Author Topic: [In Progress] pop-ups and alerts for urgent virus attention  (Read 2205 times)

Offline mmlawre1

  • Bronze Member
  • Posts: 16
[In Progress] pop-ups and alerts for urgent virus attention
« on: April 15, 2016, 07:20:46 PM »
I'm getting pop-ups and alerts stating I have a whole bunch of viruses and it's urgent and I should call a number to get it addressed immediately. 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Home
Boot Device: \Device\HarddiskVolume2
Install Date: 1/17/2016 5:45:17 PM
System Uptime: 4/15/2016 3:03:01 PM (3 hours ago)
.
Motherboard: LENOVO |  | INVALID
Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz | U3E1 | 2901/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 884 GiB total, 729.794 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 22.183 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP5: 2/21/2016 11:20:44 AM - Scheduled Checkpoint
RP8: 3/6/2016 10:00:47 AM - Windows Update
RP9: 3/13/2016 11:08:15 AM - Windows Update
RP10: 3/13/2016 11:09:08 AM - Windows Update
RP11: 3/29/2016 5:47:52 PM - Installed AVG
RP12: 4/15/2016 2:57:13 PM - Removed AVG
.
==== Installed Programs ======================
.
Adobe Acrobat Reader DC
Adobe Digital Editions 4.0
Adobe Flash Player 21 NPAPI
Adobe Refresh Manager
Adobe Shockwave Player 12.1
Amazon MP3 Downloader 1.0.17
Amazon Music
Ancestral Quest 14
Ancestral Quest Collaboration Support
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
AVG
AVG Web TuneUp
Blue Coat K9 Web Protection
Bonjour
Citrix Online Launcher
Definition Update for Microsoft Office 2010 (KB3114887) 32-Bit Edition
Dolby Home Theater v4
Edraw Max 7.7
Energy Management
Evernote v. 5.2
FamilySearch Indexing 3.24.2
FreeRide Games
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
GoToMeeting 7.14.1.4670
HP Support Solutions Framework
IBM SPSS Statistics 22
iCloud
Intel AppUp(R) center
Intel PROSet Wireless
Intel(R) Driver Update Utility 2.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) WiDi
Intel(R) Wireless Bluetooth(R)
Intel® Driver Update Utility
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Intelligent Touchpad
Itibiti RTC
iTunes
Java 8 Update 66
Java Auto Updater
KeePass Password Safe 1.29
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo Photos
Lenovo pointing device
Lenovo PowerDVD10
Lenovo YouCam
Malwarebytes Anti-Malware version 2.1.8.1057
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft OneNote 2013 - en-us
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Mindjet MindManager 14
Mindjet MindManager 15
Mozilla Firefox 42.0 (x86 en-US)
Mozilla Maintenance Service
Nitro Pro 7
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
OneClickdigital Media Manager
Onekey Theater
PDF-XChange 3
Power2Go
ProQuest For Word
QuickTime 7
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Reference Point Software Template for APA format, Word 2010
Reference Point Template ver: Word 2010, APA 6th Ed.
Security Update for Microsoft Access 2010 (KB3101544) 32-Bit Edition
Security Update for Microsoft Excel 2010 (KB3114759) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB3114414) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553313) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881029) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2956063) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2965310) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3054848) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3085528) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3085560) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB3114883) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB3114396) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2817478) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB3114402) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2965313) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB3114878) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared C Run-time for x64
Skype Click to Call
Skype Web Plugin
Skype™ 7.7
Spotify
SugarSync Manager
swMSM
TeamViewer 9
TurboTax 2012
TurboTax 2012 waziper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
TurboTax 2012 wutiper
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2999508) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553388) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589318) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2791057) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054873) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054886) 32-Bit Edition
Update for Microsoft Office 2010 (KB3055042) 32-Bit Edition
Update for Microsoft Office 2010 (KB3055047) 32-Bit Edition
Update for Microsoft Office 2010 (KB3085512) 32-Bit Edition
Update for Microsoft Office 2010 (KB3114555) 32-Bit Edition
Update for Microsoft Office 2010 (KB3114750) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB3114410) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2760779) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB3114756) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553308) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition
UserGuide
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Web Updater version 1.0.30.0
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733)
.
==== Event Viewer Messages From Past Week ========
.
4/15/2016 6:05:45 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
4/15/2016 3:04:52 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the wusvc service to connect.
4/15/2016 3:04:52 PM, Error: Service Control Manager [7000]  - The wusvc service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/15/2016 3:04:51 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the TeamViewer9 service to connect.
4/15/2016 3:04:51 PM, Error: Service Control Manager [7000]  - The TeamViewer9 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/15/2016 3:04:45 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HPSupportSolutionsFrameworkService service to connect.
4/15/2016 3:04:45 PM, Error: Service Control Manager [7000]  - The HPSupportSolutionsFrameworkService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/15/2016 3:02:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_92302 service to connect.
4/15/2016 3:02:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Sync Host_92302 service to connect.
4/15/2016 3:02:24 PM, Error: Service Control Manager [7031]  - The User Data Storage_92302 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/15/2016 3:02:24 PM, Error: Service Control Manager [7031]  - The User Data Access_92302 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/15/2016 3:02:24 PM, Error: Service Control Manager [7031]  - The Sync Host_92302 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/15/2016 3:02:24 PM, Error: Service Control Manager [7031]  - The Contact Data_92302 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
.
==== End Of File ===========================


