Web pages are slow to open, delayed keyboard reponse, programs slow to open. I have tried the usual anti-malware, anti-trojan programs with no detections. Avast, MalwareBytes, SpyBot.
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Ana at 2015-07-18 17:16:19
Running from C:\Users\Ana\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1018904820-2753979097-1347701867-500 - Administrator - Disabled) => C:\Users\Administrator
Ana (S-1-5-21-1018904820-2753979097-1347701867-1001 - Administrator - Enabled) => C:\Users\Ana
Guest (S-1-5-21-1018904820-2753979097-1347701867-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1018904820-2753979097-1347701867-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B16BB34E-B7BF-47DF-8658-BEABCF40CD6A}) (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.1.843 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - BR (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Content (HKLM-x32\...\_{C221B72F-C0AC-4DD7-B27E-701B1E9DE23A}) (Version: 16.0 - Corel Corporation)
CorelDRAW Graphics Suite X6 - Content (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - ES (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FR (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM Content (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1.0.843 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
e-Saver version 3.1 (HKLM-x32\...\{C97CA73D-E96B-4B42-830E-D0F7BD780FB8}_is1) (Version: 3.1 - AOC)
Family Tree Maker 2010 (HKLM-x32\...\Family Tree Maker 2010) (Version: 19.0.180 - Ancestry.com)
Family Tree Maker 2010 (x32 Version: 19.0.180 - Ancestry.com) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 5510d series Basic Device Software (HKLM\...\{8800943A-4158-4B5B-8E6B-A0AC63E10A91}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5510d series Help (HKLM-x32\...\{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
i-Menu version 4.1.3 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.1.3 - AOC)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Licensing Service (03000201) (x32 Version: 03.00.02.15 - Protexis Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Money 2006 (HKLM-x32\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WSE 3.0 (HKLM-x32\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.1 - Mozilla)
My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Screen+ version Screen+ 1.0.4 (HKLM\...\{5B7AF05A-1962-489C-B00A-F12D49889FC9}_is1) (Version: Screen+ 1.0.4 - AOC)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1018904820-2753979097-1347701867-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1018904820-2753979097-1347701867-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
18-07-2015 16:25:26 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07725109-34FE-4722-9F28-462F8EA36602} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {078DA9B8-8E79-45DF-8BDE-AA4583E614B2} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe
Task: {16A8BD83-EF69-4E73-99CC-C5DA89D63E31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-15] (Google Inc.)
Task: {1CDD0233-62EE-48A4-8C3E-C3D95543975A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {2AC682B7-BFC5-4ABD-B320-6CE091DFBAC2} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {409ADEFF-6EB3-4A0E-A111-6420402D3D60} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {551A638C-2D6C-4F5C-AE43-6AF8F6C74827} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {56DE7D71-81E9-427E-B31C-31669820A271} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {669AE681-A162-42B3-95A4-C9180716AF56} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-20] (Microsoft Corporation)
Task: {6EFA4859-54AF-499A-B1F1-A037DBC29048} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {71969D0E-D53C-48DC-BF1C-9E911C791591} - System32\Tasks\TUEZB => C:\Users\Ana\AppData\Roaming\TUEZB.exe <==== ATTENTION
Task: {719D36E9-5F18-4073-80DB-9EF7A58AA1A9} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {72D10A4D-8C52-465B-97F2-E5E9CCF37758} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {7F88C1F6-54A7-4F76-B849-F692CBF987B0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {860D8725-CE41-425C-9077-EBDBF24E0A06} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {89CDD420-21B9-4033-B64E-C75797BAA548} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {96D35B97-0EEB-4281-9EAA-D9E72A3DA5D0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-18] (AVAST Software)
Task: {9CA06DF8-9265-4B8B-BDBC-56C4E95873B5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {9D52EA26-BB64-4B41-9F44-46DEAE0D8149} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C3A84524-0045-4359-8777-F31448D099C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-15] (Google Inc.)
