Jump to content

My laptop is Slooow


Recommended Posts

  • Staff

Hello Shaka71, welcome to Malwarebytes' Malware Removal forum!
 
My name is Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 

======================================================
 
Please run the following scans:
 
STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach (not copy/paste) the file in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM log
  • TDSSKiller log (attached!)
Link to post
Share on other sites

Thanks Adam, you can call me Rick

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/7/2016
Scan Time: 4:26 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.07.07
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x86
File System: NTFS
User: Papa

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388222
Time Elapsed: 1 hr, 51 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Staff

Hello Rick, 
 
That's quite alright. Please do the following:
 
STEP 1
nSymGHK.png Folder Options 

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Control Folders and click OK.
  • Click View. Under Hidden files and folders
  • Place a checkmark next to Show hidden files, folders and drives.
  • Remove the checkmark next to Hide extensions for known file types.
  • Remove the checkmark next to Hide protected operating system Files (Recommended).
  • Click Apply followed by OK.
     

STEP 2
nWhGEI3.png VirusTotal Upload

  • Please go to VirusTotal.com.
  • Click Choose File and locate the following file:
    • C:\WINDOWS\System32\DRIVERS\15655
  • Click Scan it!.
  • If you receive the following notification: File already analysed click Reanalyse.
  • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply. 
Link to post
Share on other sites

  • Staff

Hi Rick, 
 
Please carry out the instructions below. AVG Anti-Virus can be particularly heavy on system resources, which is why I've asked you to remove the programme in Step 2. Windows 10 comes with an in-built Anti-Virus - Windows Defender, which can serve as a replacement for the time being. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startCreateRestorePoint:HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTIONToolbar: HKU\S-1-5-21-2460007330-1602574811-448885161-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No FileToolbar: HKU\S-1-5-21-2460007330-1602574811-448885161-1001 -> No Name - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} -  No FileToolbar: HKU\S-1-5-21-2460007330-1602574811-448885161-1001 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No FileHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No FileFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-09-04]FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-11-16]FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-07-24] <==== ATTENTIONTask: {35D52BDB-359B-41BB-A4EA-FCA21BA5BC9F} - System32\Tasks\EIQGM => C:\Users\Papa\AppData\Roaming\yaho.exeC:\Users\Papa\AppData\Roaming\yaho.exe2014-04-21 08:17 - 2014-09-04 13:09 - 0000000 _____ () C:\Program Files\Mozilla Firefoxwtu-secure-search.xml2011-02-08 19:07 - 2011-02-08 19:07 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\1114.bat2011-02-09 01:11 - 2011-02-09 01:11 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\1156.bat2011-02-08 17:58 - 2011-02-08 17:58 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\1164.bat2011-02-08 10:18 - 2011-02-08 10:18 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\1208.bat2011-02-08 18:43 - 2011-02-08 18:43 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\1248.bat2011-02-08 20:38 - 2011-02-08 20:38 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\1454.bat2011-02-08 11:06 - 2011-02-08 11:06 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\162.bat2011-02-09 00:32 - 2011-02-09 00:32 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\1642.bat2011-02-08 10:45 - 2011-02-08 10:45 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\1664.bat2011-02-08 21:11 - 2011-02-08 21:11 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\1716.bat2011-02-08 21:29 - 2011-02-08 21:29 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\2077.bat2011-02-09 02:30 - 2011-02-09 02:30 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\2207.bat2011-02-08 19:33 - 2011-02-08 19:33 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\2419.bat2011-02-08 18:18 - 2011-02-08 18:18 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\2494.bat2011-02-08 10:50 - 2011-02-08 10:50 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\2570.bat2011-02-08 18:15 - 2011-02-08 18:15 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\258.bat2011-02-08 09:57 - 2011-02-08 09:57 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\2712.bat2011-02-08 23:42 - 2011-02-08 23:42 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\3185.bat2011-02-08 20:13 - 2011-02-08 20:13 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\3571.bat2011-02-08 19:30 - 2011-02-08 19:30 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\3666.bat2011-02-09 02:39 - 2011-02-09 02:39 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\3691.bat2011-02-08 11:03 - 2011-02-08 11:03 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\370.bat2011-02-08 12:06 - 2011-02-08 12:06 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\3729.bat2011-02-08 22:57 - 2011-02-08 22:57 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\3848.bat2011-02-08 23:06 - 2011-02-08 23:06 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\4076.bat2011-02-08 21:23 - 2011-02-08 21:23 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\4376.bat2011-02-09 00:46 - 2011-02-09 00:46 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\4382.bat2011-02-08 17:26 - 2011-02-08 17:26 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\447.bat2011-02-08 22:34 - 2011-02-08 22:34 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\4835.bat2011-02-08 23:17 - 2011-02-08 23:17 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\4903.bat2011-02-08 18:33 - 2011-02-08 18:33 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\5152.bat2011-02-08 20:14 - 2011-02-08 20:14 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\5284.bat2011-02-08 22:33 - 2011-02-08 22:33 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\5345.bat2011-02-08 11:32 - 2011-02-08 11:32 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\5535.bat2011-02-08 19:20 - 2011-02-08 19:20 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\5651.bat2011-02-08 22:20 - 2011-02-08 22:20 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\5719.bat2011-02-08 11:38 - 2011-02-08 11:38 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\5839.bat2011-02-08 11:49 - 2011-02-08 11:49 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\5860.bat2011-02-08 19:58 - 2011-02-08 19:58 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\5977.bat2011-02-08 21:53 - 2011-02-08 21:53 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\6080.bat2011-02-08 17:08 - 2011-02-08 17:08 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\6389.bat2011-02-08 21:48 - 2011-02-08 21:48 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\6438.bat2011-02-08 10:41 - 2011-02-08 10:41 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\6538.bat2011-02-08 09:57 - 2011-02-08 09:57 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\6571.bat2011-02-09 01:04 - 2011-02-09 01:04 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\6947.bat2011-02-08 23:49 - 2011-02-08 23:49 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\7021.bat2011-02-08 18:24 - 2011-02-08 18:24 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\717.bat2011-02-09 00:08 - 2011-02-09 00:08 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\7197.bat2011-02-08 23:52 - 2011-02-08 23:52 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\7326.bat2011-02-09 00:13 - 2011-02-09 00:13 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\7628.bat2011-02-08 23:03 - 2011-02-08 23:03 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\773.bat2011-02-08 21:05 - 2011-02-08 21:05 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\789.bat2011-02-08 17:28 - 2011-02-08 17:28 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\7913.bat2011-02-08 11:57 - 2011-02-08 11:57 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\7957.bat2011-02-08 20:18 - 2011-02-08 20:18 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\799.bat2011-02-08 10:11 - 2011-02-08 10:11 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\8003.bat2011-02-09 00:44 - 2011-02-09 00:44 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\8161.bat2011-02-08 19:01 - 2011-02-08 19:01 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\8182.bat2011-02-08 22:22 - 2011-02-08 22:22 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\8326.bat2011-02-08 20:52 - 2011-02-08 20:52 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\8395.bat2011-02-08 17:09 - 2011-02-08 17:09 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\8459.bat2011-02-08 21:16 - 2011-02-08 21:16 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\8525.bat2011-02-08 23:36 - 2011-02-08 23:36 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\8566.bat2011-02-08 17:55 - 2011-02-08 17:55 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\8646.bat2011-02-08 23:23 - 2011-02-08 23:23 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\877.bat2011-02-08 20:00 - 2011-02-08 20:00 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\900.bat2011-02-09 00:56 - 2011-02-09 00:56 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\9024.bat2011-02-08 21:48 - 2011-02-08 21:48 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\9038.bat2011-02-08 16:50 - 2011-02-08 16:50 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\9105.bat2011-02-08 10:36 - 2011-02-08 18:49 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\9192.bat2011-02-08 16:50 - 2011-02-08 16:50 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\9288.bat2011-02-08 11:38 - 2011-02-08 11:38 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\9735.batCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{104846AB-42B1-4E38-A80D-136F78C3F258}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{18907F3B-9AFB-4F87-B764-F9A4E16A21B8}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{280A3020-86CF-11D1-ABE6-00A0C905F375}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{3AE86B20-7BE8-11D1-ABE6-00A0C905F375}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{5DBB6D88-2B93-4F9E-BA90-2445304D67E9}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{725F645B-EAED-4FC5-B1C5-D9AD0ACCBA5E}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{7EFC002A-071F-4CE7-B265-F4B4263D2FD2}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{8F170678-2A97-4D59-89A1-7A0A71C1B677}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{934D4698-6A59-48F8-9F29-9FB30670320E}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{A666634D-333F-4CC9-AF78-65ED7DB1D6C3}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{AB9D6472-752F-43F6-B29E-61207BDA8E06}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{AFB6C280-2C41-11D3-8A60-0000F81E0E4A}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{E2FB4720-F45F-4A3C-8CB2-2060E12425C3}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{ED233797-F47D-475E-9FCA-3D549E4DDAA4}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> no filepathTask: {00172EDC-88C5-40DD-B8A0-E0D0E27F380F} - System32\Tasks\{8C7E8BA5-CED0-4A79-ADD6-05DFCBEE6C42} => pcalua.exe -a C:\Users\Mommy\Documents\lsdiorw4.1-1\instserv.exe -d C:\Users\Mommy\Documents\lsdiorw4.1-1Task: {0120E9BC-37A9-4F94-8E30-F3398F13837B} - System32\Tasks\AVG_SYS_TASK_0615av => C:\ProgramData\Avg_Update_0615av\AVG-Secure-Search-Update_0615av.exeC:\ProgramData\Avg_Update_0615avTask: {0935081C-919D-4504-B612-AFEF145795B5} - System32\Tasks\{024C7D14-B3B0-4023-BE4B-EB65CE2118D8} => pcalua.exe -a C:\Users\Papa\Downloads\startuplite-setup-1.07.exe -d C:\Users\Papa\DownloadsTask: {208710A6-E29D-409A-9AD5-772C4946FD3F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTIONTask: {22DF0344-69D6-4922-8B4E-DF89BF11FF76} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTIONTask: {24324398-2FFA-489C-B3F0-F5757D13469B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTIONTask: {43E9D405-0520-48E6-8AAC-F8CBC250282A} - \ConfigFree Startup Programs -> No File <==== ATTENTIONTask: {46DE2218-4240-4535-937C-7DD6B5495A18} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTIONTask: {64D60F9D-B4EC-4B05-AADB-FA6416D77861} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTIONTask: {66488DEE-85BA-4365-856C-DBF03A982A21} - System32\Tasks\{CFD5E03C-5A83-4670-A53B-DA602EE138CD} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{5AC5ED2E-2936-4B54-A429-703F9034938E}\setup.exe" -c -runfromtemp -l0x0009 -removeonlyTask: {764E687E-23F6-43C5-8BB3-8324918AA952} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTIONTask: {7A608CEC-20DA-4CBF-AC3F-383C853B1B2D} - System32\Tasks\{7FC8855F-66AA-4771-9556-329246AC4012} => pcalua.exe -a C:\Users\Mommy\Documents\lsdiorw4.1\instserv.exe -d C:\Users\Mommy\Documents\lsdiorw4.1Task: {8AEA5C7D-A76A-415B-A245-D71B139B6213} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTIONTask: {929746B5-89F2-46DA-A393-87A959A3B5C3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTIONTask: {9F1978BF-A393-4EFE-B395-E82D711EB381} - System32\Tasks\{DB89E11A-80FB-4141-9719-5BD5405F6831} => pcalua.exe -a C:\Users\Papa\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe -c --uninstallTask: {D532319F-ED8E-4760-9AC6-899328BE54B2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTIONTask: {E360DB26-C8DF-4800-9145-A9A647C03E3D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTIONTask: {F52033AB-298A-4E95-86B0-51FF58F3C07C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTIONAlternateDataStreams: C:\ProgramData\TEMP:4B2F39D3 [155]AlternateDataStreams: C:\ProgramData\TEMP:8405B4B0 [152]AlternateDataStreams: C:\ProgramData\TEMP:B95DA41A [143]CMD: ipconfig /flushdnsEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller.
  • Double-Click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • AVG
    • AVG 2016
    • AVG Protection
    • AVG Web TuneUp
    • YTD Video Downloader 3.9.6 
  • Double-Click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: If you are offered the choice to install additional software, ensure you decline
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Upon completion, click Finish.
  • In your next reply, confirm you were successful in uninstalling all programmes listed above. 
  • Confirm Windows Defender is enabled using the following instructions
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • Did the programmes uninstall OK?
Link to post
Share on other sites