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20  BrowserJavaVersion: 11.66.2
Run by MindyL at 18:13:39 on 2016-04-15
Microsoft Windows 10 Home  10.0.10586.0.1252.1.1033.18.8048.5477 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\windows\SysWOW64\NLSSRV32.EXE
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\loggingserver.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Elantech\ETDIntelligent.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\RTFTrack.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Users\MindyL\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\MindyL\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\MindyL\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WebUpdater\1.0.30.0\WebUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\40.2.6\ScriptHelper.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.19761.0_x64__8wekyb3d8bbwe\Video.UI.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleApp.exe
C:\Program Files\WindowsApps\E046963F.LenovoCompanion_3.42.1.0_x86__k1h2ywk1493x8\Lenovo.Discovery.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40791.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40791.0_x64__8wekyb3d8bbwe\HxTsr.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\SystemSettingsBroker.exe
C:\WINDOWS\System32\NetworkUXBroker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
svchost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://lenovo13.msn.com
uProxyOverride = hxxp://*microsoft.com;https://*microsoft.com;*.local
BHO: CmjBrowserHelperObject Object: {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 15\Mm8InternetExplorer.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\MindyL\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Spotify Web Helper] "C:\Users\MindyL\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Amazon Music] "C:\Users\MindyL\AppData\Local\Amazon Music\Amazon Music Helper.exe"
uRun: [OneDrive] "C:\Users\MindyL\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [GoogleChromeAutoLaunch_7BA9F92B06F33623D6E1FF3494EC2140] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [BingSvc] C:\Users\MindyL\AppData\Local\Microsoft\BingSvc\BingSvc.exe
uRunOnce: [Uninstall C:\Users\MindyL\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\MindyL\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Intel AppUp(R) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 15\MMReminderService.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
StartupFolder: C:\Users\MindyL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\MindyL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\MindyL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: SafeModeBlockNonAdmins = dword:1
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 15\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 15\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 15\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 15\Mm8InternetExplorer.dll/202
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00106-0002-0006-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 15\Mm8InternetExplorer.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
DPF: {206599BA-54C3-4B56-8B27-361541F02B36} - hxxps://webapp4.asu.edu/wifi/tools/xc_loader_activex.ocx
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
TCP: NameServer = 82.163.143.171 82.163.142.173
TCP: NameServer = 192.168.0.1 205.171.3.25 205.171.2.25
TCP: Interfaces\{707fb07d-b45b-408d-aab7-cca74745a3c6} : NameServer = 82.163.143.171 82.163.142.173
TCP: Interfaces\{707fb07d-b45b-408d-aab7-cca74745a3c6} : DHCPNameServer = 82.163.143.171
TCP: Interfaces\{c0f6e0d8-926b-4b2f-8e78-28bbb160779b} : NameServer = 82.163.143.171 82.163.142.173
TCP: Interfaces\{c0f6e0d8-926b-4b2f-8e78-28bbb160779b} : DHCPNameServer = 192.168.0.1 205.171.3.25 205.171.2.25
TCP: Interfaces\{c0f6e0d8-926b-4b2f-8e78-28bbb160779b}\A41637F6E62E08993702960586F6E656 : NameServer = 82.163.143.171 82.163.142.173
TCP: Interfaces\{c0f6e0d8-926b-4b2f-8e78-28bbb160779b}\A41637F6E62E08993702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{e24e9991-2490-43e8-8228-e6b109c78906} : NameServer = 82.163.143.171 82.163.142.173
TCP: Interfaces\{e24e9991-2490-43e8-8228-e6b109c78906} : DHCPNameServer = 82.163.143.171
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [RtHDVBg_LENOVO_DOLBYDRAGON] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
x64-Run: [RtHDVBg_LENOVO_MICPKEY] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
x64-Run: [RtsFT] RTFTrack.exe
x64-Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe -start
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: SafeModeBlockNonAdmins = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MindyL\AppData\Roaming\Mozilla\Firefox\Profiles\yd2tqw0z.default-1449551652312\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll
FF - plugin: C:\Program Files (x86)\FreeRide Games\npExentControl.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll
FF - plugin: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\MindyL\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\MindyL\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\MindyL\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi-x64.dll
FF - plugin: C:\Users\MindyL\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll
FF - plugin: C:\Users\MindyL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\MindyL\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1210150.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2012-11-13 645952]
R0 LHDmgr;LHDmgr;C:\WINDOWS\System32\drivers\LhdX64.sys [2012-11-13 39008]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104]
R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2014-1-24 2647256]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-12-12 2828016]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2015-8-19 135072]
R2 ibtsiva.exe;Intel Bluetooth Service;C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [2015-6-18 135408]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-1-17 330136]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-9-18 157128]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-11-13 166720]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-7-16 216072]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-7-16 69640]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-11-13 365376]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R2 vToolbarUpdater40.2.6;vToolbarUpdater40.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe [2016-3-1 1949768]
R2 WtuSystemSupport;WtuSystemSupport;C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [2015-12-20 1215560]
R2 X5XSEx_Pr148;X5XSEx_Pr148;C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys [2012-11-13 56136]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\WINDOWS\System32\drivers\AcpiVpc.sys [2012-5-15 33560]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\WINDOWS\System32\drivers\AmpPal.sys [2012-9-13 162344]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
R3 ETD;ELAN PS/2 Port Input Device;C:\WINDOWS\System32\drivers\ETD.sys [2015-8-19 467032]
R3 ibtfltcoex;Intel Corporation;C:\WINDOWS\System32\drivers\ibtfltcoex.sys [2015-7-1 79632]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-8-21 463112]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-7-29 38976]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew01.sys [2015-10-30 3343872]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-10-30 589824]
R3 RTSUER;Realtek USB Card Reader - UER;C:\WINDOWS\System32\drivers\RtsUer.sys [2015-5-14 402960]
R3 rtsuvc;Lenovo EasyCamera;C:\WINDOWS\System32\drivers\rtsuvc.sys [2012-11-13 8227216]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\WINDOWS\System32\drivers\usb3Hub.sys [2012-11-29 47072]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\WINDOWS\System32\drivers\xHCIPort.sys [2012-11-29 188896]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [2016-2-1 561104]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-9-15 89352]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-6-25 327296]
S2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-2-15 4915040]
S2 wusvc;Web Updater Service (wusvc);C:\Program Files\WebUpdater\webupdaterservice.exe [2015-12-20 61952]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 AvgAMPS;AvgAMPS;C:\Program Files (x86)\AVG\Av\avgamps.exe [2015-12-9 615584]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-1-17 117248]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-11-6 169752]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\2B6A3A25.sys [2015-10-16 113880]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-30 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-10-30 254816]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-30 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-10-30 694784]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 wsvd;wsvd;C:\WINDOWS\System32\drivers\wsvd.sys [2012-11-13 102376]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-3-2 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-3-2 29696]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2016-04-15 22:11:27   --------   d--h--w-   C:\OneDriveTemp
2016-03-30 00:12:34   --------   d-----w-   C:\ProgramData\4c627642-2c15-0
2016-03-22 23:30:34   --------   d-----w-   C:\ProgramData\Avg_Update_0316tb
.
==================== Find3M  ====================
.
2016-03-08 07:12:26   829944   ----a-w-   C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-03-08 07:12:26   176632   ----a-w-   C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-03-03 04:35:58   113880   ----a-w-   C:\WINDOWS\System32\drivers\2B6A3A25.sys
2016-03-01 05:31:29   848168   ----a-w-   C:\WINDOWS\System32\mfsvr.dll
2016-03-01 05:22:47   709688   ----a-w-   C:\WINDOWS\SysWow64\mfsvr.dll
2016-02-24 09:52:06   1997328   ----a-w-   C:\WINDOWS\System32\KernelBase.dll
2016-02-24 09:51:58   7474528   ----a-w-   C:\WINDOWS\System32\ntoskrnl.exe
2016-02-24 09:48:32   713568   ----a-w-   C:\WINDOWS\System32\invagent.dll
2016-02-24 09:47:03   1173344   ----a-w-   C:\WINDOWS\System32\aeinv.dll
2016-02-24 09:40:06   513888   ----a-w-   C:\WINDOWS\System32\devinv.dll
2016-02-24 09:34:50   1613664   ----a-w-   C:\WINDOWS\System32\diagtrack.dll
2016-02-24 09:28:35   3449168   ----a-w-   C:\WINDOWS\System32\WSService.dll
2016-02-24 09:15:07   1557768   ----a-w-   C:\WINDOWS\SysWow64\KernelBase.dll
2016-02-24 08:58:26   794888   ----a-w-   C:\WINDOWS\System32\mfds.dll
2016-02-24 08:51:24   1322248   ----a-w-   C:\WINDOWS\System32\ole32.dll
2016-02-24 08:50:49   808800   ----a-w-   C:\WINDOWS\System32\WWAHost.exe
2016-02-24 08:46:25   6607080   ----a-w-   C:\WINDOWS\System32\windows.storage.dll
2016-02-24 08:43:01   625000   ----a-w-   C:\WINDOWS\System32\ClipSVC.dll
2016-02-24 08:39:30   141560   ----a-w-   C:\WINDOWS\System32\AuthHost.exe
2016-02-24 08:39:01   358752   ----a-w-   C:\WINDOWS\System32\msv1_0.dll
2016-02-24 08:19:18   670928   ----a-w-   C:\WINDOWS\SysWow64\mfds.dll
2016-02-24 08:14:23   216416   ----a-w-   C:\WINDOWS\System32\AppxAllUserStore.dll
2016-02-24 08:11:46   957608   ----a-w-   C:\WINDOWS\SysWow64\ole32.dll
2016-02-24 08:11:07   258280   ----a-w-   C:\WINDOWS\System32\sqmapi.dll
2016-02-24 08:11:03   652392   ----a-w-   C:\WINDOWS\System32\dxgi.dll
2016-02-24 08:11:03   394080   ----a-w-   C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-02-24 08:11:03   1997152   ----a-w-   C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-02-24 08:11:01   703840   ----a-w-   C:\WINDOWS\SysWow64\WWAHost.exe
2016-02-24 08:10:54   576864   ----a-w-   C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-02-24 08:10:52   630632   ----a-w-   C:\WINDOWS\System32\fontdrvhost.exe
2016-02-24 08:09:58   640472   ----a-w-   C:\WINDOWS\System32\wer.dll
2016-02-24 08:09:49   147808   ----a-w-   C:\WINDOWS\System32\wermgr.exe
2016-02-24 08:06:39   5242496   ----a-w-   C:\WINDOWS\SysWow64\windows.storage.dll
2016-02-24 07:59:11   294752   ----a-w-   C:\WINDOWS\SysWow64\msv1_0.dll
2016-02-24 07:39:44   23552   ----a-w-   C:\WINDOWS\System32\ExtrasXmlParser.dll
2016-02-24 07:39:34   45568   ----a-w-   C:\WINDOWS\System32\UserDataTypeHelperUtil.dll
2016-02-24 07:38:35   187744   ----a-w-   C:\WINDOWS\SysWow64\AppxAllUserStore.dll
2016-02-24 07:38:12   111616   ----a-w-   C:\WINDOWS\System32\UserDataTimeUtil.dll
2016-02-24 07:37:58   45056   ----a-w-   C:\WINDOWS\System32\UserDataLanguageUtil.dll
2016-02-24 07:36:17   60416   ----a-w-   C:\WINDOWS\System32\PimIndexMaintenanceClient.dll
2016-02-24 07:35:26   220064   ----a-w-   C:\WINDOWS\SysWow64\sqmapi.dll
2016-02-24 07:35:24   523752   ----a-w-   C:\WINDOWS\SysWow64\dxgi.dll
2016-02-24 07:35:18   45568   ----a-w-   C:\WINDOWS\System32\atmlib.dll
2016-02-24 07:35:08   540752   ----a-w-   C:\WINDOWS\SysWow64\fontdrvhost.exe
2016-02-24 07:33:53   141664   ----a-w-   C:\WINDOWS\SysWow64\wermgr.exe
2016-02-24 07:33:49   538736   ----a-w-   C:\WINDOWS\SysWow64\wer.dll
2016-02-24 07:31:49   118272   ----a-w-   C:\WINDOWS\System32\fontsub.dll
2016-02-24 07:30:18   25600   ----a-w-   C:\WINDOWS\System32\wfapigp.dll
2016-02-24 07:28:12   70656   ----a-w-   C:\WINDOWS\System32\POSyncServices.dll
2016-02-24 07:23:20   68096   ----a-w-   C:\WINDOWS\System32\UserDataPlatformHelperUtil.dll
2016-02-24 07:23:09   91648   ----a-w-   C:\WINDOWS\System32\asycfilt.dll
2016-02-24 07:22:03   196608   ----a-w-   C:\WINDOWS\System32\fwpolicyiomgr.dll
2016-02-24 07:20:57   167936   ----a-w-   C:\WINDOWS\System32\dafBth.dll
2016-02-24 07:20:35   195072   ----a-w-   C:\WINDOWS\System32\VCardParser.dll
2016-02-24 07:20:00   87552   ----a-w-   C:\WINDOWS\System32\AppxSysprep.dll
2016-02-24 07:19:56   31232   ----a-w-   C:\WINDOWS\System32\seclogon.dll
2016-02-24 07:19:10   145408   ----a-w-   C:\WINDOWS\System32\dssvc.dll
2016-02-24 07:15:29   365568   ----a-w-   C:\WINDOWS\System32\atmfd.dll
2016-02-24 07:14:00   274944   ----a-w-   C:\WINDOWS\System32\ExSMime.dll
2016-02-24 07:13:57   121856   ----a-w-   C:\WINDOWS\System32\AppointmentActivation.dll
2016-02-24 07:12:54   243712   ----a-w-   C:\WINDOWS\System32\cemapi.dll
2016-02-24 07:12:03   221184   ----a-w-   C:\WINDOWS\System32\PhoneCallHistoryApis.dll
2016-02-24 07:10:05   93184   ----a-w-   C:\WINDOWS\System32\wpninprc.dll
2016-02-24 07:09:04   258560   ----a-w-   C:\WINDOWS\System32\UserDataAccountApis.dll
2016-02-24 07:09:00   161792   ----a-w-   C:\WINDOWS\System32\AppxSip.dll
2016-02-24 07:07:53   252928   ----a-w-   C:\WINDOWS\System32\PimIndexMaintenance.dll
2016-02-24 07:05:00   208896   ----a-w-   C:\WINDOWS\System32\storewuauth.dll
2016-02-24 07:03:16   88576   ----a-w-   C:\WINDOWS\SysWow64\olepro32.dll
2016-02-24 07:02:17   161280   ----a-w-   C:\WINDOWS\System32\CallHistoryClient.dll
2016-02-24 07:01:56   146432   ----a-w-   C:\WINDOWS\System32\AuthBroker.dll
2016-02-24 07:01:21   764928   ----a-w-   C:\WINDOWS\System32\Chakradiag.dll
2016-02-24 07:01:15   67584   ----a-w-   C:\WINDOWS\System32\profext.dll
2016-02-24 07:00:00   214528   ----a-w-   C:\WINDOWS\System32\Windows.Devices.Scanners.dll
2016-02-24 06:59:55   450560   ----a-w-   C:\WINDOWS\System32\Windows.Internal.Bluetooth.dll
2016-02-24 06:59:44   318976   ----a-w-   C:\WINDOWS\System32\domgmt.dll
2016-02-24 06:59:32   360448   ----a-w-   C:\WINDOWS\System32\vaultsvc.dll
2016-02-24 06:58:29   685568   ----a-w-   C:\WINDOWS\System32\scapi.dll
2016-02-24 06:55:57   790528   ----a-w-   C:\WINDOWS\System32\EmailApis.dll
2016-02-24 06:55:39   224256   ----a-w-   C:\WINDOWS\System32\PackageStateRoaming.dll
2016-02-24 06:55:08   18944   ----a-w-   C:\WINDOWS\SysWow64\ExtrasXmlParser.dll
2016-02-24 06:54:57   37888   ----a-w-   C:\WINDOWS\SysWow64\UserDataTypeHelperUtil.dll
2016-02-24 06:54:55   228352   ----a-w-   C:\WINDOWS\System32\wsqmcons.exe
2016-02-24 06:54:45   288768   ----a-w-   C:\WINDOWS\System32\vaultcli.dll
2016-02-24 06:54:09   526336   ----a-w-   C:\WINDOWS\System32\FirewallAPI.dll
2016-02-24 06:53:47   89088   ----a-w-   C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
2016-02-24 06:53:35   37888   ----a-w-   C:\WINDOWS\SysWow64\UserDataLanguageUtil.dll
2016-02-24 06:52:12   48128   ----a-w-   C:\WINDOWS\SysWow64\PimIndexMaintenanceClient.dll
2016-02-24 06:52:11   451584   ----a-w-   C:\WINDOWS\System32\werui.dll
2016-02-24 06:51:21   37376   ----a-w-   C:\WINDOWS\SysWow64\atmlib.dll
2016-02-24 06:49:50   726528   ----a-w-   C:\WINDOWS\System32\ChatApis.dll
2016-02-24 06:47:58   93696   ----a-w-   C:\WINDOWS\SysWow64\fontsub.dll
2016-02-24 06:46:33   20480   ----a-w-   C:\WINDOWS\SysWow64\wfapigp.dll
2016-02-24 06:44:46   56320   ----a-w-   C:\WINDOWS\SysWow64\POSyncServices.dll
2016-02-24 06:44:19   700416   ----a-w-   C:\WINDOWS\System32\AppointmentApis.dll
2016-02-24 06:44:18   1713664   ----a-w-   C:\WINDOWS\System32\SRHInproc.dll
2016-02-24 06:44:00   915456   ----a-w-   C:\WINDOWS\System32\configurationclient.dll
2016-02-24 06:43:59   286720   ----a-w-   C:\WINDOWS\System32\deviceaccess.dll
2016-02-24 06:43:12   957952   ----a-w-   C:\WINDOWS\System32\SRH.dll
2016-02-24 06:42:48   954368   ----a-w-   C:\WINDOWS\System32\drivers\bthport.sys
2016-02-24 06:42:42   84992   ----a-w-   C:\WINDOWS\System32\drivers\BTHUSB.SYS
.
============= FINISH: 18:14:24.21 ===============
« Last Edit: April 18, 2016, 03:31:39 PM by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27117
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] pop-ups and alerts for urgent virus attention
« Reply #1 on: April 18, 2016, 03:32:21 PM »
Sorry for the delay, platypuss will be helping you with your problem please wait for his first post.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] pop-ups and alerts for urgent virus attention
« Reply #2 on: April 19, 2016, 11:02:44 AM »


   

     I am Platypuss, I will be helping you with your problem.
   
Before we begin, please follow my simple rules:-
  • If you do not understand any instructions, Stop & Ask do not risk creating
          further problems.
  • Please do not run any tools unless instructed to do so because it may well
          cause unforseen damage to your machine.
  • It may help you to print out my instructions, so that mistakes are not made.
  • I am a trainee here but my instructions are checked by my mentor, there may be some delay but you will get a high quality of service.
  • Malware removal is frequently complex, it takes time to analyse logs, please be patient.   
  • I will advise you as soon as your computer is clean, until then it may still be infected !
         
Change Downloads  to Desktop  http://www.thewindowsclub.com/change-download-location-ie-chrome


How to change your download location to Desktop HERE

http://www.thewindowsclub.com/change-download-location-ie-chrome


Google Chrome -
  • Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
  • Choose Settings. at the bottom of the screen click the "Show advanced settings..." link.
  • Scroll down to find the Downloads section and click the Change... button.
  • Select your desktop and click OK.
Mozilla Firefox -
  • Click the "Open Menu" button in the upper right-corner of the browser.
  • Choose Options. In the downloads section, click the Browse button,
  • click on the Desktop folder and the click the "Select Folder" button.
  • Click OK to get out of the Options menu.
Internet Explorer -
  • Click the Tools menu in the upper right-corner of the browser. Select View downloads.
  • Select the Options link in the lower left of the window. Click Browse and select the Desktop.
  • Then choose the Select Folder button. Click OK to get out of the download options screen .
  • Now click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....
>>>>>>>>>>>>>>>>>>>


NEXT
Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

>>>>>>>>>>>>>>>>>>>>>

NEXT
Please download Malwarebytes' Anti-Malware to your Desktop
  • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a location you will remember.
    • Copy and Paste that log into your next reply.
    Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK for either of the prompts and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately.

  • With some infections, you may or may not see this message box:-
'Could not load DDA driver'

  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export  > From export you have three options:
  • [1]
Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
[2] Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
[3]  XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply


• Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
>>>>>>>>>>>>


• Wait for the prompt to restart the computer to appear, then click on Yes.

• After the restart once you are back at your desktop, open MBAM once more.





>>>>>>>>>>>>>>>>>>>>>>>>


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.
>>>>>>>>>>>>>>

I need the two Farbar logs & the MBAM log please
Platypuss


 




















[/list]

Offline mmlawre1

  • Bronze Member
  • Posts: 16
Re: [In Progress] pop-ups and alerts for urgent virus attention
« Reply #3 on: April 19, 2016, 10:20:12 PM »
Thank you!!

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] pop-ups and alerts for urgent virus attention
« Reply #4 on: April 20, 2016, 09:45:05 AM »

Hello mmlawre1,

Thanks for the logs. This is the method for posting logs in SpywareHammer:-

Open the logs in notepad and select the entire text and then hit ctrl-v (or right click on the highlighted text and select copy) and then click in the reply box here and click ctrl-c (or right click on the reply box and select paste)
.That should copy and paste the log into the reply box. Then all you need to do is hit Post.

If you get a message rejecting it as being too large, split the file in half & post it as seperate reply.


Could you re-post those logs please, it allows me to check through them more quickly.

Have you got your security programs (AV,AS, Firewall) re-enabled after running the scans ?