Task: {CCFFCD65-705A-49E8-886E-02366E921926} - System32\Tasks\KIUWK => C:\Users\Ana\AppData\Roaming\KIUWK.exe <==== ATTENTION
Task: {E3483FF9-8DB8-4CCC-B232-843BD25088E2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {E386C627-B90D-4589-8F2F-3A3362B301BA} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-02-19] (Aviata Inc)
Task: {F69E06C3-D35F-4E8F-8F89-94349AEB951A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\KIUWK.job => C:\Users\Ana\AppData\Roaming\KIUWK.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\TUEZB.job => C:\Users\Ana\AppData\Roaming\TUEZB.exe <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2014-10-01 17:26 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-22 12:40 - 2013-08-22 12:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 12:40 - 2013-08-22 12:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 12:40 - 2013-08-22 12:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2014-11-23 07:32 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-06-12 20:27 - 2014-08-14 00:24 - 00453448 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-07-18 15:11 - 2015-07-18 15:11 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-18 15:11 - 2015-07-18 15:11 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-18 15:11 - 2015-07-18 15:11 - 02956800 _____ () C:\Program Files\AVAST Software\Avast\defs\15071804\algo.dll
2015-06-16 23:32 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-16 23:32 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-16 23:32 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-16 23:32 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-16 23:32 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-07-18 15:11 - 2015-07-18 15:11 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-12 20:25 - 2013-03-04 21:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-06-12 20:19 - 2013-12-09 16:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-11-23 07:32 - 2014-09-23 05:43 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Ana\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\23782161.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\23782161.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1018904820-2753979097-1347701867-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1018904820-2753979097-1347701867-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1018904820-2753979097-1347701867-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1018904820-2753979097-1347701867-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1018904820-2753979097-1347701867-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1018904820-2753979097-1347701867-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D044F499-0D92-4142-8CBB-A9B026C666FD}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{D372E3F9-DB24-4A54-A26D-D9279F2A6FD2}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{329B51C6-665A-4B1D-9074-EE741AB226F0}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{5E3D852A-FC28-454B-B3EA-2ED392F3C899}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{CAB8C68A-07F5-4267-A3B1-11A1B4CE29EE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{1AA79308-673D-4DF3-AA55-756631B65E4A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F6913F78-4FB3-491A-BD7C-F9E6C9B74706}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E46556D5-6180-440D-B752-1C54322D4F19}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{B887E15D-D1EF-4311-B1A7-3F6CC3804335}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{D34155E9-22C9-4E8A-BC32-0D8D5A7272B6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{3499DC99-5E46-4AC9-8EE0-F01FF52A181C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{A2217A2F-4EB2-4E1F-86CE-E4AB02987E0C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CD97E735-14CC-468A-A04C-A8A52A0AB95B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F2FAE205-2828-4FFF-AC77-3CB0E569FFD2}] => (Allow) C:\Program Files\HP\HP Photosmart 5510d series\Bin\DeviceSetup.exe
FirewallRules: [{C393DCA8-FD4C-4A92-A914-236C1F791B9C}] => (Allow) C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{55A0E59F-D1CD-4E8B-8A1A-96866CBAB6EE}] => (Allow) C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F8B095ED-B390-4D7E-8A2C-C415DA8B488A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{217FB643-0F8D-4FA7-86C2-99A4F70B63EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A0D11C18-E52F-4E37-8B1E-F0670695DCE3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A0BB2E5B-E126-4F7D-9D93-945C2BDA605A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C605237F-8220-439A-804C-2B145C9C979C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2E5F3184-8B3F-4555-8245-470CFF5681E9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F411C7EC-03E8-4B7E-A0FD-1DC4E6FFA56F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{744BBBCA-5120-4BBF-AAE3-390580BC226A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AAA3DAF5-22C6-4A4E-8EDA-95A71BB22BA0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D0F3E867-7E6D-42E1-8FAB-1B7D9092784B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CF182D70-FC57-4F12-8A03-4A228E43564E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/18/2015 04:25:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
The parameter is incorrect.