I started to run the fix, but Farbar was "not responding". I walked away from my laptop. Few minutes later saw AVG pop up. Before I could read what it said window was gone. Now Farbar is gone from my machine too. I think AVG erased it. AVG Log only says AVG was updated.

Link to post
Share on other sites

Adam:

 

I uninstalled all of the programs. Here is the fixlog:

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Papa (2016-03-08 16:35:28) Run:3
Running from C:\Users\Papa\Downloads
Loaded Profiles: Papa (Available Profiles: Papa)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION
Toolbar: HKU\S-1-5-21-2460007330-1602574811-448885161-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2460007330-1602574811-448885161-1001 -> No Name - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} -  No File
Toolbar: HKU\S-1-5-21-2460007330-1602574811-448885161-1001 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-09-04]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-11-16]
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-07-24] <==== ATTENTION
Task: {35D52BDB-359B-41BB-A4EA-FCA21BA5BC9F} - System32\Tasks\EIQGM => C:\Users\Papa\AppData\Roaming\yaho.exe
C:\Users\Papa\AppData\Roaming\yaho.exe
2014-04-21 08:17 - 2014-09-04 13:09 - 0000000 _____ () C:\Program Files\Mozilla Firefoxwtu-secure-search.xml
2011-02-08 19:07 - 2011-02-08 19:07 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\1114.bat
2011-02-09 01:11 - 2011-02-09 01:11 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\1156.bat
2011-02-08 17:58 - 2011-02-08 17:58 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\1164.bat
2011-02-08 10:18 - 2011-02-08 10:18 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\1208.bat
2011-02-08 18:43 - 2011-02-08 18:43 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\1248.bat
2011-02-08 20:38 - 2011-02-08 20:38 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\1454.bat
2011-02-08 11:06 - 2011-02-08 11:06 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\162.bat
2011-02-09 00:32 - 2011-02-09 00:32 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\1642.bat
2011-02-08 10:45 - 2011-02-08 10:45 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\1664.bat
2011-02-08 21:11 - 2011-02-08 21:11 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\1716.bat
2011-02-08 21:29 - 2011-02-08 21:29 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\2077.bat
2011-02-09 02:30 - 2011-02-09 02:30 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\2207.bat
2011-02-08 19:33 - 2011-02-08 19:33 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\2419.bat
2011-02-08 18:18 - 2011-02-08 18:18 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\2494.bat
2011-02-08 10:50 - 2011-02-08 10:50 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\2570.bat
2011-02-08 18:15 - 2011-02-08 18:15 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\258.bat
2011-02-08 09:57 - 2011-02-08 09:57 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\2712.bat
2011-02-08 23:42 - 2011-02-08 23:42 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\3185.bat
2011-02-08 20:13 - 2011-02-08 20:13 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\3571.bat
2011-02-08 19:30 - 2011-02-08 19:30 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\3666.bat
2011-02-09 02:39 - 2011-02-09 02:39 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\3691.bat
2011-02-08 11:03 - 2011-02-08 11:03 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\370.bat
2011-02-08 12:06 - 2011-02-08 12:06 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\3729.bat
2011-02-08 22:57 - 2011-02-08 22:57 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\3848.bat
2011-02-08 23:06 - 2011-02-08 23:06 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\4076.bat
2011-02-08 21:23 - 2011-02-08 21:23 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\4376.bat
2011-02-09 00:46 - 2011-02-09 00:46 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\4382.bat
2011-02-08 17:26 - 2011-02-08 17:26 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\447.bat
2011-02-08 22:34 - 2011-02-08 22:34 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\4835.bat
2011-02-08 23:17 - 2011-02-08 23:17 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\4903.bat
2011-02-08 18:33 - 2011-02-08 18:33 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\5152.bat
2011-02-08 20:14 - 2011-02-08 20:14 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\5284.bat
2011-02-08 22:33 - 2011-02-08 22:33 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\5345.bat
2011-02-08 11:32 - 2011-02-08 11:32 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\5535.bat
2011-02-08 19:20 - 2011-02-08 19:20 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\5651.bat
2011-02-08 22:20 - 2011-02-08 22:20 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\5719.bat
2011-02-08 11:38 - 2011-02-08 11:38 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\5839.bat
2011-02-08 11:49 - 2011-02-08 11:49 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\5860.bat
2011-02-08 19:58 - 2011-02-08 19:58 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\5977.bat
2011-02-08 21:53 - 2011-02-08 21:53 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\6080.bat
2011-02-08 17:08 - 2011-02-08 17:08 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\6389.bat
2011-02-08 21:48 - 2011-02-08 21:48 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\6438.bat
2011-02-08 10:41 - 2011-02-08 10:41 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\6538.bat
2011-02-08 09:57 - 2011-02-08 09:57 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\6571.bat
2011-02-09 01:04 - 2011-02-09 01:04 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\6947.bat
2011-02-08 23:49 - 2011-02-08 23:49 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\7021.bat
2011-02-08 18:24 - 2011-02-08 18:24 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\717.bat
2011-02-09 00:08 - 2011-02-09 00:08 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\7197.bat
2011-02-08 23:52 - 2011-02-08 23:52 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\7326.bat
2011-02-09 00:13 - 2011-02-09 00:13 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\7628.bat
2011-02-08 23:03 - 2011-02-08 23:03 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\773.bat
2011-02-08 21:05 - 2011-02-08 21:05 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\789.bat
2011-02-08 17:28 - 2011-02-08 17:28 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\7913.bat
2011-02-08 11:57 - 2011-02-08 11:57 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\7957.bat
2011-02-08 20:18 - 2011-02-08 20:18 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\799.bat
2011-02-08 10:11 - 2011-02-08 10:11 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\8003.bat
2011-02-09 00:44 - 2011-02-09 00:44 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\8161.bat
2011-02-08 19:01 - 2011-02-08 19:01 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\8182.bat
2011-02-08 22:22 - 2011-02-08 22:22 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\8326.bat
2011-02-08 20:52 - 2011-02-08 20:52 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\8395.bat
2011-02-08 17:09 - 2011-02-08 17:09 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\8459.bat
2011-02-08 21:16 - 2011-02-08 21:16 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\8525.bat
2011-02-08 23:36 - 2011-02-08 23:36 - 0000127 _____ () C:\Users\Papa\AppData\Roaming\8566.bat
2011-02-08 17:55 - 2011-02-08 17:55 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\8646.bat
2011-02-08 23:23 - 2011-02-08 23:23 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\877.bat
2011-02-08 20:00 - 2011-02-08 20:00 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\900.bat
2011-02-09 00:56 - 2011-02-09 00:56 - 0000133 _____ () C:\Users\Papa\AppData\Roaming\9024.bat
2011-02-08 21:48 - 2011-02-08 21:48 - 0000123 _____ () C:\Users\Papa\AppData\Roaming\9038.bat
2011-02-08 16:50 - 2011-02-08 16:50 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\9105.bat
2011-02-08 10:36 - 2011-02-08 18:49 - 0000131 _____ () C:\Users\Papa\AppData\Roaming\9192.bat
2011-02-08 16:50 - 2011-02-08 16:50 - 0000125 _____ () C:\Users\Papa\AppData\Roaming\9288.bat
2011-02-08 11:38 - 2011-02-08 11:38 - 0000129 _____ () C:\Users\Papa\AppData\Roaming\9735.bat
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{104846AB-42B1-4E38-A80D-136F78C3F258}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{18907F3B-9AFB-4F87-B764-F9A4E16A21B8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{280A3020-86CF-11D1-ABE6-00A0C905F375}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{3AE86B20-7BE8-11D1-ABE6-00A0C905F375}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{5DBB6D88-2B93-4F9E-BA90-2445304D67E9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{725F645B-EAED-4FC5-B1C5-D9AD0ACCBA5E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{7EFC002A-071F-4CE7-B265-F4B4263D2FD2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{8F170678-2A97-4D59-89A1-7A0A71C1B677}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{934D4698-6A59-48F8-9F29-9FB30670320E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{A666634D-333F-4CC9-AF78-65ED7DB1D6C3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{AB9D6472-752F-43F6-B29E-61207BDA8E06}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{AFB6C280-2C41-11D3-8A60-0000F81E0E4A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{E2FB4720-F45F-4A3C-8CB2-2060E12425C3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{ED233797-F47D-475E-9FCA-3D549E4DDAA4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32 -> no filepath
Task: {00172EDC-88C5-40DD-B8A0-E0D0E27F380F} - System32\Tasks\{8C7E8BA5-CED0-4A79-ADD6-05DFCBEE6C42} => pcalua.exe -a C:\Users\Mommy\Documents\lsdiorw4.1-1\instserv.exe -d C:\Users\Mommy\Documents\lsdiorw4.1-1
Task: {0120E9BC-37A9-4F94-8E30-F3398F13837B} - System32\Tasks\AVG_SYS_TASK_0615av => C:\ProgramData\Avg_Update_0615av\AVG-Secure-Search-Update_0615av.exe
C:\ProgramData\Avg_Update_0615av
Task: {0935081C-919D-4504-B612-AFEF145795B5} - System32\Tasks\{024C7D14-B3B0-4023-BE4B-EB65CE2118D8} => pcalua.exe -a C:\Users\Papa\Downloads\startuplite-setup-1.07.exe -d C:\Users\Papa\Downloads
Task: {208710A6-E29D-409A-9AD5-772C4946FD3F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {22DF0344-69D6-4922-8B4E-DF89BF11FF76} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {24324398-2FFA-489C-B3F0-F5757D13469B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {43E9D405-0520-48E6-8AAC-F8CBC250282A} - \ConfigFree Startup Programs -> No File <==== ATTENTION
Task: {46DE2218-4240-4535-937C-7DD6B5495A18} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {64D60F9D-B4EC-4B05-AADB-FA6416D77861} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {66488DEE-85BA-4365-856C-DBF03A982A21} - System32\Tasks\{CFD5E03C-5A83-4670-A53B-DA602EE138CD} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{5AC5ED2E-2936-4B54-A429-703F9034938E}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {764E687E-23F6-43C5-8BB3-8324918AA952} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7A608CEC-20DA-4CBF-AC3F-383C853B1B2D} - System32\Tasks\{7FC8855F-66AA-4771-9556-329246AC4012} => pcalua.exe -a C:\Users\Mommy\Documents\lsdiorw4.1\instserv.exe -d C:\Users\Mommy\Documents\lsdiorw4.1
Task: {8AEA5C7D-A76A-415B-A245-D71B139B6213} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {929746B5-89F2-46DA-A393-87A959A3B5C3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9F1978BF-A393-4EFE-B395-E82D711EB381} - System32\Tasks\{DB89E11A-80FB-4141-9719-5BD5405F6831} => pcalua.exe -a C:\Users\Papa\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe -c --uninstall
Task: {D532319F-ED8E-4760-9AC6-899328BE54B2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E360DB26-C8DF-4800-9145-A9A647C03E3D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F52033AB-298A-4E95-86B0-51FF58F3C07C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:4B2F39D3 [155]
AlternateDataStreams: C:\ProgramData\TEMP:8405B4B0 [152]
AlternateDataStreams: C:\ProgramData\TEMP:B95DA41A [143]
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************

Restore point was successfully created.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} => value not found.
HKCR\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => value not found.
HKCR\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => key not found.
HKCR\PROTOCOLS\Handler\linkscanner => key not found.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
"C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml" => not found.
"C:\Program Files\mozilla firefox\defaults\pref\itms.js" => not found.
"C:\Program Files\mozilla firefox\firefox.cfg" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35D52BDB-359B-41BB-A4EA-FCA21BA5BC9F} => key not found.
C:\Windows\System32\Tasks\EIQGM => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EIQGM => key not found.
"C:\Users\Papa\AppData\Roaming\yaho.exe" => not found.
"C:\Program Files\Mozilla Firefoxwtu-secure-search.xml" => not found.
"C:\Users\Papa\AppData\Roaming\1114.bat" => not found.
"C:\Users\Papa\AppData\Roaming\1156.bat" => not found.
"C:\Users\Papa\AppData\Roaming\1164.bat" => not found.
"C:\Users\Papa\AppData\Roaming\1208.bat" => not found.
"C:\Users\Papa\AppData\Roaming\1248.bat" => not found.
"C:\Users\Papa\AppData\Roaming\1454.bat" => not found.
"C:\Users\Papa\AppData\Roaming\162.bat" => not found.
"C:\Users\Papa\AppData\Roaming\1642.bat" => not found.
"C:\Users\Papa\AppData\Roaming\1664.bat" => not found.
"C:\Users\Papa\AppData\Roaming\1716.bat" => not found.
"C:\Users\Papa\AppData\Roaming\2077.bat" => not found.
"C:\Users\Papa\AppData\Roaming\2207.bat" => not found.
"C:\Users\Papa\AppData\Roaming\2419.bat" => not found.
"C:\Users\Papa\AppData\Roaming\2494.bat" => not found.
"C:\Users\Papa\AppData\Roaming\2570.bat" => not found.
"C:\Users\Papa\AppData\Roaming\258.bat" => not found.
"C:\Users\Papa\AppData\Roaming\2712.bat" => not found.
"C:\Users\Papa\AppData\Roaming\3185.bat" => not found.
"C:\Users\Papa\AppData\Roaming\3571.bat" => not found.
"C:\Users\Papa\AppData\Roaming\3666.bat" => not found.
"C:\Users\Papa\AppData\Roaming\3691.bat" => not found.
"C:\Users\Papa\AppData\Roaming\370.bat" => not found.
"C:\Users\Papa\AppData\Roaming\3729.bat" => not found.
"C:\Users\Papa\AppData\Roaming\3848.bat" => not found.
"C:\Users\Papa\AppData\Roaming\4076.bat" => not found.
"C:\Users\Papa\AppData\Roaming\4376.bat" => not found.
"C:\Users\Papa\AppData\Roaming\4382.bat" => not found.
"C:\Users\Papa\AppData\Roaming\447.bat" => not found.
"C:\Users\Papa\AppData\Roaming\4835.bat" => not found.
"C:\Users\Papa\AppData\Roaming\4903.bat" => not found.
"C:\Users\Papa\AppData\Roaming\5152.bat" => not found.
"C:\Users\Papa\AppData\Roaming\5284.bat" => not found.
"C:\Users\Papa\AppData\Roaming\5345.bat" => not found.
"C:\Users\Papa\AppData\Roaming\5535.bat" => not found.
"C:\Users\Papa\AppData\Roaming\5651.bat" => not found.
"C:\Users\Papa\AppData\Roaming\5719.bat" => not found.
"C:\Users\Papa\AppData\Roaming\5839.bat" => not found.
"C:\Users\Papa\AppData\Roaming\5860.bat" => not found.
"C:\Users\Papa\AppData\Roaming\5977.bat" => not found.
"C:\Users\Papa\AppData\Roaming\6080.bat" => not found.
"C:\Users\Papa\AppData\Roaming\6389.bat" => not found.
"C:\Users\Papa\AppData\Roaming\6438.bat" => not found.
"C:\Users\Papa\AppData\Roaming\6538.bat" => not found.
"C:\Users\Papa\AppData\Roaming\6571.bat" => not found.
"C:\Users\Papa\AppData\Roaming\6947.bat" => not found.
"C:\Users\Papa\AppData\Roaming\7021.bat" => not found.
"C:\Users\Papa\AppData\Roaming\717.bat" => not found.
"C:\Users\Papa\AppData\Roaming\7197.bat" => not found.
"C:\Users\Papa\AppData\Roaming\7326.bat" => not found.
"C:\Users\Papa\AppData\Roaming\7628.bat" => not found.
"C:\Users\Papa\AppData\Roaming\773.bat" => not found.
"C:\Users\Papa\AppData\Roaming\789.bat" => not found.
"C:\Users\Papa\AppData\Roaming\7913.bat" => not found.
"C:\Users\Papa\AppData\Roaming\7957.bat" => not found.
"C:\Users\Papa\AppData\Roaming\799.bat" => not found.
"C:\Users\Papa\AppData\Roaming\8003.bat" => not found.
"C:\Users\Papa\AppData\Roaming\8161.bat" => not found.
"C:\Users\Papa\AppData\Roaming\8182.bat" => not found.
"C:\Users\Papa\AppData\Roaming\8326.bat" => not found.
"C:\Users\Papa\AppData\Roaming\8395.bat" => not found.
"C:\Users\Papa\AppData\Roaming\8459.bat" => not found.
"C:\Users\Papa\AppData\Roaming\8525.bat" => not found.
"C:\Users\Papa\AppData\Roaming\8566.bat" => not found.
"C:\Users\Papa\AppData\Roaming\8646.bat" => not found.
"C:\Users\Papa\AppData\Roaming\877.bat" => not found.
"C:\Users\Papa\AppData\Roaming\900.bat" => not found.
"C:\Users\Papa\AppData\Roaming\9024.bat" => not found.
"C:\Users\Papa\AppData\Roaming\9038.bat" => not found.
"C:\Users\Papa\AppData\Roaming\9105.bat" => not found.
"C:\Users\Papa\AppData\Roaming\9192.bat" => not found.
"C:\Users\Papa\AppData\Roaming\9288.bat" => not found.
"C:\Users\Papa\AppData\Roaming\9735.bat" => not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{104846AB-42B1-4E38-A80D-136F78C3F258} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{18907F3B-9AFB-4F87-B764-F9A4E16A21B8} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{280A3020-86CF-11D1-ABE6-00A0C905F375} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{3AE86B20-7BE8-11D1-ABE6-00A0C905F375} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{5DBB6D88-2B93-4F9E-BA90-2445304D67E9} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{725F645B-EAED-4FC5-B1C5-D9AD0ACCBA5E} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{7EFC002A-071F-4CE7-B265-F4B4263D2FD2} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{8613E14C-D0C0-4161-AC0F-1DD2563286BC} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{8F170678-2A97-4D59-89A1-7A0A71C1B677} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{934D4698-6A59-48F8-9F29-9FB30670320E} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{A666634D-333F-4CC9-AF78-65ED7DB1D6C3} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{AB9D6472-752F-43F6-B29E-61207BDA8E06} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{AFB6C280-2C41-11D3-8A60-0000F81E0E4A} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{E2FB4720-F45F-4A3C-8CB2-2060E12425C3} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{ED233797-F47D-475E-9FCA-3D549E4DDAA4} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7} => key not found.
HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00172EDC-88C5-40DD-B8A0-E0D0E27F380F} => key not found.
C:\Windows\System32\Tasks\{8C7E8BA5-CED0-4A79-ADD6-05DFCBEE6C42} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8C7E8BA5-CED0-4A79-ADD6-05DFCBEE6C42} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0120E9BC-37A9-4F94-8E30-F3398F13837B} => key not found.
C:\Windows\System32\Tasks\AVG_SYS_TASK_0615av => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_SYS_TASK_0615av => key not found.
"C:\ProgramData\Avg_Update_0615av" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0935081C-919D-4504-B612-AFEF145795B5} => key not found.
C:\Windows\System32\Tasks\{024C7D14-B3B0-4023-BE4B-EB65CE2118D8} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{024C7D14-B3B0-4023-BE4B-EB65CE2118D8} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{208710A6-E29D-409A-9AD5-772C4946FD3F} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22DF0344-69D6-4922-8B4E-DF89BF11FF76} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24324398-2FFA-489C-B3F0-F5757D13469B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43E9D405-0520-48E6-8AAC-F8CBC250282A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConfigFree Startup Programs => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46DE2218-4240-4535-937C-7DD6B5495A18} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64D60F9D-B4EC-4B05-AADB-FA6416D77861} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66488DEE-85BA-4365-856C-DBF03A982A21} => key not found.
C:\Windows\System32\Tasks\{CFD5E03C-5A83-4670-A53B-DA602EE138CD} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CFD5E03C-5A83-4670-A53B-DA602EE138CD} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{764E687E-23F6-43C5-8BB3-8324918AA952} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A608CEC-20DA-4CBF-AC3F-383C853B1B2D} => key not found.
C:\Windows\System32\Tasks\{7FC8855F-66AA-4771-9556-329246AC4012} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7FC8855F-66AA-4771-9556-329246AC4012} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AEA5C7D-A76A-415B-A245-D71B139B6213} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{929746B5-89F2-46DA-A393-87A959A3B5C3} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F1978BF-A393-4EFE-B395-E82D711EB381} => key not found.
C:\Windows\System32\Tasks\{DB89E11A-80FB-4141-9719-5BD5405F6831} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DB89E11A-80FB-4141-9719-5BD5405F6831} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D532319F-ED8E-4760-9AC6-899328BE54B2} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E360DB26-C8DF-4800-9145-A9A647C03E3D} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F52033AB-298A-4E95-86B0-51FF58F3C07C} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found.
"C:\ProgramData\TEMP" => ":4B2F39D3" ADS not found.
"C:\ProgramData\TEMP" => ":8405B4B0" ADS not found.
"C:\ProgramData\TEMP" => ":B95DA41A" ADS not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 57.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 16:40:56 ====

