So I was not paying attention the other day and when the mozilla critical update page flashed up on my browser I just downloaded the item and started to install it (no don't ask me, I still can't believe I did it). When the install started it opened a little window that looked similar to a dos prompt window. That's when I realized What the... am I doing and turned the computer off. I have no idea if it had time to fully install or not. I turned it back on a little while later, I'm not sure what I did on it, maybe tried to run a cleaner or something and then thought better of it and turned it off. Later I loaded it into safe mode and ran some antivirus software. I ran spybot, windows defender.. and I think one other but I don't remember which one (avg, avast, kapersky.. some of them wouldn't install). Spybot found a few things, Windows Defender found a lot of things (which is good it took like 5 hours to run). But I'm still not comfortable that I've gotten everything and I'm having trouble installing over anti-virus software to run it. I would wipe my whole system but I don't keep backups of my files and I'm afraid if I try and save my important files (emails, docs, pics) they might be infected.
I can attach the results of the spybot and windows defender scan if it would help. It looks like spybot mostly found browser related stuff plus something called Babylon.toolbar and couponbar. Windows defender found toniper, cleaman.G and cleaman.B
Thank you in advance for any help you can give me
~T
can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by teri (administrator) on TERI-PC (18-03-2017 09:48:20)
Running from C:\Users\teri\Desktop
Loaded Profiles: teri (Available Profiles: teri & appen)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\40.3.7\ScriptHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-05] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [124536 2015-06-04] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [Nikon Transfer Monitor] => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [38824 2012-04-20] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [51112 2012-04-20] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort14reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe [607592 2012-01-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [317824 2016-01-18] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2183752 2017-03-09] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-18] (AVAST Software)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-10-29] ()
HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\Run: [Akamai NetSession Interface] => C:\Users\teri\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\Run: [Starfield Updater] => C:\Users\teri\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2015-05-31] (Starfield Technologies)
HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\Run: [Workspace Status] => C:\Users\teri\AppData\Local\Workspace\workspacestatus.exe [694760 2015-05-31] (Starfield Technologies)
HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\Run: [f.lux] => C:\Users\teri\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [241280 2016-03-11] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [241280 2016-03-11] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\MountPoints2: {d866c90e-e68a-11e5-88d7-806e6f6e6963} - "E:\autorun.exe"
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\buShell.dll [2017-02-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\buShell.dll [2017-02-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\buShell.dll [2017-02-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\teri\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll [2017-03-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\teri\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll [2017-03-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\teri\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll [2017-03-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-18] (AVAST Software)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2015-05-31] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2015-05-31] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.0.71\buShell.dll [2017-02-07] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.0.71\buShell.dll [2017-02-07] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.0.71\buShell.dll [2017-02-07] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\teri\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncShell.dll [2017-03-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\teri\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncShell.dll [2017-03-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\teri\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncShell.dll [2017-03-06] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2015-12-12]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-02-05]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Shutterfly Uploader.lnk [2016-11-27]
ShortcutTarget: Shutterfly Uploader.lnk -> C:\Program Files (x86)\Shutterfly Uploader\ThisLife.Uploader.exe (Shutterfly, Inc.)
Startup: C:\Users\teri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-12-28]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\teri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-01-08]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\teri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-01-08]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\teri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2016-11-19]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\teri\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{a45a9a26-1ffb-4765-83e5-4993b2af8aba}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Internet Explorer:
==================
HKU\S-1-5-21-949653850-3281974074-584544497-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid=%7B26137D7F-3D4B-42BC-BCB3-BD4D31AEB431%7D&mid=feea973ea01e47cfab48810f1ba9fdf8-94ed82389d5e93983f0a3270c37585e9e645ecad&lang=en&ds=AVG&coid=avgtbavg&cmpid=0916avz&pr=fr&d=2016-09-12%2019:14:49&v=4.3.5.160&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-949653850-3281974074-584544497-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-949653850-3281974074-584544497-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={26137D7F-3D4B-42BC-BCB3-BD4D31AEB431}&mid=feea973ea01e47cfab48810f1ba9fdf8-94ed82389d5e93983f0a3270c37585e9e645ecad&lang=en&ds=AVG&coid=avgtbavg&cmpid=0916avz&pr=fr&d=2016-09-12 19:14:49&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-949653850-3281974074-584544497-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-949653850-3281974074-584544497-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={26137D7F-3D4B-42BC-BCB3-BD4D31AEB431}&mid=feea973ea01e47cfab48810f1ba9fdf8-94ed82389d5e93983f0a3270c37585e9e645ecad&lang=en&ds=AVG&coid=avgtbavg&cmpid=0916avz&pr=fr&d=2016-09-12 19:14:49&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-949653850-3281974074-584544497-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22&locale=en_US&guid=5047642A-2421-11E2-9B58-001638BFD1B8&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-03-09] (AVG)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.0.71\coIEPlg.dll [2017-02-07] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-12] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-03-09] (AVG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-12] (Oracle Corporation)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.9.0.71\coIEPlg.dll [2017-02-07] (Symantec Corporation)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-01] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\teri\AppData\Roaming\Mozilla\Firefox\Profiles\fdph7kom.default-1456669571350 [2017-03-18]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\fdph7kom.default-1456669571350 -> AVG Secure Search
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\fdph7kom.default-1456669571350 -> Google
FF Extension: (WBE Paste) - C:\Users\teri\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2015-05-31] [not signed]
FF Extension: (AVG Web TuneUp) - C:\Users\teri\AppData\Roaming\Mozilla\Firefox\Profiles\fdph7kom.default-1456669571350\Extensions\[email protected] [2017-03-09]
FF Extension: (Pin It button) - C:\Users\teri\AppData\Roaming\Mozilla\Firefox\Profiles\fdph7kom.default-1456669571350\Extensions\[email protected] [2016-03-13]
FF SearchPlugin: C:\Users\teri\AppData\Roaming\Mozilla\Firefox\Profiles\fdph7kom.default-1456669571350\searchplugins\avg-secure-search.xml [2017-03-09]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon [2017-02-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\[email protected] => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @alternatiff.com/AlternaTIFF -> C:\Program Files\MIE\AlternaTIFF\npatif64.dll [2013-02-05] (Medical Informatics Engineering, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2013-10-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-10-29] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll [2011-02-16] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-949653850-3281974074-584544497-1000: @citrixonline.com/appdetectorplugin -> C:\Users\teri\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-949653850-3281974074-584544497-1000: @starfield.com/off -> C:\Users\teri\AppData\Roaming\Mozilla\Plugins\npoff.dll [2015-05-31] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-949653850-3281974074-584544497-1000: @starfield.com/off64 -> C:\Users\teri\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2015-05-31] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-949653850-3281974074-584544497-1000: @starfield.com/wbe -> C:\Users\teri\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2015-05-31] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-949653850-3281974074-584544497-1000: @starfield.com/wbe64 -> C:\Users\teri\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2015-05-31] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-949653850-3281974074-584544497-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\teri\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-949653850-3281974074-584544497-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\teri\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-949653850-3281974074-584544497-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-10-29] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2012-12-08] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2012-10-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\teri\AppData\Roaming\mozilla\plugins\npoff.dll [2015-05-31] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\teri\AppData\Roaming\mozilla\plugins\npoff64.dll [2015-05-31] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\teri\AppData\Roaming\mozilla\plugins\npwbe.dll [2015-05-31] (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\teri\AppData\Roaming\mozilla\plugins\npwbe64.dll [2015-05-31] (Starfield Technology, LLC)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR NewTab: Default -> Active:"chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\teri\AppData\Local\Google\Chrome\User Data\Default [2017-03-18]
CHR Extension: (AVG Secure Search) - C:\Users\teri\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-03-17]
CHR Extension: (Adobe Acrobat) - C:\Users\teri\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\teri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\teri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-11]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\Exts\Chrome.crx [2017-02-26]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-949653850-3281974074-584544497-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\Exts\Chrome.crx [2017-02-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-01] ()
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-18] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-18] (AVAST Software)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [1002552 2017-02-22] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5334432 2017-02-22] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [729048 2017-02-22] (AVG Technologies CZ, s.r.o.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
S2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [671232 2016-06-02] (SEIKO EPSON CORPORATION) [File not signed]
S2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\NIS.exe [326160 2017-02-20] (Symantec Corporation)
S2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
S2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2010-03-22] (NVIDIA)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-30] (Electronic Arts)
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [219496 2012-04-20] (Nuance Communications, Inc.)
S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA)
S2 VTechUSBSocketService; C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe [82824 2013-03-28] (VTech)
S2 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-03-09] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-03-09] ()
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
S1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309272 2017-03-18] (AVAST Software s.r.o.)
S0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-03-18] (AVAST Software s.r.o.)
S0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-03-18] (AVAST Software s.r.o.)
S0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-03-18] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-03-18] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126600 2017-03-18] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-03-18] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-03-18] (AVAST Software)
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [993608 2017-03-18] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [548928 2017-03-18] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-03-18] (AVAST Software)
S0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337592 2017-03-18] (AVAST Software)
R0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
S1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [313088 2017-02-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
S0 avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-07-10] (Symantec Corporation)
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NISx64\1609000.047\ccSetx64.sys [174240 2017-02-07] (Symantec Corporation)
S3 cpuz136; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [25320 2013-08-24] (CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20160929.003\IDSvia64.sys [1012440 2016-09-26] (Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-18] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-18] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251840 2017-03-18] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 nvoclk64; C:\WINDOWS\system32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 SRTSP; C:\WINDOWS\System32\Drivers\NISx64\1609000.047\SRTSP64.SYS [760992 2017-02-07] (Symantec Corporation)
S1 SRTSPX; C:\WINDOWS\system32\drivers\NISx64\1609000.047\SRTSPX64.SYS [49312 2017-02-07] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NISx64\1609000.047\SYMEFASI64.SYS [1716896 2017-02-07] (Symantec Corporation)
S4 SymELAM; C:\WINDOWS\system32\drivers\NISx64\1609000.047\SymELAM.sys [24616 2017-02-07] (Symantec Corporation)
S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-02-10] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NISx64\1609000.047\Ironx64.SYS [291480 2017-02-07] (Symantec Corporation)
S1 SymNetS; C:\WINDOWS\System32\Drivers\NISx64\1609000.047\SYMNETS.SYS [567512 2017-02-07] (Symantec Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20160310.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20160310.003\EX64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-18 09:48 - 2017-03-18 09:49 - 00038917 _____ C:\Users\teri\Desktop\FRST.txt
2017-03-18 09:48 - 2017-03-18 09:48 - 00000000 ____D C:\FRST
2017-03-18 09:45 - 2017-03-18 09:47 - 02424832 _____ (Farbar) C:\Users\teri\Desktop\FRST64.exe
2017-03-18 09:03 - 2017-03-18 09:24 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-18 09:03 - 2017-03-18 09:24 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-18 09:03 - 2017-03-18 09:24 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-18 09:03 - 2017-03-18 09:03 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-18 09:03 - 2017-03-18 09:03 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-18 09:03 - 2017-03-18 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-18 09:03 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-18 09:02 - 2017-03-18 09:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-18 09:02 - 2017-03-18 09:02 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-18 09:00 - 2017-03-18 09:02 - 57131432 _____ (Malwarebytes ) C:\Users\teri\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-18 08:58 - 2017-03-18 09:33 - 00003750 _____ C:\Users\teri\Desktop\Rkill.txt
2017-03-18 08:58 - 2017-03-18 08:58 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\teri\Downloads\WiNlOgOn.exe
2017-03-18 08:55 - 2017-03-18 08:55 - 04769640 _____ (Avira Operations GmbH & Co. KG) C:\Users\teri\Downloads\avira_en_fass0_58cd4a33c6d5e__ws.exe
2017-03-18 08:48 - 2017-03-18 08:48 - 00000000 ____D C:\Users\teri\AppData\Roaming\AVAST Software
2017-03-18 08:47 - 2017-03-18 08:47 - 00548928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2017-03-18 08:47 - 2017-03-18 08:47 - 00337592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-03-18 08:47 - 2017-03-18 08:47 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-03-18 08:47 - 2017-03-18 08:47 - 00001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-03-18 08:47 - 2017-03-18 08:47 - 00000342 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2017-03-18 08:47 - 2017-03-18 08:46 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.148984846035904
2017-03-18 08:47 - 2017-03-18 08:46 - 00337592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.148984846126506
2017-03-18 08:47 - 2017-03-18 08:46 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-03-18 08:47 - 2017-03-18 08:46 - 00126600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-03-18 08:47 - 2017-03-18 08:46 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-03-18 08:47 - 2017-03-18 08:46 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-03-18 08:47 - 2017-03-18 08:46 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-03-18 08:47 - 2017-03-18 08:45 - 00993608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-03-18 08:47 - 2017-03-18 08:45 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-03-18 08:47 - 2017-03-18 08:45 - 00309272 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-03-18 08:47 - 2017-03-18 08:45 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-03-18 08:47 - 2017-03-18 08:45 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-03-18 08:46 - 2017-03-18 08:46 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-03-18 08:43 - 2017-03-18 08:43 - 00000000 ____D C:\Program Files\AVAST Software
2017-03-18 08:42 - 2017-03-18 08:42 - 06654960 _____ (AVAST Software) C:\Users\teri\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-03-18 08:31 - 2017-03-18 08:31 - 00000000 ____D C:\Users\teri\AppData\Local\ElevatedDiagnostics
2017-03-18 08:24 - 2017-03-18 08:24 - 02622304 _____ (Kaspersky Lab) C:\Users\teri\Downloads\kss16.0.0.1344en_9702.exe
2017-03-17 23:35 - 2017-03-18 02:25 - 00296259 _____ C:\Users\teri\Desktop\avgrep.txt
2017-03-17 18:20 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-03-17 18:04 - 2017-03-17 18:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-03-17 18:01 - 2017-03-18 08:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-17 17:55 - 2017-03-17 17:55 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-17 17:36 - 2017-03-18 09:25 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-03-17 15:18 - 2017-03-17 18:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-17 15:18 - 2017-03-17 18:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-17 15:18 - 2017-03-17 15:18 - 00001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-03-17 15:18 - 2017-03-17 15:18 - 00001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-03-17 15:18 - 2017-03-17 15:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-03-17 15:18 - 2017-03-17 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-03-17 15:18 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-03-17 15:16 - 2017-03-17 15:16 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\teri\Downloads\spybot-2.4.exe
2017-03-14 21:18 - 2017-03-14 21:18 - 00004374 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-03-11 23:19 - 2017-03-11 23:19 - 00011444 _____ C:\Users\teri\Documents\Nora Roberts Books.xlsx
2017-03-04 08:20 - 2017-03-04 08:20 - 00003404 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2017-02-27 13:30 - 2017-02-27 13:30 - 00000000 ____D C:\Program Files\NortonInstaller
2017-02-26 18:51 - 2017-03-17 17:22 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2017-02-20 13:14 - 2017-02-20 13:14 - 00313088 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2017-02-19 11:24 - 2017-02-19 11:24 - 00010606 _____ C:\Users\teri\Documents\Summer Camps.xlsx
2017-02-19 09:55 - 2017-02-19 09:56 - 00257799 _____ C:\Users\teri\Documents\CSPOMS Donation Petries Family Games .pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-18 09:28 - 2016-08-04 11:05 - 01271144 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-18 09:18 - 2016-07-16 00:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-03-18 09:16 - 2016-11-17 15:52 - 00000000 ____D C:\Users\teri\AppData\LocalLow\Mozilla
2017-03-18 08:55 - 2016-01-12 23:30 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-18 08:47 - 2015-08-20 16:22 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-18 08:22 - 2016-08-04 10:59 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-17 18:11 - 2016-08-04 11:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-17 18:09 - 2016-08-29 10:17 - 00000000 ____D C:\ProgramData\MFAData
2017-03-17 18:08 - 2016-08-04 11:01 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-17 17:17 - 2017-02-03 14:00 - 00000000 ____D C:\Users\appen
2017-03-17 17:06 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-17 17:06 - 2013-08-16 13:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-17 17:06 - 2012-10-31 07:30 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-17 16:09 - 2016-08-04 11:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-03-17 15:17 - 2013-10-29 23:10 - 00000000 ___HD C:\Users\teri\Documents\Outlook Files
2017-03-17 14:24 - 2012-12-27 11:12 - 00000000 ____D C:\Temp
2017-03-17 14:23 - 2016-08-04 11:06 - 00000000 ____D C:\Users\teri
2017-03-17 14:23 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-17 14:19 - 2015-05-31 15:15 - 00000668 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-949653850-3281974074-584544497-1000.job
2017-03-17 14:19 - 2015-01-21 12:36 - 00000572 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-949653850-3281974074-584544497-1000.job
2017-03-17 14:11 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-17 14:11 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-17 14:11 - 2015-08-22 07:07 - 00000000 ____D C:\Users\teri\Documents\Ebay - cds, Lia Sophia inventory and pics
2017-03-17 14:05 - 2016-09-22 09:35 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-03-15 11:03 - 2016-08-29 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-03-15 11:00 - 2017-02-03 14:00 - 00000000 ____D C:\Users\appen\AppData\Local\Avg
2017-03-14 21:18 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-14 21:18 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-12 11:08 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-09 23:17 - 2016-07-16 05:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-09 23:17 - 2016-07-16 05:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-09 22:21 - 2012-12-02 23:39 - 00000000 ____D C:\Users\teri\Documents\POMS
2017-03-09 21:43 - 2016-09-12 13:14 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2017-03-09 21:43 - 2016-09-12 13:14 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2017-03-06 18:43 - 2016-12-16 14:37 - 00003272 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-06 18:43 - 2016-03-10 09:25 - 00002397 _____ C:\Users\teri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-06 18:43 - 2015-01-08 10:05 - 00000000 ___RD C:\Users\teri\OneDrive
2017-03-06 18:26 - 2016-08-23 17:46 - 00003816 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-949653850-3281974074-584544497-1000
2017-03-06 18:26 - 2016-08-23 17:46 - 00003720 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-949653850-3281974074-584544497-1000
2017-03-04 17:20 - 2014-09-12 18:17 - 00000000 ____D C:\Users\teri\AppData\Roaming\Skype
2017-03-04 15:03 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-04 08:21 - 2016-03-10 09:53 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64
2017-03-04 08:20 - 2016-03-10 09:55 - 00002484 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2017-03-04 08:20 - 2016-03-10 09:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2017-03-04 08:17 - 2016-07-16 05:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-03-03 12:25 - 2012-11-05 12:08 - 00000000 ___HD C:\Users\teri\AppData\Local\CrashDumps
2017-02-26 18:45 - 2016-03-10 09:53 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2017-02-26 18:42 - 2016-08-04 10:59 - 00374448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-22 12:53 - 2010-12-30 15:10 - 00000000 ____D C:\Genealogy
2017-02-22 10:57 - 2015-11-10 14:36 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-19 15:44 - 2013-02-09 10:52 - 00000000 ____D C:\Users\teri\Documents\TurboTax
==================== Files in the root of some directories =======
2013-02-01 12:24 - 2013-02-01 12:24 - 0000268 ___RH () C:\Users\teri\AppData\Roaming\Action
2012-11-03 19:56 - 2013-02-01 12:08 - 0000268 ___RH () C:\Users\teri\AppData\Roaming\Analog Swirl
2013-02-01 12:08 - 2013-02-01 12:08 - 0000268 ___RH () C:\Users\teri\AppData\Roaming\Analog Sync
2013-02-01 12:08 - 2013-02-01 12:08 - 0000268 ___RH () C:\Users\teri\AppData\Roaming\Animals
2013-03-28 15:43 - 2013-06-16 10:09 - 0922944 _____ () C:\Users\teri\AppData\Local\a.zip
2013-03-28 15:43 - 2013-06-16 10:09 - 2162336 _____ (Catalina Marketing Corp) C:\Users\teri\AppData\Local\BcsKtYcHW.dll
2012-12-15 11:54 - 2012-12-15 11:54 - 0000092 _____ () C:\Users\teri\AppData\Local\fusioncache.dat
2012-10-31 20:56 - 2012-10-31 21:12 - 0007605 ____H () C:\Users\teri\AppData\Local\Resmon.ResmonCfg
2013-02-01 12:24 - 2013-02-01 12:24 - 0000268 ___RH () C:\ProgramData\Ambient
2013-02-01 12:05 - 2013-02-01 12:05 - 0000000 _____ () C:\ProgramData\Analog Pad
2013-02-01 12:24 - 2013-02-01 12:24 - 0000012 ___RH () C:\ProgramData\Applause and Laugher
2013-02-01 12:08 - 2013-02-01 12:08 - 0000268 ___RH () C:\ProgramData\Application
2013-02-01 12:08 - 2013-02-01 12:08 - 0000268 ___RH () C:\ProgramData\Application Support
2013-02-01 12:08 - 2013-02-01 12:08 - 0000268 ___RH () C:\ProgramData\Applications
2013-02-01 12:08 - 2013-02-01 12:08 - 0000012 ___RH () C:\ProgramData\Bass
2013-02-01 12:08 - 2013-02-01 12:08 - 0000012 ___RH () C:\ProgramData\Bass Reduction
2013-02-01 12:08 - 2013-02-01 12:08 - 0000012 ___RH () C:\ProgramData\Booms
2013-02-01 12:05 - 2013-02-01 12:05 - 0000000 _____ () C:\ProgramData\laserjet
2013-02-09 10:48 - 2016-02-23 15:45 - 0001095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-02-01 12:24 - 2016-06-13 20:56 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2012-11-03 19:56 - 2013-02-01 12:08 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2012-11-03 19:56 - 2015-10-06 18:16 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2012-11-03 19:56 - 2015-10-06 18:13 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
Files to move or delete:
====================
C:\Users\teri\jobq.dat
Some files in TEMP:
====================
2016-11-19 10:18 - 2016-05-28 16:55 - 1748144 _____ (SAMSUNG Electornics Co., Ltd.) C:\Users\teri\AppData\Local\Temp\LiveUpdater.exe
2016-12-12 09:05 - 2016-12-12 09:05 - 28688640 _____ (RootsMagic, Inc. ) C:\Users\teri\AppData\Local\Temp\RM7Setup.exe
2017-01-16 11:17 - 2017-01-16 11:17 - 0171832 ____T (Symantec Corporation) C:\Users\teri\AppData\Local\Temp\SCC.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-11 22:13
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by teri (18-03-2017 09:49:42)
Running from C:\Users\teri\Desktop
Windows 10 Pro Version 1607 (X64) (2016-08-04 17:39:30)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-949653850-3281974074-584544497-500 - Administrator - Disabled)
appen (S-1-5-21-949653850-3281974074-584544497-1007 - Limited - Enabled) => C:\Users\appen
ASPNET (S-1-5-21-949653850-3281974074-584544497-1003 - Limited - Enabled)
DefaultAccount (S-1-5-21-949653850-3281974074-584544497-503 - Limited - Disabled)
Guest (S-1-5-21-949653850-3281974074-584544497-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-949653850-3281974074-584544497-1005 - Limited - Enabled)
teri (S-1-5-21-949653850-3281974074-584544497-1000 - Administrator - Enabled) => C:\Users\teri
Twins (S-1-5-21-949653850-3281974074-584544497-1006 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: AVG AntiVirus Free Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: Norton Internet Security (Disabled - Out of date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Internet Security (Disabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.3 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.03 - ASUSTeK Computer Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.71 - ArcSoft)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.19 - Audible, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
AVG (HKLM\...\AvgZen) (Version: 1.113.2.50020 - AVG Technologies)
AVG (Version: 16.151.8007 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4756 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.151.8007 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.7.452 - AVG Technologies)
AVG Zen (Version: 1.113.1 - AVG Technologies) Hidden
Barbie® Super Sports™ (HKLM-x32\...\Barbie® Super Sports™) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Carmageddon (HKLM-x32\...\Carmageddon_is1) (Version: - GOG.com)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Citrix Online Launcher (HKLM-x32\...\{AFB80939-4486-49D8-A04E-2B05C0F2DE39}) (Version: 1.0.252 - Citrix)
Clooz 3 (HKLM-x32\...\{D7EFA1F4-71E8-41B5-B889-71A63601837E}) (Version: 3.3.6.0 - Ancestral Systems LLC)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora Backpack (HKLM-x32\...\{D859D35F-E947-4F2A-8591-C76A4D116178}) (Version: - )
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
EverQuest II (HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\SOE-EverQuest II) (Version: - Sony Online Entertainment)
Evidentia 2.2.3 (HKLM-x32\...\{C4C353C0-7CFF-47F5-8BD0-2EB964DCE1CB}_is1) (Version: 2.2.3 - Evidentia Software, LLC)
f.lux (HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\Flux) (Version: - )
FamilySearch Indexing 3.21.0 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.21.0 - FamilySearch)
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Fisher-Price Petshop (HKLM-x32\...\Fisher-Price Petshop) (Version: - )
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.1.0.6519 (HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\GoToMeeting) (Version: 8.1.0.6519 - CitrixOnline)
GoZone iSync (HKLM-x32\...\GoZone iSync) (Version: 2.0.0 - Virgin HealthMiles)
iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.)