.
Error: (07/18/2015 04:25:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
The parameter is incorrect.
.
Error: (07/18/2015 04:20:03 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
Error: (07/18/2015 04:20:03 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
Error: (07/18/2015 04:16:55 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
Error: (07/18/2015 04:16:55 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
Error: (07/18/2015 03:55:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
Error: (07/18/2015 03:55:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
Error: (07/18/2015 03:55:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
Error: (07/18/2015 03:55:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
System errors:
=============
Error: (07/18/2015 04:51:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (07/18/2015 04:50:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (07/18/2015 04:49:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (07/18/2015 04:47:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (07/18/2015 04:46:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (07/18/2015 04:46:06 PM) (Source: DCOM) (EventID: 10010) (User: SAM-PC)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (07/18/2015 04:45:36 PM) (Source: DCOM) (EventID: 10010) (User: SAM-PC)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (07/18/2015 04:45:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (07/18/2015 04:44:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (07/18/2015 04:43:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Microsoft Office:
=========================
Error: (07/18/2015 04:25:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
The parameter is incorrect.
Error: (07/18/2015 04:25:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
The parameter is incorrect.
Error: (07/18/2015 04:20:03 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: 0x80070005SERIALIZE_INTERNAL<none>
Error: (07/18/2015 04:20:03 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: 0x80070005SERIALIZE_INTERNAL<none>
Error: (07/18/2015 04:16:55 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: 0x80070005SERIALIZE_INTERNAL<none>
Error: (07/18/2015 04:16:55 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: 0x80070005SERIALIZE_INTERNAL<none>
Error: (07/18/2015 03:55:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Access is denied.
Error: (07/18/2015 03:55:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Access is denied.
Error: (07/18/2015 03:55:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Access is denied.
Error: (07/18/2015 03:55:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Access is denied.
==================== Memory info ===========================
Processor: Intel® Core i5-4460S CPU @ 2.90GHz
Percentage of memory in use: 43%
Total physical RAM: 8108.93 MB
Available physical RAM: 4607.95 MB
Total Virtual: 9388.93 MB
Available Virtual: 5822.4 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:919.36 GB) (Free:822.92 GB) NTFS
Drive d: (USB20FD) (Removable) (Total:29.91 GB) (Free:28 GB) FAT32
Drive f: () (Removable) (Total:1.89 GB) (Free:1.64 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9D197A77)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=29.9 GB) - (Type=0C)
========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End of log ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Ana (administrator) on SAM-PC on 18-07-2015 17:15:39
Running from C:\Users\Ana\Downloads
Loaded Profiles: Ana & (Available Profiles: Ana & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [453448 2014-08-14] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-18] (AVAST Software)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1018904820-2753979097-1347701867-1001\...\Run: [HP Photosmart 5510d series (NET)] => C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1018904820-2753979097-1347701867-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Photosmart 5510d series (NET)] => C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-18] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-11-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-11-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-11-11] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1018904820-2753979097-1347701867-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-1018904820-2753979097-1347701867-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1018904820-2753979097-1347701867-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-1018904820-2753979097-1347701867-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
