CreateRestorePoint:
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.2\ToolbarUpdater.exe
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2162760 2016-07-21] ()
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {0ce2ba1f-cbd0-11e3-954f-001d60f1eb19} - E:\setupSNK.exe
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {2e2ee279-134c-11e4-aebe-001d60f1eb19} - E:\setupSNK.exe
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {2e2ee27c-134c-11e4-aebe-001d60f1eb19} - F:\LaunchU3.exe
HKU\S-1-5-21-144978628-2293470025-642614174-1000\...\MountPoints2: {f5343400-0c08-11e4-ac9d-001d60f1eb19} - E:\setupSNK.exe
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKU\S-1-5-21-144978628-2293470025-642614174-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F71E243C-1461-4B08-8537-B76BD787EE41}&mid=b09cd7c151cf47d38a4d5ffb10c79779-d9dea06a694f267ae7894492c5fe8a8b96376a9c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-04 17:00:07&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.2.18\AVG Web TuneUp.dll => No File
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.2\\npsitesafety.dll [No File]
R2 vToolbarUpdater40.3.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.2\ToolbarUpdater.exe [1309768 2016-07-21] (AVG Secure Search)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [976456 2016-07-21] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 cpuz134; \??\C:\Users\Guest\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{CFC399AF-D876-11D0-9C10-00C04FC99C8E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}\localserver32 -> C:\Program Files\TotalAV\TotalAV.exe => No File
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-144978628-2293470025-642614174-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers2: [SD Format] -> {932CFB31-6AC9-4FE2-BEAC-A27FAF631D48} => \SDFMTEXT.dll -> No File
Task: {F44C00D9-4EB6-4379-8F77-42D1474B3D60} - System32\Tasks\AVG_SYS_TASK => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
C:\Program Files\AVG Web TuneUp
C:\Program Files\Common Files\AVG Secure Search
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp: