CreateRestorePoint: CHR HKLM-x32\...\Chrome\Extension: [cnkbppmdgdfccoihhajoeflficbpgcnm] - C:\Program Files (x86)\MyTools\MyTools.crx CHR HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JOHNTH~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx 2014-05-22 14:30 - 2014-05-19 06:19 - 1705063 _____ (AnyProtect.com) C:\Users\JOHN THE MAN\AppData\Local\AnyProtectScannerSetup.exe 2016-01-14 19:15 - 2016-01-14 19:15 - 0000000 ____H () C:\Users\JOHN THE MAN\AppData\Local\BIT67B7.tmp 2014-07-10 21:18 - 2014-07-10 21:18 - 0003584 _____ () C:\Users\JOHN THE MAN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-15 16:06 - 2014-09-15 16:06 - 0007605 _____ () C:\Users\JOHN THE MAN\AppData\Local\Resmon.ResmonCfg 2016-01-14 19:14 - 2016-01-14 19:14 - 0000000 _____ () C:\Users\JOHN THE MAN\AppData\Local\{7736DF6D-1B59-4871-AE9A-CE299CEAFE22} Task: {4561A871-B441-4256-B791-B2388502124C} - System32\Tasks\{E557C175-297F-4251-904A-C04F3A97A829} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe" -c /AppMode=SETUP /Uninstall Task: {80EBAA98-5D81-4100-B479-F67460284503} - System32\Tasks\{209DF523-D278-4113-8D7F-5C956AA5D65A} => pcalua.exe -a "C:\Users\JOHN THE MAN\Downloads\FISSetup.exe" -d "C:\Users\JOHN THE MAN\Downloads" FirewallRules: [{05E96D40-8AED-4AEF-8347-E2D6E9A144F3}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe FirewallRules: [{40D7B59C-74A6-4F7C-B1C5-165F64F16352}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe FirewallRules: [{C4772620-563C-4FF1-9095-389218C29B64}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe FirewallRules: [{A8380BE4-EA88-4BAA-A005-1096D58D885D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe FirewallRules: [{E9F88790-6DDE-4466-95DB-DFB9BF14DCEA}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe FirewallRules: [{E13E703B-B0CB-4BF5-9876-52D426BBC706}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe FirewallRules: [{49C648A9-F5DC-4E40-8FBC-DED03FEC8E5F}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe FirewallRules: [{18F50816-906F-49DF-ACC5-C097225D47B9}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe Cmd: wevtutil cl application Cmd: wevtutil cl system Cmd: wevtutil cl security EmptyTemp: