238 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000239 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000240 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000241 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000242 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000243 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000244 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000245 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000246 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000247 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000248 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000249 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000250 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000251 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000252 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000253 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000254 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000255 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000256 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000257 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000258 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000259 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000260 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000261 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000262 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000263 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000264 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000265 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000266 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000267 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000268 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000269 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000270 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000271 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000272 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Winsock: Catalog9 000000000273 C:\Windows\system32\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.104.1

Tcpip\..\Interfaces\{01E52E2B-1EAA-48D4-9179-FC37F54C04B6}: [DhcpNameServer] 192.168.104.1

Tcpip\..\Interfaces\{AF4C9E75-1B48-46E4-A32A-B95F04665CC9}: [DhcpNameServer] 192.168.104.1

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006

URLSearchHook: HKU\S-1-5-21-4116772418-655162160-1753580222-1000 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\S-1-5-21-4116772418-655162160-1753580222-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\S-1-5-21-4116772418-655162160-1753580222-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

SearchScopes: HKU\S-1-5-21-4116772418-655162160-1753580222-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en

SearchScopes: HKU\S-1-5-21-4116772418-655162160-1753580222-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-08] (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-11] (Google Inc.)

BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-11] (Google Inc.)

Toolbar: HKU\S-1-5-21-4116772418-655162160-1753580222-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-11] (Google Inc.)

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-02-06] (Microsoft Corporation)

Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\system32\urlmon.dll [2016-02-06] (Microsoft Corporation)

Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll [2010-11-20] (Microsoft Corporation)

Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2016-02-06] (Microsoft Corporation)

Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2016-02-06] (Microsoft Corporation)

Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2016-02-06] (Microsoft Corporation)

Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2016-02-06] (Microsoft Corporation)

Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2009-07-13] (Microsoft Corporation)

Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-02-06] (Microsoft Corporation)

Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2016-02-06] (Microsoft Corporation)

Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-02-06] (Microsoft Corporation)

Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll [2011-05-02] (Microsoft Corporation)

Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2016-02-06] (Microsoft Corporation)

Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2012-11-10] (Microsoft Corporation)

Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2009-07-13] (Microsoft Corporation)

Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-02-06] (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)

Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll [2010-11-20] (Microsoft Corporation)

Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-02-06] (Microsoft Corporation)

Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)

Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [2012-10-31] (Microsoft Corporation)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-09-08] ()

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()

FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2009-05-12] (DivX,Inc.)

FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2011-07-26] (GARMIN Corp.)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-4116772418-655162160-1753580222-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Lena\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-05-02] (Citrix Online)

FF Plugin HKU\S-1-5-21-4116772418-655162160-1753580222-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)

FF Plugin HKU\S-1-5-21-4116772418-655162160-1753580222-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-08]

 

Chrome: 

=======

CHR StartupUrls: Default -> "hxxp://yahoo.com/"

CHR Plugin: (Shockwave Flash) - C:\Users\Lena\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll => No File

CHR Plugin: (Shockwave Flash) - C:\Users\Lena\AppData\Local\Google\Chrome\Application\48.0.2564.109\gcswf32.dll => No File

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File

CHR Plugin: (Native Client) - C:\Users\Lena\AppData\Local\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lena\AppData\Local\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File

CHR Plugin: (Skype Toolbars) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll => No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File

CHR Profile: C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (AdBlock) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-09]

CHR Extension: (Avast Online Security) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-09]

CHR Extension: (Skype) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-11]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-08]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

StartMenuInternet: Google Chrome - "C:\Users\Lena\AppData\Local\Google\Chrome\Application\chrome.exe"

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-08] (AVAST Software)

R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1435304 2015-09-11] (Fitbit, Inc.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 ScreenConnect Client (c313b940-046e-4fbe-95da-7ff236dbaca8); C:\Users\Lena\AppData\Local\Apps\2.0\6TQVEGJ2.3AV\4543HKZQ.0XH\elsi..tion_d291612c4dce6913_0004.0002_0ccdbbc4ecc55aa5\Elsinore.ScreenConnect.ClientService.exe [54232 2015-05-07] (Elsinore Technologies, Inc.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-02-08] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-02-08] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-02-08] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-02-08] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [812720 2016-02-08] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-02-08] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-02-08] (AVAST Software)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-02-10] (AVAST Software)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-02-12] (Malwarebytes)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)

S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [File not signed]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-02-12 10:58 - 2016-02-12 10:58 - 00000000 ____D C:\Users\Lena\AppData\Roaming\TuneUp Software

2016-02-12 10:57 - 2016-02-12 10:57 - 00000000 ____D C:\Users\Lena\AppData\Local\MFAData

2016-02-12 09:45 - 2016-02-12 11:53 - 00000000 ____D C:\FRST

2016-02-12 09:23 - 2016-02-12 09:29 - 00000000 ____D C:\AdwCleaner

2016-02-12 01:31 - 2016-02-12 02:53 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys

2016-02-12 01:31 - 2016-02-12 01:31 - 00000000 ____D C:\ProgramData\RogueKiller

2016-02-12 01:21 - 2016-02-12 01:28 - 00002386 _____ C:\Users\Lena\Desktop\unhide.txt

2016-02-11 14:58 - 2016-02-11 14:58 - 00109280 _____ C:\Users\Lena\AppData\Local\GDIPFONTCACHEV1.DAT