Platypuss
 

Offline mmlawre1

  • Bronze Member
  • Posts: 16
Re: [In Progress] pop-ups and alerts for urgent virus attention
« Reply #5 on: May 10, 2016, 05:13:22 PM »
MBAM log
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/10/2016
Scan Time: 2:46 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.10.06
Rootkit Database: v2016.05.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: MindyL

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339082
Time Elapsed: 28 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.WebUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WebUpdater LaunchTask, Delete-on-Reboot, [a9959341c8d1fe3892b4b31b9d66c13f],
PUP.Optional.WebUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WebUpdater Task, Delete-on-Reboot, [3b03aa2a8712ee48242203cb9370946c],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.WebUpdater, C:\Windows\System32\Tasks\WebUpdater LaunchTask, Quarantined, [42fc90448b0ea69084c0319d7b88f709],
PUP.Optional.WebUpdater, C:\Windows\System32\Tasks\WebUpdater Task, Quarantined, [7bc3f6de4752f5414df7973726ddba46],
PUP.Optional.Conduit, C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["http://search.conduit.com/?ctid=CT3227981&SearchSource=48&CUI=UN12898016257201275&UM=2","http://mysearch.avg.com?cid={0C83C89E-02E5-4B43-9D1B-84FCB97043C4}&mid=5a57613f778147d39d0db17f9bdcfe74-2fbef669bf5a82a2ada710deecc413c7ac63b2eb&lang=en&ds=co012&coid=avgtbdisco&pr=sa&d=2013-10-30 09:49:31&v=17.0.0.12&pid=safeguard&sg=0&sap=hp","https://www.familysearch.org/"]},"sync":{"remaining_rollback_tries":0}}), Replaced,[74ca13c120794ee8caae530f08fcd12f]
PUP.Optional.WebUpdater, C:\wulog.txt, Quarantined, [72cc9c387e1b5fd7ea3fb0b2b3519868],

Physical Sectors: 0
(No malicious items detected)


(end)

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by MindyL (2016-04-19 21:03:00)
Running from C:\Users\MindyL\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-18 00:45:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3731359467-3889665967-61734404-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3731359467-3889665967-61734404-503 - Limited - Disabled)
Guest (S-1-5-21-3731359467-3889665967-61734404-501 - Limited - Disabled)
MindyL (S-1-5-21-3731359467-3889665967-61734404-1001 - Administrator - Enabled) => C:\Users\MindyL

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Ancestral Quest 14 (HKLM-x32\...\InstallShield_{1CB5AAB3-A8E9-4E79-8B65-6EDB170B747E}) (Version: 14.00.0012 - Incline Software, LC)
Ancestral Quest 14 (HKLM-x32\...\InstallShield_{74CC3DCC-3518-4A22-9816-55BE9F659C76}) (Version: 14.00.0017 - Incline Software, LC)
Ancestral Quest 14 (x32 Version: 14.00.0017 - Incline Software, LC) Hidden
Ancestral Quest Collaboration Support (HKLM-x32\...\InstallShield_{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}) (Version: 1.10.0010 - Incline Software)
Ancestral Quest Collaboration Support (x32 Version: 1.10.0010 - Incline Software) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AVG (Version: 16.12.7303 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.9.726 - AVG Technologies)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.276 - Blue Coat Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Edraw Max 7.7 (HKLM-x32\...\Edraw Max_is1) (Version:  - EdrawSoft)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Evernote v. 5.2 (HKLM-x32\...\{090931D6-A2F4-11E3-AD9C-00163E98E7D0}) (Version: 5.2.0.2946 - Evernote Corp.)
FamilySearch Indexing 3.24.2 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.24.2 - FamilySearch)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 41504 - Intel)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{C2A72E57-2CC7-4C02-BE19-0A12D74C5D63}) (Version: 18.1.1525.1445 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{e6f0207e-ac43-48a9-bfff-3d879b45694d}) (Version: 18.12.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{DD7D6D84-93AB-48CA-A759-94324E341CBA}) (Version: 2.00.0012.0723 - Lenovo)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
KeePass Password Safe 1.29 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.29 - Dominik Reichl)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.8400.10182 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.69.4 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4815.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mindjet MindManager 14 (HKLM-x32\...\{1E4FB051-7CE0-4872-B15C-C592F7D60D47}) (Version: 14.2.321 - Mindjet)
Mindjet MindManager 15 (HKLM-x32\...\{52229551-2608-48A2-BB1C-704085BAAA1B}) (Version: 15.0.160 - Mindjet)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Nitro Pro 7 (HKLM\...\{72D264E5-0C44-42DF-820B-621303E5C183}) (Version: 7.4.1.21 - Nitro PDF Software)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
OneClickdigital Media Manager (HKLM-x32\...\{FDFDEC8B-1047-49D8-B2D2-45C0B02F92FC}) (Version: 67.0.0.0 - Recorded Books)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
ProQuest For Word (HKLM-x32\...\{F1161AFB-9E5B-4775-BD4C-5E88461F7868}) (Version: 4.4.1298 - ProQuest)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.)
Reference Point Software Template for APA format, Word 2010 (HKLM-x32\...\Reference Point Software Template for APA format, Word 2010) (Version:  - Reference Point Software, LLC)
Reference Point Template ver: Word 2010, APA 6th Ed. (HKLM-x32\...\Reference Point Template ver: Word 2010, APA 6th Ed.) (Version:  - Reference Point Software, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{75BBD24C-C19A-4885-B8FD-EB15009277D3}) (Version: 7.5.0.123 - Skype Technologies S.A.)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Spotify) (Version: 1.0.21.143.g76c19bcd - Spotify AB)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{59CA9673-A08B-489C-8932-1C3E0CF244D8}\localserver32 -> C:\Users\MindyL\AppData\Local\SkypePlugin\7.5.0.123\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\MindyL\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\MindyL\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\MindyL\AppData\Local\Citrix\GoToMeeting\2331\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{B982932A-124D-489C-A7B3-8BCD1FDB8DD3}\InprocServer32 -> C:\Users\MindyL\AppData\Local\SkypePlugin\7.5.0.123\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\MindyL\AppData\Local\SkypePlugin\7.5.0.123\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\MindyL\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\MindyL\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00AE2AA9-9CF6-4B09-9DA5-0CD94A6CF2E2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-19] (Microsoft Corporation)
Task: {06AD3FB7-0FF4-47D6-AA17-850E3A47DAE3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0E43F7FE-3084-4CB3-A932-63A834AB8203} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1FD4F08C-C6A4-4CFB-A7A5-1E514BC89255} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {21CE0E6C-50EB-4F1B-88CC-3C91348A347B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-15] (Adobe Systems Incorporated)
Task: {2CC195D1-ADD8-4586-B776-041D92F48DD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2F19CA11-129F-430C-9F1B-616086B747F7} - System32\Tasks\{5CE8BBBA-1F03-42AA-8545-D17E4DF0D8E4} => pcalua.exe -a C:\Users\MindyL\Downloads\Y07C_C1-gdi-win8-64-108_enus.EXE -d C:\WINDOWS\system32
Task: {33D9B8FB-EE1C-4194-AB07-4A4B86BBA68C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {46A9C2CC-C3E8-4692-AF2F-DE02FC8D5083} - System32\Tasks\WebUpdater Task => C:\Program Files\WebUpdater\webupdaterservice.exe
Task: {4F411F44-E911-4421-AC4D-D69C84D8FC49} - System32\Tasks\G2MUploadTask-S-1-5-21-3731359467-3889665967-61734404-1001 => C:\Users\MindyL\AppData\Local\Citrix\GoToMeeting\4800\g2mupload.exe [2016-04-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {5715AFB2-DD70-48B2-8EC1-9943F3972D82} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {608EDA35-312F-4B73-9BE0-0FFD940A4F8C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7BB12C7C-2A31-4D1B-BD73-A1C7967F18E0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3731359467-3889665967-61734404-1001UA => C:\Users\MindyL\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {81D5D4DF-A8B5-48E4-AF83-9597935D3345} - \{78790847-0D08-7D04-7A11-04097F041105} -> No File <==== ATTENTION
Task: {908FFA2E-0BB6-4B24-B089-6B0D64785E80} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {99012C85-9459-4697-AC58-81771E7349FD} - System32\Tasks\Google Update => C:\Users\MindyL\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {99AE27A2-6D58-405D-8359-2B9B135989FE} - System32\Tasks\G2MUpdateTask-S-1-5-21-3731359467-3889665967-61734404-1001 => C:\Users\MindyL\AppData\Local\Citrix\GoToMeeting\4800\g2mupdate.exe [2016-04-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {9D80C251-970B-4F54-8376-786BCB2556E7} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09] (Oracle Corporation)
Task: {9F954203-4ACD-4099-9797-60761EF7DC02} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A5CF8E64-1345-44AC-BE13-4E58D4004329} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3731359467-3889665967-61734404-1001Core => C:\Users\MindyL\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A8059145-D8BA-4078-8021-83437A44C9C3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {ABC6B112-851B-4DDF-877A-89F752EC8148} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {ACB55285-0AE3-4205-9D13-1615F758EA2C} - System32\Tasks\WebUpdater LaunchTask => C:\Program Files\WebUpdater\webupdaterservice.exe
Task: {B4E1DE73-4BA3-4D01-8C5E-0128F219079B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B7E0ADDA-9809-422E-A28F-F46BDFAB5BF2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {BCF9A0B2-F03D-4B39-917B-2A1E2F2A2A44} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {C4C3E3C0-5227-4E04-BA66-96ECFBD99743} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {CCA2DE94-8BC0-42D6-936B-618A089134EA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D18E077A-731A-43D0-8F95-9D2E4B876DBB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DA84FD6F-BC94-4419-875A-881FDF562156} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DBE46B6B-F468-4025-BF94-7A2FA57B6447} - System32\Tasks\0316tbUpdateInfo => C:\ProgramData\Avg_Update_0316tb\0316tb_{2BD560EA-7DDD-4C82-8A98-9A8F477E337F}.exe [2016-03-22] ()
Task: {DE478FEF-A3F8-4D59-9BD8-C6866693E71C} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {DFA3DBBB-D697-4E8A-A33D-BE1B91D1C3BB} - System32\Tasks\{A7D3ECC3-67D7-1B2C-4376-624C095A082E} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\fea70748\9e7afae2.dll" <==== ATTENTION
Task: {E5C4FEA5-B76A-45B9-ACCB-008F5E08A8D8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EF77C1AA-4A82-4EB0-8C17-CB2516418C13} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3731359467-3889665967-61734404-1001.job => C:\Users\MindyL\AppData\Local\Citrix\GoToMeeting\4800\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3731359467-3889665967-61734404-1001.job => C:\Users\MindyL\AppData\Local\Citrix\GoToMeeting\4800\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3731359467-3889665967-61734404-1001Core.job => C:\Users\MindyL\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3731359467-3889665967-61734404-1001UA.job => C:\Users\MindyL\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-20 11:48 - 2016-03-01 17:15 - 01215560 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-12 12:47 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-04-19 19:19 - 2016-04-19 19:18 - 00192584 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\loggingserver.exe
2016-03-02 21:27 - 2016-02-23 04:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 21:27 - 2016-02-23 04:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-11-01 12:03 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-19 19:21 - 2016-04-19 19:24 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-19 20:41 - 2015-12-06 21:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 21:27 - 2016-02-23 01:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-19 20:42 - 2016-01-04 18:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-19 20:41 - 2016-01-04 18:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-31 10:49 - 2016-01-15 22:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-31 10:50 - 2016-01-15 22:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-20 11:48 - 2016-04-19 19:18 - 02885704 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2016-04-19 19:19 - 2016-04-19 19:18 - 00533576 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\log4cplusU.dll
2012-11-13 22:25 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-04-19 19:21 - 2016-04-19 19:24 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 19:21 - 2016-04-19 19:24 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2014-02-24 16:56 - 2014-02-24 16:56 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-02-24 16:56 - 2014-02-24 16:56 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2016-03-01 17:23 - 2016-03-01 17:23 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2016-04-15 15:18 - 2016-04-06 03:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-15 15:18 - 2016-04-06 03:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
2016-03-01 17:24 - 2016-03-01 17:24 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2016-03-01 17:23 - 2016-03-01 17:23 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3731359467-3889665967-61734404-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MindyL\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{635a75d1-f9c6-45a3-8691-38bd1bf14d8b}.jpg
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "OnekeyStudio"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(R) center"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "MMReminderService"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_7BA9F92B06F33623D6E1FF3494EC2140"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{18530A81-4F9E-4BD3-B902-B8E3D09EEAF5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{6348B259-5763-411B-BC13-E1704D7D7B5F}C:\users\mindyl\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mindyl\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{69B20521-DA3F-4918-A229-F9752C13C858}C:\users\mindyl\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mindyl\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FFF414D1-CDBA-447B-A2D1-0313B51424A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A1BE7692-329A-40A0-828E-CA471150ADCD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{03D42BB2-ED0B-4B78-9ED3-7B14596C8FB4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{65B398AB-79E2-4A52-90BC-D3B5D5D03826}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C5933B03-F1F0-4BB8-9F0C-9D6D6FA493B1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{02B64C7E-F91D-473D-B0E9-6FCD9412C9BD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{212ABBD9-EE39-4EE2-84E2-CA45DD334964}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{908DE737-8810-4ECC-8F92-A7692D483E02}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{72AE42B0-7621-4473-8323-50A2D5D6780F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9553E6ED-C2A5-4CA0-AD3E-0AD421C51D7D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{8433F19E-3CB3-4EC3-926F-A91D8BA0EA3A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{B8EBCAE2-6535-4107-A93D-E60C874CA642}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{EEC16F8E-5F78-4CF5-A371-67C0937E2EA5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7A4492B4-C375-4A12-85F0-E8A7FD40F96E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2BCAA73B-5BEC-4CC8-88C8-E1D3C38B8BA7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2F527599-26AE-4114-A7D1-A909215E4E91}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4AFBF54C-D65A-462D-AE05-1A9E4D53610C}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{6E0829C7-532D-4C9C-8154-AF489A438626}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{5DED936E-99A1-4497-A45A-7EFA0856A338}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F69C2D86-2535-45A8-9AA4-4CD34964EB94}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{5A3A347A-DF93-40B4-8AA9-2065CFBA7996}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{28C0D7F6-94BA-4717-8302-BA452C4CA12F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{5B97EBA9-5991-46D1-8381-4D14F0FC456B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{349282F0-EC26-4F9A-92D5-B50AB79DE619}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{C865BA25-79D3-4646-8320-CAB6AA0DA6AA}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{EADD6DE2-F768-4E66-9938-5EDF95FB1A32}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{29899BB6-9476-4224-B9C5-E26EBE3CC0BE}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{DE46A26D-FE86-4204-B5A4-0DF2B9EF482F}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{F9CDB47A-6CCB-4866-8615-D7FD281A7EDB}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{E3FFDC4D-BF1C-4B93-9F6E-51F0A245F329}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{A7A6B177-F127-48B6-B466-9894B88AD447}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{1F0066FF-C965-4710-A37F-825FE85C7693}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{57E20378-41FE-4208-BA37-4ACE91928B1A}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{072C0101-5F60-4D73-84D5-E255AE2DB9EF}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{DD868C3B-BB81-4FFD-8FD7-4F366B31FE03}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{CCDD8BF8-329A-41C9-884C-00544EBFF04C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5FDDD44-1684-4728-832E-9068A374E5D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{98301B6B-49C1-47DB-9FFC-3AEFFA0B560F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

06-03-2016 10:00:47 Windows Update
13-03-2016 11:08:15 Windows Update
13-03-2016 11:09:08 Windows Update
29-03-2016 17:47:52 Installed AVG
15-04-2016 14:57:13 Removed AVG
19-04-2016 20:02:30 Windows Update
19-04-2016 20:03:37 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2016 08:04:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/19/2016 08:02:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/19/2016 07:24:55 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MINDY)
Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.