Link to post
Share on other sites

  • Staff

Hi Rick, 
 
Please work your way through the following. Let me know how your computer is performing afterwards. 
 
STEP 1
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 2
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Logfile. A log (AdwCleaner[s1].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning
  • Follow the prompts and allow your computer to reboot
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[s1].txt.
 
 
STEP 3
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================

STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • JRT.txt
  • AdwCleaner[C1].txt
  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x86
Ran by Papa (Administrator) on Wed 03/09/2016 at 21:23:11.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\Users\Papa\AppData\Local\{19CC2318-BAE4-4C9F-ADAD-9A87CBFDC970} (Empty Folder)
Successfully deleted: C:\Users\Papa\AppData\Local\{ED396F8A-EA09-46F6-9F92-644B8650ACBD} (Empty Folder)
Successfully deleted: C:\Users\Papa\AppData\Local\packageaware (Folder)

Deleted the following from C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\5p4fsk46.default-1439751414760\prefs.js
user_pref(browser.search.defaultenginename, Vafmusic7 Customized Web Search);



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/09/2016 at 21:28:56.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

# AdwCleaner v5.101 - Logfile created 09/03/2016 at 21:36:32
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [server]
# Operating system : Windows 10 Home  (x86)
# Username : Papa - BOHICA
# Running from : C:\Users\Papa\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Papa\AppData\Roaming\Yahoo!\Companion

***** [ Files ] *****

[-] File Deleted : C:\Program Files\Mozilla Firefox\browser\nsprotector.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\W3I
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A81E737A17150D040843D72D34240018
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A81E737A17150D040843D72D34240018
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A81E737A17150D040843D72D34240018
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Web browsers ] *****

[-] [C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com
[-] [C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [2195 bytes] - [09/03/2016 21:36:32]
C:\Program Files\AdwCleaner\AdwCleaner[s1].txt - [2178 bytes] - [09/03/2016 21:33:18]

########## EOF - C:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [2369 bytes] ##########
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Papa (administrator) on BOHICA (09-03-2016 21:47:23)
Running from C:\Users\Papa\Downloads
Loaded Profiles: Papa (Available Profiles: Papa)
Platform: Microsoft Windows 10 Home Version 1511 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Nalpeiron Ltd.) C:\Windows\System32\nlssrv32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Farbar) C:\Users\Papa\Downloads\FRST(1).exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\UsoClient.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12214528 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-12-09] (Apple Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3527880 2015-06-12] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...\Run: [Dropbox Update] => C:\Users\Papa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Papa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a99be6b4-69bf-4dc1-a2ad-3aacf7fe6cc6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> {EFEB0A3F-CE34-46A9-9214-31D2B1101F81} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-2460007330-1602574811-448885161-1001 -> {EFEB0A3F-CE34-46A9-9214-31D2B1101F81} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS373US373
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-30] (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-30] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\5p4fsk46.default-1439751414760
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.com/webhp?hl=en
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [No File]
FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-10-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-07] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2460007330-1602574811-448885161-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Papa\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-2460007330-1602574811-448885161-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Papa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2460007330-1602574811-448885161-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-07-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-07-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-07-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-07-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-07-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2012-10-07] (RealNetworks, Inc.)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-08] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files\AVG\AVG2012\Thunderbird => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://www.netflix.com/WiHome
CHR StartupUrls: Default -> "hxxp://www.netflix.com/"
CHR Profile: C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-23]
CHR Extension: (Google Docs) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-23]
CHR Extension: (Google Drive) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-23]
CHR Extension: (YouTube) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]
CHR Extension: (Google Search) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Sheets) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-23]
CHR Extension: (Google Docs Offline) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-23]
CHR Extension: (Gmail) - C:\Users\Papa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-07-03] () [File not signed]
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-28] (BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1926896 2016-02-04] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 nlsX86cc; C:\windows\system32\nlssrv32.exe [57344 2009-12-09] (Nalpeiron Ltd.) [File not signed]
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [216776 2015-06-12] (Synaptics Incorporated)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-17] (TOSHIBA Corporation)
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [243448 2016-01-02] (RaMMicHaeL)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)
S2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 15655; C:\WINDOWS\System32\DRIVERS\15655 [9072 2011-02-02] ()
S3 audiobridge; C:\WINDOWS\System32\DRIVERS\aubridge.sys [22528 2007-07-23] (SoundGenetics) [File not signed]
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [42784 2014-07-06] (AVG Technologies)
S3 BRDriver_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver.sys [66824 2016-01-18] (BitRaider)
R1 glancedrv; C:\WINDOWS\system32\DRIVERS\glancedrv.sys [34080 2009-05-13] (Glance Networks, Inc)
R0 LPCFilter; C:\WINDOWS\System32\drivers\LPCFilter.sys [36208 2009-07-02] (COMPAL ELECTRONIC INC.)
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [494080 2015-10-30] (Realtek                                            )
R3 RTL8187Se; C:\WINDOWS\System32\drivers\RTL8187Se.sys [333824 2008-08-22] (Realtek Semiconductor Corporation                           )
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [50280 2015-07-31] (Toshiba Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-09 21:47 - 2016-03-09 21:47 - 00020426 _____ C:\Users\Papa\Downloads\FRST.txt
2016-03-09 21:31 - 2016-03-09 21:36 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-09 21:31 - 2016-03-09 21:31 - 01524224 _____ C:\Users\Papa\Downloads\AdwCleaner.exe
2016-03-09 21:28 - 2016-03-09 21:28 - 00001149 _____ C:\Users\Papa\Desktop\JRT.txt
2016-03-09 21:19 - 2016-03-09 21:19 - 00755950 _____ C:\Users\Papa\Desktop\Signed Agreement.pdf
2016-03-09 11:21 - 2016-03-09 11:21 - 01024952 _____ C:\Users\Papa\Desktop\W9 SS.pdf
2016-03-09 11:20 - 2016-03-09 11:20 - 01025664 _____ C:\Users\Papa\Desktop\W9 EIN.pdf
2016-03-09 11:09 - 2016-03-09 11:28 - 00000000 ____D C:\Users\Papa\Desktop\Signal Auditing
2016-03-09 11:08 - 2016-03-09 11:10 - 00000000 ____D C:\Users\Papa\Desktop\MillInfo
2016-03-09 11:03 - 2016-03-09 11:03 - 03300142 _____ C:\Users\Papa\Desktop\Sciacca W9 (SS).pdf
2016-03-09 09:49 - 2016-03-09 09:51 - 01609216 _____ (Malwarebytes) C:\Users\Papa\Downloads\JRT.exe
2016-03-08 17:05 - 2016-03-01 00:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-08 17:05 - 2016-02-24 04:15 - 05797216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-08 17:05 - 2016-02-24 04:15 - 01561392 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-08 17:05 - 2016-02-24 04:11 - 00599904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-08 17:05 - 2016-02-24 04:10 - 00959840 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-08 17:05 - 2016-02-24 04:03 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-08 17:05 - 2016-02-24 03:57 - 01174368 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-08 17:05 - 2016-02-24 03:50 - 02885680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-08 17:05 - 2016-02-24 03:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-08 17:05 - 2016-02-24 03:15 - 00107872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-08 17:05 - 2016-02-24 03:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-08 17:05 - 2016-02-24 03:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-08 17:05 - 2016-02-24 03:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-08 17:05 - 2016-02-24 03:03 - 00510880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-08 17:05 - 2016-02-24 02:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-08 17:05 - 2016-02-24 02:59 - 00118304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-08 17:05 - 2016-02-24 02:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-08 17:05 - 2016-02-24 02:35 - 01714016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-08 17:05 - 2016-02-24 02:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-08 17:05 - 2016-02-24 02:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-08 17:05 - 2016-02-24 02:35 - 00482656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-08 17:05 - 2016-02-24 02:35 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-08 17:05 - 2016-02-24 02:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-08 17:05 - 2016-02-24 02:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-08 17:05 - 2016-02-24 02:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-08 17:05 - 2016-02-24 02:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2016-03-08 17:05 - 2016-02-24 01:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-08 17:05 - 2016-02-24 01:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-08 17:05 - 2016-02-24 01:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-08 17:05 - 2016-02-24 01:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-08 17:05 - 2016-02-24 01:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-08 17:05 - 2016-02-24 01:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-08 17:05 - 2016-02-24 01:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-08 17:05 - 2016-02-24 01:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-08 17:05 - 2016-02-24 01:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-08 17:05 - 2016-02-24 01:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-08 17:05 - 2016-02-24 01:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-08 17:05 - 2016-02-24 01:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-08 17:05 - 2016-02-24 01:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-08 17:05 - 2016-02-24 01:38 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-08 17:05 - 2016-02-24 01:37 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-08 17:05 - 2016-02-24 01:37 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-08 17:05 - 2016-02-24 01:37 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-08 17:05 - 2016-02-24 01:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-08 17:05 - 2016-02-24 01:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-08 17:05 - 2016-02-24 01:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-08 17:05 - 2016-02-24 01:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-08 17:05 - 2016-02-24 01:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-08 17:05 - 2016-02-24 01:29 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-08 17:05 - 2016-02-24 01:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-08 17:05 - 2016-02-24 01:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-08 17:05 - 2016-02-24 01:27 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-08 17:05 - 2016-02-24 01:25 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-08 17:05 - 2016-02-24 01:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-08 17:05 - 2016-02-24 01:23 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-08 17:05 - 2016-02-24 01:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-08 17:05 - 2016-02-24 01:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-08 17:05 - 2016-02-24 01:21 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-08 17:05 - 2016-02-24 01:21 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-08 17:05 - 2016-02-24 01:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-08 17:05 - 2016-02-24 01:20 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-08 17:05 - 2016-02-24 01:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-08 17:05 - 2016-02-24 01:18 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-08 17:05 - 2016-02-24 01:18 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-08 17:05 - 2016-02-24 01:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-08 17:05 - 2016-02-24 01:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-08 17:05 - 2016-02-24 01:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-08 17:05 - 2016-02-24 01:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-08 17:05 - 2016-02-24 01:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-08 17:05 - 2016-02-24 01:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-08 17:05 - 2016-02-24 01:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-08 17:05 - 2016-02-24 01:09 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-08 17:05 - 2016-02-24 01:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-08 17:05 - 2016-02-24 01:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-08 17:05 - 2016-02-24 01:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-08 17:05 - 2016-02-24 01:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-08 17:05 - 2016-02-24 01:06 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-08 17:05 - 2016-02-24 01:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-08 17:05 - 2016-02-24 01:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-08 17:05 - 2016-02-24 00:59 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-08 17:05 - 2016-02-24 00:55 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-08 17:05 - 2016-02-24 00:51 - 01184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-08 17:05 - 2016-02-24 00:46 - 02977280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-08 17:05 - 2016-02-24 00:38 - 01524224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-08 17:05 - 2016-02-24 00:37 - 01895936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-08 17:05 - 2016-02-24 00:37 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-08 17:05 - 2016-02-24 00:34 - 01887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-08 17:05 - 2016-02-24 00:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-08 17:05 - 2016-02-24 00:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-08 17:05 - 2016-02-24 00:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-08 17:05 - 2016-02-24 00:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-08 17:05 - 2016-02-24 00:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-08 17:05 - 2016-02-24 00:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-08 17:05 - 2016-02-23 23:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-08 16:46 - 2016-03-09 21:38 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-08 16:33 - 2016-03-08 16:35 - 01725440 _____ (Farbar) C:\Users\Papa\Downloads\FRST(1).exe
2016-03-08 15:45 - 2016-03-08 15:45 - 00001305 _____ C:\Users\Papa\Desktop\Revo Uninstaller.lnk
2016-03-08 15:45 - 2016-03-08 15:45 - 00000000 ____D C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-03-08 15:45 - 2016-03-08 15:45 - 00000000 ____D C:\Program Files\VS Revo Group
2016-03-08 15:44 - 2016-03-08 15:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Papa\Downloads\revosetup.exe
2016-03-08 15:14 - 2016-03-08 15:14 - 00023011 _____ C:\Users\Papa\Desktop\Fixlog.txt
2016-03-08 15:13 - 2016-03-08 15:13 - 00021797 _____ C:\Users\Papa\Desktop\fixlist.txt
2016-03-08 14:57 - 2016-03-08 16:40 - 00042725 _____ C:\Users\Papa\Downloads\Fixlog.txt
2016-03-08 14:56 - 2016-03-08 15:01 - 00000000 ____D C:\Users\Papa\Downloads\FRST-OlderVersion
2016-03-08 13:37 - 2016-03-08 13:37 - 00843781 _____ C:\Users\Papa\Downloads\Agent agreement, info sheet and background check authorization_encrypted_.pdf
2016-03-08 12:24 - 2016-03-08 15:14 - 00000000 ____D C:\Users\Papa\Desktop\LRAH
2016-03-07 18:32 - 2016-03-07 18:40 - 00279620 _____ C:\TDSSKiller.3.1.0.9_07.03.2016_18.32.26_log.txt
2016-03-07 16:33 - 2016-03-07 18:32 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Papa\Downloads\tdsskiller.exe
2016-03-06 20:40 - 2016-03-06 20:43 - 00076153 _____ C:\Users\Papa\Downloads\Addition.txt
2016-03-06 20:03 - 2016-03-06 20:03 - 00506575 _____ C:\Users\Papa\Downloads\Syracuse Standard 11-1-1888.pdf
2016-03-05 18:34 - 2016-03-05 18:34 - 06837784 _____ (Piriform Ltd) C:\Users\Papa\Downloads\ccsetup515.exe