2016-02-11 10:21 - 2016-02-06 04:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2016-02-11 10:21 - 2016-02-06 03:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2016-02-11 10:21 - 2016-02-06 03:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2016-02-11 10:21 - 2016-02-06 03:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2016-02-11 10:21 - 2016-02-06 03:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2016-02-11 10:21 - 2016-02-06 02:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2016-02-11 10:20 - 2016-01-16 12:42 - 00022464 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2016-02-11 10:20 - 2016-01-16 12:34 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2016-02-11 10:20 - 2016-01-11 08:07 - 01198080 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2016-02-11 10:20 - 2016-01-11 08:07 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2016-02-11 10:20 - 2016-01-11 08:07 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2016-02-11 10:20 - 2016-01-11 08:07 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2016-02-11 10:20 - 2016-01-11 08:07 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2016-02-11 10:19 - 2016-01-22 00:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2016-02-11 10:19 - 2016-01-22 00:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll

2016-02-11 10:19 - 2016-01-21 23:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2016-02-11 10:19 - 2016-01-21 23:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe

2016-02-11 10:19 - 2016-01-16 12:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll

2016-02-11 10:18 - 2016-01-22 00:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2016-02-11 10:18 - 2016-01-22 00:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2016-02-11 10:18 - 2016-01-22 00:09 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2016-02-11 10:18 - 2016-01-22 00:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll

2016-02-11 10:18 - 2016-01-22 00:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll

2016-02-11 10:18 - 2016-01-22 00:02 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2016-02-11 10:18 - 2016-01-22 00:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2016-02-11 10:18 - 2016-01-22 00:02 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2016-02-11 10:18 - 2016-01-22 00:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll

2016-02-11 10:18 - 2016-01-22 00:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll

2016-02-11 10:18 - 2016-01-21 23:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2016-02-11 10:18 - 2016-01-07 11:47 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2016-02-11 10:18 - 2016-01-07 11:35 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2016-02-11 10:18 - 2016-01-06 12:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll

2016-02-11 10:18 - 2016-01-06 11:56 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll

2016-02-11 10:17 - 2016-01-22 00:13 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2016-02-11 10:17 - 2016-01-22 00:13 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2016-02-11 10:17 - 2016-01-22 00:06 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2016-02-11 10:17 - 2016-01-22 00:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2016-02-11 10:17 - 2016-01-22 00:06 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2016-02-11 10:17 - 2016-01-22 00:06 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2016-02-11 10:17 - 2016-01-22 00:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2016-02-11 10:17 - 2016-01-22 00:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2016-02-11 10:17 - 2016-01-22 00:05 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2016-02-11 10:17 - 2016-01-22 00:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2016-02-11 10:17 - 2016-01-22 00:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2016-02-11 10:17 - 2016-01-22 00:02 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2016-02-11 10:17 - 2016-01-22 00:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2016-02-11 10:17 - 2016-01-22 00:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2016-02-11 10:17 - 2016-01-22 00:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2016-02-11 10:17 - 2016-01-22 00:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 23:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2016-02-11 10:17 - 2016-01-21 23:01 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2016-02-11 10:17 - 2016-01-21 23:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2016-02-11 10:17 - 2016-01-21 22:53 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2016-02-11 10:17 - 2016-01-21 22:53 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2016-02-11 10:17 - 2016-01-21 22:53 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2016-02-11 10:17 - 2016-01-21 22:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2016-02-11 10:17 - 2016-01-21 22:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2016-02-11 10:17 - 2016-01-21 22:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2016-02-11 10:17 - 2016-01-21 22:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2016-02-11 10:17 - 2016-01-21 22:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 22:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 22:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2016-02-11 10:17 - 2016-01-21 22:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2016-02-11 10:16 - 2016-01-22 14:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2016-02-11 10:16 - 2016-01-22 00:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2016-02-11 10:16 - 2016-01-22 00:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2016-02-11 10:16 - 2016-01-22 00:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2016-02-11 10:16 - 2016-01-22 00:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2016-02-11 10:16 - 2016-01-22 00:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2016-02-11 10:16 - 2016-01-22 00:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2016-02-11 10:16 - 2016-01-21 23:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2016-02-11 10:16 - 2016-01-21 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2016-02-11 10:16 - 2016-01-21 23:52 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2016-02-11 10:16 - 2016-01-21 23:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2016-02-11 10:16 - 2016-01-21 23:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2016-02-11 10:16 - 2016-01-21 23:51 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2016-02-11 10:16 - 2016-01-21 23:46 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2016-02-11 10:16 - 2016-01-21 23:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2016-02-11 10:16 - 2016-01-21 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2016-02-11 10:16 - 2016-01-21 23:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2016-02-11 10:16 - 2016-01-21 23:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2016-02-11 10:16 - 2016-01-21 23:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2016-02-11 10:16 - 2016-01-21 23:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2016-02-11 10:16 - 2016-01-21 23:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2016-02-11 10:16 - 2016-01-21 23:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2016-02-11 10:16 - 2016-01-21 23:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2016-02-11 10:16 - 2016-01-21 23:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2016-02-11 10:16 - 2016-01-21 23:25 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2016-02-11 10:16 - 2016-01-21 23:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2016-02-11 10:16 - 2016-01-21 23:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2016-02-11 10:16 - 2016-01-21 23:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2016-02-11 10:16 - 2016-01-21 23:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2016-02-11 10:12 - 2016-01-11 12:47 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2016-02-11 10:12 - 2016-01-11 12:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2016-02-11 10:12 - 2016-01-11 12:35 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2016-02-11 10:12 - 2016-01-11 12:17 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2016-02-11 10:12 - 2016-01-11 12:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2016-02-11 10:12 - 2016-01-11 12:14 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2016-02-11 10:12 - 2016-01-11 12:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2016-02-11 10:12 - 2016-01-11 12:14 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2016-02-11 10:12 - 2016-01-11 12:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2016-02-11 10:12 - 2016-01-11 12:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2016-02-11 10:12 - 2016-01-11 12:14 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2016-02-08 16:54 - 2016-02-08 16:47 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2016-02-08 16:50 - 2016-02-08 16:50 - 00000000 ____D C:\Users\Lena\AppData\Roaming\AVAST Software