Error: (04/15/2016 09:24:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10810641

Error: (04/15/2016 09:24:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10810641

Error: (04/15/2016 09:24:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/15/2016 09:24:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10805625

Error: (04/15/2016 09:24:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10805625

Error: (04/15/2016 09:24:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/15/2016 09:23:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10803016


System errors:
=============
Error: (04/19/2016 07:51:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053

Error: (04/19/2016 07:51:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (04/19/2016 07:51:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HPSupportSolutionsFrameworkService service failed to start due to the following error:
%%1053

Error: (04/19/2016 07:51:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HPSupportSolutionsFrameworkService service to connect.

Error: (04/19/2016 07:49:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_308f7 service to connect.

Error: (04/19/2016 07:49:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_308f7 service to connect.

Error: (04/19/2016 07:49:38 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_308f7 service, but this action failed with the following error:
%%1056

Error: (04/19/2016 07:49:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_308f7 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/19/2016 07:49:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_308f7 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/19/2016 07:49:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_308f7 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-04-15 15:13:19.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-15 14:50:54.155
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-15 14:50:54.146
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-15 14:50:54.137
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-15 14:50:54.128
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-15 14:50:54.118
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-15 14:50:54.110
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-15 14:50:54.100
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-15 14:50:54.092
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-15 14:50:54.082
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
Percentage of memory in use: 32%
Total physical RAM: 8047.52 MB
Available physical RAM: 5400.75 MB
Total Virtual: 9327.52 MB
Available Virtual: 6494.19 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:883.84 GB) (Free:729.47 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 54E2A187)

Partition: GPT.

==================== End of Addition.txt ============================

Offline mmlawre1

  • Bronze Member
  • Posts: 16
Re: [In Progress] pop-ups and alerts for urgent virus attention
« Reply #6 on: May 10, 2016, 05:16:15 PM »
FRST part I

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by MindyL (administrator) on MINDY (19-04-2016 21:02:39)
Running from C:\Users\MindyL\Desktop
Loaded Profiles: MindyL (Available Profiles: MindyL)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\loggingserver.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Spotify Ltd) C:\Users\MindyL\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(© 2015 Microsoft Corporation) C:\Users\MindyL\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3743648 2015-08-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6334096 2012-08-27] (Realtek semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-11-13] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-11-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 15\MMReminderService.exe [115552 2014-09-04] (Mindjet)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2885704 2016-04-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Run: [Google Update] => C:\Users\MindyL\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23260000 2016-02-24] (Google)
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Run: [Spotify Web Helper] => C:\Users\MindyL\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-21] (Spotify Ltd)
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Run: [Amazon Music] => C:\Users\MindyL\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] ()
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Run: [GoogleChromeAutoLaunch_7BA9F92B06F33623D6E1FF3494EC2140] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Run: [BingSvc] => C:\Users\MindyL\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\RunOnce: [Uninstall C:\Users\MindyL\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\MindyL\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
Startup: C:\Users\MindyL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-01-03]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\MindyL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-03-29]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\MindyL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-01-17]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25 205.171.2.25
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{707fb07d-b45b-408d-aab7-cca74745a3c6}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{c0f6e0d8-926b-4b2f-8e78-28bbb160779b}: [DhcpNameServer] 192.168.0.1 205.171.3.25 205.171.2.25
Tcpip\..\Interfaces\{e24e9991-2490-43e8-8228-e6b109c78906}: [DhcpNameServer] 82.163.143.171
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5C&ocid=SL5CDHP&osmkt=en-us
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lds.org/
hxxp://www.gmail.com/
hxxp://www.google.com/
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SL5M_FRPage
SearchScopes: HKU\S-1-5-21-3731359467-3889665967-61734404-1001 -> DefaultScope {BBFD9DCA-5D1F-4BFD-9778-08B488098F0B} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3731359467-3889665967-61734404-1001 -> {60F787C8-3A4C-4EBF-8015-B2F09666566E} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3731359467-3889665967-61734404-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7FBC3BF5-1D47-426E-9428-FBA3C6DBE411}&mid=3be7bbf7994047cc9c9269c1a57242da-2fbef669bf5a82a2ada710deecc413c7ac63b2eb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-20 11:50:42&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3731359467-3889665967-61734404-1001 -> {BBFD9DCA-5D1F-4BFD-9778-08B488098F0B} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-22] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.9.726\AVG Web TuneUp.dll [2016-04-19] (AVG)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 15\Mm8InternetExplorer.dll [2014-09-04] (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-03] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.9.726\AVG Web TuneUp.dll [2016-04-19] (AVG)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-03] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3731359467-3889665967-61734404-1001 -> No Name - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} -  No File
DPF: HKLM-x32 {206599BA-54C3-4B56-8B27-361541F02B36} hxxps://webapp4.asu.edu/wifi/tools/xc_loader_activex.ocx
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\MindyL\AppData\Roaming\Mozilla\Firefox\Profiles\yd2tqw0z.default-1449551652312
FF DefaultSearchEngine: AVG Secure Search
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2014-12-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.9\\npsitesafety.dll [No File]
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll [2010-10-18] (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-12] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-07-16] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: @citrixonline.com/appdetectorplugin -> C:\Users\MindyL\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-26] (Citrix Online)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\MindyL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: @talk.google.com/O1DPlugin -> C:\Users\MindyL\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: @tools.google.com/Google Update;version=3 -> C:\Users\MindyL\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: @tools.google.com/Google Update;version=9 -> C:\Users\MindyL\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-10-04] (Intel)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2012-10-04] (Intel)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: SkypePlugin -> C:\Users\MindyL\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: SkypePlugin64 -> C:\Users\MindyL\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi-x64.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Users\MindyL\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\MindyL\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\MindyL\AppData\Roaming\Mozilla\Firefox\Profiles\yd2tqw0z.default-1449551652312\searchplugins\avg-secure-search.xml [2016-04-19]
FF Extension: AVG Web TuneUp - C:\Users\MindyL\AppData\Roaming\Mozilla\Firefox\Profiles\yd2tqw0z.default-1449551652312\extensions\avg@toolbar.xpi [2016-04-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3227981&SearchSource=48&CUI=UN12898016257201275&UM=2","hxxp://mysearch.avg.com?cid={0C83C89E-02E5-4B43-9D1B-84FCB97043C4}&mid=5a57613f778147d39d0db17f9bdcfe74-2fbef669bf5a82a2ada710deecc413c7ac63b2eb&lang=en&ds=co012&coid=avgtbdisco&pr=sa&d=2013-10-30 09:49:31&v=17.0.0.12&pid=safeguard&sg=0&sap=hp","hxxps://www.familysearch.org/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (AppUp) - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
CHR Plugin: (Java(TM) Platform SE 7 U6) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\MindyL\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\MindyL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\MindyL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\MindyL\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.60.24) - C:\windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Profile: C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Find-A-Record) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfejejjdbkmhigbgcmgmoihbjckiklb [2014-10-20]
CHR Extension: (Google Docs) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-22]
CHR Extension: (RootsSearch) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aolcffalbhpnojekmimmelebjchjmmgn [2016-04-19]
CHR Extension: (Google Drive) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-04]
CHR Extension: (YouTube) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Nanny for Google Chrome (TM)) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cljcgchbnolheggdgaeclffeagnnmhno [2013-04-02]
CHR Extension: (Google Search) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Docs Offline) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29]
CHR Extension: (Ancestry Family Search Extension) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahjgikepkkgkinlhipagkkdgfbobphh [2016-01-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-19]
CHR Extension: (Gmail) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (AVG PrivacyFix) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni [2016-03-29]
CHR HKU\S-1-5-21-3731359467-3889665967-61734404-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3731359467-3889665967-61734404-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]


Offline mmlawre1

  • Bronze Member
  • Posts: 16
Re: [In Progress] pop-ups and alerts for urgent virus attention
« Reply #7 on: May 10, 2016, 05:20:38 PM »
FRST part II
==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-12-09] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2647256 2014-01-24] (Blue Coat Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2015-08-19] (ELAN Microelectronics Corp.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-06-18] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2016-01-17] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)
R2 vToolbarUpdater40.2.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe [1964616 2016-04-19] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1215560 2016-03-01] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8227216 2012-08-27] (Realtek Semiconductor Corp.)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-19 20:58 - 2016-04-19 21:02 - 00047044 _____ C:\Users\MindyL\Desktop\Addition.txt
2016-04-19 20:57 - 2016-04-19 21:02 - 00035507 _____ C:\Users\MindyL\Desktop\FRST.txt
2016-04-19 20:57 - 2016-04-19 21:02 - 00000000 ____D C:\FRST
2016-04-19 20:55 - 2016-04-19 20:56 - 02375680 _____ (Farbar) C:\Users\MindyL\Desktop\FRST64.exe
2016-04-19 20:52 - 2016-04-19 20:52 - 00000000 ___HD C:\OneDriveTemp
2016-04-19 19:29 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-19 19:25 - 2016-04-19 19:27 - 22851472 _____ (Malwarebytes ) C:\Users\MindyL\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-15 18:14 - 2016-04-15 18:14 - 00043869 _____ C:\Users\MindyL\Desktop\dds.txt
2016-04-15 18:14 - 2016-04-15 18:14 - 00012100 _____ C:\Users\MindyL\Desktop\attach.txt
2016-04-15 18:12 - 2016-04-15 18:13 - 00688992 ____R (Swearware) C:\Users\MindyL\Desktop\dds.com
2016-03-27 12:42 - 2016-03-27 12:45 - 39882442 _____ C:\Users\MindyL\Downloads\2010-03-07-he-lives-testimonies-of-jesus-christ-1080p-eng.mp4
2016-03-27 10:10 - 2016-03-27 10:19 - 136530708 _____ C:\Users\MindyL\Downloads\2016-02-1000-hallelujah-an-easter-message-about-jesus-christ-1080p-eng (1).mp4
2016-03-22 16:30 - 2016-03-22 16:30 - 00003220 _____ C:\WINDOWS\System32\Tasks\0316tbUpdateInfo
2016-03-22 16:30 - 2016-03-22 16:30 - 00000000 ____D C:\ProgramData\Avg_Update_0316tb

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-19 21:02 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-19 21:02 - 2013-04-02 18:41 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-19 20:58 - 2013-07-27 16:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-19 20:52 - 2015-12-20 11:49 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-04-19 20:52 - 2013-12-26 20:24 - 00000000 ___RD C:\Users\MindyL\SkyDrive
2016-04-19 20:51 - 2015-10-08 13:28 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-19 20:51 - 2015-08-05 20:54 - 00000000 __SHD C:\Users\MindyL\IntelGraphicsProfiles
2016-04-19 20:51 - 2013-04-02 18:41 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-19 20:05 - 2012-12-21 21:40 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-19 20:04 - 2013-03-31 18:23 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3731359467-3889665967-61734404-1001UA.job
2016-04-19 19:50 - 2016-01-17 17:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-19 19:49 - 2015-10-29 23:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-19 19:49 - 2015-06-30 22:34 - 00000676 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3731359467-3889665967-61734404-1001.job
2016-04-19 19:48 - 2015-06-30 22:34 - 00003824 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3731359467-3889665967-61734404-1001
2016-04-19 19:48 - 2015-02-26 10:25 - 00003728 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3731359467-3889665967-61734404-1001
2016-04-19 19:48 - 2015-02-26 10:25 - 00000580 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3731359467-3889665967-61734404-1001.job
2016-04-19 19:37 - 2013-04-02 20:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-19 19:31 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-19 19:31 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-19 19:30 - 2015-10-16 01:03 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2B6A3A25.sys
2016-04-19 19:29 - 2015-10-08 13:28 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-19 19:29 - 2015-10-08 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-19 19:29 - 2015-10-08 13:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-19 19:25 - 2015-10-30 00:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-19 19:25 - 2014-12-12 12:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-04-19 19:19 - 2015-12-20 11:49 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-04-19 19:19 - 2015-12-20 11:48 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-04-19 19:09 - 2014-11-19 19:31 - 00003486 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-04-19 19:09 - 2013-08-22 16:04 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B9E297C4-D1C2-4E23-86B4-422E40763046}
2016-04-15 17:51 - 2013-03-21 19:19 - 00000000 ____D C:\Users\MindyL\AppData\LocalLow\Temp
2016-04-15 17:50 - 2015-12-20 10:48 - 00009442 _____ C:\wulog.txt
2016-04-15 15:41 - 2012-12-02 03:40 - 00000000 ____D C:\Users\MindyL\AppData\Local\Packages
2016-04-15 15:19 - 2013-04-02 18:58 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-15 15:17 - 2015-12-20 10:48 - 00000000 ____D C:\ProgramData\Avg
2016-04-15 15:17 - 2015-12-20 10:48 - 00000000 ____D C:\Program Files (x86)\AVG
2016-04-15 15:16 - 2015-12-20 10:44 - 00000000 ____D C:\Users\MindyL\AppData\Local\AvgSetupLog
2016-04-15 15:03 - 2015-12-20 10:50 - 00000000 ____D C:\ProgramData\MFAData
2016-04-15 15:03 - 2015-12-20 10:44 - 00000000 ____D C:\Users\MindyL\AppData\Local\Avg
2016-04-15 15:02 - 2016-01-17 17:08 - 00000000 ____D C:\Users\MindyL
2016-04-15 14:58 - 2015-10-30 00:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-06 11:32 - 2015-10-30 00:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 11:32 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-29 17:38 - 2014-01-02 12:07 - 00000000 ____D C:\Users\MindyL\AppData\Local\Spotify
2016-03-29 17:35 - 2015-12-07 11:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-29 17:28 - 2016-02-21 11:53 - 00000000 ____D C:\ProgramData\fea70748
2016-03-29 17:19 - 2014-01-02 12:07 - 00000000 ____D C:\Users\MindyL\AppData\Roaming\Spotify
2016-03-29 17:13 - 2015-10-29 23:28 - 00065536 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-29 17:12 - 2016-02-21 11:53 - 00003884 _____ C:\WINDOWS\System32\Tasks\{A7D3ECC3-67D7-1B2C-4376-624C095A082E}
2016-03-27 16:23 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-27 13:04 - 2013-03-31 18:23 - 00000872 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3731359467-3889665967-61734404-1001Core.job
2016-03-27 13:03 - 2012-12-12 12:24 - 00000000 ____D C:\Users\MindyL\AppData\Local\Microsoft Help
2016-03-27 10:17 - 2014-04-25 07:07 - 04936704 _____ C:\Users\MindyL\AppData\Local\pq.db
2016-03-27 10:05 - 2014-04-25 07:07 - 02014819 _____ C:\Users\MindyL\AppData\Local\pq.log.0
2016-03-22 16:15 - 2013-08-27 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-03-22 16:03 - 2014-04-25 07:07 - 00000000 _____ C:\Users\MindyL\AppData\Local\pq.log.0.lck
2016-03-20 11:23 - 2015-08-16 13:39 - 00000000 ____D C:\Users\MindyL\Desktop\Family History
2016-03-20 11:22 - 2015-10-30 08:26 - 00000000 ____D C:\Users\MindyL\Desktop\Jen's iPhone
2016-03-20 11:15 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-20 11:15 - 2015-08-05 20:34 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-20 11:13 - 2015-04-24 10:10 - 00000000 ____D C:\Users\MindyL\Desktop\ASU
2016-03-20 10:54 - 2016-01-17 16:58 - 00285184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-20 10:50 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-20 10:50 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-20 10:50 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-20 10:50 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform

==================== Files in the root of some directories =======

2013-03-19 12:52 - 2015-05-02 19:41 - 0001767 _____ () C:\Users\MindyL\AppData\Local\opensource-licenses.txt
2014-04-25 07:07 - 2016-03-27 10:17 - 4936704 _____ () C:\Users\MindyL\AppData\Local\pq.db
2014-04-25 07:07 - 2016-03-27 10:05 - 2014819 _____ () C:\Users\MindyL\AppData\Local\pq.log.0
2014-04-25 16:38 - 2015-08-21 09:29 - 0062588 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.1
2014-04-25 16:38 - 2015-08-21 09:20 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.1.lck
2015-01-20 18:14 - 2015-01-20 18:14 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.10
2015-01-20 18:14 - 2015-01-20 18:14 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.10.lck
2015-05-02 15:34 - 2015-05-02 15:34 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.100
2015-05-02 15:34 - 2015-05-02 15:34 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.100.lck
2015-01-21 16:17 - 2015-01-21 16:18 - 0010553 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.11
2015-01-21 16:17 - 2015-01-21 16:17 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.11.lck
2015-01-21 22:04 - 2015-01-21 22:04 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.12
2015-01-21 22:04 - 2015-01-21 22:04 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.12.lck
2015-01-24 12:14 - 2015-01-25 01:58 - 0018369 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.13
2015-01-24 12:14 - 2015-01-24 12:14 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.13.lck
2015-01-25 23:37 - 2015-01-25 23:38 - 0005904 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.14
2015-01-25 23:37 - 2015-01-25 23:37 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.14.lck
2015-01-26 13:30 - 2015-01-26 13:30 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.15
2015-01-26 13:30 - 2015-01-26 13:30 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.15.lck
2015-01-26 13:30 - 2015-01-26 13:30 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.16
2015-01-26 13:30 - 2015-01-26 13:30 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.16.lck
2015-01-26 13:31 - 2015-01-26 13:32 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.17
2015-01-26 13:31 - 2015-01-26 13:31 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.17.lck
2015-01-26 16:57 - 2015-01-26 16:57 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.18
2015-01-26 16:57 - 2015-01-26 16:57 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.18.lck
2015-01-27 14:10 - 2015-01-30 19:18 - 0005235 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.19
2015-01-27 14:10 - 2015-01-27 14:10 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.19.lck
2014-06-16 12:54 - 2014-08-28 21:22 - 0016454 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.2
2014-06-16 12:54 - 2014-08-28 21:01 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.2.lck
2015-01-31 12:10 - 2015-01-31 12:11 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.20
2015-01-31 12:10 - 2015-01-31 12:10 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.20.lck
2015-01-31 12:11 - 2015-01-31 12:11 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.21
2015-01-31 12:11 - 2015-01-31 12:11 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.21.lck
2015-02-01 10:03 - 2015-02-01 10:03 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.22
2015-02-01 10:03 - 2015-02-01 10:03 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.22.lck
2015-02-01 11:50 - 2015-02-01 11:50 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.23
2015-02-01 11:50 - 2015-02-01 11:50 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.23.lck
2015-02-01 23:52 - 2015-02-01 23:52 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.24
2015-02-01 23:52 - 2015-02-01 23:52 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.24.lck
2015-02-02 16:59 - 2015-02-02 17:00 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.25
2015-02-02 16:59 - 2015-02-02 16:59 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.25.lck
2015-02-04 15:17 - 2015-02-04 15:18 - 0010553 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.26
2015-02-04 15:17 - 2015-02-04 15:17 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.26.lck
2015-02-05 17:43 - 2015-02-05 17:43 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.27
2015-02-05 17:43 - 2015-02-05 17:43 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.27.lck
2015-02-06 20:46 - 2015-02-06 20:47 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.28
2015-02-06 20:46 - 2015-02-06 20:46 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.28.lck
2015-02-08 11:17 - 2015-02-08 11:17 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.29
2015-02-08 11:17 - 2015-02-08 11:17 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.29.lck
2014-12-10 15:53 - 2014-12-11 00:15 - 0011186 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.3
2014-12-10 15:53 - 2014-12-10 15:53 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.3.lck
2015-02-09 14:10 - 2015-02-09 14:10 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.30
2015-02-09 14:10 - 2015-02-09 14:10 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.30.lck
2015-02-09 16:11 - 2015-02-09 16:11 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.31
2015-02-09 16:11 - 2015-02-09 16:11 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.31.lck
2015-02-09 16:12 - 2015-02-09 16:12 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.32
2015-02-09 16:12 - 2015-02-09 16:12 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.32.lck
2015-02-12 16:16 - 2015-02-13 03:17 - 0010793 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.33
2015-02-12 16:16 - 2015-02-12 16:16 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.33.lck
2015-02-15 09:58 - 2015-02-15 09:58 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.34
2015-02-15 09:58 - 2015-02-15 09:58 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.34.lck
2015-02-16 22:37 - 2015-02-16 22:37 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.35
2015-02-16 22:37 - 2015-02-16 22:37 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.35.lck
2015-02-18 14:00 - 2015-02-18 14:00 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.36
2015-02-18 14:00 - 2015-02-18 14:00 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.36.lck
2015-02-19 17:55 - 2015-02-19 17:55 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.37
2015-02-19 17:55 - 2015-02-19 17:55 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.37.lck
2015-02-20 13:56 - 2015-02-20 13:56 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.38
2015-02-20 13:56 - 2015-02-20 13:56 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.38.lck
2015-02-22 10:04 - 2015-02-22 10:04 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.39
2015-02-22 10:04 - 2015-02-22 10:04 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.39.lck
2014-12-13 21:11 - 2014-12-13 21:11 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.4
2014-12-13 21:11 - 2014-12-13 21:11 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.4.lck
2015-02-22 10:57 - 2015-02-22 10:57 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.40
2015-02-22 10:57 - 2015-02-22 10:57 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.40.lck
2015-02-22 23:42 - 2015-02-22 23:42 - 0010589 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.41
2015-02-22 23:42 - 2015-02-22 23:42 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.41.lck
2015-02-23 13:41 - 2015-02-23 13:41 - 0010553 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.42
2015-02-23 13:41 - 2015-02-23 13:41 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.42.lck
2015-02-23 13:44 - 2015-02-23 13:44 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.43
2015-02-23 13:44 - 2015-02-23 13:44 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.43.lck
2015-02-26 20:28 - 2015-02-26 20:30 - 0011500 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.44
2015-02-26 20:28 - 2015-02-26 20:28 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.44.lck
2015-02-27 15:11 - 2015-02-27 15:11 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.45
2015-02-27 15:11 - 2015-02-27 15:11 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.45.lck
2015-02-28 15:25 - 2015-02-28 15:25 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.46
2015-02-28 15:25 - 2015-02-28 15:25 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.46.lck
2015-02-28 19:03 - 2015-02-28 19:03 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.47
2015-02-28 19:03 - 2015-02-28 19:03 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.47.lck
2015-02-28 19:07 - 2015-02-28 19:07 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.48
2015-02-28 19:07 - 2015-02-28 19:07 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.48.lck
2015-03-01 09:49 - 2015-03-01 09:49 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.49
2015-03-01 09:49 - 2015-03-01 09:49 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.49.lck
2015-01-13 17:26 - 2015-01-13 17:26 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.5
2015-01-13 17:26 - 2015-01-13 17:26 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.5.lck
2015-03-01 09:49 - 2015-03-01 09:50 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.50
2015-03-01 09:49 - 2015-03-01 09:49 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.50.lck
2015-03-01 11:59 - 2015-03-01 11:59 - 0010589 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.51
2015-03-01 11:59 - 2015-03-01 11:59 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.51.lck
2015-03-01 23:03 - 2015-03-01 23:03 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.52
2015-03-01 23:03 - 2015-03-01 23:03 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.52.lck
2015-03-02 14:52 - 2015-03-02 14:52 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.53
2015-03-02 14:52 - 2015-03-02 14:52 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.53.lck
2015-03-05 01:08 - 2015-03-05 01:08 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.54
2015-03-05 01:08 - 2015-03-05 01:08 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.54.lck
2015-03-09 09:05 - 2015-03-09 09:06 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.55
2015-03-09 09:05 - 2015-03-09 09:05 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.55.lck
2015-03-16 11:58 - 2015-03-16 11:58 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.56
2015-03-16 11:58 - 2015-03-16 11:58 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.56.lck
2015-03-16 14:47 - 2015-03-16 14:47 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.57
2015-03-16 14:47 - 2015-03-16 14:47 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.57.lck
2015-03-17 12:45 - 2015-03-17 12:45 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.58
2015-03-17 12:45 - 2015-03-17 12:45 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.58.lck
2015-03-18 11:37 - 2015-03-21 15:11 - 0006596 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.59
2015-03-18 11:37 - 2015-03-18 11:37 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.59.lck
2015-01-14 08:57 - 2015-01-14 08:58 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.6
2015-01-14 08:57 - 2015-01-14 08:57 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.6.lck
2015-03-21 15:27 - 2015-03-21 21:15 - 0005699 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.60
2015-03-21 15:27 - 2015-03-21 15:27 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.60.lck
2015-03-21 21:18 - 2015-03-21 23:56 - 0005235 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.61
2015-03-21 21:18 - 2015-03-21 21:18 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.61.lck
2015-03-22 10:59 - 2015-03-22 10:59 - 0010589 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.62
2015-03-22 10:59 - 2015-03-22 10:59 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.62.lck
2015-03-22 10:59 - 2015-03-22 11:00 - 0010589 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.63
2015-03-22 10:59 - 2015-03-22 10:59 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.63.lck
2015-03-22 22:56 - 2015-03-22 22:56 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.64
2015-03-22 22:56 - 2015-03-22 22:56 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.64.lck
2015-03-24 23:58 - 2015-03-24 23:58 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.65
2015-03-24 23:58 - 2015-03-24 23:58 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.65.lck
2015-03-25 00:15 - 2015-03-25 00:16 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.66
2015-03-25 00:15 - 2015-03-25 00:15 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.66.lck
2015-03-25 20:54 - 2015-03-25 20:55 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.67
2015-03-25 20:54 - 2015-03-25 20:54 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.67.lck
2015-03-27 12:05 - 2015-03-27 12:05 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.68
2015-03-27 12:05 - 2015-03-27 12:05 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.68.lck
2015-03-29 22:30 - 2015-03-29 22:30 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.69
2015-03-29 22:30 - 2015-03-29 22:30 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.69.lck
2015-01-14 22:31 - 2015-01-14 22:31 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.7
2015-01-14 22:31 - 2015-01-14 22:31 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.7.lck
2015-03-30 21:31 - 2015-03-30 21:32 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.70
2015-03-30 21:31 - 2015-03-30 21:31 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.70.lck
2015-03-31 18:32 - 2015-03-31 18:32 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.71
2015-03-31 18:32 - 2015-03-31 18:32 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.71.lck
2015-03-31 19:30 - 2015-03-31 19:30 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.72
2015-03-31 19:30 - 2015-03-31 19:30 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.72.lck
2015-04-01 10:21 - 2015-04-01 10:22 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.73
2015-04-01 10:21 - 2015-04-01 10:21 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.73.lck
2015-04-03 14:27 - 2015-04-03 21:55 - 0012992 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.74
2015-04-03 14:27 - 2015-04-03 14:27 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.74.lck
2015-04-04 20:13 - 2015-04-04 20:43 - 0022153 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.75
2015-04-04 20:13 - 2015-04-04 20:13 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.75.lck
2015-04-05 00:40 - 2015-04-05 00:41 - 0021529 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.76
2015-04-05 00:40 - 2015-04-05 00:40 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.76.lck
2015-04-06 13:31 - 2015-04-06 13:32 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.77
2015-04-06 13:31 - 2015-04-06 13:31 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.77.lck
2015-04-06 16:54 - 2015-04-07 19:05 - 0005669 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.78
2015-04-06 16:54 - 2015-04-06 16:54 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.78.lck
2015-04-07 20:13 - 2015-04-07 20:15 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.79
2015-04-07 20:13 - 2015-04-07 20:13 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.79.lck
2015-01-19 12:22 - 2015-01-19 12:22 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.8
2015-01-19 12:22 - 2015-01-19 12:22 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.8.lck
2015-04-08 14:13 - 2015-04-08 18:24 - 0028645 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.80
2015-04-08 14:13 - 2015-04-08 14:13 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.80.lck
2015-04-08 18:28 - 2015-04-09 02:03 - 0011967 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.81
2015-04-08 18:28 - 2015-04-08 18:28 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.81.lck
2015-04-09 10:04 - 2015-04-09 15:17 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.82
2015-04-09 10:04 - 2015-04-09 10:04 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.82.lck
2015-04-09 10:11 - 2015-04-09 10:12 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.83
2015-04-09 10:11 - 2015-04-09 10:11 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.83.lck
2015-04-09 10:49 - 2015-04-09 10:50 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.84
2015-04-09 10:49 - 2015-04-09 10:49 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.84.lck
2015-04-09 15:21 - 2015-04-12 11:45 - 0017061 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.85
2015-04-09 15:21 - 2015-04-09 15:21 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.85.lck
2015-04-12 21:50 - 2015-04-13 00:52 - 0007267 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.86
2015-04-12 21:50 - 2015-04-12 21:50 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.86.lck
2015-04-13 18:17 - 2015-04-14 23:21 - 0008116 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.87
2015-04-13 18:17 - 2015-04-13 18:17 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.87.lck
2015-04-13 18:17 - 2015-04-14 23:21 - 0005470 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.88
2015-04-13 18:17 - 2015-04-13 18:17 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.88.lck
2015-04-16 15:26 - 2015-04-16 21:31 - 0005701 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.89
2015-04-16 15:26 - 2015-04-16 15:26 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.89.lck
2015-01-20 11:34 - 2015-01-20 11:39 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.9
2015-01-20 11:34 - 2015-01-20 11:34 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.9.lck
2015-04-18 21:24 - 2015-04-18 21:24 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.90
2015-04-18 21:24 - 2015-04-18 21:24 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.90.lck
2015-04-19 09:28 - 2015-04-19 09:29 - 0010553 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.91
2015-04-19 09:28 - 2015-04-19 09:28 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.91.lck
2015-04-20 13:14 - 2015-04-20 13:16 - 0005235 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.92
2015-04-20 13:14 - 2015-04-20 13:14 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.92.lck
2015-04-20 13:23 - 2015-04-23 22:58 - 0040828 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.93
2015-04-20 13:23 - 2015-04-20 13:23 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.93.lck
2015-04-23 23:05 - 2015-04-24 11:50 - 0007331 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.94
2015-04-23 23:05 - 2015-04-23 23:05 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.94.lck
2015-04-23 23:06 - 2015-04-23 23:06 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.95
2015-04-23 23:06 - 2015-04-23 23:06 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.95.lck
2015-04-27 20:04 - 2015-04-27 20:05 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.96
2015-04-27 20:04 - 2015-04-27 20:04 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.96.lck
2015-04-27 21:41 - 2015-04-30 17:19 - 0007503 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.97
2015-04-27 21:41 - 2015-04-27 21:41 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.97.lck
2015-05-01 10:45 - 2015-05-02 11:09 - 0006235 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.98
2015-05-01 10:45 - 2015-05-01 10:45 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.98.lck
2015-05-02 15:34 - 2015-05-02 15:34 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.99
2015-05-02 15:34 - 2015-05-02 15:34 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.99.lck
2014-04-25 07:07 - 2016-03-22 16:03 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.lck
2014-04-25 07:07 - 2014-04-25 07:07 - 0000235 _____ () C:\Users\MindyL\AppData\Local\pq.properties
2013-11-06 16:56 - 2013-11-06 16:57 - 0022833 _____ () C:\Users\MindyL\AppData\Local\WiDiSetupLog.20131106.165617.txt
2013-03-19 12:52 - 2014-04-25 02:17 - 3956736 _____ () C:\Users\MindyL\AppData\Local\wnc.db
2013-03-19 12:52 - 2014-04-25 02:03 - 1681217 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0
2013-06-20 22:50 - 2014-03-18 21:14 - 0017747 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.1
2013-06-20 22:50 - 2014-03-18 21:14 - 0000000 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.1.lck
2013-09-02 22:35 - 2013-10-20 22:46 - 0003066 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.2
2013-09-02 22:35 - 2013-10-20 22:46 - 0000000 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.2.lck
2013-09-02 22:36 - 2013-09-02 22:36 - 0001533 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.3
2013-09-02 22:36 - 2013-09-02 22:40 - 0000000 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.3.lck
2013-09-02 22:39 - 2013-09-02 22:39 - 0001533 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.4
2013-09-02 22:39 - 2013-09-02 22:40 - 0000000 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.4.lck
2013-09-02 22:40 - 2013-09-02 22:40 - 0001533 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.5
2013-09-02 22:40 - 2013-09-02 22:40 - 0000000 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.5.lck
2013-03-19 12:52 - 2014-04-23 10:30 - 0000000 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.lck
2013-03-19 12:52 - 2013-03-19 12:52 - 0000440 _____ () C:\Users\MindyL\AppData\Local\wnc.properties
2015-03-03 22:51 - 2015-03-03 22:51 - 0000000 _____ () C:\Users\MindyL\AppData\Local\{06761334-41CB-480F-998C-E27D030AE501}
2015-03-29 22:51 - 2015-03-29 22:51 - 0000000 _____ () C:\Users\MindyL\AppData\Local\{36220170-ADF9-4CE7-9F93-90B84C3605B8}
2015-01-24 21:46 - 2015-01-24 21:46 - 0000000 _____ () C:\Users\MindyL\AppData\Local\{8CA1D048-5AC1-471D-81B0-27004745E381}
2015-02-18 22:51 - 2015-02-18 22:51 - 0000000 _____ () C:\Users\MindyL\AppData\Local\{A8774D95-8BB7-4728-B8B6-38E8FCC980D4}
2016-01-17 17:04 - 2016-01-17 17:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-03-06 15:36 - 2013-03-08 17:18 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\MindyL\AppData\Local\Temp\avguirn_081281335976.exe
C:\Users\MindyL\AppData\Local\Temp\proxy_vole2350349421929708191.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-29 18:12