2016-03-01 21:58 - 2016-02-23 03:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-01 21:58 - 2016-02-23 01:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-01 21:57 - 2016-02-23 05:33 - 01541792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-01 21:57 - 2016-02-08 22:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-01 21:56 - 2016-02-23 01:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-01 21:54 - 2016-02-23 04:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-01 21:52 - 2016-02-23 04:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-01 21:51 - 2016-02-23 03:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-01 21:51 - 2016-02-23 02:42 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-01 21:51 - 2016-02-23 02:28 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-01 21:51 - 2016-02-23 01:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-01 21:51 - 2016-02-23 01:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-01 21:51 - 2016-02-23 01:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-01 21:49 - 2016-02-23 02:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-01 21:49 - 2016-02-23 02:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-01 21:48 - 2016-02-23 04:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-01 21:47 - 2016-02-23 05:34 - 01859960 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-01 21:47 - 2016-02-23 03:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-01 21:47 - 2016-02-23 02:48 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-01 21:47 - 2016-02-23 02:43 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-01 21:47 - 2016-02-23 02:23 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-01 21:47 - 2016-02-23 02:16 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-01 21:47 - 2016-02-23 01:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-01 21:46 - 2016-02-23 05:32 - 01820512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-01 21:46 - 2016-02-23 04:39 - 00297072 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-01 21:46 - 2016-02-23 04:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-01 21:46 - 2016-02-23 04:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-01 21:46 - 2016-02-23 04:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-01 21:46 - 2016-02-23 04:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-01 21:46 - 2016-02-23 04:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-01 21:46 - 2016-02-23 04:37 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-01 21:46 - 2016-02-23 04:37 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-01 21:46 - 2016-02-23 02:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-01 21:46 - 2016-02-08 22:23 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-01 21:45 - 2016-02-23 04:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-01 21:45 - 2016-02-23 02:51 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-01 21:45 - 2016-02-23 02:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-01 21:45 - 2016-02-23 02:45 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-01 21:45 - 2016-02-23 02:40 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-01 21:45 - 2016-02-23 02:36 - 00484864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-01 21:45 - 2016-02-23 02:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-01 21:45 - 2016-02-23 02:35 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-01 21:45 - 2016-02-23 02:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-01 21:45 - 2016-02-23 02:28 - 00810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-01 21:45 - 2016-02-23 02:25 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-01 21:45 - 2016-02-23 02:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-01 21:45 - 2016-02-23 02:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-01 21:45 - 2016-02-23 01:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-01 21:45 - 2016-02-23 01:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-01 21:45 - 2016-02-23 01:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-01 21:45 - 2016-02-23 01:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-01 21:45 - 2016-02-23 01:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-01 21:44 - 2016-02-23 05:37 - 00875992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-01 21:44 - 2016-02-23 05:37 - 00771120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-01 21:44 - 2016-02-23 05:34 - 01051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-01 21:44 - 2016-02-23 05:34 - 00926568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-01 21:44 - 2016-02-23 05:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-01 21:44 - 2016-02-23 04:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-01 21:44 - 2016-02-23 04:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-01 21:44 - 2016-02-23 03:51 - 00381280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-01 21:44 - 2016-02-23 03:43 - 00639168 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-01 21:44 - 2016-02-23 03:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-01 21:44 - 2016-02-23 03:25 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-01 21:44 - 2016-02-23 03:21 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-01 21:44 - 2016-02-23 03:13 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-01 21:44 - 2016-02-23 03:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-01 21:44 - 2016-02-23 03:03 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-01 21:44 - 2016-02-23 03:01 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-01 21:44 - 2016-02-23 02:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-01 21:44 - 2016-02-23 02:49 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-01 21:44 - 2016-02-23 02:48 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-01 21:44 - 2016-02-23 02:41 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-01 21:44 - 2016-02-23 02:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-01 21:44 - 2016-02-23 02:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-01 21:44 - 2016-02-23 02:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-01 21:44 - 2016-02-23 02:28 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-01 21:44 - 2016-02-23 02:20 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-01 21:44 - 2016-02-23 02:14 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-01 21:44 - 2016-02-23 02:05 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-01 21:44 - 2016-02-23 02:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-01 21:44 - 2016-02-23 01:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-01 21:44 - 2016-02-23 01:47 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-01 21:44 - 2016-02-08 23:32 - 00228704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-01 21:44 - 2016-02-08 23:14 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-01 21:44 - 2016-02-08 22:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-01 21:44 - 2016-02-08 22:09 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-01 21:43 - 2016-02-23 05:33 - 00354656 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2016-03-01 21:43 - 2016-02-23 05:33 - 00354656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-03-01 21:43 - 2016-02-23 05:32 - 00462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-01 21:43 - 2016-02-23 05:16 - 00856928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-01 21:43 - 2016-02-23 04:40 - 00306840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-01 21:43 - 2016-02-23 04:23 - 00124256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-01 21:43 - 2016-02-23 03:36 - 00429920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-01 21:43 - 2016-02-23 03:25 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-01 21:43 - 2016-02-23 03:22 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-01 21:43 - 2016-02-23 03:18 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-01 21:43 - 2016-02-23 03:07 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-01 21:43 - 2016-02-23 03:01 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-01 21:43 - 2016-02-23 03:01 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-01 21:43 - 2016-02-23 02:59 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-01 21:43 - 2016-02-23 02:50 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-01 21:43 - 2016-02-23 02:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-01 21:43 - 2016-02-23 02:46 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-01 21:43 - 2016-02-23 02:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-01 21:43 - 2016-02-23 02:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-01 21:43 - 2016-02-23 02:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-01 21:43 - 2016-02-23 02:34 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-01 21:43 - 2016-02-23 02:29 - 00453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-01 21:43 - 2016-02-23 02:28 - 00739328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-01 21:43 - 2016-02-23 02:24 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-01 21:43 - 2016-02-23 02:23 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-01 21:43 - 2016-02-23 01:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-01 21:43 - 2016-02-23 01:58 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-01 21:43 - 2016-02-23 01:36 - 01931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-01 21:42 - 2016-02-23 03:16 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-01 21:42 - 2016-02-23 03:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-01 21:42 - 2016-02-23 03:14 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-01 21:42 - 2016-02-23 03:08 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-01 21:42 - 2016-02-23 03:07 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-01 21:42 - 2016-02-23 03:05 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-01 21:42 - 2016-02-23 02:57 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-01 21:42 - 2016-02-23 02:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-01 21:42 - 2016-02-23 02:45 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-01 21:42 - 2016-02-23 02:44 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-01 21:42 - 2016-02-23 02:38 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-01 21:42 - 2016-02-23 02:24 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-01 21:42 - 2016-02-23 02:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-02-25 10:15 - 2016-02-25 10:15 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-02-20 12:38 - 2016-02-20 12:38 - 00000000 ____D C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-10 22:18 - 2016-01-29 01:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 22:18 - 2016-01-27 01:12 - 00279376 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 22:18 - 2016-01-27 00:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 22:18 - 2016-01-27 00:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 22:18 - 2016-01-27 00:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 22:18 - 2016-01-27 00:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msorcl32.dll
2016-02-10 22:18 - 2016-01-27 00:15 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 22:18 - 2016-01-27 00:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 22:18 - 2016-01-27 00:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 22:18 - 2016-01-27 00:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 22:18 - 2016-01-27 00:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 22:18 - 2016-01-27 00:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 22:18 - 2016-01-26 23:58 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 22:18 - 2016-01-26 23:49 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 22:18 - 2016-01-26 23:44 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 22:18 - 2016-01-26 23:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-09 21:47 - 2014-10-27 17:47 - 00000000 ____D C:\FRST
2016-03-09 21:41 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-09 21:41 - 2014-10-27 17:09 - 00000000 ____D C:\ProgramData\MCShield
2016-03-09 21:39 - 2015-12-16 05:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-09 21:39 - 2010-03-30 01:31 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-09 21:38 - 2015-10-30 00:13 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-09 21:38 - 2012-10-17 19:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-09 21:36 - 2010-04-07 21:33 - 00000000 ____D C:\Users\Papa\AppData\Roaming\Yahoo!
2016-03-09 12:38 - 2010-03-30 01:31 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-09 12:34 - 2015-06-18 17:59 - 00000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2460007330-1602574811-448885161-1001UA.job
2016-03-09 10:19 - 2013-07-28 15:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 10:06 - 2010-04-16 23:14 - 141270216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-09 03:39 - 2015-10-30 00:47 - 00000000 ____D C:\WINDOWS\INF
2016-03-09 03:35 - 2015-12-16 04:58 - 03744272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-09 03:32 - 2015-10-30 00:48 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-09 03:32 - 2015-10-30 00:48 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-09 03:30 - 2011-07-26 12:34 - 00000000 ____D C:\Users\Papa\Documents\_Resume
2016-03-08 22:34 - 2015-06-18 17:59 - 00000862 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2460007330-1602574811-448885161-1001Core.job
2016-03-08 17:14 - 2015-10-30 00:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-08 17:07 - 2015-10-30 00:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-08 16:43 - 2015-06-02 07:09 - 00000000 ____D C:\Users\Papa\AppData\Local\Avg
2016-03-08 16:43 - 2011-05-15 22:42 - 00000000 ____D C:\Program Files\AVG
2016-03-08 16:42 - 2015-12-16 05:08 - 00000000 ____D C:\Users\Papa
2016-03-08 16:42 - 2011-05-15 22:26 - 00000000 ____D C:\ProgramData\MFAData
2016-03-08 16:26 - 2012-10-02 17:57 - 00000000 ____D C:\Users\Papa\AppData\Roaming\iVideoConverter
2016-03-08 16:23 - 2009-08-27 23:05 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-03-08 16:22 - 2013-10-05 22:33 - 00000000 ____D C:\Program Files\ArcSoft
2016-03-08 16:20 - 2013-10-05 22:34 - 00000000 ____D C:\ProgramData\ArcSoft
2016-03-08 16:14 - 2015-08-29 19:32 - 00000000 ____D C:\Program Files\Mio Technology
2016-03-08 16:09 - 2014-04-21 08:17 - 00000000 ____D C:\Users\Papa\AppData\Local\AVG Web TuneUp
2016-03-08 15:59 - 2013-08-24 01:06 - 00000000 ____D C:\ProgramData\AVG
2016-03-08 15:57 - 2015-11-03 00:41 - 00000000 ____D C:\Users\Papa\AppData\Local\AvgSetupLog
2016-03-08 15:51 - 2015-10-30 00:48 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-03-08 15:51 - 2015-10-30 00:13 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-08 14:58 - 2010-04-07 21:25 - 00000000 ___SD C:\Users\Papa\AppData\LocalLow\Temp
2016-03-08 12:48 - 2011-05-16 10:23 - 00000000 _____ C:\Users\Papa\AppData\LocalLow\prvlcl.dat
2016-03-08 12:24 - 2015-12-16 05:07 - 00988244 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-08 12:22 - 2010-04-03 10:50 - 00000000 ____D C:\WINDOWS\system32\sda
2016-03-07 16:26 - 2014-08-07 12:52 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-07 16:21 - 2014-04-07 00:46 - 00000000 ____D C:\Users\Papa\AppData\Local\Packages
2016-03-07 00:46 - 2012-07-02 18:30 - 00000000 ____D C:\Users\Papa\Documents\Family Tree Maker
2016-03-07 00:23 - 2015-12-11 12:30 - 00000000 ___RD C:\Users\Papa\Dropbox
2016-03-06 18:09 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\rescache
2016-03-06 17:28 - 2012-06-15 20:20 - 00000000 ____D C:\Users\Papa\Documents\Genealogy
2016-03-06 16:18 - 2014-03-24 13:10 - 00000000 ____D C:\Users\Papa\AppData\Roaming\Dropbox
2016-03-05 18:34 - 2016-01-30 23:04 - 00001044 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-04 03:39 - 2015-07-31 08:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-04 03:33 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-04 03:33 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-04 03:33 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-04 03:33 - 2015-10-30 00:13 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-04 03:32 - 2015-10-30 01:58 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-04 03:32 - 2015-10-30 00:48 - 00000000 __RSD C:\WINDOWS\Media
2016-03-04 03:32 - 2015-10-30 00:48 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-04 03:32 - 2015-10-30 00:48 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-02-25 10:15 - 2015-10-30 00:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-25 10:15 - 2015-10-30 00:48 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-25 10:12 - 2010-03-09 11:05 - 00000000 ____D C:\Program Files\Microsoft Office
2016-02-20 12:43 - 2014-07-02 00:45 - 00002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2012-06-06 07:23 - 2012-06-06 07:30 - 0000288 _____ () C:\Users\Papa\AppData\Roaming\.backup.dm
2013-01-18 23:31 - 2013-05-21 23:04 - 0000132 _____ () C:\Users\Papa\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2014-06-19 15:32 - 2014-06-19 15:32 - 0000132 _____ () C:\Users\Papa\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-07-31 12:00 - 2013-05-14 20:42 - 0000132 _____ () C:\Users\Papa\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-09-12 12:33 - 2014-07-28 23:30 - 0000132 _____ () C:\Users\Papa\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-05-30 13:00 - 2012-05-30 13:00 - 0000024 _____ () C:\Users\Papa\AppData\Roaming\Final Draft Tagger Preferences
2010-03-31 22:24 - 2010-04-17 09:32 - 0000298 _____ () C:\Users\Papa\AppData\Roaming\wklnhst.dat
2011-05-15 22:46 - 2011-05-15 22:46 - 0000040 _____ () C:\Users\Papa\AppData\Local\xobni_installer_updater.log
2012-05-30 12:48 - 2012-05-30 12:49 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995
2015-01-19 22:06 - 2015-01-19 22:06 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-16 05:02 - 2015-12-16 05:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2010-04-07 21:27 - 2011-01-20 12:47 - 0008848 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Papa\jobq.dat


Some files in TEMP:
====================
C:\Users\Papa\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-05 16:07

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Papa (2016-03-09 21:50:18)
Running from C:\Users\Papa\Downloads
Microsoft Windows 10 Home Version 1511 (X86) (2015-12-16 10:57:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2460007330-1602574811-448885161-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2460007330-1602574811-448885161-503 - Limited - Disabled)
Guest (S-1-5-21-2460007330-1602574811-448885161-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2460007330-1602574811-448885161-1005 - Limited - Enabled)
Papa (S-1-5-21-2460007330-1602574811-448885161-1001 - Administrator - Enabled) => C:\Users\Papa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 (HKLM\...\{6F86810F-BE5B-4FB1-BA5A-EFD8F65F5EE4}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Audacity 1.3.13 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
AudibleManager (HKLM\...\AudibleManager) (Version: 2004835040.48.56.7736554 - Audible, Inc.)
Autodesk SketchBookExpress 2011 (HKLM\...\{AF322EC1-3499-45FD-9EDD-DCC7FD5C18DF}) (Version: 5.00.0000 - Autodesk)
Avery Design & Print (HKLM\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.)
BCL easyConverter SDK 3 (Word Version) (HKLM\...\{A932ABFB-1AC4-4FBF-9954-B710CABE3482}) (Version: 3.0.64 - BCL Technologies)
BitRaider Streaming Client (HKLM\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
ccc-core-static (Version: 2009.0729.2238.38827 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Color Efex Pro 3.0 Wacom Edition 3 (HKLM\...\Color Efex Pro 3.0 Wacom Edition 3) (Version: 3.0.0.1 - Nik Software, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.07 - Piriform)
DJ2540FWUpdateAlert (Version: 1.00.0000 - HP) Hidden
Dropbox (HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Evernote (Version: 1.0.0.1 - Evernote) Hidden
Family Tree Maker 2014 (HKLM\...\Family Tree Maker 2014) (Version: 22.0.383 - Ancestry.com, Inc.)
Family Tree Maker 2014 (Version: 22.0.383 - Ancestry.com, Inc.) Hidden
FamilySearch Indexing 3.13.1 (HKLM\...\0591-8077-9297-0833) (Version: 3.13.1 - FamilySearch)
FFmpeg v0.6.2 for Audacity (HKLM\...\FFmpeg for Audacity_is1) (Version:  - )
Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 4.10 - Philipp Winterberg)
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{516046F1-6F81-4967-8E63-32273AE2A929}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{C3867553-D9F8-416E-8F14-EFF234A48577}) (Version: 5.1.0.34 - Apple Inc.)
Image Resizer Powertoy Clone for Windows (HKLM\...\{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}) (Version: 2.1 - Brice Lambson)
Instant JPEG From RAW (HKLM\...\{4AE8C476-2A15-4F97-803D-59E988449667}) (Version: 1.6.0 - Imagenomic, LLC)
iTunes (HKLM\...\{F16EA575-26A5-4DAD-A800-95267BE02C12}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity)
Memorex exPressit Label Design Studio (HKLM\...\MVApplication1) (Version:  - )
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6568.2025 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 45.0 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.0.5906 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 38.5.0 (x86 en-US)) (Version: 38.5.0 - Mozilla)
Mozilla Thunderbird 38.5.1 (x86 en-US) (HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...\Mozilla Thunderbird 38.5.1 (x86 en-US)) (Version: 38.5.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyToshiba (HKLM\...\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}) (Version: 2.2.0.3 - Toshiba)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Printroom Direct (HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...\Printroom Direct) (Version:  - Printroom.com)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{03E72F11-8D79-4C5C-9659-121ADD6A0846}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
PSM_50C (HKLM\...\{8152C328-3CE0-4496-84CC-E766AFF9B152}) (Version: 5.00.0000 - Printroom)
PSM_50C (Version: 5.00.0000 - Printroom) Hidden
QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Software Updater (HKLM\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
Star Wars The Old Republic (HKLM\...\swtor_swtor) (Version:  - Bioware/EA)
Star Wars: The Old Republic (HKLM\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Sure Delete 5.1.1 (HKLM\...\Sure Delete_is1) (Version:  - Wizard Industries LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
Toshiba Application and Driver Installer (HKLM\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.11 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.2 - TOSHIBA Corporation)
Toshiba Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.35 - Toshiba)
Toshiba Quality Application (HKLM\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.25 - TOSHIBA Corporation)
ToshibaRegistration (HKLM\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Unchecky v0.4.2 (HKLM\...\Unchecky) (Version: 0.4.2 - RaMMicHaeL)
Utility Common Driver (Version: 1.0.50.26C - TOSHIBA) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebTablet FB Plugin (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
What's Running 3.0 (HKLM\...\What's Running_is1) (Version: 3.0 - WhatsRunning.net)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinX Free DVD Ripper 4.5.13 (HKLM\...\WinX Free DVD Ripper_is1) (Version:  - Digiarty Software,Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Papa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2460007330-1602574811-448885161-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Papa\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00786055-72C3-4391-B910-361C41274F4A} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {0F0BCF03-9655-46D9-9FCD-5736AEE849BF} - System32\Tasks\Real Player online update program => c:\program files\real\realplayer\Update\realsched.exe [2014-04-27] (RealNetworks, Inc.)
Task: {1028756C-488B-4BD2-988C-4BD757C35C9C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {11B0B566-AA98-454A-894D-594A3486F436} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2460007330-1602574811-448885161-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {14D54C8B-10EF-49EF-9032-F6C7B59D320B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1A11EE20-B8D0-4EBC-85D5-B938DD292481} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1A343A76-A2F1-4F28-8DAD-BFED9F2AF739} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1D1D6E98-9D6E-431B-9D60-A3C41C78F3EC} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2080997E-F1DF-4CD5-B4D0-E0CA77910117} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2460007330-1602574811-448885161-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {23ED9CC8-247B-4BF3-B639-2633D3A157D3} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2460007330-1602574811-448885161-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {2CA4E2CA-7465-49F0-AC73-4403D08DC516} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3DBC90AB-956D-4462-A229-35FB3D3EF7DC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3DEEDD57-37A2-4E32-9BE2-AD1CBDE3C6BE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {4A81C969-1F1F-4259-A17C-CE12C3ECC2C7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4AA3B7E8-2CAC-4948-94E8-C3C9C014FB24} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4F0FCC6C-2A1A-45C9-9CBF-394C3B146805} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5C90627C-1E30-4E6C-AD0C-E38117A88044} - System32\Tasks\HP AR Program Upload - c5a8b9e5f15644339486eae531b64667d49805c9205e45d8b825e357adf11ae9 => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {70C9AD49-516D-4C3F-A356-EAEEDFF4FFBD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-02-25] (Microsoft Corporation)
Task: {71FFC619-2B87-451E-A6CE-8F7FCC78903E} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {7DA32F60-D3FB-4E41-9E64-86273CC19B18} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {847A5578-FAEC-41BB-85CE-C418BC76F178} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {88637D9D-BD04-42F8-B25D-62FC5F4AA984} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2460007330-1602574811-448885161-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {89234A7C-9AE7-472E-A2C5-7788EE2F8EDB} - System32\Tasks\HP AR Program Upload - 8892b6440d25403f9c15240bc843ff55db64cdf06fe74d3caf05791070abbaeb => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {8B0A7B8E-4CB2-438F-B4E3-1D13CAB5648B} - System32\Tasks\AdobeAAMUpdater-1.0-BOHICA-Papa => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {900AE509-B1F6-46B8-BE1E-C3CB8F3F8688} - System32\Tasks\{4B982E56-5FDB-491B-A55F-B9D1BEBC160C} => pcalua.exe -a C:\Users\Papa\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe -c --uninstall
Task: {98A09F86-BCC6-4F40-82F6-99C8EECE77AC} - System32\Tasks\HP AR Program Upload - 1ad77e1574b74560a72ef4789b93c62a7ece3b14be97406f86efe74fba8b0638 => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {996A5EA8-77B1-4BB1-A745-2C020BA20043} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A305D2B5-5813-47F4-BADD-0C58CA751700} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2460007330-1602574811-448885161-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {A484C5C4-9DF4-4920-A48F-D34138DA9652} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {A8F8AD64-CA4C-467A-B88A-3F50DB4E7936} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B03BE493-17B5-4DBC-86B4-F04DE82F5317} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B09EC828-134A-4C6E-99DA-88A783CAFAD7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B61A3CE6-C699-436B-8E66-ADED3A3E59FE} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {B8F18553-62D0-4675-9C96-2702A435F721} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {B9ADE16C-CA0B-4A9C-ADEC-1B2AEC8AE426} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2460007330-1602574811-448885161-1001UA => C:\Users\Papa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {BE5609CA-4EFA-44BD-A8F7-A2C572DAB9D8} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2460007330-1602574811-448885161-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {BF098C2F-9F9F-477F-A351-A33F2905B4A2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {C0F25F22-5C03-472E-A54E-DE1F101208BE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C58C0D77-6E64-4038-BBD1-9EE821CE26F2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {CF9B8EB7-A5A2-47DA-931E-79236A49B13D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {D6C4F688-93AD-4B29-A901-326B3A294684} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DD22379E-94A5-4BD4-9517-5BA4696121A1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {DEBFC5F5-B3B1-407F-9839-3EF776DF4EF2} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {DEC01156-1F90-46B3-88F1-49BD36C511B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E5448C90-A84B-4C70-B98F-E9711E9EC546} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E7C3D37B-46F2-4ED8-A898-0F34724435E6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {E7C9A9D8-C536-4EFF-8FA9-B82F70BC2EAC} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F35DC3B0-49EB-4CB1-827E-A7F567F47E84} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {F79E35A5-1FD2-41A9-96B6-40260B0560BE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2460007330-1602574811-448885161-1001Core => C:\Users\Papa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2460007330-1602574811-448885161-1001Core.job => C:\Users\Papa\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2460007330-1602574811-448885161-1001UA.job => C:\Users\Papa\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 00:44 - 2015-10-30 00:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:46 - 2015-10-13 04:46 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-28 00:15 - 2016-02-04 05:26 - 00144576 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2012-02-25 15:57 - 2011-09-08 17:48 - 00962936 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2016-03-01 21:47 - 2016-02-23 05:34 - 01859960 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-01 21:47 - 2016-02-23 05:34 - 01859960 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-19 14:01 - 2015-12-06 23:11 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-01 21:45 - 2016-02-23 02:48 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-16 14:22 - 2016-01-04 20:23 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-16 14:23 - 2016-01-04 20:19 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-29 21:42 - 2016-01-16 00:06 - 02366464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-29 21:42 - 2016-01-16 00:09 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-22 13:43 - 2016-01-22 13:44 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-22 13:43 - 2016-01-22 13:44 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 13:43 - 2016-01-22 13:44 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2016-03-09 21:39 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2460007330-1602574811-448885161-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Papa\Desktop\RS Photo\My Portfolio\IMG_0461.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2460007330-1602574811-448885161-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [{AFAEDBD2-BA59-43E0-A6C9-FCA7022EE2D3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0E6AC793-99D5-40DD-840F-E6009FA8E35B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3B34DE3D-2FC9-4EFA-807E-91D457075EE1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{838F6AFB-18ED-449E-AF98-6514FE4F541F}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{8985F23D-18B3-459A-84B1-413C582D594E}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{E68C4B52-9839-4E24-A015-FB29BEA42D85}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{45F13553-C198-4F08-B85D-A5DDBDF96190}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{53E0D4E0-B2AE-45B0-9410-2B52EED57291}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FECEADC3-AD49-426A-8024-5A4FA54F0111}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{034A10A3-D8AC-4DE2-AB4D-6CA4A21E268F}] => (Allow) svchost.exe
FirewallRules: [{B5AEF1F4-6D35-425E-AC30-B4FC149BAA15}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{E341DA2A-0727-4931-823D-ADAF446B02DC}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{56A72B39-EA6C-43B0-8BCF-6A7B0BB1258D}] => (Allow) LPort=2869
FirewallRules: [{323552BB-CA2A-451F-A31C-AEDA9BC75592}] => (Allow) LPort=1900
FirewallRules: [{AA942D50-97A2-4545-904F-A737DBCE5C13}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{43B21D1B-9F25-4D90-B774-16E6A8318D89}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{2A56347A-3C4A-4020-B4B8-52F6270A5BEE}] => (Allow) LPort=26675
FirewallRules: [{CDE302D1-A6FF-41B8-9C60-072E30049D30}] => (Allow) LPort=51551
FirewallRules: [{2ACDA199-FC38-46A3-91C5-E7339F07A165}] => (Allow) LPort=5000
FirewallRules: [{4D0EE5BF-281D-421D-9776-292C1794B19F}] => (Allow) LPort=51690
FirewallRules: [{308CE45E-1266-4F65-AD5E-40270B1A1695}] => (Allow) LPort=5000
FirewallRules: [TCP Query User{FC76B2BB-7B0B-4D73-9B3E-8B37F4333ACE}C:\minutegames\wildyatzee\wy.exe] => (Block) C:\minutegames\wildyatzee\wy.exe
FirewallRules: [uDP Query User{CF591A3F-AC50-4BE6-81ED-82F92DC3133B}C:\minutegames\wildyatzee\wy.exe] => (Block) C:\minutegames\wildyatzee\wy.exe
FirewallRules: [{D9AFA8CB-2814-407C-A7AC-FE0F25412C6D}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS5\Photoshop.exe
FirewallRules: [{8927BC85-7E8A-4544-82B6-A87850751EB3}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS5\Photoshop.exe
FirewallRules: [{ACCE6406-1E48-4858-AAEA-4DB61EE65CAE}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{04A6BFC1-74E7-4570-9E5F-B10BCBAE4848}C:\users\papa\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\papa\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [uDP Query User{6EA53B45-9F97-4621-9599-8A127ACF0690}C:\users\papa\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\papa\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{04B55128-3A90-41B6-9C28-B16148F3E217}] => (Allow) C:\Program Files\Collobos\Presto\PrestoService.exe
FirewallRules: [{50246B9C-35B7-4718-94CE-5268903C9B71}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{320BE96F-DACC-4C71-BDDF-E7AD34F969AD}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{2422B025-AF46-40CC-8C4C-9C095BB0F947}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{DD103AAC-2C6B-4AB0-A0F0-30897AC06F36}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop Lightroom 5.3\LogTransport2.exe
FirewallRules: [{9FC27752-47E4-4DFB-AFEA-3916B3B21E46}] => (Allow) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{FA904139-1F60-403A-A7C9-6AB9BA7BFA6A}] => (Allow) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{39C8071D-3519-4F69-9FBE-D7A37AD48125}] => (Allow) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{C777EC2F-125E-4CBF-8B5F-9AD62F7CEC72}] => (Allow) C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{70A130CF-B403-4399-9204-E17CF627897D}] => (Allow) C:\Users\Papa\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{27767DB0-3A82-4A24-AD00-B6286A20C2D8}] => (Allow) C:\Users\Papa\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3A53D51C-1ECE-4341-81F7-2ABA7FA4E2C5}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{9D20DDB6-D4B5-423D-B46A-787749E97928}] => (Allow) LPort=5357
FirewallRules: [{393763A4-9F98-4918-B917-C15B15008DC2}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{C81E9F74-329E-480E-A116-EABAA977AB31}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A7EE3A5D-5379-4D7E-B7B4-B28D2D977DD2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9C1319ED-5277-44E6-A20B-9012758B56C6}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{1DF20174-29F6-422C-828F-14485D3ED6EA}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{63AABE37-CE49-4ED8-973A-563CE677C50E}C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Block) C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [uDP Query User{120054BD-D226-4000-9BC3-470C311EFF05}C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Block) C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [{04992417-48ED-469B-9564-5BA69032B5C4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{8DAE6CE6-0494-4493-8E91-A9E6D0E5E83F}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{07A435C1-AE50-4865-A79A-3BB849AF0473}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{D8ABEEF7-B000-452C-AC96-3DC0A5F46C04}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{1758F7DB-A2A5-4AE9-92C1-AEE289024486}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{10D4D805-B594-457D-9017-BB8DB26F7F43}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{645BA3FD-4AF4-471E-AFF5-ACF4798761FE}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe

==================== Restore Points =========================

20-02-2016 13:12:24 Scheduled Checkpoint
03-03-2016 18:15:36 Windows Update
08-03-2016 14:57:19 Restore Point Created by FRST
09-03-2016 21:23:16 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: HL-DT-ST DVDRAM GT20N
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2016 09:52:49 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (03/09/2016 09:23:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/09/2016 03:48:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LockApp.exe, version: 0.0.0.0, time stamp: 0x5632d530
Faulting module name: combase.dll, version: 10.0.10586.103, time stamp: 0x56a84cbb
Exception code: 0xc0000602
Fault offset: 0x00166c17
Faulting process id: 0x1938
Faulting application start time: 0xLockApp.exe0
Faulting application path: LockApp.exe1
Faulting module path: LockApp.exe2
Report Id: LockApp.exe3
Faulting package full name: LockApp.exe4
Faulting package-relative application ID: LockApp.exe5

Error: (03/09/2016 10:19:24 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (03/09/2016 12:28:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14343

Error: (03/09/2016 12:28:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14343

Error: (03/09/2016 12:28:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/09/2016 12:28:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12890

Error: (03/09/2016 12:28:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12890

Error: (03/09/2016 12:28:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (03/09/2016 09:40:11 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: HDDRECOVERY\Device\HarddiskVolume43

Error: (03/09/2016 09:39:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetPipeActivator service failed to start due to the following error:
%%1053

Error: (03/09/2016 09:39:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.

Error: (03/09/2016 09:39:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetMsmqActivator service failed to start due to the following error:
%%1053

Error: (03/09/2016 09:39:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect.

Error: (03/09/2016 09:39:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058

Error: (03/09/2016 09:37:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
%%1053

Error: (03/09/2016 09:37:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
%%1053

Error: (03/09/2016 09:37:45 PM) (Source: DCOM) (EventID: 10010) (User: BOHICA)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (03/09/2016 09:37:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_479f2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-03-09 21:49:19.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 21:49:19.336
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 21:49:19.236
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 21:49:19.087
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 21:49:18.028
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 13:02:33.148
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 13:02:29.567
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 13:02:28.945
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 13:02:28.378
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-09 13:02:27.706
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD Sempron SI-42
Percentage of memory in use: 41%
Total physical RAM: 2942.42 MB
Available physical RAM: 1731.44 MB
Total Virtual: 5886.42 MB
Available Virtual: 4538.63 MB

==================== Drives ================================

Drive c: (Hard Drive) (Fixed) (Total:222.89 GB) (Free:19.28 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DAOSSOFT) (Removable) (Total:7.44 GB) (Free:0.13 GB) FAT32
Drive e: (Media) (Fixed) (Total:698.64 GB) (Free:513.91 GB) NTFS
Drive f: (Photos) (Fixed) (Total:465.73 GB) (Free:82.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 9A0C9A0C)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=222.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=8.1 GB) - (Type=17)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: E78BE78B)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 688047A5)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: 0004A183)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Staff

OK. Let's run one final scan to double-check for the presence of malware. 
 
You may wish to consider reading through the following article on various steps you can take to improve computer performance:
http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/
 
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "ESET Scan".
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
Link to post
Share on other sites

C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\browser\nsprotector.js.vir    Win32/Conduit.SearchProtect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir    MSIL/DomaIQ.A potentially unwanted application
C:\Program Files\AdwCleaner\FileQuarantine\C\Program Files\Mozilla Firefox\browser\nsprotector.js.vir    Win32/Conduit.SearchProtect.A potentially unwanted application
C:\Program Files\Family Tree Maker 2014\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\ProgramData\{C596827F-1178-4CDD-B0BA-8F5BE0E50640}\Family Tree Maker - Shared\D25E48A0\BD83335E\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\All Users\{C596827F-1178-4CDD-B0BA-8F5BE0E50640}\Family Tree Maker - Shared\D25E48A0\BD83335E\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Papa\Downloads\ccsetup514.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Papa\Downloads\ccsetup515.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Papa\Downloads\FTM 2012\setup.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows\Installer\MSI17AE.tmp    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\Installer\MSIB80C.tmp    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
 

Link to post
Share on other sites

  • Staff

Hi Rick, 

That log looks OK - nothing of concern. Let's address your outdated software before we finish. 
 
STEP 1
MgeHyNE.png Batch File

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo offdel /f /s /q C:\Windows\Installer\MSI17AE.tmp   del /f /s /q C:\Windows\Installer\MSIB80C.tmpdel %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file del.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate del.bat lmRDSkT.png  on your DesktopRight-Click the file and click AVOiBNU.jpg Run as administrator.
     

STEP 2
CXrghb6.png Update Outdated Software

Outdated software contain vulnerabilities that must be patched. Please download and install the latest version of the programme(s) below.

  • j8JVMVP.jpg Java (watch out for "Optional Offers" or bundled software)
  • u9DsAVv.png Follow these instructions to check for and download the latest Windows Updates.
     

STEP 3
EtQetiM.png Remove Outdated Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programme(s), right-click and click Uninstall one at a time.
  • Note: The programme(s) below may not be present. If this is the case, please skip to the next step.
    • Java 8 Update 71 
  • Follow the prompts, and reboot if necessary.
     

STEP 4
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits involving Java vulnerabilities we recommend you disable Java in your browser.
For information on Java exploits and vulnerabilities, please read the following article (point #7).

  • Press the Windows Key pdKOQKY.png on your keyboard at the same time. Type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply.
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did your programme(s) update successfully? 
  • How is your computer performing? Are there any outstanding issues?
Link to post
Share on other sites

  • Staff

Hi Rick, 
 

This one didn't update: HP - Printers - HP Deskjet 2540 series - Error 0x80240017
I then ran HP Update and it said all drivers were up to date.

You can find a discussion on this here:
http://answers.microsoft.com/en-us/windows/forum/windows_10-update/win-10-hp-update-error-0x80240017/684ef7eb-cfbb-4584-af62-71a3943d7c6b?auth=1
 

It's definitely better. Programs are opening faster and responding faster.  :)

Excellent! :)
 
All Clean!
Congratulations, your computer appears clean! smile.png
I see no signs of malware on your computer, and feel satisfied our work here is done. The steps below will remove the tools we have used and reset any settings changed. I have also provided a list of resources and tools you may find useful. 
 
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore 
    • Reset system settings
  • Click the Run button.

-- DelFix will remove the specialised tools we used to clean your computer. Any leftover logs, files, folders or tools remaining on your computer which were not removed can be deleted manually (right-click the file + delete). DelFix will also create a new System Restore Point, and delete all bar the most recent. 
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common attack vectors and how you can stay safe on the Internet.

-- Please feel free to ask if you have any questions on the security of your computer. 
 
======================================================
 
Please confirm you have no outstanding issues, and feel happy with the state of your computer. Once I have confirmation, we can wrap things up and I will close this topic. 
 
Thank you for using Malwarebytes.
 
Safe Surfing, smile.png    
Adam

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.