2016-02-08 16:49 - 2016-02-08 16:49 - 00002075 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2016-02-08 16:49 - 2016-02-08 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2016-02-08 16:48 - 2016-02-10 12:04 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys

2016-02-08 16:48 - 2016-02-08 16:47 - 00812720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2016-02-08 16:48 - 2016-02-08 16:47 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2016-02-08 16:48 - 2016-02-08 16:47 - 00127432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2016-02-08 16:48 - 2016-02-08 16:47 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2016-02-08 16:48 - 2016-02-08 16:47 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2016-02-08 16:48 - 2016-02-08 16:47 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2016-02-08 16:48 - 2016-02-08 16:47 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2016-02-08 16:47 - 2016-02-08 16:47 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr

2016-02-08 16:45 - 2016-02-08 16:45 - 00000000 ____D C:\Program Files\AVAST Software

2016-02-08 16:44 - 2016-02-08 16:44 - 00000000 ____D C:\ProgramData\AVAST Software

2016-01-27 10:49 - 2015-12-08 15:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2016-01-27 10:49 - 2015-12-08 15:53 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2016-01-27 10:49 - 2015-11-16 14:12 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2016-01-27 10:49 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll

2016-01-27 10:49 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll

2016-01-27 10:49 - 2015-11-13 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe

2016-01-27 10:39 - 2015-12-08 15:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2016-01-27 10:39 - 2015-12-08 15:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2016-01-27 10:39 - 2015-12-08 15:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL

2016-01-27 10:39 - 2015-12-08 15:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL

2016-01-27 10:39 - 2015-12-08 15:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL

2016-01-27 10:39 - 2015-12-08 15:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL

2016-01-27 10:39 - 2015-12-08 15:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll

2016-01-27 10:39 - 2015-12-08 15:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL

2016-01-27 10:39 - 2015-12-08 15:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL

2016-01-27 10:39 - 2015-12-08 15:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL

2016-01-27 10:39 - 2015-12-08 15:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL

2016-01-27 10:39 - 2015-12-08 15:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL

2016-01-27 10:39 - 2015-12-08 15:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2016-01-27 10:39 - 2015-12-08 15:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2016-01-27 10:39 - 2015-12-08 15:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll

2016-01-27 10:39 - 2015-12-08 15:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL

2016-01-27 10:39 - 2015-12-08 15:53 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll

2016-01-27 10:39 - 2015-12-08 15:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL

2016-01-27 10:39 - 2015-12-08 15:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2016-01-27 10:39 - 2015-12-08 15:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2016-01-27 10:39 - 2015-12-08 15:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL

2016-01-27 10:39 - 2015-12-08 15:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2016-01-27 10:39 - 2015-12-08 15:53 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll

2016-01-27 10:39 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL

2016-01-27 10:39 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL

2016-01-27 10:39 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL

2016-01-27 10:39 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll

2016-01-27 10:39 - 2015-12-08 15:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax

2016-01-27 10:39 - 2015-12-08 15:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL

2016-01-27 10:39 - 2015-12-08 15:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2016-01-27 10:39 - 2015-12-08 15:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL

2016-01-27 10:39 - 2015-12-08 15:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll

2016-01-27 10:39 - 2015-12-08 15:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll

2016-01-27 10:39 - 2015-12-08 15:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2016-01-27 10:39 - 2015-12-08 15:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2016-01-27 10:39 - 2015-12-08 15:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll

2016-01-27 10:39 - 2015-12-08 15:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2016-01-27 10:39 - 2015-12-08 15:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2016-01-27 10:39 - 2015-12-08 15:11 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2016-01-27 10:39 - 2015-12-08 15:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-02-12 11:49 - 2010-08-25 23:09 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-02-12 11:33 - 2009-07-13 22:34 - 00021680 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-02-12 11:33 - 2009-07-13 22:34 - 00021680 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-02-12 11:30 - 2014-06-13 18:22 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-02-12 11:11 - 2010-08-25 23:09 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-02-12 11:09 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-02-12 11:08 - 2015-07-09 08:11 - 00000000 ____D C:\ProgramData\MFAData

2016-02-12 11:07 - 2015-07-09 08:32 - 00000000 ____D C:\Program Files\Common Files\AV

2016-02-12 11:07 - 2013-04-15 22:37 - 00000000 ____D C:\Users\Lena\Documents\Outlook Files

2016-02-12 10:59 - 2010-05-12 09:07 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4116772418-655162160-1753580222-1000UA.job

2016-02-12 10:55 - 2010-05-12 09:07 - 00000000 ____D C:\Users\Lena\AppData\Local\Deployment

2016-02-12 10:22 - 2014-04-23 14:37 - 00000000 ____D C:\Users\Lena\AppData\Local\ACDAB314-575E-45BF-9012-AD930F8893B3.aplzod

2016-02-12 09:39 - 2010-05-12 14:52 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI

2016-02-12 09:39 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\inf

2016-02-12 09:29 - 2012-11-16 08:33 - 00000000 ____D C:\Users\Lena\AppData\LocalLow\Yahoo!