Jasc Paint Shop Photo Album (HKLM-x32\...\{B76D4A7F-FF11-4420-947C-C3AD624B9DBA}) (Version: 4.0.3 - Jasc Software, Inc.)
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JavaFX 2.0.3 (HKLM-x32\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.62.0 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.6.19846 - LeapFrog)
LeapFrog Connect (x32 Version: 7.0.6.19846 - LeapFrog) Hidden
LeapFrog My Pals Plugin (x32 Version: 7.0.6.19846 - LeapFrog) Hidden
Learning Lodge™ (HKLM-x32\...\VTechDownloadManager) (Version: - VTech)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
MechWarrior Online (HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\{74d11f91-05cc-44f6-8e49-94fe7f33c79b}) (Version: 1.2.0.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.2.0.0 - Piranha Games Inc.) Hidden
MediaMonkey 3.2 (HKLM-x32\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4849.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.3.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 12.10.3002 - Motorola Mobility) Hidden
MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 52.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 en-US)) (Version: 52.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon)
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.9.0.71 - Symantec Corporation)
Nuance PaperPort 14 (HKLM-x32\...\{4E776326-CC0D-46E3-8069-A92105F8789B}) (Version: 14.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{E2B6E020-B045-444C-87FF-10C8B9CEDA9F}) (Version: 7.10.3211 - Nuance Communications, Inc.)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Update (HKLM-x32\...\InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}) (Version: 3.00 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
OverDrive for Windows (HKLM-x32\...\{36994F59-D10D-46DD-A040-C5D095C2A3E9}) (Version: 3.4.1 - OverDrive, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.7.0.0 - Pando Networks Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
RootsMagic 7.0.7.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.0.7.0 - RootsMagic, Inc.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Scooby-Doo™, Case File #2 The Scary Stone Dragon (HKLM-x32\...\Scooby-Doo™, Case File #2 The Scary Stone Dragon) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
ServiceInstaller (HKLM-x32\...\ServiceInstaller) (Version: - )
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
Shutterfly Uploader (HKLM-x32\...\{D533A76E-543F-4B3F-9149-4B0ECE2DF0E3}) (Version: 2.8.674 - Shutterfly, Inc.)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.5.3.23260 - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Strawberry Shortcake - Amazing Cookie Party (HKLM-x32\...\Strawberry Shortcake - Amazing Cookie Party) (Version: - )
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Lord of the Rings Online™: Siege of Mirkwood™ v03.02.00.185 (HKLM-x32\...\e01f4d10-f2d0-11dd-ba2f-0800200c9a66_is1) (Version: 03.02.00.1850 - Turbine, Inc.)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Ultima 8 (HKLM-x32\...\{428C6B01-D292-46F9-9321-75668ED17DA2}) (Version: 1.0.0.1 - Electronic Arts)
Unity Web Player (HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\UnityWebPlayer) (Version: 5.3.4f1 - Unity Technologies ApS)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version: - LeapFrog)
UserTesting.com Recorder Plugin (HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\UserTestingPlugin) (Version: - UserTesting.com)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{D549825F-FB85-49F6-8075-79847871C246}) (Version: 2.16.1101 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{EDB7BFB3-9B55-4A70-920F-35226A4E4A12}) (Version: 2.16.0504 - Samsung Electronics Co., Ltd.)
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Workspace Desktop (HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\workspacedesktop) (Version: - Starfield Technologies)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-949653850-3281974074-584544497-1000_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\teri\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies)
CustomCLSID: HKU\S-1-5-21-949653850-3281974074-584544497-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\teri\AppData\Local\Citrix\GoToMeeting\2128\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-949653850-3281974074-584544497-1000_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\teri\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0033528A-DFFE-4277-8142-A17B1C5647AB} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService -> No File <==== ATTENTION
Task: {0329A99E-B4F6-4CCA-8113-3631783FB6B7} - \MotoCast Update -> No File <==== ATTENTION
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {09C307A4-DB83-44A8-908C-9D6BFC3906FF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {0E15B8A0-42EB-4680-BE5D-2083BED40B8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {0FDFF564-83B2-432C-9927-F31C20A7B1A1} - \ASUS\ASUS DigiVRM Help -> No File <==== ATTENTION
Task: {11F87F7C-5C71-4B39-AF5B-D67986E5C854} - \ASUS\USB 3.0 Boost Service -> No File <==== ATTENTION
Task: {1E0FB656-936E-4C98-A596-1ACAFCB428F1} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {25F40DDC-8A3B-407D-80CB-F762A93944C2} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {265E23A7-D6FF-4F0B-9E83-E99664ACC9C2} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {29401EE6-059F-412E-B246-5C93E009928F} - \Microsoft\Windows\Media Center\OCURActivate -> No File <==== ATTENTION
Task: {2E9158B5-24DB-4D65-B6D3-333C5B6F40E5} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {3589DCCD-7F68-4F91-96CC-02233791ECE9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {393DAD0C-BF9B-4308-A20A-8D55D4E43CD8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)
Task: {3C1B45DD-4F79-4D08-B165-14F4D7B4F5D0} - System32\Tasks\Norton Internet Security\Norton Internet Security Autofix => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\SymErr.exe [2017-02-07] (Symantec Corporation)
Task: {3D022332-F098-41E4-8123-13F6472EAD5C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {42ECF6EF-9D21-447B-9B89-A0F7566827D7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {434B0701-FFDB-4A06-960F-2663B95B8B56} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {44680C3C-8D87-448D-98BC-8A3F72AD7B90} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {47751813-5F9C-4205-95EF-04FF778F76A7} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration -> No File <==== ATTENTION
Task: {4C1232A1-8210-4A95-8134-715FB0DC97B0} - \Motorola Device Manager Initial Update -> No File <==== ATTENTION
Task: {4C277008-99EF-45AE-948E-244A19416EC6} - System32\Tasks\G2MUploadTask-S-1-5-21-949653850-3281974074-584544497-1000 => C:\Users\teri\AppData\Local\Citrix\GoToMeeting\6519\g2mupload.exe [2017-03-06] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4F3A2371-E9FA-4E27-84BB-476DF881BD00} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {544CA3DD-9560-467F-93FC-5A6E505C95D9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {547EA585-7653-4C52-B24A-65A3A813D5F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5563B9F0-7223-42EA-B5C2-F090D1D74EAA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\WSCStub.exe [2017-02-20] (Symantec Corporation)
Task: {591124D4-1545-4786-ADD6-0CA0CF9769D0} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\SymErr.exe [2017-02-07] (Symantec Corporation)
Task: {59EA5DD4-3E42-41AF-97C3-481184E0E386} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {5AA0CA96-CF7C-49A6-8F7A-A59AF0AAC699} - \Microsoft\Windows\Media Center\InstallPlayReady -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls -> No File <==== ATTENTION
Task: {5BC03858-DE8F-44C9-89A8-DEE04AD52AE3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5E17091A-F152-47DE-A6D9-E4AE118256F3} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 -> No File <==== ATTENTION
Task: {5E87A420-0236-47E7-9BFE-7221367061C8} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 -> No File <==== ATTENTION
Task: {60A1C2BC-D5DC-4748-A743-7350376D97B9} - \Microsoft\Windows\Media Center\ReindexSearchRoot -> No File <==== ATTENTION
Task: {6218EABF-0D44-4A91-8DAA-722D1A20E869} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6A4B4235-0B22-4663-A7BA-26EBC7002D87} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
Task: {6B72C9A6-902A-410D-A6BE-0EF9DA86997D} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2017-02-20] (Symantec Corporation)
Task: {77AD0030-7514-4DFC-92DC-190CE4403B88} - \WPD\SqmUpload_S-1-5-21-949653850-3281974074-584544497-1000 -> No File <==== ATTENTION
Task: {78DAD987-9C72-4B8B-AA11-C67DC25A9C5A} - \Microsoft\Windows\Media Center\ActivateWindowsSearch -> No File <==== ATTENTION
Task: {7A3B8B1E-F953-4CB9-A961-C2162BFE6423} - \Motorola Device Manager Update -> No File <==== ATTENTION
Task: {8D2173E5-40E0-420A-A17E-E1D6FC1529CE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {93AF43E2-4B7D-4DC2-B9AA-25E1EE737180} - System32\Tasks\G2MUpdateTask-S-1-5-21-949653850-3281974074-584544497-1000 => C:\Users\teri\AppData\Local\Citrix\GoToMeeting\6519\g2mupdate.exe [2017-03-06] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {93C7E775-3778-4BF0-8A64-B446CE24C540} - \Microsoft\Windows\Media Center\ehDRMInit -> No File <==== ATTENTION
Task: {99DD1D55-4BDD-4D3E-BDC4-FB946F79AD87} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {9E77B9E5-4669-47FF-BFF0-E99F475A2832} - \Microsoft\Windows\Media Center\OCURDiscovery -> No File <==== ATTENTION
Task: {A21198FB-B7DF-404C-9FC5-8391CC97EE71} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
Task: {A5F06B4C-D1EE-4102-818F-5BD9FEC548FC} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION
Task: {A8B9C188-93A8-409B-9263-53B77AF97D11} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AB6A6906-EF5E-446A-969D-B9396F0BDC3C} - \Microsoft\Windows\Media Center\PvrRecoveryTask -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {B10B9FAC-78E3-40A4-B13A-7FAFC394AA21} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {B1F4C515-64F1-43ED-8E7B-47D90943142E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {B4B28262-FA75-4417-9E9E-72B599243FA0} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {B4F6D03A-BE99-46A6-98D0-C11A1A9C8798} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BB63CF1C-C7A5-49C6-BAC5-3CFDD103759A} - \Microsoft\Windows\Media Center\RecordingRestart -> No File <==== ATTENTION
Task: {C18D2B22-6413-4088-BACF-C044BB3B75C2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C60BE1DC-07E3-46FB-A1B7-33FA688B3CA7} - \Microsoft\Windows\Media Center\PBDADiscovery -> No File <==== ATTENTION
Task: {C8BD0170-7302-4E1B-9967-AF31512760D1} - \Microsoft\Windows\Media Center\mcupdate -> No File <==== ATTENTION
Task: {CA2A0CFC-5CF6-491E-8B25-61B997EAE4E8} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.9.0.71\SymErr.exe [2017-02-07] (Symantec Corporation)
Task: {CC3BD685-4E2F-4A4D-A39C-00A5EFDFD6B2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {CFEE4FA3-3E94-4CF9-93A3-5580303ED823} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {D4357476-EF1C-41DB-ADA0-4F513698F900} - \Seagate_Install_Launch -> No File <==== ATTENTION
Task: {D60C3BD7-028F-4D9C-8983-C6158DEE8933} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {DDBC0078-D7FA-4A16-BED8-FB626BF1EBF3} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {DEF26AED-A99C-4000-9B90-C6464E81356F} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task -> No File <==== ATTENTION
Task: {E0E8E429-F1F3-42D7-9BA2-8995D2632978} - \Microsoft\Windows\Media Center\UpdateRecordPath -> No File <==== ATTENTION
Task: {E300194A-A172-4513-9FD2-0790492DACB3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E7A2143F-E598-4914-8A4C-2B8C6D7A30FD} - \Microsoft\Windows\Media Center\mcupdate_scheduled -> No File <==== ATTENTION
Task: {EF7CBAA2-F5F3-4524-A15A-FA8C66BA9CD6} - \Microsoft\Windows Defender\MP Scheduled Scan -> No File <==== ATTENTION
Task: {F1AD7FC3-36A7-4B0A-9524-86E96C3C12F2} - \Motorola Device Manager Engine -> No File <==== ATTENTION
Task: {F1B2275B-4373-47EF-AD36-FD85D1ED9E02} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F2928059-D32C-4812-8516-1D52867D396D} - \ASUS\ASUS AI Suite II Execute -> No File <==== ATTENTION
Task: {FA04936B-A20D-4B27-82E8-8D92F43F025E} - \Microsoft\Windows\Media Center\PeriodicScanRetry -> No File <==== ATTENTION
Task: {FEE23335-7ABA-47D2-B84B-96E464DF5D22} - \Microsoft\Windows\Media Center\RegisterSearch -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-949653850-3281974074-584544497-1000.job => C:\Users\teri\AppData\Local\Citrix\GoToMeeting\6519\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-949653850-3281974074-584544497-1000.job => C:\Users\teri\AppData\Local\Citrix\GoToMeeting\6519\g2mupload.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 11:33 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-18 09:03 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-12-14 11:33 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-07-27 14:12 - 2016-05-24 10:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-09-14 08:05 - 2016-09-06 22:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 19:25 - 2016-12-21 01:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 19:25 - 2016-12-21 00:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 19:25 - 2016-12-21 00:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 19:25 - 2016-12-21 00:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 19:25 - 2016-12-21 00:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 19:25 - 2016-12-21 00:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 19:25 - 2016-12-21 00:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3 [119]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
iver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\apple.com -> hxxp://www.apple.com
IE trusted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\google.com -> hxxps://dl.google.com
IE trusted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\123simsen.com -> www.123simsen.com
There are 7776 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-949653850-3281974074-584544497-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupreg: EPLTarget =>
HKLM\...\StartupApproved\StartupFolder: => "Audible Download Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Shutterfly Uploader.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "Monitor"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\StartupApproved\StartupFolder: => "Verizon Wireless Software Utility Application for Android – Samsung.lnk"
HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\StartupApproved\Run: => "Pando Media Booster"
HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-949653850-3281974074-584544497-1000\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{A66B662F-4FDA-491A-8755-125501A52567}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A725DD04-9A58-43AF-9272-789F50BF2E68}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{5775C7DA-1A14-49DD-AB8B-BB42F4A7F5C1}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{06DA461F-7F58-4B90-A843-97658643C9E5}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{3875AE80-E5FE-4F3E-91C6-652C71BCA1E9}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{5CFB8C91-A178-4CBB-84A4-BA074B6E2573}] => (Allow) LPort=58542
FirewallRules: [{80F52BBA-3146-4501-AED7-531B2E81177D}] => (Allow) LPort=58542
FirewallRules: [{5D5B0AC7-ACD6-4F2F-884A-70F58FF73DBF}] => (Allow) LPort=58542
FirewallRules: [{E684E354-C258-41B2-B646-03FF260DAA1F}] => (Allow) LPort=58542
FirewallRules: [{22DD12E4-2DA8-4839-81A4-25986996449A}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{AF78CCDE-04F7-4F1C-9F8E-22B476B6A398}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe] => (Allow) C:\program files (x86)\asus\ai suite ii\ai suite ii.exe
FirewallRules: [UDP Query User{2DF79A6E-FEA9-4D57-81B0-B3EE46D329F1}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe] => (Allow) C:\program files (x86)\asus\ai suite ii\ai suite ii.exe
FirewallRules: [{D42D0D5B-D1FE-405B-B3B4-376542B15F8A}] => (Allow) C:\StarCraft II\StarCraft II.exe
FirewallRules: [{261EAFA2-D479-4D5A-B7EA-2CF3715E1BF3}] => (Allow) C:\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{4C94D876-E622-4CAF-BFFC-2C145634B161}C:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) C:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
FirewallRules: [UDP Query User{883BBC74-3B85-4CA0-AC82-45E895353FCF}C:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) C:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe
FirewallRules: [{90C21206-62BB-4DE1-9F8D-F92E4705696C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{D600A411-989B-40A0-9D85-37A1624DE79A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{D4CEBF9C-A36F-4BE6-AD79-A227EF618028}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{F6A233CD-66DF-4320-A2AF-E8CB8D940C67}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{2D230E1D-0EFA-4E43-B789-19EC14F8E457}] => (Allow) C:\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{9991882B-E2C9-4861-957B-4CCF33F0C471}] => (Allow) C:\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{3C9D0BB5-9A09-4BFB-ACED-0E38C729DB1F}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{6797CAD4-6041-4FDC-A730-8A644F1DD3C1}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{96FA2226-6D37-4343-AB49-5A159F921634}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{A338AD09-7BF5-47C0-991C-F26D54C6DA24}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{2996FF6C-78AE-4605-BCEA-B7E9CC701DFA}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{5DFC069D-5096-4886-BF43-07D2BD3E6296}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{91388991-4D07-432F-AF61-A2593EBEB064}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{135465E2-A1A6-427F-AC54-538623F71875}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [TCP Query User{ADECD035-A604-4C9A-AD4D-C0BF65AA5AB8}C:\starcraft ii\versions\base23260\sc2.exe] => (Allow) C:\starcraft ii\versions\base23260\sc2.exe
FirewallRules: [UDP Query User{1A3D24E7-5F7C-43E1-A5DB-F2F0C9CA24A8}C:\starcraft ii\versions\base23260\sc2.exe] => (Allow) C:\starcraft ii\versions\base23260\sc2.exe
FirewallRules: [{36716E76-7EEA-41F0-808B-4222B7F749A6}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{6C960CCD-59EC-4B12-8CBF-279CE188166A}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{FBEF27EE-2CA4-4AD3-BE1D-9A28D42A2173}] => (Allow) C:\Program Files (x86)\Motorola Media Link\Lite\mml.exe
FirewallRules: [{FEB98222-76CF-4952-91D9-37DDD68E9E85}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe
FirewallRules: [{102D2455-7D8E-4702-818A-761693F1C489}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe
FirewallRules: [{F6BCB2BD-C6AE-47E1-9089-CA6C0C648661}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
FirewallRules: [{A1CF2F44-617E-4EF2-A2B4-3599C3ED24A3}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
FirewallRules: [TCP Query User{D7A05AA9-B0F8-4989-B327-78D7400ED5F3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{4F1BB732-58B9-4A4B-B54D-3C6B4FCDFCF2}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{0AD61719-A51B-4FDB-B552-7F5F2B665CDC}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe
FirewallRules: [UDP Query User{3C1EFED7-B463-437A-9661-D94C469D945C}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe
FirewallRules: [TCP Query User{791A3744-D3B9-47E8-BF1F-47F84F08030B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{40610E8A-D940-4550-99AE-F59E3363C462}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{D5AA3DD3-F67B-40D6-AEF0-1A857246E282}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{1D844E78-56A7-4857-A559-8CA30BECABF5}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{1F85ECEF-BCA4-4580-BC83-62BDB0C90CC6}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{07C11E4B-5B1E-4305-8C89-95E6882CE570}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{2952FC8F-F3F2-4DEB-BD82-014875CCF80F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E08CBAB7-A4C9-4E95-88CB-4BD140B5AD93}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{62A913BE-2818-441C-8273-9BB299103F18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{705414D4-23FE-487E-B086-D8003E4CF2E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EBEB7D5A-2A9D-4759-BF5E-899D4AEEFD66}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E89CB5D8-4FD5-4302-923B-F39A67512C59}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{4C439869-2F06-46DB-BEB3-8D0AC24F365A}C:\users\teri\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\teri\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{552F4B1D-6FCC-4188-A5D9-7392BFE96CA6}C:\users\teri\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\teri\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{7F4D3428-0BAC-481C-9A50-A94413A22598}C:\users\teri\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\teri\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A8C4B942-7971-4259-AC2C-47154BFB0CB3}C:\users\teri\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\teri\appdata\local\akamai\netsession_win.exe
FirewallRules: [{EE93691B-D574-4B3F-A7D2-78A67DF773AC}] => (Allow) C:\Users\teri\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{B07F11BF-A191-42CD-82AD-C2A165DE274E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DA5CE38E-AA33-456B-99D0-24C55BCEE9AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{565AA18D-E367-4D5B-89E7-0A982881CB84}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{0B1C70B2-F1AB-4BF6-8A7F-7152A5A74230}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{2C2A7001-2342-4461-82FA-4CCC7C73076E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F7A32B41-3F94-495D-8D2C-2E85F9CB97AD}] => (Allow) LPort=2869
FirewallRules: [{27D28401-AD28-4066-9603-6D0A82AC7694}] => (Allow) LPort=1900
FirewallRules: [{DA525202-F022-42E4-92CF-D2191FAB2675}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{387960D7-4BE5-4A8E-8198-640836930C1F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EAA0FD91-1F09-42F8-915B-2E4321EE3F74}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A1C34F29-0A25-4B26-B7C8-87EB43451725}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8FC4B762-CF2E-47FB-BB4F-122986CA2564}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8B142228-BC33-4738-BAC7-8B917668114C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2CCAF7DD-D4B4-4809-BED5-049EE80BE8FA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FD996D58-E566-47BA-8AC0-23ADCDE3B627}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EADFE0A3-AD9F-4995-89B4-3F4643AAAB73}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{C48DB839-94EC-47E9-B336-17B3D995C174}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6343C902-A9B6-4292-8AAC-C4EDC49EFFE7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AD42F961-E043-4284-A798-536111B14377}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FC6B48FC-8C37-4FAE-87FF-80868BECCE28}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8293E288-9BE8-4359-80A4-8B523ABC0FFC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{117565E4-6EE1-4F77-A4B8-0DB27AECAB13}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BBE96C3B-5CB0-402E-839D-E6F0582CEBEA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D650A202-0746-4177-B343-D4B9AAF4D135}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BBB09950-27C1-4661-9B74-63534D76A76E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{158E9BAC-D723-4A09-A55F-20B340313189}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{065EB27D-0B91-49DA-8816-A0F4C07CD0BA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{9A274C59-6392-4B74-9492-18B190FCD70C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{403CC82F-B1B6-444E-8FC1-68F37444A9CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{240CFA7F-6476-4ED7-B445-E5F20902D4D9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{EC75A1CC-10FF-4A1C-86CA-FBB7CBC39627}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{01F44003-A771-4217-993E-3CA3BFA7D269}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{7D77D46F-7176-4179-990A-7511E487BA08}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
24-02-2017 14:43:05 Windows Update
04-03-2017 10:56:19 Scheduled Checkpoint
11-03-2017 22:15:16 Scheduled Checkpoint
17-03-2017 16:45:31 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/18/2017 09:26:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: teri-PC)
Description: Activation of app Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/18/2017 08:47:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (03/17/2017 06:11:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.14393.0, time stamp: 0x57899b1c
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000008
Fault offset: 0x00000000000a9d2a
Faulting process id: 0xa80
Faulting application start time: 0x01d29f7bcb18c73e
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: edadbffc-86d0-42c2-bdfb-b3d56680fdab
Faulting package full name:
Faulting package-relative application ID:
Error: (03/17/2017 05:37:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: teri-PC)
Description: Activation of app Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/17/2017 05:10:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.14393.479, time stamp: 0x58258a90
Faulting module name: SHELL32.dll, version: 10.0.14393.693, time stamp: 0x585a27b3
Exception code: 0xc0000005
Fault offset: 0x00000000000f718c
Faulting process id: 0x1a2c
Faulting application start time: 0x01d29f5c7bc63147
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\System32\SHELL32.dll
Report Id: 22ae0801-1483-40d7-8468-9b78b88ba34a
Faulting package full name:
Faulting package-relative application ID:
Error: (03/17/2017 04:47:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (03/17/2017 02:32:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: teri-PC)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.
Error: (03/17/2017 02:24:11 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (03/17/2017 02:24:11 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (03/17/2017 02:24:11 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
Details:
(HRESULT : 0x80040210) (0x80040210)
System errors:
=============
Error: (03/18/2017 09:51:34 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (03/18/2017 09:51:00 AM) (Source: DCOM) (EventID: 10005) (User: teri-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (03/18/2017 09:50:54 AM) (Source: DCOM) (EventID: 10005) (User: teri-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (03/18/2017 09:49:43 AM) (Source: DCOM) (EventID: 10005) (User: teri-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (03/18/2017 09:49:43 AM) (Source: DCOM) (EventID: 10005) (User: teri-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (03/18/2017 09:49:43 AM) (Source: DCOM) (EventID: 10005) (User: teri-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (03/18/2017 09:49:43 AM) (Source: DCOM) (EventID: 10005) (User: teri-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (03/18/2017 09:49:43 AM) (Source: DCOM) (EventID: 10005) (User: teri-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (03/18/2017 09:49:36 AM) (Source: DCOM) (EventID: 10005) (User: teri-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (03/18/2017 09:49:36 AM) (Source: DCOM) (EventID: 10005) (User: teri-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
CodeIntegrity:
===================================
Date: 2017-03-17 18:11:12.088
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-03-17 17:59:45.244
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-03-17 17:37:14.730
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-03-17 17:30:43.177
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume1\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-17 17:30:23.702
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume1\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-17 17:30:05.311
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume1\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-17 17:30:05.311
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume1\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-17 17:30:05.310
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume1\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-17 17:30:04.084
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume1\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-03-17 17:30:03.900
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume1\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: AMD FX™-4100 Quad-Core Processor
Percentage of memory in use: 25%
Total physical RAM: 8137.36 MB
Available physical RAM: 6058.38 MB
Total Virtual: 16329.36 MB
Available Virtual: 14480.61 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:698.2 GB) (Free:254.91 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:74.52 GB) (Free:23.79 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (PETSHOP) (CDROM) (Total:0.24 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 0321C7D3)
Partition 1: (Active) - (Size=698.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 2A7E2A7E)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
. My name is Jr0x and I'll be helping you with your problem.
Sign In
Create Account