URLSearchHook: [S-1-5-21-1018904820-2753979097-1347701867-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1018904820-2753979097-1347701867-1001 -> DefaultScope {D7298DC1-A05F-45EF-8FB0-0A657E6AF296} URL =
SearchScopes: HKU\S-1-5-21-1018904820-2753979097-1347701867-1001 -> {D7298DC1-A05F-45EF-8FB0-0A657E6AF296} URL =
SearchScopes: HKU\S-1-5-21-1018904820-2753979097-1347701867-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {D7298DC1-A05F-45EF-8FB0-0A657E6AF296} URL =
SearchScopes: HKU\S-1-5-21-1018904820-2753979097-1347701867-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D7298DC1-A05F-45EF-8FB0-0A657E6AF296} URL =
SearchScopes: HKU\S-1-5-21-1018904820-2753979097-1347701867-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {D7298DC1-A05F-45EF-8FB0-0A657E6AF296} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-11-04] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-18] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-11-12] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-10-14] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-18] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-11-11] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-24] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-10-21] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [342016 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [342016 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [342016 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [342016 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [342016 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [422400 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [422400 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [422400 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [422400 2015-07-18] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\LavasoftTcpService64.dll [422400 2015-07-18] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5F0E18ED-524E-45A2-BD52-BF5431200EAC}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F4926FB0-CD5B-41F5-975E-071D719CFE27}: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Ana\AppData\Roaming\Mozilla\Firefox\Profiles\ifhijc5p.default-1434520351263
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D071815-A6EC39D5B4CB74905A0F&form=CONMHP&conlogo=CT3332023
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D071815-A6EC39D5B4CB74905A0F&form=CONMHP&conlogo=CT3332023
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-02] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-18]
Chrome:
=======
CHR Profile: C:\Users\Ana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-15]
CHR Extension: (Google Drive) - C:\Users\Ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-15]
CHR Extension: (YouTube) - C:\Users\Ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-15]
CHR Extension: (Google Search) - C:\Users\Ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-15]
CHR Extension: (Gmail) - C:\Users\Ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-18]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 0258401437259495mcinstcleanup; C:\Users\Ana\AppData\Local\Temp\025840~1.EXE [883024 2015-04-06] (McAfee, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-18] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-18] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [139328 2014-02-19] (Aviata, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-14] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
S3 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\896\g2aservice.exe" Start=service [X]
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]
S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X]
S2 mfevtp; "C:\WINDOWS\system32\mfevtps.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-18] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-18] (AVAST Software)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-06-12] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
R2 ei2c; C:\WINDOWS\system32\drivers\ei2c.sys [20784 2014-10-10] (Nicomsoft Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
R2 mi2c; C:\WINDOWS\system32\drivers\mi2c.sys [20784 2014-10-08] (Nicomsoft Ltd.)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-18] (AVAST Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-18] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X]
S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
S3 BTCFilterService; \SystemRoot\system32\DRIVERS\motfilt.sys [X]
S3 BtFilter; \SystemRoot\system32\DRIVERS\btfilter.sys [X]
S0 cfwids; system32\drivers\cfwids.sys [X]
R0 mfeaack; system32\drivers\mfeaack.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
R4 mfedisk; system32\DRIVERS\mfedisk.sys [X]
S0 mfefirek; system32\drivers\mfefirek.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
S3 motccgp; \SystemRoot\System32\drivers\motccgp.sys [X]
S3 motccgpfl; \SystemRoot\System32\drivers\motccgpfl.sys [X]
S3 MotoSwitchService; \SystemRoot\System32\drivers\motswch.sys [X]
S3 Motousbnet; \SystemRoot\system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; \SystemRoot\System32\drivers\motusbdevice.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-18 17:15 - 2015-07-18 17:15 - 00024558 _____ C:\Users\Ana\Downloads\FRST.txt
2015-07-18 17:15 - 2015-07-18 17:15 - 00000000 ____D C:\FRST
2015-07-18 17:12 - 2015-07-18 17:12 - 02134528 _____ (Farbar) C:\Users\Ana\Downloads\FRST64.exe
2015-07-18 16:46 - 2015-07-18 16:46 - 00000290 _____ C:\WINDOWS\wininit.ini
2015-07-18 16:34 - 2015-07-18 16:34 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-18 16:28 - 2015-07-18 16:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ana\Downloads\revosetup.exe
2015-07-18 16:25 - 2015-07-18 16:37 - 00002192 _____ C:\Users\Ana\Desktop\Rkill.txt
2015-07-18 16:23 - 2015-07-18 16:52 - 03669540 _____ C:\Users\Ana\Downloads\HitmanPro_x64.exe.part
2015-07-18 16:22 - 2015-07-18 16:22 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Ana\Downloads\iExplore.exe
2015-07-18 16:09 - 2015-07-18 16:09 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-07-18 15:49 - 2015-07-18 15:50 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-07-18 15:49 - 2015-07-18 15:49 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-07-18 15:49 - 2015-07-18 15:49 - 00001049 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-07-18 15:47 - 2015-07-18 15:47 - 00987928 _____ (Download Assistant) C:\Users\Ana\Downloads\TeamViewer Setup.exe
2015-07-18 15:15 - 2015-07-18 15:15 - 00000000 ____D C:\Users\Ana\AppData\Roaming\AVAST Software
2015-07-18 15:13 - 2015-07-18 15:22 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-07-18 15:13 - 2015-07-18 15:22 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-07-18 15:12 - 2015-07-18 15:12 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-18 15:12 - 2015-07-18 15:12 - 00001940 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-18 15:12 - 2015-07-18 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-18 15:11 - 2015-07-18 15:11 - 01048856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-07-18 15:11 - 2015-07-18 15:11 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-07-18 15:11 - 2015-07-18 15:11 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-07-18 15:11 - 2015-07-18 15:11 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-07-18 15:11 - 2015-07-18 15:11 - 00150160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-07-18 15:11 - 2015-07-18 15:11 - 00115152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys
2015-07-18 15:11 - 2015-07-18 15:11 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-07-18 15:11 - 2015-07-18 15:11 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-07-18 15:11 - 2015-07-18 15:11 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-07-18 15:11 - 2015-07-18 15:11 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-07-18 15:11 - 2015-07-18 15:11 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-07-18 15:09 - 2015-07-18 15:09 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-18 15:07 - 2015-07-18 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-07-18 15:07 - 2015-07-18 16:15 - 00002952 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-07-18 15:07 - 2015-07-18 16:15 - 00002952 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-07-18 15:07 - 2015-07-18 15:07 - 00422400 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-07-18 15:07 - 2015-07-18 15:07 - 00342016 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-07-18 15:06 - 2015-07-18 15:06 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-18 15:05 - 2015-07-18 15:05 - 00988440 _____ (Download Assistant) C:\Users\Ana\Downloads\Avast_Setup.exe
2015-07-18 14:57 - 2015-07-18 14:57 - 00000162 _____ C:\Users\Ana\Desktop\dell support.txt
2015-07-18 14:37 - 2015-07-18 15:50 - 00000000 ____D C:\Users\Ana\AppData\Roaming\TeamViewer
2015-07-07 07:36 - 2015-07-07 18:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-22 14:03 - 2015-06-22 14:03 - 00004022 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-06-22 14:03 - 2015-06-22 14:03 - 00003484 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-06-22 14:03 - 2015-06-22 14:03 - 00003210 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2015-06-22 14:03 - 2015-06-22 14:03 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-06-22 14:03 - 2015-06-22 14:03 - 00000000 ____D C:\Program Files\Dell Support Center