2016-02-12 09:29 - 2012-11-16 08:32 - 00000000 ____D C:\Program Files\Yahoo!

2016-02-12 04:33 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache

2016-02-12 03:43 - 2009-07-13 22:33 - 00408064 _____ C:\Windows\system32\FNTCACHE.DAT

2016-02-12 03:40 - 2014-12-17 03:25 - 00000000 ____D C:\Windows\system32\appraiser

2016-02-12 03:40 - 2014-05-06 12:57 - 00000000 ___SD C:\Windows\system32\CompatTel

2016-02-12 03:40 - 2009-07-14 01:50 - 00000000 ____D C:\Program Files\Windows Journal

2016-02-12 03:23 - 2009-07-13 20:04 - 00000478 _____ C:\Windows\win.ini

2016-02-11 15:23 - 2010-05-12 09:00 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2016-02-11 14:59 - 2010-05-12 09:07 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4116772418-655162160-1753580222-1000Core.job

2016-02-10 13:24 - 2010-05-12 09:09 - 00002321 _____ C:\Users\Lena\Desktop\Google Chrome.lnk

2016-02-10 13:24 - 2010-05-12 09:08 - 00002346 _____ C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-02-08 16:53 - 2010-05-12 09:07 - 00000000 ____D C:\Users\Lena\AppData\Local\Google

2016-02-08 16:24 - 2014-06-13 18:20 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-02-08 16:24 - 2014-06-13 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-02-08 16:24 - 2014-06-13 18:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

2016-02-08 11:09 - 2011-06-27 12:53 - 00000000 ____D C:\Users\Lena\Documents\HFALLS

2016-02-08 09:48 - 2015-07-09 08:33 - 00001278 _____ C:\Windows\system32\userawacs.cfg

2016-02-08 09:48 - 2015-07-09 08:32 - 00000230 _____ C:\Windows\system32\usergui.cfg

2016-02-03 09:20 - 2009-07-13 22:53 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2016-02-01 09:37 - 2015-07-17 08:32 - 00000000 ____D C:\ProgramData\AVG Web TuneUp

2016-01-28 09:28 - 2011-07-14 19:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2016-01-28 09:23 - 2011-07-14 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2016-01-28 09:14 - 2013-07-16 16:23 - 00000000 ____D C:\Windows\system32\MRT

2016-01-27 11:40 - 2015-04-17 07:28 - 00000000 ___SD C:\Windows\system32\GWX

2016-01-27 11:40 - 2010-05-12 14:49 - 00000000 ____D C:\Users\Lena

2016-01-27 11:40 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\registration

2016-01-27 11:40 - 2009-07-13 20:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2016-01-27 11:38 - 2010-01-14 20:48 - 00000000 ___RD C:\MSOCache

 

==================== Files in the root of some directories =======

 

2013-04-16 10:17 - 2013-04-16 12:36 - 0022605 _____ () C:\Users\Lena\AppData\Roaming\Comma Separated Values (Windows).ADR

2010-08-23 23:11 - 2010-08-23 23:11 - 0000056 _____ () C:\ProgramData\ezsidmv.dat

 

Some files in TEMP:

====================

C:\Users\Lena\AppData\Local\Temp\AutoRun.exe

C:\Users\Lena\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\Lena\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Lena\AppData\Local\Temp\drm_dyndata_7400006.dll

C:\Users\Lena\AppData\Local\Temp\EAD1592.exe

C:\Users\Lena\AppData\Local\Temp\EAD29CD.exe

C:\Users\Lena\AppData\Local\Temp\EAD4836.exe

C:\Users\Lena\AppData\Local\Temp\EAD5E64.exe

C:\Users\Lena\AppData\Local\Temp\EAD7B47.exe

C:\Users\Lena\AppData\Local\Temp\EAD7CCD.exe

C:\Users\Lena\AppData\Local\Temp\EAD80C3.exe

C:\Users\Lena\AppData\Local\Temp\EAD8A92.exe

C:\Users\Lena\AppData\Local\Temp\EAD9FA8.exe

C:\Users\Lena\AppData\Local\Temp\EADAD9C.exe

C:\Users\Lena\AppData\Local\Temp\g8oriodx.dll

C:\Users\Lena\AppData\Local\Temp\GUR20D8.exe

C:\Users\Lena\AppData\Local\Temp\installhelper.dll

C:\Users\Lena\AppData\Local\Temp\install_flash_player.exe

C:\Users\Lena\AppData\Local\Temp\IPx86_1033.exe

C:\Users\Lena\AppData\Local\Temp\ose00000.exe

C:\Users\Lena\AppData\Local\Temp\SearchWithGoogleUpdate.exe

C:\Users\Lena\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Lena\AppData\Local\Temp\sqlite3.dll

C:\Users\Lena\AppData\Local\Temp\SRAssetsHelper.dll

C:\Users\Lena\AppData\Local\Temp\The_Weather_Channel_Application.exe

C:\Users\Lena\AppData\Local\Temp\UninstallEADM.dll

C:\Users\Lena\AppData\Local\Temp\VP6Install.exe

C:\Users\Lena\AppData\Local\Temp\VP6VFW.dll

C:\Users\Lena\AppData\Local\Temp\{370E862D-4CD0-4785-9390-B20085B3771F}-38.0.2125.111_38.0.2125.104_chrome_updater.exe

C:\Users\Lena\AppData\Local\Temp\{5066F11D-C488-4E4F-8E90-833E66A35955}-23.0.1271.64_22.0.1229.94_chrome_updater.exe

C:\Users\Lena\AppData\Local\Temp\{B16681B8-491B-4969-B870-BD1985D3A8C0}-chrome_updater.exe

