Hello, my computer is infected with one system care// netradio pop up
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-11-2015
Ran by hans (administrator) on HANSLISA2006 (04-11-2015 21:13:59)
Running from C:\Users\hans\Downloads
Loaded Profiles: hans (Available Profiles: hans)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
Ran by hans (administrator) on HANSLISA2006 (04-11-2015 21:13:59)
Running from C:\Users\hans\Downloads
Loaded Profiles: hans (Available Profiles: hans)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcupdmgr.exe
(McAfee, Inc.) C:\Program Files\mcafee\mqs\QcShm.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcinfo.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\msm\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
() C:\WINDOWS\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Spotify Ltd) C:\Users\hans\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Program software ) C:\Users\hans\Downloads\adobe_flash_player.exe
() C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Resilion) C:\Program Files (x86)\NetRadio\NetRadio.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Farbar) C:\Users\hans\Downloads\FRST64 (3).exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcupdmgr.exe
(McAfee, Inc.) C:\Program Files\mcafee\mqs\QcShm.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcinfo.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\msm\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
() C:\WINDOWS\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Spotify Ltd) C:\Users\hans\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Program software ) C:\Users\hans\Downloads\adobe_flash_player.exe
() C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Resilion) C:\Program Files (x86)\NetRadio\NetRadio.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Farbar) C:\Users\hans\Downloads\FRST64 (3).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-17] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-11] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-15] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-954997362-1069326668-232683311-1001\...\Run: [Spotify Web Helper] => C:\Users\hans\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-10-01] (Spotify Ltd)
HKU\S-1-5-21-954997362-1069326668-232683311-1001\...\Run: [GoogleChromeAutoLaunch_999B31C39E12F0DE35F9324D98E54375] => C:\Users\hans\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-03] (The Chromium Authors)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-15] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
Startup: C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2015-11-04]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-17] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-11] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-15] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-954997362-1069326668-232683311-1001\...\Run: [Spotify Web Helper] => C:\Users\hans\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-10-01] (Spotify Ltd)
HKU\S-1-5-21-954997362-1069326668-232683311-1001\...\Run: [GoogleChromeAutoLaunch_999B31C39E12F0DE35F9324D98E54375] => C:\Users\hans\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-03] (The Chromium Authors)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-15] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
Startup: C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2015-11-04]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c22a7727-fb5a-4b31-9885-92a2908feeb0}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{f97a7176-90ec-485a-a78b-65274097bd84}: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c22a7727-fb5a-4b31-9885-92a2908feeb0}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{f97a7176-90ec-485a-a78b-65274097bd84}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-954997362-1069326668-232683311-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
SearchScopes: HKU\S-1-5-21-954997362-1069326668-232683311-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
SearchScopes: HKU\S-1-5-21-954997362-1069326668-232683311-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
SearchScopes: HKU\S-1-5-21-954997362-1069326668-232683311-1001 -> {B5797A7F-45E1-4C8A-8EA9-CEC74F4ADE32} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-15] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-15] (AVAST Software)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
==================
HKU\S-1-5-21-954997362-1069326668-232683311-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
SearchScopes: HKU\S-1-5-21-954997362-1069326668-232683311-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
SearchScopes: HKU\S-1-5-21-954997362-1069326668-232683311-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
SearchScopes: HKU\S-1-5-21-954997362-1069326668-232683311-1001 -> {B5797A7F-45E1-4C8A-8EA9-CEC74F4ADE32} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-15] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-15] (AVAST Software)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-11] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-15] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-08-28] [not signed]
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-11] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-15] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-08-28] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
CHR StartupUrls: Default -> "hxxp://www.palikan.com/?f=7&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=","hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
CHR DefaultSearchKeyword: Default -> Palikan.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-21]
CHR Extension: (Google Docs) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-21]
CHR Extension: (Google Drive) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-21]
CHR Extension: (YouTube) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-21]
CHR Extension: (Google Search) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-21]
CHR Extension: (Google Sheets) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-21]
CHR Extension: (Avast Online Security) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-21]
CHR Extension: (Google Wallet) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-21]
CHR Extension: (Gmail) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-21]
CHR HKLM\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-954997362-1069326668-232683311-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-29]
CHR HKLM-x32\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
=======
CHR HomePage: Default -> hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
CHR StartupUrls: Default -> "hxxp://www.palikan.com/?f=7&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=","hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
CHR DefaultSearchKeyword: Default -> Palikan.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-21]
CHR Extension: (Google Docs) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-21]
CHR Extension: (Google Drive) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-21]
CHR Extension: (YouTube) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-21]
CHR Extension: (Google Search) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-21]
CHR Extension: (Google Sheets) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-21]
CHR Extension: (Avast Online Security) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-21]
CHR Extension: (Google Wallet) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-21]
CHR Extension: (Gmail) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-21]
CHR HKLM\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-954997362-1069326668-232683311-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-29]
CHR HKLM-x32\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-15] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-21] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-11] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 OneSyncSvc_Session36; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session36; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session61; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session61; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session36; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session36; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session61; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session61; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-16] (Synaptics Incorporated)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [164600 2015-11-04] (RaMMicHaeL)
R3 UnistoreSvc_Session36; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UnistoreSvc_Session36; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session61; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session61; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session36; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session36; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session61; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session61; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-21] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-11] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 OneSyncSvc_Session36; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session36; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session61; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session61; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session36; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session36; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session61; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session61; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-16] (Synaptics Incorporated)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [164600 2015-11-04] (RaMMicHaeL)
R3 UnistoreSvc_Session36; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UnistoreSvc_Session36; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session61; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session61; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session36; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session36; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session61; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session61; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-21] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-21] (AVAST Software)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-16] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-21] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-21] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-21] (AVAST Software)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-16] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-21] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-04 20:57 - 2015-11-04 20:58 - 00029882 _____ C:\Users\hans\Downloads\Addition.txt
2015-11-04 20:56 - 2015-11-04 21:13 - 00026964 _____ C:\Users\hans\Downloads\FRST.txt
2015-11-04 20:55 - 2015-11-04 20:55 - 02198016 _____ (Farbar) C:\Users\hans\Downloads\FRST64 (3).exe
2015-11-04 20:53 - 2015-11-04 20:53 - 02198016 _____ (Farbar) C:\Users\hans\Downloads\FRST64 (2).exe
2015-11-04 20:52 - 2015-11-04 20:52 - 02198016 _____ (Farbar) C:\Users\hans\Downloads\FRST64 (1).exe
2015-11-04 20:51 - 2015-11-04 21:14 - 00000000 ____D C:\FRST
2015-11-04 20:50 - 2015-11-04 20:50 - 02198016 _____ (Farbar) C:\Users\hans\Downloads\FRST64.exe
2015-11-04 20:30 - 2015-11-04 20:30 - 00002243 _____ C:\Users\hans\Desktop\Chromium.lnk
2015-11-04 20:29 - 2015-11-04 20:30 - 00000000 ____D C:\Users\hans\AppData\Local\Chromium
2015-11-04 20:25 - 2015-11-04 20:25 - 00003626 _____ C:\WINDOWS\System32\Tasks\NetRadioUpdater
2015-11-04 20:25 - 2015-11-04 20:25 - 00002776 _____ C:\WINDOWS\System32\Tasks\Go_Palikan
2015-11-04 20:25 - 2015-11-04 20:25 - 00000292 _____ C:\WINDOWS\Tasks\Go_Palikan.job
2015-11-04 20:24 - 2015-11-04 20:54 - 00000000 ____D C:\ProgramData\Unchecky
2015-11-04 20:24 - 2015-11-04 20:25 - 00000000 ____D C:\Users\hans\AppData\Local\{B9D88F84-9D70-E33C-F0E8-C6D4D4803A4C}
2015-11-04 20:24 - 2015-11-04 20:24 - 00938616 _____ (Program software ) C:\Users\hans\Downloads\adobe_flash_player (2).exe
2015-11-04 20:24 - 2015-11-04 20:24 - 00003356 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
2015-11-04 20:24 - 2015-11-04 20:24 - 00002926 _____ C:\WINDOWS\System32\Tasks\One System CarePeriod
2015-11-04 20:24 - 2015-11-04 20:24 - 00001138 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2015-11-04 20:24 - 2015-11-04 20:24 - 00001078 _____ C:\Users\Public\Desktop\NetRadio.lnk
2015-11-04 20:24 - 2015-11-04 20:24 - 00000300 _____ C:\WINDOWS\Tasks\One System CarePeriod.job
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\Users\hans\AppData\Roaming\One System Care
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\ProgramData\NetRadio
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetRadio
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\Program Files (x86)\Unchecky
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\Program Files (x86)\NetRadio
2015-11-04 20:23 - 2015-11-04 20:22 - 01055936 _____ (Adobe) C:\Users\hans\Downloads\flash_setup.exe
2015-11-04 20:22 - 2015-11-04 20:23 - 00938616 _____ (Program software ) C:\Users\hans\Downloads\adobe_flash_player (1).exe
2015-11-04 20:21 - 2015-11-04 20:22 - 00938616 _____ (Program software ) C:\Users\hans\Downloads\adobe_flash_player.exe
2015-11-04 19:45 - 2015-11-04 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-11-04 19:43 - 2015-11-04 19:43 - 00016148 _____ C:\WINDOWS\system32\HANSLISA2006_hans_HistoryPrediction.bin
2015-10-15 12:29 - 2015-10-15 12:29 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-10-15 12:29 - 2015-10-15 12:29 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-10-13 20:07 - 2015-10-10 01:40 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-13 20:07 - 2015-10-10 01:07 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-13 20:07 - 2015-10-05 22:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-13 20:07 - 2015-10-05 21:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-13 20:07 - 2015-09-30 23:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-13 20:07 - 2015-09-30 23:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-13 20:07 - 2015-09-30 23:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-13 20:07 - 2015-09-24 23:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-13 20:07 - 2015-09-24 22:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-13 20:07 - 2015-09-24 22:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-13 20:07 - 2015-09-24 22:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-13 20:07 - 2015-09-24 22:17 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-13 20:07 - 2015-09-24 22:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-13 20:07 - 2015-09-24 22:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-13 20:07 - 2015-09-24 22:04 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-13 20:07 - 2015-09-24 22:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-13 20:07 - 2015-09-24 22:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-13 20:07 - 2015-09-24 22:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-13 20:07 - 2015-09-24 22:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-13 20:07 - 2015-09-24 22:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-13 20:07 - 2015-09-24 22:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-13 20:07 - 2015-09-24 22:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-13 20:07 - 2015-09-24 22:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-13 20:07 - 2015-09-24 21:59 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-13 20:07 - 2015-09-24 21:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-13 20:07 - 2015-09-24 21:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-13 20:07 - 2015-09-24 21:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-13 20:07 - 2015-09-24 21:48 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-13 20:07 - 2015-09-24 21:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-13 20:07 - 2015-09-24 21:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-13 20:07 - 2015-09-24 21:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-13 20:07 - 2015-09-24 21:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-13 20:07 - 2015-09-24 21:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-13 20:07 - 2015-09-24 21:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-13 20:06 - 2015-10-10 02:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-13 20:06 - 2015-09-30 23:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-13 20:06 - 2015-09-30 23:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-13 20:06 - 2015-09-30 22:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-13 20:06 - 2015-09-24 23:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-13 20:06 - 2015-09-24 22:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-13 20:06 - 2015-09-24 22:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-13 20:06 - 2015-09-24 22:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-13 20:06 - 2015-09-24 22:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-13 20:06 - 2015-09-24 22:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-13 20:06 - 2015-09-24 22:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-13 20:06 - 2015-09-24 22:02 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-13 20:06 - 2015-09-24 22:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-13 20:06 - 2015-09-24 22:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-13 20:06 - 2015-09-24 21:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-13 20:06 - 2015-09-24 21:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-13 20:06 - 2015-09-24 21:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-13 20:06 - 2015-09-24 21:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-13 20:06 - 2015-09-24 21:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-13 20:06 - 2015-09-24 21:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-13 20:06 - 2015-09-24 21:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-13 20:06 - 2015-09-24 21:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-13 20:06 - 2015-09-24 21:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-13 20:06 - 2015-09-24 21:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-13 20:06 - 2015-09-24 21:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-13 20:06 - 2015-09-24 21:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-13 20:06 - 2015-09-24 21:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-13 20:06 - 2015-09-24 21:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-13 20:06 - 2015-09-24 21:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-13 20:06 - 2015-09-24 21:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-13 20:06 - 2015-09-24 21:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-10 15:45 - 2015-10-10 15:45 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-10-08 15:42 - 2015-10-15 22:10 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-08 15:42 - 2015-10-15 22:10 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-04 20:56 - 2015-11-04 21:13 - 00026964 _____ C:\Users\hans\Downloads\FRST.txt
2015-11-04 20:55 - 2015-11-04 20:55 - 02198016 _____ (Farbar) C:\Users\hans\Downloads\FRST64 (3).exe
2015-11-04 20:53 - 2015-11-04 20:53 - 02198016 _____ (Farbar) C:\Users\hans\Downloads\FRST64 (2).exe
2015-11-04 20:52 - 2015-11-04 20:52 - 02198016 _____ (Farbar) C:\Users\hans\Downloads\FRST64 (1).exe
2015-11-04 20:51 - 2015-11-04 21:14 - 00000000 ____D C:\FRST
2015-11-04 20:50 - 2015-11-04 20:50 - 02198016 _____ (Farbar) C:\Users\hans\Downloads\FRST64.exe
2015-11-04 20:30 - 2015-11-04 20:30 - 00002243 _____ C:\Users\hans\Desktop\Chromium.lnk
2015-11-04 20:29 - 2015-11-04 20:30 - 00000000 ____D C:\Users\hans\AppData\Local\Chromium
2015-11-04 20:25 - 2015-11-04 20:25 - 00003626 _____ C:\WINDOWS\System32\Tasks\NetRadioUpdater
2015-11-04 20:25 - 2015-11-04 20:25 - 00002776 _____ C:\WINDOWS\System32\Tasks\Go_Palikan
2015-11-04 20:25 - 2015-11-04 20:25 - 00000292 _____ C:\WINDOWS\Tasks\Go_Palikan.job
2015-11-04 20:24 - 2015-11-04 20:54 - 00000000 ____D C:\ProgramData\Unchecky
2015-11-04 20:24 - 2015-11-04 20:25 - 00000000 ____D C:\Users\hans\AppData\Local\{B9D88F84-9D70-E33C-F0E8-C6D4D4803A4C}
2015-11-04 20:24 - 2015-11-04 20:24 - 00938616 _____ (Program software ) C:\Users\hans\Downloads\adobe_flash_player (2).exe
2015-11-04 20:24 - 2015-11-04 20:24 - 00003356 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
2015-11-04 20:24 - 2015-11-04 20:24 - 00002926 _____ C:\WINDOWS\System32\Tasks\One System CarePeriod
2015-11-04 20:24 - 2015-11-04 20:24 - 00001138 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2015-11-04 20:24 - 2015-11-04 20:24 - 00001078 _____ C:\Users\Public\Desktop\NetRadio.lnk
2015-11-04 20:24 - 2015-11-04 20:24 - 00000300 _____ C:\WINDOWS\Tasks\One System CarePeriod.job
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\Users\hans\AppData\Roaming\One System Care
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\ProgramData\NetRadio
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetRadio
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\Program Files (x86)\Unchecky
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\Program Files (x86)\NetRadio
2015-11-04 20:23 - 2015-11-04 20:22 - 01055936 _____ (Adobe) C:\Users\hans\Downloads\flash_setup.exe
2015-11-04 20:22 - 2015-11-04 20:23 - 00938616 _____ (Program software ) C:\Users\hans\Downloads\adobe_flash_player (1).exe
2015-11-04 20:21 - 2015-11-04 20:22 - 00938616 _____ (Program software ) C:\Users\hans\Downloads\adobe_flash_player.exe
2015-11-04 19:45 - 2015-11-04 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-11-04 19:43 - 2015-11-04 19:43 - 00016148 _____ C:\WINDOWS\system32\HANSLISA2006_hans_HistoryPrediction.bin
2015-10-15 12:29 - 2015-10-15 12:29 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-10-15 12:29 - 2015-10-15 12:29 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-10-13 20:07 - 2015-10-10 01:40 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-13 20:07 - 2015-10-10 01:07 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-13 20:07 - 2015-10-05 22:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-13 20:07 - 2015-10-05 21:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-13 20:07 - 2015-09-30 23:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-13 20:07 - 2015-09-30 23:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-13 20:07 - 2015-09-30 23:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-13 20:07 - 2015-09-24 23:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-13 20:07 - 2015-09-24 22:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-13 20:07 - 2015-09-24 22:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-13 20:07 - 2015-09-24 22:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-13 20:07 - 2015-09-24 22:17 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-13 20:07 - 2015-09-24 22:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-13 20:07 - 2015-09-24 22:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-13 20:07 - 2015-09-24 22:04 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-13 20:07 - 2015-09-24 22:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-13 20:07 - 2015-09-24 22:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-13 20:07 - 2015-09-24 22:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-13 20:07 - 2015-09-24 22:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-13 20:07 - 2015-09-24 22:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-13 20:07 - 2015-09-24 22:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-13 20:07 - 2015-09-24 22:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-13 20:07 - 2015-09-24 22:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-13 20:07 - 2015-09-24 21:59 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-13 20:07 - 2015-09-24 21:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-13 20:07 - 2015-09-24 21:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-13 20:07 - 2015-09-24 21:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-13 20:07 - 2015-09-24 21:48 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-13 20:07 - 2015-09-24 21:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-13 20:07 - 2015-09-24 21:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-13 20:07 - 2015-09-24 21:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-13 20:07 - 2015-09-24 21:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-13 20:07 - 2015-09-24 21:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-13 20:07 - 2015-09-24 21:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-13 20:06 - 2015-10-10 02:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-13 20:06 - 2015-09-30 23:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-13 20:06 - 2015-09-30 23:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-13 20:06 - 2015-09-30 22:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-13 20:06 - 2015-09-24 23:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-13 20:06 - 2015-09-24 22:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-13 20:06 - 2015-09-24 22:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-13 20:06 - 2015-09-24 22:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-13 20:06 - 2015-09-24 22:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-13 20:06 - 2015-09-24 22:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-13 20:06 - 2015-09-24 22:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-13 20:06 - 2015-09-24 22:02 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-13 20:06 - 2015-09-24 22:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-13 20:06 - 2015-09-24 22:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-13 20:06 - 2015-09-24 21:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-13 20:06 - 2015-09-24 21:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-13 20:06 - 2015-09-24 21:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-13 20:06 - 2015-09-24 21:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-13 20:06 - 2015-09-24 21:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-13 20:06 - 2015-09-24 21:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-13 20:06 - 2015-09-24 21:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-13 20:06 - 2015-09-24 21:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-13 20:06 - 2015-09-24 21:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-13 20:06 - 2015-09-24 21:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-13 20:06 - 2015-09-24 21:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-13 20:06 - 2015-09-24 21:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-13 20:06 - 2015-09-24 21:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-13 20:06 - 2015-09-24 21:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-13 20:06 - 2015-09-24 21:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-13 20:06 - 2015-09-24 21:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-13 20:06 - 2015-09-24 21:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-10 15:45 - 2015-10-10 15:45 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-10-08 15:42 - 2015-10-15 22:10 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-08 15:42 - 2015-10-15 22:10 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-04 20:46 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-04 20:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-04 20:26 - 2015-07-21 14:04 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-04 19:43 - 2015-08-02 15:42 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-04 19:43 - 2015-07-21 14:04 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-04 16:17 - 2014-06-29 13:41 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9930E1B8-B7BD-4292-84E3-3C35463A0CEE}
2015-10-29 20:57 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-28 11:00 - 2014-11-23 14:54 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-27 12:26 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-23 12:51 - 2014-06-29 13:36 - 00000000 ____D C:\Users\hans\AppData\Local\Packages
2015-10-23 12:20 - 2015-08-02 16:04 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-23 12:12 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-23 12:12 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-21 17:38 - 2014-07-30 19:58 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-10-18 20:57 - 2014-06-29 17:17 - 00000000 ____D C:\Bovada
2015-10-16 13:29 - 2015-08-02 15:47 - 00000000 ____D C:\Users\hans
2015-10-16 13:27 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-16 13:25 - 2015-08-02 15:38 - 01949174 _____ C:\WINDOWS\PFRO.log
2015-10-16 13:25 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-15 12:29 - 2014-07-30 19:58 - 01049880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-10-13 22:38 - 2014-07-01 21:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-13 22:33 - 2014-07-01 21:36 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-10 22:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-10 15:45 - 2015-07-10 07:20 - 00016063 _____ C:\WINDOWS\setupact.log
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-11-04 20:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-04 20:26 - 2015-07-21 14:04 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-04 19:43 - 2015-08-02 15:42 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-04 19:43 - 2015-07-21 14:04 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-04 16:17 - 2014-06-29 13:41 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9930E1B8-B7BD-4292-84E3-3C35463A0CEE}
2015-10-29 20:57 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-28 11:00 - 2014-11-23 14:54 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-27 12:26 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-23 12:51 - 2014-06-29 13:36 - 00000000 ____D C:\Users\hans\AppData\Local\Packages
2015-10-23 12:20 - 2015-08-02 16:04 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-23 12:12 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-23 12:12 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-21 17:38 - 2014-07-30 19:58 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-10-18 20:57 - 2014-06-29 17:17 - 00000000 ____D C:\Bovada
2015-10-16 13:29 - 2015-08-02 15:47 - 00000000 ____D C:\Users\hans
2015-10-16 13:27 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-16 13:25 - 2015-08-02 15:38 - 01949174 _____ C:\WINDOWS\PFRO.log
2015-10-16 13:25 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-15 12:29 - 2014-07-30 19:58 - 01049880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-10-13 22:38 - 2014-07-01 21:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-13 22:33 - 2014-07-01 21:36 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-10 22:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-10 15:45 - 2015-07-10 07:20 - 00016063 _____ C:\WINDOWS\setupact.log
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\L2Schemas
==================== Files in the root of some directories =======
2014-08-29 08:04 - 2014-08-29 08:04 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-02 15:43 - 2015-08-02 15:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-23 03:18 - 2014-04-23 03:18 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-04-23 03:14 - 2014-04-23 03:15 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-04-23 03:15 - 2014-04-23 03:16 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-04-23 03:16 - 2014-04-23 03:17 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-04-23 03:13 - 2014-04-23 03:14 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2015-08-02 15:43 - 2015-08-02 15:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-23 03:18 - 2014-04-23 03:18 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-04-23 03:14 - 2014-04-23 03:15 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-04-23 03:15 - 2014-04-23 03:16 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-04-23 03:16 - 2014-04-23 03:17 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-04-23 03:13 - 2014-04-23 03:14 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-28 21:50
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-11-2015
Ran by hans (administrator) on HANSLISA2006 (04-11-2015 21:13:59)
Running from C:\Users\hans\Downloads
Loaded Profiles: hans (Available Profiles: hans)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
Ran by hans (administrator) on HANSLISA2006 (04-11-2015 21:13:59)