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-18 17:14 - 2013-08-22 09:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-18 17:12 - 2014-08-15 19:42 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-18 17:02 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-18 16:57 - 2014-08-15 19:38 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1018904820-2753979097-1347701867-1001
2015-07-18 16:54 - 2014-12-18 03:49 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-18 16:50 - 2014-06-12 20:29 - 00000000 ____D C:\ProgramData\McAfee
2015-07-18 16:49 - 2014-06-12 20:29 - 00000000 ____D C:\Program Files\mcafee
2015-07-18 16:47 - 2013-08-22 09:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-07-18 16:47 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-18 16:37 - 2014-08-15 19:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-18 16:36 - 2014-06-12 20:34 - 00000000 ____D C:\Program Files (x86)\Dell
2015-07-18 16:27 - 2014-06-12 20:18 - 01402436 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-18 16:20 - 2014-06-12 20:32 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-07-18 16:18 - 2014-08-11 20:09 - 00000000 ___DO C:\Users\Ana\OneDrive
2015-07-18 16:17 - 2015-01-24 01:18 - 00001342 _____ C:\WINDOWS\Tasks\TUEZB.job
2015-07-18 16:17 - 2015-01-24 01:17 - 00001342 _____ C:\WINDOWS\Tasks\KIUWK.job
2015-07-18 16:17 - 2014-08-15 19:42 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-18 16:15 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-18 16:15 - 2013-08-22 08:44 - 00584496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-18 16:14 - 2014-06-12 19:57 - 00059110 _____ C:\WINDOWS\PFRO.log
2015-07-18 16:14 - 2013-08-22 07:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-18 15:55 - 2013-08-22 08:46 - 00058477 _____ C:\WINDOWS\setupact.log
2015-07-18 15:53 - 2014-10-01 17:49 - 00000000 ____D C:\Users\Ana\Documents\Outlook Files
2015-07-18 01:16 - 2014-06-12 20:08 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-16 23:06 - 2015-04-24 22:55 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-16 23:02 - 2015-01-14 04:14 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 23:07 - 2014-08-15 19:42 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 23:07 - 2014-08-15 19:42 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 07:37 - 2014-08-15 19:50 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-14 12:08 - 2014-08-15 19:43 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 02:54 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-13 05:12 - 2014-08-15 19:30 - 00000000 ____D C:\Users\Ana\AppData\Local\VirtualStore
2015-07-12 05:58 - 2014-08-20 20:53 - 00000000 ____D C:\Users\Ana\AppData\Local\CrashDumps
2015-07-07 18:00 - 2014-09-16 22:20 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-07-07 18:00 - 2014-08-15 19:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-29 13:06 - 2015-06-05 12:19 - 00000000 ____D C:\Users\Ana\Desktop\DIABLO
2015-06-28 04:51 - 2014-10-11 21:50 - 00000000 ____D C:\Users\Ana\Documents\Family Tree Maker
2015-06-22 18:24 - 2014-09-16 22:16 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-06-22 14:03 - 2014-06-12 20:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-06-22 14:03 - 2014-06-12 20:28 - 00000000 ____D C:\ProgramData\PCDr
2015-06-20 06:12 - 2014-08-20 01:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-20 06:09 - 2014-08-20 01:21 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-19 14:06 - 2014-08-15 19:26 - 00000000 ____D C:\Users\Ana
==================== Files in the root of some directories =======
2014-09-01 02:18 - 2015-02-13 22:18 - 0000365 _____ () C:\Users\Ana\AppData\Roaming\KIUWK
2014-09-01 02:18 - 2015-02-13 22:18 - 0001171 _____ () C:\Users\Ana\AppData\Roaming\TUEZB
2014-11-15 23:56 - 2014-11-15 23:56 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-06-12 20:19 - 2014-06-12 20:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-24 01:19 - 2015-01-24 01:19 - 0001595 _____ () C:\ProgramData\tempimage.bmp
2014-06-12 20:28 - 2014-06-12 20:28 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-06-12 20:25 - 2014-06-12 20:26 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-06-12 20:26 - 2014-06-12 20:27 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-06-12 20:27 - 2014-06-12 20:27 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-06-12 20:25 - 2014-06-12 20:25 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Some files in TEMP:
====================
C:\Users\Ana\AppData\Local\Temp\0258401437259495mcinst.exe
C:\Users\Ana\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Ana\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Ana\AppData\Local\Temp\{704CC697-204F-4753-9C44-1190D8092FCE}.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-11 06:17
==================== End of log ============================
Edited by vanaya2002, 18 July 2015 - 05:40 PM.