C:\Users\Lena\AppData\Local\Temp\{B3FB2FC1-DA54-4D80-8FD3-38D6FB1931E0}-23.0.1271.97_23.0.1271.95_chrome_updater.exe

C:\Users\Lena\AppData\Local\Temp\{F04181AC-65C2-47F2-8941-2565CD41B8E9}-29.0.1547.66_29.0.1547.62_chrome_updater.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-02-08 13:56

 

==================== End of FRST.txt ============================

[jbobo348]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-02-2016

Ran by Lena (2016-02-12 11:54:28)

Running from C:\Users\Lena\Desktop\Downloads

Microsoft Windows 7 Professional  Service Pack 1 (X86) (2010-05-12 20:49:10)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-4116772418-655162160-1753580222-500 - Administrator - Disabled)

Guest (S-1-5-21-4116772418-655162160-1753580222-501 - Limited - Disabled)

Lena (S-1-5-21-4116772418-655162160-1753580222-1000 - Administrator - Enabled) => C:\Users\Lena

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)

Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)

Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)

DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)

EA Download Manager (HKLM\...\EA Download Manager) (Version: 6.0.4.124 - Electronic Arts, Inc.)

EA Download Manager UI (HKLM\...\com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 6.0.4.124 - Electronic Arts)

EA Download Manager UI (Version: 6.0.4 - Electronic Arts) Hidden

Fitbit Connect (HKLM\...\{F76678F2-2FF6-40D7-9B16-A39B0A820ED2}) (Version: 1.0.3.5512 - Fitbit Inc.)

Garmin Communicator Plugin (HKLM\...\{8ED02445-D491-414C-A56D-2ED6BBB7239A}) (Version: 3.0.1 - Garmin Ltd or its subsidiaries)

Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)

Google Chrome (HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden

GoToMeeting 5.5.0.1133 (HKU\S-1-5-21-4116772418-655162160-1753580222-1000\...\GoToMeeting) (Version: 5.5.0.1133 - CitrixOnline)

HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{ECB35FFA-B010-45C5-9AB5-665AC7E27EE2}) (Version: 22.0.334.0 - Hewlett-Packard Co.)

HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)

HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{6BE73D27-5ADC-4AD9-B619-8F5188AFCF9F}) (Version: 22.0.334.0 - Hewlett-Packard Co.)

HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)

HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)

iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)

iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)

MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.)

Online Plug-in (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden

QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)

Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

Self-service Plug-in (Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)

Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

The Sims™ 2 Double Deluxe (HKLM\...\{C22E50B4-B9D0-4a07-B1F3-12362514FEA7}) (Version:  - Electronic Arts)

VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)

Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Chrome\Application\48.0.2564.109\delegate_execute.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1133\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {02F6C99D-B22A-4606-865C-EE94C1FE40CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {0E3C0F78-0722-4E40-9AC8-0C462F1D631E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {11407B25-2166-4023-9730-3A4A3998BD4D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-02-08] (AVAST Software)

Task: {20F40C46-F336-47D2-8195-8B0AF7929C21} - System32\Tasks\{7C23255D-7CA3-4BAD-8E98-A7F21788A2D8} => Chrome.exe 

Task: {2788CCCF-AAE1-4616-A0F6-4E8789A598A1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-08] (AVAST Software)

Task: {3650B140-5163-41AB-BAE6-0E5862E1549F} - System32\Tasks\{052C07D6-8C92-4345-A445-5DD5A94CFC5C} => C:\Program Files\iTunes\iTunes.exe [2015-08-13] (Apple Inc.)

Task: {3B3C326D-7574-423E-80E5-87261232107C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {3FDE49BC-2A1A-45F2-9EE2-0FCCC7FE7104} - System32\Tasks\{FDFAB59F-A8D3-4691-84FD-515401945059} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.2.0.169.404&LastError=12002

Task: {435B97A3-A6F7-48AB-B767-8355E68D02CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4116772418-655162160-1753580222-1000Core => C:\Users\Lena\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {4E811D86-3B1D-43C2-A42D-F966E87E36A3} - System32\Tasks\{C48279B2-756F-4D7F-97D0-DCBED8E06F75} => C:\Program Files\AVG\AVG2015\avgui.exe

Task: {53F24067-2C0A-4477-B156-6A1A6D01FCD9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4116772418-655162160-1753580222-1000UA => C:\Users\Lena\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {55380E5A-8003-4C1C-81DA-CAE7890C7DA6} - System32\Tasks\{55D8708A-F9F8-4C2E-8CBD-7896A4841EAC} => Chrome.exe 

Task: {62A3E549-4E75-499E-B878-4B0CAC9D25A4} - System32\Tasks\{AACF855E-BB48-47A9-979D-0424A9FEC0E8} => Chrome.exe 

Task: {6547248E-3ECD-442A-9BC1-A62146E524E0} - System32\Tasks\{E2925CD5-9C96-49F9-9020-41E90D156961} => Chrome.exe 

Task: {6924B4A1-36B8-4F70-923E-52A79A79646A} - System32\Tasks\{8CCC030A-9CD5-484E-B407-88C3D54491F2} => C:\Program Files\iTunes\iTunes.exe [2015-08-13] (Apple Inc.)