Running from C:\Users\hans\Downloads
Loaded Profiles: hans (Available Profiles: hans)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcupdmgr.exe
(McAfee, Inc.) C:\Program Files\mcafee\mqs\QcShm.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcinfo.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\msm\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
() C:\WINDOWS\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Spotify Ltd) C:\Users\hans\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Program software ) C:\Users\hans\Downloads\adobe_flash_player.exe
() C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Resilion) C:\Program Files (x86)\NetRadio\NetRadio.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Farbar) C:\Users\hans\Downloads\FRST64 (3).exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcupdmgr.exe
(McAfee, Inc.) C:\Program Files\mcafee\mqs\QcShm.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcinfo.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\msm\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
() C:\WINDOWS\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Spotify Ltd) C:\Users\hans\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Program software ) C:\Users\hans\Downloads\adobe_flash_player.exe
() C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Resilion) C:\Program Files (x86)\NetRadio\NetRadio.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Farbar) C:\Users\hans\Downloads\FRST64 (3).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-17] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-11] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-15] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-954997362-1069326668-232683311-1001\...\Run: [Spotify Web Helper] => C:\Users\hans\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-10-01] (Spotify Ltd)
HKU\S-1-5-21-954997362-1069326668-232683311-1001\...\Run: [GoogleChromeAutoLaunch_999B31C39E12F0DE35F9324D98E54375] => C:\Users\hans\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-03] (The Chromium Authors)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-15] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
Startup: C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2015-11-04]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-17] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-11] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-15] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-954997362-1069326668-232683311-1001\...\Run: [Spotify Web Helper] => C:\Users\hans\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-10-01] (Spotify Ltd)
HKU\S-1-5-21-954997362-1069326668-232683311-1001\...\Run: [GoogleChromeAutoLaunch_999B31C39E12F0DE35F9324D98E54375] => C:\Users\hans\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-03] (The Chromium Authors)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-15] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
Startup: C:\Users\hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2015-11-04]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c22a7727-fb5a-4b31-9885-92a2908feeb0}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{f97a7176-90ec-485a-a78b-65274097bd84}: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c22a7727-fb5a-4b31-9885-92a2908feeb0}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{f97a7176-90ec-485a-a78b-65274097bd84}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-954997362-1069326668-232683311-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
SearchScopes: HKU\S-1-5-21-954997362-1069326668-232683311-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
SearchScopes: HKU\S-1-5-21-954997362-1069326668-232683311-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
SearchScopes: HKU\S-1-5-21-954997362-1069326668-232683311-1001 -> {B5797A7F-45E1-4C8A-8EA9-CEC74F4ADE32} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-15] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-15] (AVAST Software)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
==================
HKU\S-1-5-21-954997362-1069326668-232683311-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
SearchScopes: HKU\S-1-5-21-954997362-1069326668-232683311-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
SearchScopes: HKU\S-1-5-21-954997362-1069326668-232683311-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
SearchScopes: HKU\S-1-5-21-954997362-1069326668-232683311-1001 -> {B5797A7F-45E1-4C8A-8EA9-CEC74F4ADE32} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-15] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-28] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-15] (AVAST Software)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-11] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-15] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-08-28] [not signed]
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-11] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-15] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-08-28] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
CHR StartupUrls: Default -> "hxxp://www.palikan.com/?f=7&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=","hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
CHR DefaultSearchKeyword: Default -> Palikan.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-21]
CHR Extension: (Google Docs) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-21]
CHR Extension: (Google Drive) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-21]
CHR Extension: (YouTube) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-21]
CHR Extension: (Google Search) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-21]
CHR Extension: (Google Sheets) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-21]
CHR Extension: (Avast Online Security) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-21]
CHR Extension: (Google Wallet) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-21]
CHR Extension: (Gmail) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-21]
CHR HKLM\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-954997362-1069326668-232683311-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-29]
CHR HKLM-x32\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
=======
CHR HomePage: Default -> hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
CHR StartupUrls: Default -> "hxxp://www.palikan.com/?f=7&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=","hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_45&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0Bzz0Fzz0FyB0ByDtCyCyBtN0D0Tzu0StCyEtDtAtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0D0EyE0CyCtCtBtGyCtBtB0FtG0DyE0DzytGtBzy0A0BtGtCyD0E0FtAtAtBtB0E0B0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0F0EyBzytA0AyBtGtDyE0CyDtGyEzyyBzytGzztB0B0AtGtDyDtByBtAtAyBtCtAyCtCtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCyDyD&cr=2029113981&ir=
CHR DefaultSearchKeyword: Default -> Palikan.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-21]
CHR Extension: (Google Docs) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-21]
CHR Extension: (Google Drive) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-21]
CHR Extension: (YouTube) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-21]
CHR Extension: (Google Search) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-21]
CHR Extension: (Google Sheets) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-21]
CHR Extension: (Avast Online Security) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-21]
CHR Extension: (Google Wallet) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-21]
CHR Extension: (Gmail) - C:\Users\hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-21]
CHR HKLM\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-954997362-1069326668-232683311-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-29]
CHR HKLM-x32\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-15] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-21] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-11] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 OneSyncSvc_Session36; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session36; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session61; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session61; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session36; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session36; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session61; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session61; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-16] (Synaptics Incorporated)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [164600 2015-11-04] (RaMMicHaeL)
R3 UnistoreSvc_Session36; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UnistoreSvc_Session36; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session61; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session61; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session36; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session36; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session61; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session61; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-21] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-11] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 OneSyncSvc_Session36; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session36; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session61; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session61; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session36; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session36; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session61; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session61; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-16] (Synaptics Incorporated)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [164600 2015-11-04] (RaMMicHaeL)
R3 UnistoreSvc_Session36; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UnistoreSvc_Session36; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session61; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session61; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session36; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session36; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session61; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session61; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-21] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-21] (AVAST Software)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-16] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-21] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-21] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-11] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-21] (AVAST Software)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-16] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-21] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-04 20:57 - 2015-11-04 20:58 - 00029882 _____ C:\Users\hans\Downloads\Addition.txt
2015-11-04 20:56 - 2015-11-04 21:13 - 00026964 _____ C:\Users\hans\Downloads\FRST.txt
2015-11-04 20:55 - 2015-11-04 20:55 - 02198016 _____ (Farbar) C:\Users\hans\Downloads\FRST64 (3).exe
2015-11-04 20:53 - 2015-11-04 20:53 - 02198016 _____ (Farbar) C:\Users\hans\Downloads\FRST64 (2).exe
2015-11-04 20:52 - 2015-11-04 20:52 - 02198016 _____ (Farbar) C:\Users\hans\Downloads\FRST64 (1).exe
2015-11-04 20:51 - 2015-11-04 21:14 - 00000000 ____D C:\FRST
2015-11-04 20:50 - 2015-11-04 20:50 - 02198016 _____ (Farbar) C:\Users\hans\Downloads\FRST64.exe
2015-11-04 20:30 - 2015-11-04 20:30 - 00002243 _____ C:\Users\hans\Desktop\Chromium.lnk
2015-11-04 20:29 - 2015-11-04 20:30 - 00000000 ____D C:\Users\hans\AppData\Local\Chromium
2015-11-04 20:25 - 2015-11-04 20:25 - 00003626 _____ C:\WINDOWS\System32\Tasks\NetRadioUpdater
2015-11-04 20:25 - 2015-11-04 20:25 - 00002776 _____ C:\WINDOWS\System32\Tasks\Go_Palikan
2015-11-04 20:25 - 2015-11-04 20:25 - 00000292 _____ C:\WINDOWS\Tasks\Go_Palikan.job
2015-11-04 20:24 - 2015-11-04 20:54 - 00000000 ____D C:\ProgramData\Unchecky
2015-11-04 20:24 - 2015-11-04 20:25 - 00000000 ____D C:\Users\hans\AppData\Local\{B9D88F84-9D70-E33C-F0E8-C6D4D4803A4C}
2015-11-04 20:24 - 2015-11-04 20:24 - 00938616 _____ (Program software ) C:\Users\hans\Downloads\adobe_flash_player (2).exe
2015-11-04 20:24 - 2015-11-04 20:24 - 00003356 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
2015-11-04 20:24 - 2015-11-04 20:24 - 00002926 _____ C:\WINDOWS\System32\Tasks\One System CarePeriod
2015-11-04 20:24 - 2015-11-04 20:24 - 00001138 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2015-11-04 20:24 - 2015-11-04 20:24 - 00001078 _____ C:\Users\Public\Desktop\NetRadio.lnk
2015-11-04 20:24 - 2015-11-04 20:24 - 00000300 _____ C:\WINDOWS\Tasks\One System CarePeriod.job
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\Users\hans\AppData\Roaming\One System Care
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\ProgramData\NetRadio
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetRadio
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\Program Files (x86)\Unchecky
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\Program Files (x86)\NetRadio
2015-11-04 20:23 - 2015-11-04 20:22 - 01055936 _____ (Adobe) C:\Users\hans\Downloads\flash_setup.exe
2015-11-04 20:22 - 2015-11-04 20:23 - 00938616 _____ (Program software ) C:\Users\hans\Downloads\adobe_flash_player (1).exe
2015-11-04 20:21 - 2015-11-04 20:22 - 00938616 _____ (Program software ) C:\Users\hans\Downloads\adobe_flash_player.exe
2015-11-04 19:45 - 2015-11-04 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-11-04 19:43 - 2015-11-04 19:43 - 00016148 _____ C:\WINDOWS\system32\HANSLISA2006_hans_HistoryPrediction.bin
2015-10-15 12:29 - 2015-10-15 12:29 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-10-15 12:29 - 2015-10-15 12:29 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-10-13 20:07 - 2015-10-10 01:40 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-13 20:07 - 2015-10-10 01:07 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-13 20:07 - 2015-10-05 22:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-13 20:07 - 2015-10-05 21:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-13 20:07 - 2015-09-30 23:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-13 20:07 - 2015-09-30 23:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-13 20:07 - 2015-09-30 23:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-13 20:07 - 2015-09-24 23:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-13 20:07 - 2015-09-24 22:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-13 20:07 - 2015-09-24 22:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-13 20:07 - 2015-09-24 22:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-13 20:07 - 2015-09-24 22:17 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-13 20:07 - 2015-09-24 22:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-13 20:07 - 2015-09-24 22:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-13 20:07 - 2015-09-24 22:04 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-13 20:07 - 2015-09-24 22:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-13 20:07 - 2015-09-24 22:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-13 20:07 - 2015-09-24 22:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-13 20:07 - 2015-09-24 22:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-13 20:07 - 2015-09-24 22:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-13 20:07 - 2015-09-24 22:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-13 20:07 - 2015-09-24 22:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-13 20:07 - 2015-09-24 22:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-13 20:07 - 2015-09-24 21:59 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-13 20:07 - 2015-09-24 21:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-13 20:07 - 2015-09-24 21:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-13 20:07 - 2015-09-24 21:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-13 20:07 - 2015-09-24 21:48 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-13 20:07 - 2015-09-24 21:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-13 20:07 - 2015-09-24 21:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-13 20:07 - 2015-09-24 21:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-13 20:07 - 2015-09-24 21:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-13 20:07 - 2015-09-24 21:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-13 20:07 - 2015-09-24 21:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-13 20:06 - 2015-10-10 02:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-13 20:06 - 2015-09-30 23:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-13 20:06 - 2015-09-30 23:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-13 20:06 - 2015-09-30 22:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-13 20:06 - 2015-09-24 23:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-13 20:06 - 2015-09-24 22:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-13 20:06 - 2015-09-24 22:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-13 20:06 - 2015-09-24 22:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-13 20:06 - 2015-09-24 22:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-13 20:06 - 2015-09-24 22:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-13 20:06 - 2015-09-24 22:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-13 20:06 - 2015-09-24 22:02 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-13 20:06 - 2015-09-24 22:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-13 20:06 - 2015-09-24 22:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-13 20:06 - 2015-09-24 21:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-13 20:06 - 2015-09-24 21:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-13 20:06 - 2015-09-24 21:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-13 20:06 - 2015-09-24 21:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-13 20:06 - 2015-09-24 21:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-13 20:06 - 2015-09-24 21:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-13 20:06 - 2015-09-24 21:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-13 20:06 - 2015-09-24 21:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-13 20:06 - 2015-09-24 21:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-13 20:06 - 2015-09-24 21:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-13 20:06 - 2015-09-24 21:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-13 20:06 - 2015-09-24 21:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-13 20:06 - 2015-09-24 21:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-13 20:06 - 2015-09-24 21:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-13 20:06 - 2015-09-24 21:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-13 20:06 - 2015-09-24 21:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-13 20:06 - 2015-09-24 21:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-10 15:45 - 2015-10-10 15:45 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-10-08 15:42 - 2015-10-15 22:10 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-08 15:42 - 2015-10-15 22:10 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-04 20:56 - 2015-11-04 21:13 - 00026964 _____ C:\Users\hans\Downloads\FRST.txt
2015-11-04 20:55 - 2015-11-04 20:55 - 02198016 _____ (Farbar) C:\Users\hans\Downloads\FRST64 (3).exe
2015-11-04 20:53 - 2015-11-04 20:53 - 02198016 _____ (Farbar) C:\Users\hans\Downloads\FRST64 (2).exe
2015-11-04 20:52 - 2015-11-04 20:52 - 02198016 _____ (Farbar) C:\Users\hans\Downloads\FRST64 (1).exe
2015-11-04 20:51 - 2015-11-04 21:14 - 00000000 ____D C:\FRST
2015-11-04 20:50 - 2015-11-04 20:50 - 02198016 _____ (Farbar) C:\Users\hans\Downloads\FRST64.exe
2015-11-04 20:30 - 2015-11-04 20:30 - 00002243 _____ C:\Users\hans\Desktop\Chromium.lnk
2015-11-04 20:29 - 2015-11-04 20:30 - 00000000 ____D C:\Users\hans\AppData\Local\Chromium
2015-11-04 20:25 - 2015-11-04 20:25 - 00003626 _____ C:\WINDOWS\System32\Tasks\NetRadioUpdater
2015-11-04 20:25 - 2015-11-04 20:25 - 00002776 _____ C:\WINDOWS\System32\Tasks\Go_Palikan
2015-11-04 20:25 - 2015-11-04 20:25 - 00000292 _____ C:\WINDOWS\Tasks\Go_Palikan.job
2015-11-04 20:24 - 2015-11-04 20:54 - 00000000 ____D C:\ProgramData\Unchecky
2015-11-04 20:24 - 2015-11-04 20:25 - 00000000 ____D C:\Users\hans\AppData\Local\{B9D88F84-9D70-E33C-F0E8-C6D4D4803A4C}
2015-11-04 20:24 - 2015-11-04 20:24 - 00938616 _____ (Program software ) C:\Users\hans\Downloads\adobe_flash_player (2).exe
2015-11-04 20:24 - 2015-11-04 20:24 - 00003356 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
2015-11-04 20:24 - 2015-11-04 20:24 - 00002926 _____ C:\WINDOWS\System32\Tasks\One System CarePeriod
2015-11-04 20:24 - 2015-11-04 20:24 - 00001138 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2015-11-04 20:24 - 2015-11-04 20:24 - 00001078 _____ C:\Users\Public\Desktop\NetRadio.lnk
2015-11-04 20:24 - 2015-11-04 20:24 - 00000300 _____ C:\WINDOWS\Tasks\One System CarePeriod.job
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\Users\hans\AppData\Roaming\One System Care
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\ProgramData\NetRadio
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetRadio
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\Program Files (x86)\Unchecky
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2015-11-04 20:24 - 2015-11-04 20:24 - 00000000 ____D C:\Program Files (x86)\NetRadio
2015-11-04 20:23 - 2015-11-04 20:22 - 01055936 _____ (Adobe) C:\Users\hans\Downloads\flash_setup.exe
2015-11-04 20:22 - 2015-11-04 20:23 - 00938616 _____ (Program software ) C:\Users\hans\Downloads\adobe_flash_player (1).exe
2015-11-04 20:21 - 2015-11-04 20:22 - 00938616 _____ (Program software ) C:\Users\hans\Downloads\adobe_flash_player.exe
2015-11-04 19:45 - 2015-11-04 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-11-04 19:43 - 2015-11-04 19:43 - 00016148 _____ C:\WINDOWS\system32\HANSLISA2006_hans_HistoryPrediction.bin
2015-10-15 12:29 - 2015-10-15 12:29 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-10-15 12:29 - 2015-10-15 12:29 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-10-13 20:07 - 2015-10-10 01:40 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-13 20:07 - 2015-10-10 01:07 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-13 20:07 - 2015-10-05 22:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-13 20:07 - 2015-10-05 21:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-13 20:07 - 2015-09-30 23:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-13 20:07 - 2015-09-30 23:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-13 20:07 - 2015-09-30 23:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-13 20:07 - 2015-09-24 23:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-13 20:07 - 2015-09-24 22:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-13 20:07 - 2015-09-24 22:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-13 20:07 - 2015-09-24 22:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-13 20:07 - 2015-09-24 22:17 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-13 20:07 - 2015-09-24 22:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-13 20:07 - 2015-09-24 22:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-13 20:07 - 2015-09-24 22:04 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-13 20:07 - 2015-09-24 22:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-13 20:07 - 2015-09-24 22:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-13 20:07 - 2015-09-24 22:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-13 20:07 - 2015-09-24 22:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-13 20:07 - 2015-09-24 22:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-13 20:07 - 2015-09-24 22:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-13 20:07 - 2015-09-24 22:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-13 20:07 - 2015-09-24 22:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-13 20:07 - 2015-09-24 21:59 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-13 20:07 - 2015-09-24 21:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-13 20:07 - 2015-09-24 21:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-13 20:07 - 2015-09-24 21:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-13 20:07 - 2015-09-24 21:48 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-13 20:07 - 2015-09-24 21:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-13 20:07 - 2015-09-24 21:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-13 20:07 - 2015-09-24 21:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-13 20:07 - 2015-09-24 21:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-13 20:07 - 2015-09-24 21:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-13 20:07 - 2015-09-24 21:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-13 20:06 - 2015-10-10 02:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-13 20:06 - 2015-09-30 23:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-13 20:06 - 2015-09-30 23:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-13 20:06 - 2015-09-30 22:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-13 20:06 - 2015-09-24 23:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-13 20:06 - 2015-09-24 22:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-13 20:06 - 2015-09-24 22:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-13 20:06 - 2015-09-24 22:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-13 20:06 - 2015-09-24 22:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-13 20:06 - 2015-09-24 22:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-13 20:06 - 2015-09-24 22:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-13 20:06 - 2015-09-24 22:02 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-13 20:06 - 2015-09-24 22:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-13 20:06 - 2015-09-24 22:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-13 20:06 - 2015-09-24 21:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-13 20:06 - 2015-09-24 21:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-13 20:06 - 2015-09-24 21:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-13 20:06 - 2015-09-24 21:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-13 20:06 - 2015-09-24 21:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-13 20:06 - 2015-09-24 21:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-13 20:06 - 2015-09-24 21:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-13 20:06 - 2015-09-24 21:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-13 20:06 - 2015-09-24 21:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-13 20:06 - 2015-09-24 21:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-13 20:06 - 2015-09-24 21:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-13 20:06 - 2015-09-24 21:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-13 20:06 - 2015-09-24 21:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-13 20:06 - 2015-09-24 21:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-13 20:06 - 2015-09-24 21:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-13 20:06 - 2015-09-24 21:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-13 20:06 - 2015-09-24 21:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-10 15:45 - 2015-10-10 15:45 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-10-08 15:42 - 2015-10-15 22:10 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-08 15:42 - 2015-10-15 22:10 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-04 20:46 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-04 20:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-04 20:26 - 2015-07-21 14:04 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-04 19:43 - 2015-08-02 15:42 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-04 19:43 - 2015-07-21 14:04 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-04 16:17 - 2014-06-29 13:41 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9930E1B8-B7BD-4292-84E3-3C35463A0CEE}
2015-10-29 20:57 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-28 11:00 - 2014-11-23 14:54 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-27 12:26 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-23 12:51 - 2014-06-29 13:36 - 00000000 ____D C:\Users\hans\AppData\Local\Packages
2015-10-23 12:20 - 2015-08-02 16:04 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-23 12:12 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-23 12:12 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-21 17:38 - 2014-07-30 19:58 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-10-18 20:57 - 2014-06-29 17:17 - 00000000 ____D C:\Bovada
2015-10-16 13:29 - 2015-08-02 15:47 - 00000000 ____D C:\Users\hans
2015-10-16 13:27 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-16 13:25 - 2015-08-02 15:38 - 01949174 _____ C:\WINDOWS\PFRO.log
2015-10-16 13:25 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-15 12:29 - 2014-07-30 19:58 - 01049880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-10-13 22:38 - 2014-07-01 21:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-13 22:33 - 2014-07-01 21:36 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-10 22:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-10 15:45 - 2015-07-10 07:20 - 00016063 _____ C:\WINDOWS\setupact.log
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-11-04 20:43 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-04 20:26 - 2015-07-21 14:04 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-04 19:43 - 2015-08-02 15:42 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-04 19:43 - 2015-07-21 14:04 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-04 16:17 - 2014-06-29 13:41 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9930E1B8-B7BD-4292-84E3-3C35463A0CEE}
2015-10-29 20:57 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-28 11:00 - 2014-11-23 14:54 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-27 12:26 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-23 12:51 - 2014-06-29 13:36 - 00000000 ____D C:\Users\hans\AppData\Local\Packages
2015-10-23 12:20 - 2015-08-02 16:04 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-23 12:12 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-23 12:12 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-21 17:38 - 2014-07-30 19:58 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-10-18 20:57 - 2014-06-29 17:17 - 00000000 ____D C:\Bovada
2015-10-16 13:29 - 2015-08-02 15:47 - 00000000 ____D C:\Users\hans
2015-10-16 13:27 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-16 13:25 - 2015-08-02 15:38 - 01949174 _____ C:\WINDOWS\PFRO.log
2015-10-16 13:25 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-15 12:29 - 2014-07-30 19:58 - 01049880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-10-13 22:38 - 2014-07-01 21:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-13 22:33 - 2014-07-01 21:36 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-10 22:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-10 15:45 - 2015-07-10 07:20 - 00016063 _____ C:\WINDOWS\setupact.log
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-08 13:37 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\L2Schemas
==================== Files in the root of some directories =======
2014-08-29 08:04 - 2014-08-29 08:04 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-02 15:43 - 2015-08-02 15:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-23 03:18 - 2014-04-23 03:18 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-04-23 03:14 - 2014-04-23 03:15 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-04-23 03:15 - 2014-04-23 03:16 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-04-23 03:16 - 2014-04-23 03:17 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-04-23 03:13 - 2014-04-23 03:14 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2015-08-02 15:43 - 2015-08-02 15:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-23 03:18 - 2014-04-23 03:18 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-04-23 03:14 - 2014-04-23 03:15 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-04-23 03:15 - 2014-04-23 03:16 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-04-23 03:16 - 2014-04-23 03:17 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-04-23 03:13 - 2014-04-23 03:14 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-28 21:50
==================== End of FRST.txt ============================