Task: {70BEA12D-4EB9-416A-927C-EC97F0770285} - System32\Tasks\{5E021C3D-0435-4AD5-9E61-6C942CF17F6B} => Chrome.exe 

Task: {7AFD50A8-F687-45B6-95BB-334B5FF1AFF0} - \DTReg -> No File <==== ATTENTION

Task: {80F594EA-95C4-4F54-9A33-A1B05E61E25A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {B2912FD8-321A-485C-9B6E-B2C935466178} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {B51ABEAC-4CBC-4491-8ED2-66700A48E93D} - System32\Tasks\{9ABC865F-A514-4A6D-9187-D6F9577E66CD} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)

Task: {C68E9A1C-593B-4141-AFBC-1478404E241D} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)

Task: {D55625E1-E29E-42C4-8184-066B0A26849E} - System32\Tasks\{B3868327-72DD-470F-96E9-EF52A50380C4} => Chrome.exe 

Task: {EF185EE2-8C13-4793-9216-34D667FBB113} - System32\Tasks\{06A1C31E-94A7-448B-9437-920864AF3CF4} => Chrome.exe 

Task: {FADDA327-A25C-4D0B-A980-64EB7977BD19} - \DTChk -> No File <==== ATTENTION

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4116772418-655162160-1753580222-1000Core.job => C:\Users\Lena\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4116772418-655162160-1753580222-1000UA.job => C:\Users\Lena\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2016-02-08 16:47 - 2016-02-08 16:47 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2016-02-08 16:47 - 2016-02-08 16:47 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-02-12 07:45 - 2016-02-12 07:45 - 02820096 _____ () C:\Program Files\AVAST Software\Avast\defs\16021200\algo.dll

2016-02-08 16:47 - 2016-02-08 16:47 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-10-13 05:46 - 2015-05-15 15:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2013-05-08 07:51 - 2013-05-08 07:51 - 00019056 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\viewerps.dll

2016-02-08 16:47 - 2016-02-08 16:47 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Users\Lena\Documents\2014 tax information.tiff:3or4kl4x13tuuug3Byamue2s4b

AlternateDataStreams: C:\Users\Lena\Documents\2014 tax information.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (c313b940-046e-4fbe-95da-7ff236dbaca8) => ""="Service"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-4116772418-655162160-1753580222-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.104.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{0376279A-A2C3-46FA-997B-E97656EEF3F7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{543F4F21-9166-4898-BBA2-3D828C44A848}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe

FirewallRules: [uDP Query User{2689D0E9-A0A0-4B5A-8828-825DB13E5476}C:\program files\electronic arts\eadm\core.exe] => (Allow) C:\program files\electronic arts\eadm\core.exe

FirewallRules: [{FC921B4C-735E-4B94-AAB5-9BD9B6F4BA98}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{4F3D5F29-E86E-4740-A4C1-2D422F826ECC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{A49047FA-5EA6-4123-BDEF-82E20E06D4ED}] => (Allow) C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe

FirewallRules: [{FB1FF30D-668D-4415-976F-FD97B5D14482}] => (Allow) C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe

FirewallRules: [{C3EC4B44-48DF-4601-B96B-4D9F513CDEFE}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

FirewallRules: [{24FE6280-4F3F-4CF4-86C0-A4EF76B15932}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe

FirewallRules: [{1FA4D3A6-7CD8-4A73-BCFE-765CAC2AE938}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe

FirewallRules: [{F20B5A04-F4B9-4CE7-B08F-CCDC7546809D}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{0115E73E-A39F-426F-9FEC-E425A78BEE6D}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{E29CC89C-BA16-421D-B77A-DB6B3B1F303E}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe

FirewallRules: [{4ED05BA0-08EA-4572-8093-57432E5D6F49}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe

FirewallRules: [{EF3395CF-DE6A-44A3-9E5B-1349D70DDEC4}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{A80A3B59-C697-47B9-92DA-FBFC91BA86E8}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{1287DA8B-0153-4800-91B8-40FF1F1B5FE6}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe

FirewallRules: [{016052BE-956D-4C7F-B60F-F0A0E778B5D0}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe

FirewallRules: [{1A98304D-4C0E-4CFD-8C84-6C99F3EB912D}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [TCP Query User{25323CB7-5E67-4D97-8892-3C80C11548A5}C:\users\lena\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\lena\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [uDP Query User{3ECF34BF-45EB-4A5F-AFF7-35E6B19C6A88}C:\users\lena\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\lena\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [TCP Query User{332E62E0-270B-4547-AFE4-7AB4202E4EB6}C:\users\lena\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\lena\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [uDP Query User{657EC60F-C343-404C-AE1A-E8549BA319FA}C:\users\lena\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\lena\appdata\local\google\chrome\application\chrome.exe

 

==================== Restore Points =========================

 

27-01-2016 16:56:10 Windows Update

28-01-2016 09:11:32 Windows Update

04-02-2016 12:07:17 Scheduled Checkpoint

11-02-2016 14:12:27 Scheduled Checkpoint

12-02-2016 03:02:47 Windows Update

12-02-2016 10:57:28 Removed AVG 2015

12-02-2016 11:00:13 Removed AVG 2015

 

==================== Faulty Device Manager Devices =============

 

Name: Lexmark X422

Description: Lexmark X422

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: Lexmark

Service: usbscan

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/12/2016 11:00:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

 

System Error:

The system cannot find the file specified.

.

 

Error: (02/12/2016 03:56:02 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Web.DynamicData, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020

 

Error: (02/12/2016 03:51:52 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: ehshell, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020

 

Error: (02/12/2016 03:06:29 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1c48

 

Start Time: 01d1657136cf4d29

 

Termination Time: 156

 

Application Path: C:\Users\Lena\Desktop\Downloads\OTL.exe

 

Report Id:

 

Error: (02/11/2016 09:15:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 58410862

 

Error: (02/11/2016 09:15:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 58410862

 

Error: (02/11/2016 09:15:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/08/2016 04:59:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 31652

 

Error: (02/08/2016 04:59:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 31652

 

Error: (02/08/2016 04:59:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

System errors:

=============

Error: (02/12/2016 11:10:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (02/12/2016 11:08:54 AM) (Source: atikmdag) (EventID: 10261) (User: )

Description: Display is not active

 

Error: (02/12/2016 11:08:54 AM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

 

Error: (02/12/2016 11:08:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The UPnP Device Host service failed to start due to the following error: 

%%1069

 

Error: (02/12/2016 11:08:03 AM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 

%%1352

 

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

 

Error: (02/12/2016 11:08:03 AM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

 

Error: (02/12/2016 09:34:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (02/12/2016 09:32:50 AM) (Source: atikmdag) (EventID: 10261) (User: )

Description: Display is not active

 

Error: (02/12/2016 09:32:50 AM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

 

Error: (02/12/2016 09:31:01 AM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: 

%%1056

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5 CPU M 430 @ 2.27GHz

Percentage of memory in use: 42%

Total physical RAM: 3061.87 MB

Available physical RAM: 1775.54 MB

Total Virtual: 6122.06 MB

Available Virtual: 4587.93 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:463.74 GB) (Free:319.08 GB) NTFS ==>[drive with boot components (obtained from BCD)]

Drive d: (HP_TOOLS) (Fixed) (Total:2 GB) (Free:1.99 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 95AA95AA)

Partition 1: (Active) - (Size=463.7 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=2 GB) - (Type=0C)

 

==================== End of Addition.txt ============================

[jbobo348]

What should I do now?

[kevinf80]

Thanks for those logs, continue as follows:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Let me see that log, also let me know how your system responds in general, are there any remaining issues or concerns....

 

If the MS office shorcuts are the same do the following: Open microsoft office, select  "microsoft office tools" >  "microsoft office picture manager" > "help" > "detect and repair" > "check restore my shortcuts while repairing".

This should restore all the microsoft office shortcuts,  This link: http://www.addintools.com/documents/office/where-is-tools-menu.html shows how to use office tools....
 

Fixlist.txt

[jbobo348]

Fix result of Farbar Recovery Scan Tool (x86) Version:07-02-2016

Ran by Lena (2016-02-12 13:58:27) Run:1

Running from C:\Users\Lena\Desktop\Downloads

Loaded Profiles: Lena (Available Profiles: Lena)

Boot Mode: Normal

 

==============================================

 

fixlist content:

*****************

Start

CreateRestorePoint:

CloseProcesses:

C:\Users\Lena\AppData\Local\Temp\AutoRun.exe

C:\Users\Lena\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\Lena\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Lena\AppData\Local\Temp\drm_dyndata_7400006.dll

C:\Users\Lena\AppData\Local\Temp\EAD1592.exe

C:\Users\Lena\AppData\Local\Temp\EAD29CD.exe

C:\Users\Lena\AppData\Local\Temp\EAD4836.exe

C:\Users\Lena\AppData\Local\Temp\EAD5E64.exe

C:\Users\Lena\AppData\Local\Temp\EAD7B47.exe

C:\Users\Lena\AppData\Local\Temp\EAD7CCD.exe

C:\Users\Lena\AppData\Local\Temp\EAD80C3.exe

C:\Users\Lena\AppData\Local\Temp\EAD8A92.exe

C:\Users\Lena\AppData\Local\Temp\EAD9FA8.exe

C:\Users\Lena\AppData\Local\Temp\EADAD9C.exe

C:\Users\Lena\AppData\Local\Temp\g8oriodx.dll

C:\Users\Lena\AppData\Local\Temp\GUR20D8.exe

C:\Users\Lena\AppData\Local\Temp\installhelper.dll

C:\Users\Lena\AppData\Local\Temp\install_flash_player.exe

C:\Users\Lena\AppData\Local\Temp\IPx86_1033.exe

C:\Users\Lena\AppData\Local\Temp\ose00000.exe

C:\Users\Lena\AppData\Local\Temp\SearchWithGoogleUpdate.exe

C:\Users\Lena\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Lena\AppData\Local\Temp\sqlite3.dll

C:\Users\Lena\AppData\Local\Temp\SRAssetsHelper.dll

C:\Users\Lena\AppData\Local\Temp\The_Weather_Channel_Application.exe

C:\Users\Lena\AppData\Local\Temp\UninstallEADM.dll

C:\Users\Lena\AppData\Local\Temp\VP6Install.exe

C:\Users\Lena\AppData\Local\Temp\VP6VFW.dll

C:\Users\Lena\AppData\Local\Temp\{370E862D-4CD0-4785-9390-B20085B3771F}-38.0.2125.111_38.0.2125.104_chrome_updater.exe

C:\Users\Lena\AppData\Local\Temp\{5066F11D-C488-4E4F-8E90-833E66A35955}-23.0.1271.64_22.0.1229.94_chrome_updater.exe

C:\Users\Lena\AppData\Local\Temp\{B16681B8-491B-4969-B870-BD1985D3A8C0}-chrome_updater.exe

C:\Users\Lena\AppData\Local\Temp\{B3FB2FC1-DA54-4D80-8FD3-38D6FB1931E0}-23.0.1271.97_23.0.1271.95_chrome_updater.exe

C:\Users\Lena\AppData\Local\Temp\{F04181AC-65C2-47F2-8941-2565CD41B8E9}-29.0.1547.66_29.0.1547.62_chrome_updater.exe

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File

CustomCLSID: HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lena\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File

Task: {7AFD50A8-F687-45B6-95BB-334B5FF1AFF0} - \DTReg -> No File <==== ATTENTION

Task: {FADDA327-A25C-4D0B-A980-64EB7977BD19} - \DTChk -> No File <==== ATTENTION

AlternateDataStreams: C:\Users\Lena\Documents\2014 tax information.tiff:3or4kl4x13tuuug3Byamue2s4b

AlternateDataStreams: C:\Users\Lena\Documents\2014 tax information.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

FirewallRules: [{A49047FA-5EA6-4123-BDEF-82E20E06D4ED}] => (Allow) C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe

FirewallRules: [{FB1FF30D-668D-4415-976F-FD97B5D14482}] => (Allow) C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe

C:\Program Files\Searchqu Toolbar\

FirewallRules: [{F20B5A04-F4B9-4CE7-B08F-CCDC7546809D}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{0115E73E-A39F-426F-9FEC-E425A78BEE6D}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{E29CC89C-BA16-421D-B77A-DB6B3B1F303E}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe

FirewallRules: [{4ED05BA0-08EA-4572-8093-57432E5D6F49}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe

FirewallRules: [{EF3395CF-DE6A-44A3-9E5B-1349D70DDEC4}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{A80A3B59-C697-47B9-92DA-FBFC91BA86E8}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{1287DA8B-0153-4800-91B8-40FF1F1B5FE6}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe

FirewallRules: [{016052BE-956D-4C7F-B60F-F0A0E778B5D0}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe

C:\Program Files\AVG

CMD: ipconfig /flushdns

EmptyTemp:

end

 

 

 

*****************

 

Restore point was successfully created.

Processes closed successfully.

C:\Users\Lena\AppData\Local\Temp\AutoRun.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\AutoRunGUI.dll => moved successfully

C:\Users\Lena\AppData\Local\Temp\dllnt_dump.dll => moved successfully

C:\Users\Lena\AppData\Local\Temp\drm_dyndata_7400006.dll => moved successfully

C:\Users\Lena\AppData\Local\Temp\EAD1592.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\EAD29CD.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\EAD4836.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\EAD5E64.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\EAD7B47.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\EAD7CCD.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\EAD80C3.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\EAD8A92.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\EAD9FA8.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\EADAD9C.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\g8oriodx.dll => moved successfully

C:\Users\Lena\AppData\Local\Temp\GUR20D8.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\installhelper.dll => moved successfully

C:\Users\Lena\AppData\Local\Temp\install_flash_player.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\IPx86_1033.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\ose00000.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\SearchWithGoogleUpdate.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\SkypeSetup.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\sqlite3.dll => moved successfully

C:\Users\Lena\AppData\Local\Temp\SRAssetsHelper.dll => moved successfully

C:\Users\Lena\AppData\Local\Temp\The_Weather_Channel_Application.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\UninstallEADM.dll => moved successfully

C:\Users\Lena\AppData\Local\Temp\VP6Install.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\VP6VFW.dll => moved successfully

C:\Users\Lena\AppData\Local\Temp\{370E862D-4CD0-4785-9390-B20085B3771F}-38.0.2125.111_38.0.2125.104_chrome_updater.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\{5066F11D-C488-4E4F-8E90-833E66A35955}-23.0.1271.64_22.0.1229.94_chrome_updater.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\{B16681B8-491B-4969-B870-BD1985D3A8C0}-chrome_updater.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\{B3FB2FC1-DA54-4D80-8FD3-38D6FB1931E0}-23.0.1271.97_23.0.1271.95_chrome_updater.exe => moved successfully

C:\Users\Lena\AppData\Local\Temp\{F04181AC-65C2-47F2-8941-2565CD41B8E9}-29.0.1547.66_29.0.1547.62_chrome_updater.exe => moved successfully

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => key removed successfully.

"HKU\S-1-5-21-4116772418-655162160-1753580222-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AFD50A8-F687-45B6-95BB-334B5FF1AFF0}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AFD50A8-F687-45B6-95BB-334B5FF1AFF0}" => key removed successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg => key not found. 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FADDA327-A25C-4D0B-A980-64EB7977BD19}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FADDA327-A25C-4D0B-A980-64EB7977BD19}" => key removed successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTChk => key not found. 

"C:\Users\Lena\Documents\2014 tax information.tiff" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.

C:\Users\Lena\Documents\2014 tax information.tiff => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully..

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49047FA-5EA6-4123-BDEF-82E20E06D4ED} => value removed successfully.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB1FF30D-668D-4415-976F-FD97B5D14482} => value removed successfully.

"C:\Program Files\Searchqu Toolbar" => not found.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F20B5A04-F4B9-4CE7-B08F-CCDC7546809D} => value removed successfully.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0115E73E-A39F-426F-9FEC-E425A78BEE6D} => value removed successfully.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E29CC89C-BA16-421D-B77A-DB6B3B1F303E} => value removed successfully.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4ED05BA0-08EA-4572-8093-57432E5D6F49} => value removed successfully.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF3395CF-DE6A-44A3-9E5B-1349D70DDEC4} => value removed successfully.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A80A3B59-C697-47B9-92DA-FBFC91BA86E8} => value removed successfully.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1287DA8B-0153-4800-91B8-40FF1F1B5FE6} => value removed successfully.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{016052BE-956D-4C7F-B60F-F0A0E778B5D0} => value removed successfully.

C:\Program Files\AVG => moved successfully

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

[kevinf80]

What is the current status or your system?

[kevinf80]

Any progress?

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!