==================== End of FRST.txt ============================

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] pop-ups and alerts for urgent virus attention
« Reply #8 on: May 11, 2016, 01:44:05 PM »

  Hello mmlawre1,

Welcome back.  :)1

Thank you for the FRST logs, unfortunately they are out of date

Please do the following:-

Please use Internet Explorer while we clean your machine.

Show hidden files

1. Select the “Start” button, then choose “File Explorer“.
2.Select the “View” tab.
3.Check the “Hidden items” check box to view hidden items.


Uninstall FRST



"Delfix link mirror"http://ccm.net/download/download-24087-delfix

  • Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

  • Make Sure that only the following items are checked:


               1.Remove disinfection tools
                            2.Create registry backup



  • Now click on "Run" and wait patiently until the tool has completed.

  • The tool will create a log when it has completed. I don't need you to post this.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Download & run FARBAR Recovery Scan Tool (FRST)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
I need both FRST logs please.

platypuss

Offline mmlawre1

  • Bronze Member
  • Posts: 16
Re: [In Progress] pop-ups and alerts for urgent virus attention
« Reply #9 on: May 11, 2016, 10:58:46 PM »
Part I

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by MindyL (administrator) on MINDY (11-05-2016 21:46:46)
Running from C:\Users\MindyL\Downloads
Loaded Profiles: MindyL (Available Profiles: MindyL)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\loggingserver.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Spotify Ltd) C:\Users\MindyL\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(© 2015 Microsoft Corporation) C:\Users\MindyL\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.19761.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\Temp\2467FDA5-892F-4B3F-8008-D091F40D238E\DismHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3743648 2015-08-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6334096 2012-08-27] (Realtek semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-11-13] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-11-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 15\MMReminderService.exe [115552 2014-09-04] (Mindjet)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2885704 2016-04-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Run: [Google Update] => C:\Users\MindyL\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Run: [Spotify Web Helper] => C:\Users\MindyL\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-21] (Spotify Ltd)
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Run: [Amazon Music] => C:\Users\MindyL\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] ()
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Run: [GoogleChromeAutoLaunch_7BA9F92B06F33623D6E1FF3494EC2140] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-27] (Google Inc.)
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Run: [BingSvc] => C:\Users\MindyL\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\RunOnce: [Uninstall C:\Users\MindyL\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\MindyL\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
Startup: C:\Users\MindyL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-01-03]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\MindyL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-03-29]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\MindyL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-01-17]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25 205.171.2.25
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{707fb07d-b45b-408d-aab7-cca74745a3c6}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{c0f6e0d8-926b-4b2f-8e78-28bbb160779b}: [DhcpNameServer] 192.168.0.1 205.171.3.25 205.171.2.25
Tcpip\..\Interfaces\{e24e9991-2490-43e8-8228-e6b109c78906}: [DhcpNameServer] 82.163.143.171
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5C&ocid=SL5CDHP&osmkt=en-us
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lds.org/
hxxp://www.gmail.com/
hxxp://www.google.com/
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SL5M_FRPage
SearchScopes: HKU\S-1-5-21-3731359467-3889665967-61734404-1001 -> DefaultScope {BBFD9DCA-5D1F-4BFD-9778-08B488098F0B} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3731359467-3889665967-61734404-1001 -> {60F787C8-3A4C-4EBF-8015-B2F09666566E} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3731359467-3889665967-61734404-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7FBC3BF5-1D47-426E-9428-FBA3C6DBE411}&mid=3be7bbf7994047cc9c9269c1a57242da-2fbef669bf5a82a2ada710deecc413c7ac63b2eb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-20 11:50:42&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3731359467-3889665967-61734404-1001 -> {BBFD9DCA-5D1F-4BFD-9778-08B488098F0B} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-22] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.9.726\AVG Web TuneUp.dll [2016-04-19] (AVG)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 15\Mm8InternetExplorer.dll [2014-09-04] (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-03] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.9.726\AVG Web TuneUp.dll [2016-04-19] (AVG)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-03] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3731359467-3889665967-61734404-1001 -> No Name - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} -  No File
DPF: HKLM-x32 {206599BA-54C3-4B56-8B27-361541F02B36} hxxps://webapp4.asu.edu/wifi/tools/xc_loader_activex.ocx
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\MindyL\AppData\Roaming\Mozilla\Firefox\Profiles\yd2tqw0z.default-1449551652312
FF DefaultSearchEngine: AVG Secure Search
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2014-12-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.9\\npsitesafety.dll [No File]
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll [2010-10-18] (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-12] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-07-16] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: @citrixonline.com/appdetectorplugin -> C:\Users\MindyL\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-26] (Citrix Online)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\MindyL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: @talk.google.com/O1DPlugin -> C:\Users\MindyL\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: @tools.google.com/Google Update;version=3 -> C:\Users\MindyL\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: @tools.google.com/Google Update;version=9 -> C:\Users\MindyL\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-10-04] (Intel)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2012-10-04] (Intel)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: SkypePlugin -> C:\Users\MindyL\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3731359467-3889665967-61734404-1001: SkypePlugin64 -> C:\Users\MindyL\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi-x64.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Users\MindyL\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\MindyL\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\MindyL\AppData\Roaming\Mozilla\Firefox\Profiles\yd2tqw0z.default-1449551652312\searchplugins\avg-secure-search.xml [2016-04-19]
FF Extension: AVG Web TuneUp - C:\Users\MindyL\AppData\Roaming\Mozilla\Firefox\Profiles\yd2tqw0z.default-1449551652312\extensions\avg@toolbar.xpi [2016-04-19]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-04-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (AppUp) - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
CHR Plugin: (Java(TM) Platform SE 7 U6) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\MindyL\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\MindyL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\MindyL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\MindyL\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.60.24) - C:\windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Profile: C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Find-A-Record) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfejejjdbkmhigbgcmgmoihbjckiklb [2014-10-20]
CHR Extension: (Google Docs) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-22]
CHR Extension: (RootsSearch) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aolcffalbhpnojekmimmelebjchjmmgn [2016-04-19]
CHR Extension: (Google Drive) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-04]
CHR Extension: (YouTube) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Nanny for Google Chrome (TM)) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cljcgchbnolheggdgaeclffeagnnmhno [2013-04-02]
CHR Extension: (Google Search) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Docs Offline) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29]
CHR Extension: (Ancestry Family Search Extension) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahjgikepkkgkinlhipagkkdgfbobphh [2016-01-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-19]
CHR Extension: (Gmail) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (AVG PrivacyFix) - C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni [2016-03-29]
CHR HKU\S-1-5-21-3731359467-3889665967-61734404-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3731359467-3889665967-61734404-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-04-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-12-09] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2647256 2014-01-24] (Blue Coat Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2015-08-19] (ELAN Microelectronics Corp.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-06-18] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2016-01-17] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)
R2 vToolbarUpdater40.2.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe [1964616 2016-04-19] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1215560 2016-03-01] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8227216 2012-08-27] (Realtek Semiconductor Corp.)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-11 21:46 - 2016-05-11 21:47 - 00034776 _____ C:\Users\MindyL\Downloads\FRST.txt
2016-05-11 21:46 - 2016-05-11 21:46 - 00000000 ____D C:\FRST
2016-05-11 21:45 - 2016-05-11 21:46 - 02381312 _____ (Farbar) C:\Users\MindyL\Downloads\FRST64.exe
2016-05-11 21:44 - 2016-05-11 21:44 - 00000000 ____D C:\WINDOWS\ERUNT
2016-05-10 15:36 - 2016-05-10 15:36 - 22851472 _____ (Malwarebytes ) C:\Users\MindyL\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-05-10 15:34 - 2016-05-10 15:34 - 00000000 ___HD C:\OneDriveTemp
2016-05-10 15:26 - 2016-05-11 21:45 - 00000000 ____D C:\Users\MindyL\Desktop\spyware
2016-05-10 14:34 - 2016-05-10 14:43 - 22851472 _____ (Malwarebytes ) C:\Users\MindyL\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-10 13:39 - 2016-05-10 13:39 - 00003400 _____ C:\WINDOWS\System32\Tasks\AVG-SSU_0516tb
2016-05-10 13:39 - 2016-05-10 13:39 - 00000000 ____D C:\ProgramData\Avg_Update_0516tb
2016-04-19 21:10 - 2016-04-19 21:10 - 00020954 _____ C:\Users\MindyL\Desktop\mwbam.txt
2016-04-19 19:29 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-19 19:25 - 2016-04-19 19:27 - 22851472 _____ (Malwarebytes ) C:\Users\MindyL\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-19 19:24 - 2016-04-01 20:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-19 19:24 - 2016-04-01 20:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-19 19:24 - 2016-04-01 20:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-19 19:24 - 2016-03-29 03:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-19 19:24 - 2016-03-29 03:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-19 19:24 - 2016-03-29 03:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-19 19:24 - 2016-03-29 02:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-19 19:24 - 2016-03-29 02:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-19 19:24 - 2016-03-29 02:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-19 19:24 - 2016-03-29 02:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-19 19:24 - 2016-03-29 00:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-19 19:24 - 2016-03-29 00:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-19 19:24 - 2016-03-29 00:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-19 19:24 - 2016-03-29 00:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-19 19:24 - 2016-03-29 00:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-19 19:24 - 2016-03-29 00:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-19 19:24 - 2016-03-29 00:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-19 19:24 - 2016-03-29 00:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-19 19:24 - 2016-03-29 00:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-19 19:24 - 2016-03-29 00:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-19 19:24 - 2016-03-29 00:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-19 19:24 - 2016-03-29 00:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-19 19:24 - 2016-03-29 00:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-19 19:24 - 2016-03-29 00:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-19 19:24 - 2016-03-29 00:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-19 19:24 - 2016-03-29 00:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-19 19:24 - 2016-03-29 00:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-19 19:24 - 2016-03-28 23:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-19 19:24 - 2016-03-28 23:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-19 19:24 - 2016-03-28 23:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-19 19:24 - 2016-03-28 23:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-19 19:24 - 2016-03-28 23:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-19 19:24 - 2016-03-28 23:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-19 19:24 - 2016-03-28 23:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-19 19:24 - 2016-03-28 23:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-19 19:24 - 2016-03-28 23:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-19 19:24 - 2016-03-28 23:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-19 19:24 - 2016-03-28 23:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-19 19:24 - 2016-03-28 23:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-19 19:24 - 2016-03-28 23:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-19 19:24 - 2016-03-28 23:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-19 19:24 - 2016-03-28 23:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-19 19:24 - 2016-03-28 23:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-19 19:24 - 2016-03-28 23:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-19 19:24 - 2016-03-28 23:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-19 19:24 - 2016-03-28 23:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-19 19:24 - 2016-03-28 22:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-19 19:24 - 2016-03-28 22:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-19 19:24 - 2016-03-28 22:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-19 19:24 - 2016-03-28 22:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-19 19:24 - 2016-03-28 22:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-19 19:24 - 2016-03-28 22:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-19 19:24 - 2016-03-28 22:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-19 19:24 - 2016-03-28 22:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-19 19:24 - 2016-03-28 22:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-19 19:24 - 2016-03-28 22:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-19 19:24 - 2016-03-28 22:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-19 19:24 - 2016-03-28 22:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-19 19:24 - 2016-03-28 22:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-19 19:24 - 2016-03-28 22:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-19 19:23 - 2016-04-01 21:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-19 19:23 - 2016-04-01 21:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-19 19:23 - 2016-04-01 21:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-19 19:23 - 2016-04-01 21:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-19 19:23 - 2016-04-01 20:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-19 19:23 - 2016-04-01 20:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-19 19:23 - 2016-04-01 20:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-19 19:23 - 2016-04-01 20:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-19 19:23 - 2016-04-01 20:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-19 19:23 - 2016-04-01 20:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-19 19:23 - 2016-04-01 20:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-19 19:23 - 2016-04-01 20:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-19 19:23 - 2016-04-01 20:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-19 19:23 - 2016-04-01 20:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-19 19:23 - 2016-04-01 20:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-19 19:23 - 2016-04-01 20:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-19 19:23 - 2016-04-01 20:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-19 19:23 - 2016-04-01 20:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-19 19:23 - 2016-04-01 20:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-19 19:23 - 2016-04-01 20:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-19 19:23 - 2016-03-29 03:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-19 19:23 - 2016-03-29 03:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-19 19:23 - 2016-03-29 03:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-19 19:23 - 2016-03-29 03:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-19 19:23 - 2016-03-29 03:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-19 19:23 - 2016-03-29 03:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-19 19:23 - 2016-03-29 03:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-19 19:23 - 2016-03-29 03:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-19 19:23 - 2016-03-29 03:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-19 19:23 - 2016-03-29 03:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-19 19:23 - 2016-03-29 02:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-19 19:23 - 2016-03-29 02:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-19 19:23 - 2016-03-29 02:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-19 19:23 - 2016-03-29 02:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-19 19:23 - 2016-03-29 02:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-19 19:23 - 2016-03-29 02:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-19 19:23 - 2016-03-29 02:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-19 19:23 - 2016-03-29 02:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-19 19:23 - 2016-03-29 02:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-19 19:23 - 2016-03-29 02:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-19 19:23 - 2016-03-29 02:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-19 19:23 - 2016-03-29 02:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-19 19:23 - 2016-03-29 02:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-19 19:23 - 2016-03-29 02:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-19 19:23 - 2016-03-29 01:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-19 19:23 - 2016-03-29 01:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-19 19:23 - 2016-03-29 01:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-19 19:23 - 2016-03-29 01:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-19 19:23 - 2016-03-29 01:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-19 19:23 - 2016-03-29 01:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-19 19:23 - 2016-03-29 01:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-19 19:23 - 2016-03-29 01:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-19 19:23 - 2016-03-29 01:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-19 19:23 - 2016-03-29 01:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-19 19:23 - 2016-03-29 01:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-19 19:23 - 2016-03-29 01:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-19 19:23 - 2016-03-29 01:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-19 19:23 - 2016-03-29 01:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-19 19:23 - 2016-03-29 01:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-19 19:23 - 2016-03-29 01:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll

Offline mmlawre1

  • Bronze Member
  • Posts: 16
Re: [In Progress] pop-ups and alerts for urgent virus attention
« Reply #10 on: May 11, 2016, 11:00:04 PM »
Part II FRST.txt

2016-04-19 19:23 - 2016-03-29 01:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-19 19:23 - 2016-03-29 01:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-19 19:23 - 2016-03-29 01:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-19 19:23 - 2016-03-29 01:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-19 19:23 - 2016-03-29 01:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-19 19:23 - 2016-03-29 01:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-19 19:23 - 2016-03-29 01:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-19 19:23 - 2016-03-29 01:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-19 19:23 - 2016-03-29 01:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-19 19:23 - 2016-03-29 01:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-19 19:23 - 2016-03-29 00:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-19 19:23 - 2016-03-29 00:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-19 19:23 - 2016-03-29 00:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-19 19:23 - 2016-03-29 00:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-19 19:23 - 2016-03-29 00:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-19 19:23 - 2016-03-29 00:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-19 19:23 - 2016-03-29 00:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-19 19:23 - 2016-03-29 00:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-19 19:23 - 2016-03-29 00:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-19 19:23 - 2016-03-29 00:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-19 19:23 - 2016-03-29 00:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-19 19:23 - 2016-03-29 00:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-19 19:23 - 2016-03-29 00:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-19 19:23 - 2016-03-29 00:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-19 19:23 - 2016-03-29 00:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-19 19:23 - 2016-03-29 00:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-19 19:23 - 2016-03-29 00:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-19 19:23 - 2016-03-29 00:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-19 19:23 - 2016-03-29 00:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-19 19:23 - 2016-03-29 00:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-19 19:23 - 2016-03-29 00:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-19 19:23 - 2016-03-29 00:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-19 19:23 - 2016-03-29 00:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-19 19:23 - 2016-03-29 00:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-19 19:23 - 2016-03-29 00:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-19 19:23 - 2016-03-29 00:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-19 19:23 - 2016-03-29 00:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-19 19:23 - 2016-03-29 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-19 19:23 - 2016-03-29 00:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-19 19:23 - 2016-03-29 00:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-19 19:23 - 2016-03-29 00:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-19 19:23 - 2016-03-29 00:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-19 19:23 - 2016-03-29 00:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-19 19:23 - 2016-03-29 00:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-19 19:23 - 2016-03-29 00:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-19 19:23 - 2016-03-29 00:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-19 19:23 - 2016-03-29 00:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-19 19:23 - 2016-03-29 00:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-19 19:23 - 2016-03-29 00:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-19 19:23 - 2016-03-29 00:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-19 19:23 - 2016-03-29 00:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-19 19:23 - 2016-03-29 00:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-19 19:23 - 2016-03-29 00:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-19 19:23 - 2016-03-29 00:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-19 19:23 - 2016-03-29 00:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-19 19:23 - 2016-03-29 00:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-19 19:23 - 2016-03-29 00:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-19 19:23 - 2016-03-29 00:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-19 19:23 - 2016-03-29 00:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-19 19:23 - 2016-03-29 00:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-19 19:23 - 2016-03-29 00:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-19 19:23 - 2016-03-29 00:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-19 19:23 - 2016-03-29 00:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-19 19:23 - 2016-03-29 00:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-19 19:23 - 2016-03-29 00:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-19 19:23 - 2016-03-29 00:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-19 19:23 - 2016-03-29 00:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-19 19:23 - 2016-03-29 00:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-19 19:23 - 2016-03-29 00:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-19 19:23 - 2016-03-29 00:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-19 19:23 - 2016-03-29 00:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-19 19:23 - 2016-03-29 00:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-19 19:23 - 2016-03-29 00:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-19 19:23 - 2016-03-29 00:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-19 19:23 - 2016-03-29 00:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-19 19:23 - 2016-03-29 00:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-19 19:23 - 2016-03-29 00:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-19 19:23 - 2016-03-29 00:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-19 19:23 - 2016-03-29 00:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-19 19:23 - 2016-03-29 00:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-19 19:23 - 2016-03-29 00:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-19 19:23 - 2016-03-29 00:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-19 19:23 - 2016-03-29 00:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-19 19:23 - 2016-03-29 00:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-19 19:23 - 2016-03-29 00:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-19 19:23 - 2016-03-29 00:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-19 19:23 - 2016-03-29 00:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-19 19:23 - 2016-03-29 00:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-19 19:23 - 2016-03-29 00:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-19 19:23 - 2016-03-29 00:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-19 19:23 - 2016-03-29 00:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-19 19:23 - 2016-03-29 00:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-19 19:23 - 2016-03-29 00:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-19 19:23 - 2016-03-29 00:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-19 19:23 - 2016-03-29 00:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-19 19:23 - 2016-03-29 00:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-19 19:23 - 2016-03-29 00:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-19 19:23 - 2016-03-28 23:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-19 19:23 - 2016-03-28 23:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-19 19:23 - 2016-03-28 23:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-19 19:23 - 2016-03-28 23:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-19 19:23 - 2016-03-28 23:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-19 19:23 - 2016-03-28 23:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-19 19:23 - 2016-03-28 23:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-19 19:23 - 2016-03-28 23:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-19 19:23 - 2016-03-28 23:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-19 19:23 - 2016-03-28 23:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-19 19:23 - 2016-03-28 23:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-19 19:23 - 2016-03-28 23:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-19 19:23 - 2016-03-28 23:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-19 19:23 - 2016-03-28 23:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-19 19:23 - 2016-03-28 23:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-19 19:23 - 2016-03-28 23:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-19 19:23 - 2016-03-28 23:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-19 19:23 - 2016-03-28 23:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-19 19:23 - 2016-03-28 23:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-19 19:23 - 2016-03-28 23:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-19 19:23 - 2016-03-28 23:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-19 19:23 - 2016-03-28 23:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-19 19:23 - 2016-03-28 23:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-19 19:23 - 2016-03-28 23:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-19 19:23 - 2016-03-28 23:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-19 19:23 - 2016-03-28 23:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-19 19:23 - 2016-03-28 23:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-19 19:23 - 2016-03-28 23:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-19 19:23 - 2016-03-28 23:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-19 19:23 - 2016-03-28 23:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-19 19:23 - 2016-03-28 23:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-19 19:23 - 2016-03-28 23:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-19 19:23 - 2016-03-28 23:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-19 19:23 - 2016-03-28 23:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-19 19:23 - 2016-03-28 23:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-19 19:23 - 2016-03-28 23:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-19 19:23 - 2016-03-28 23:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-19 19:23 - 2016-03-28 23:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-19 19:23 - 2016-03-28 23:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-19 19:23 - 2016-03-28 23:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-19 19:23 - 2016-03-28 23:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-19 19:23 - 2016-03-28 23:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-19 19:23 - 2016-03-28 23:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-19 19:23 - 2016-03-28 23:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-19 19:23 - 2016-03-28 23:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-19 19:23 - 2016-03-28 23:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-19 19:23 - 2016-03-28 23:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-19 19:23 - 2016-03-28 23:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-19 19:23 - 2016-03-28 23:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-19 19:23 - 2016-03-28 23:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-19 19:23 - 2016-03-28 23:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-19 19:23 - 2016-03-28 23:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-19 19:23 - 2016-03-28 23:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-19 19:23 - 2016-03-28 23:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-19 19:23 - 2016-03-28 23:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-19 19:23 - 2016-03-28 23:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-19 19:23 - 2016-03-28 23:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-19 19:23 - 2016-03-28 22:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-19 19:23 - 2016-03-28 22:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-19 19:23 - 2016-03-28 22:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-19 19:23 - 2016-03-28 22:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-19 19:23 - 2016-03-28 22:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-19 19:23 - 2016-03-28 22:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-19 19:23 - 2016-03-28 22:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-19 19:23 - 2016-03-28 22:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-19 19:23 - 2016-03-28 22:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-19 19:23 - 2016-03-28 22:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-19 19:23 - 2016-03-28 22:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-19 19:23 - 2016-03-28 22:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-19 19:23 - 2016-03-28 22:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-15 18:14 - 2016-04-15 18:14 - 00012100 _____ C:\Users\MindyL\Desktop\attach.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-11 21:47 - 2015-06-30 22:34 - 00003824 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3731359467-3889665967-61734404-1001
2016-05-11 21:47 - 2015-06-30 22:34 - 00000676 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3731359467-3889665967-61734404-1001.job
2016-05-11 21:47 - 2015-02-26 10:25 - 00003728 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3731359467-3889665967-61734404-1001
2016-05-11 21:47 - 2015-02-26 10:25 - 00000580 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3731359467-3889665967-61734404-1001.job
2016-05-11 21:47 - 2013-04-02 18:41 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-11 21:45 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-11 21:45 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-11 21:44 - 2015-11-04 15:56 - 00000568 _____ C:\DelFix.txt
2016-05-11 21:44 - 2013-08-22 16:04 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B9E297C4-D1C2-4E23-86B4-422E40763046}
2016-05-10 16:10 - 2013-03-31 18:23 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3731359467-3889665967-61734404-1001UA.job
2016-05-10 15:40 - 2014-11-19 19:31 - 00003486 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-05-10 15:39 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-10 15:39 - 2015-08-05 20:34 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-10 15:37 - 2013-04-02 20:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-10 15:34 - 2013-12-26 20:24 - 00000000 ___RD C:\Users\MindyL\SkyDrive
2016-05-10 15:34 - 2013-04-02 18:41 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-10 15:33 - 2015-10-08 13:28 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-10 15:33 - 2015-08-05 20:54 - 00000000 __SHD C:\Users\MindyL\IntelGraphicsProfiles
2016-05-10 15:32 - 2016-01-17 17:08 - 00000000 ____D C:\Users\MindyL
2016-05-10 15:31 - 2016-01-17 17:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-10 15:31 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\IME
2016-05-10 15:30 - 2015-10-29 23:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-10 15:10 - 2013-03-31 18:23 - 00000872 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3731359467-3889665967-61734404-1001Core.job
2016-05-10 15:05 - 2013-03-31 18:23 - 00004040 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3731359467-3889665967-61734404-1001UA
2016-05-10 15:05 - 2013-03-31 18:23 - 00003664 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3731359467-3889665967-61734404-1001Core
2016-05-10 14:44 - 2015-10-08 13:28 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-10 14:44 - 2015-10-08 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-10 14:44 - 2015-10-08 13:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-10 14:20 - 2015-08-05 21:01 - 00002413 _____ C:\Users\MindyL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-10 13:51 - 2013-04-02 18:58 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-10 13:48 - 2013-08-27 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-10 13:46 - 2016-01-17 16:58 - 00285184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-10 13:43 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-05-10 13:43 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-10 13:43 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-05-10 13:43 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-10 13:42 - 2013-04-02 18:41 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 13:42 - 2013-04-02 18:41 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 13:40 - 2015-03-23 18:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-19 21:02 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-19 20:58 - 2013-07-27 16:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-19 20:52 - 2015-12-20 11:49 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-04-19 20:05 - 2012-12-21 21:40 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-19 19:30 - 2015-10-16 01:03 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2B6A3A25.sys
2016-04-19 19:25 - 2015-10-30 00:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-19 19:25 - 2014-12-12 12:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-04-19 19:19 - 2015-12-20 11:49 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-04-19 19:19 - 2015-12-20 11:48 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-04-15 17:51 - 2013-03-21 19:19 - 00000000 ____D C:\Users\MindyL\AppData\LocalLow\Temp
2016-04-15 15:41 - 2012-12-02 03:40 - 00000000 ____D C:\Users\MindyL\AppData\Local\Packages
2016-04-15 15:17 - 2015-12-20 10:48 - 00000000 ____D C:\ProgramData\Avg
2016-04-15 15:17 - 2015-12-20 10:48 - 00000000 ____D C:\Program Files (x86)\AVG
2016-04-15 15:16 - 2015-12-20 10:44 - 00000000 ____D C:\Users\MindyL\AppData\Local\AvgSetupLog
2016-04-15 15:03 - 2015-12-20 10:50 - 00000000 ____D C:\ProgramData\MFAData
2016-04-15 15:03 - 2015-12-20 10:44 - 00000000 ____D C:\Users\MindyL\AppData\Local\Avg
2016-04-15 14:58 - 2015-10-30 00:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP

==================== Files in the root of some directories =======

2013-03-19 12:52 - 2015-05-02 19:41 - 0001767 _____ () C:\Users\MindyL\AppData\Local\opensource-licenses.txt
2014-04-25 07:07 - 2016-03-27 10:17 - 4936704 _____ () C:\Users\MindyL\AppData\Local\pq.db
2014-04-25 07:07 - 2016-03-27 10:05 - 2014819 _____ () C:\Users\MindyL\AppData\Local\pq.log.0
2014-04-25 16:38 - 2015-08-21 09:29 - 0062588 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.1
2014-04-25 16:38 - 2015-08-21 09:20 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.1.lck
2015-01-20 18:14 - 2015-01-20 18:14 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.10
2015-01-20 18:14 - 2015-01-20 18:14 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.10.lck
2015-05-02 15:34 - 2015-05-02 15:34 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.100
2015-05-02 15:34 - 2015-05-02 15:34 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.100.lck
2015-01-21 16:17 - 2015-01-21 16:18 - 0010553 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.11
2015-01-21 16:17 - 2015-01-21 16:17 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.11.lck
2015-01-21 22:04 - 2015-01-21 22:04 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.12
2015-01-21 22:04 - 2015-01-21 22:04 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.12.lck
2015-01-24 12:14 - 2015-01-25 01:58 - 0018369 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.13
2015-01-24 12:14 - 2015-01-24 12:14 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.13.lck
2015-01-25 23:37 - 2015-01-25 23:38 - 0005904 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.14
2015-01-25 23:37 - 2015-01-25 23:37 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.14.lck
2015-01-26 13:30 - 2015-01-26 13:30 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.15
2015-01-26 13:30 - 2015-01-26 13:30 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.15.lck
2015-01-26 13:30 - 2015-01-26 13:30 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.16
2015-01-26 13:30 - 2015-01-26 13:30 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.16.lck
2015-01-26 13:31 - 2015-01-26 13:32 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.17
2015-01-26 13:31 - 2015-01-26 13:31 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.17.lck
2015-01-26 16:57 - 2015-01-26 16:57 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.18
2015-01-26 16:57 - 2015-01-26 16:57 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.18.lck
2015-01-27 14:10 - 2015-01-30 19:18 - 0005235 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.19
2015-01-27 14:10 - 2015-01-27 14:10 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.19.lck
2014-06-16 12:54 - 2014-08-28 21:22 - 0016454 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.2
2014-06-16 12:54 - 2014-08-28 21:01 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.2.lck
2015-01-31 12:10 - 2015-01-31 12:11 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.20
2015-01-31 12:10 - 2015-01-31 12:10 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.20.lck
2015-01-31 12:11 - 2015-01-31 12:11 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.21
2015-01-31 12:11 - 2015-01-31 12:11 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.21.lck
2015-02-01 10:03 - 2015-02-01 10:03 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.22
2015-02-01 10:03 - 2015-02-01 10:03 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.22.lck
2015-02-01 11:50 - 2015-02-01 11:50 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.23
2015-02-01 11:50 - 2015-02-01 11:50 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.23.lck
2015-02-01 23:52 - 2015-02-01 23:52 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.24
2015-02-01 23:52 - 2015-02-01 23:52 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.24.lck
2015-02-02 16:59 - 2015-02-02 17:00 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.25
2015-02-02 16:59 - 2015-02-02 16:59 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.25.lck
2015-02-04 15:17 - 2015-02-04 15:18 - 0010553 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.26
2015-02-04 15:17 - 2015-02-04 15:17 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.26.lck
2015-02-05 17:43 - 2015-02-05 17:43 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.27
2015-02-05 17:43 - 2015-02-05 17:43 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.27.lck
2015-02-06 20:46 - 2015-02-06 20:47 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.28
2015-02-06 20:46 - 2015-02-06 20:46 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.28.lck
2015-02-08 11:17 - 2015-02-08 11:17 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.29
2015-02-08 11:17 - 2015-02-08 11:17 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.29.lck
2014-12-10 15:53 - 2014-12-11 00:15 - 0011186 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.3
2014-12-10 15:53 - 2014-12-10 15:53 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.3.lck
2015-02-09 14:10 - 2015-02-09 14:10 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.30
2015-02-09 14:10 - 2015-02-09 14:10 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.30.lck
2015-02-09 16:11 - 2015-02-09 16:11 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.31
2015-02-09 16:11 - 2015-02-09 16:11 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.31.lck
2015-02-09 16:12 - 2015-02-09 16:12 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.32
2015-02-09 16:12 - 2015-02-09 16:12 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.32.lck
2015-02-12 16:16 - 2015-02-13 03:17 - 0010793 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.33
2015-02-12 16:16 - 2015-02-12 16:16 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.33.lck
2015-02-15 09:58 - 2015-02-15 09:58 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.34
2015-02-15 09:58 - 2015-02-15 09:58 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.34.lck
2015-02-16 22:37 - 2015-02-16 22:37 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.35
2015-02-16 22:37 - 2015-02-16 22:37 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.35.lck
2015-02-18 14:00 - 2015-02-18 14:00 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.36
2015-02-18 14:00 - 2015-02-18 14:00 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.36.lck
2015-02-19 17:55 - 2015-02-19 17:55 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.37
2015-02-19 17:55 - 2015-02-19 17:55 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.37.lck
2015-02-20 13:56 - 2015-02-20 13:56 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.38
2015-02-20 13:56 - 2015-02-20 13:56 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.38.lck
2015-02-22 10:04 - 2015-02-22 10:04 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.39
2015-02-22 10:04 - 2015-02-22 10:04 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.39.lck
2014-12-13 21:11 - 2014-12-13 21:11 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.4
2014-12-13 21:11 - 2014-12-13 21:11 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.4.lck
2015-02-22 10:57 - 2015-02-22 10:57 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.40
2015-02-22 10:57 - 2015-02-22 10:57 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.40.lck
2015-02-22 23:42 - 2015-02-22 23:42 - 0010589 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.41
2015-02-22 23:42 - 2015-02-22 23:42 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.41.lck
2015-02-23 13:41 - 2015-02-23 13:41 - 0010553 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.42
2015-02-23 13:41 - 2015-02-23 13:41 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.42.lck
2015-02-23 13:44 - 2015-02-23 13:44 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.43
2015-02-23 13:44 - 2015-02-23 13:44 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.43.lck
2015-02-26 20:28 - 2015-02-26 20:30 - 0011500 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.44
2015-02-26 20:28 - 2015-02-26 20:28 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.44.lck
2015-02-27 15:11 - 2015-02-27 15:11 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.45
2015-02-27 15:11 - 2015-02-27 15:11 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.45.lck
2015-02-28 15:25 - 2015-02-28 15:25 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.46
2015-02-28 15:25 - 2015-02-28 15:25 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.46.lck
2015-02-28 19:03 - 2015-02-28 19:03 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.47
2015-02-28 19:03 - 2015-02-28 19:03 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.47.lck
2015-02-28 19:07 - 2015-02-28 19:07 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.48
2015-02-28 19:07 - 2015-02-28 19:07 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.48.lck
2015-03-01 09:49 - 2015-03-01 09:49 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.49
2015-03-01 09:49 - 2015-03-01 09:49 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.49.lck
2015-01-13 17:26 - 2015-01-13 17:26 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.5
2015-01-13 17:26 - 2015-01-13 17:26 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.5.lck
2015-03-01 09:49 - 2015-03-01 09:50 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.50
2015-03-01 09:49 - 2015-03-01 09:49 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.50.lck
2015-03-01 11:59 - 2015-03-01 11:59 - 0010589 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.51
2015-03-01 11:59 - 2015-03-01 11:59 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.51.lck
2015-03-01 23:03 - 2015-03-01 23:03 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.52
2015-03-01 23:03 - 2015-03-01 23:03 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.52.lck
2015-03-02 14:52 - 2015-03-02 14:52 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.53
2015-03-02 14:52 - 2015-03-02 14:52 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.53.lck
2015-03-05 01:08 - 2015-03-05 01:08 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.54
2015-03-05 01:08 - 2015-03-05 01:08 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.54.lck
2015-03-09 09:05 - 2015-03-09 09:06 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.55
2015-03-09 09:05 - 2015-03-09 09:05 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.55.lck
2015-03-16 11:58 - 2015-03-16 11:58 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.56
2015-03-16 11:58 - 2015-03-16 11:58 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.56.lck
2015-03-16 14:47 - 2015-03-16 14:47 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.57
2015-03-16 14:47 - 2015-03-16 14:47 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.57.lck
2015-03-17 12:45 - 2015-03-17 12:45 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.58
2015-03-17 12:45 - 2015-03-17 12:45 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.58.lck
2015-03-18 11:37 - 2015-03-21 15:11 - 0006596 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.59
2015-03-18 11:37 - 2015-03-18 11:37 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.59.lck
2015-01-14 08:57 - 2015-01-14 08:58 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.6
2015-01-14 08:57 - 2015-01-14 08:57 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.6.lck
2015-03-21 15:27 - 2015-03-21 21:15 - 0005699 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.60
2015-03-21 15:27 - 2015-03-21 15:27 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.60.lck
2015-03-21 21:18 - 2015-03-21 23:56 - 0005235 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.61
2015-03-21 21:18 - 2015-03-21 21:18 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.61.lck
2015-03-22 10:59 - 2015-03-22 10:59 - 0010589 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.62
2015-03-22 10:59 - 2015-03-22 10:59 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.62.lck
2015-03-22 10:59 - 2015-03-22 11:00 - 0010589 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.63
2015-03-22 10:59 - 2015-03-22 10:59 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.63.lck
2015-03-22 22:56 - 2015-03-22 22:56 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.64
2015-03-22 22:56 - 2015-03-22 22:56 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.64.lck
2015-03-24 23:58 - 2015-03-24 23:58 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.65
2015-03-24 23:58 - 2015-03-24 23:58 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.65.lck
2015-03-25 00:15 - 2015-03-25 00:16 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.66
2015-03-25 00:15 - 2015-03-25 00:15 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.66.lck
2015-03-25 20:54 - 2015-03-25 20:55 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.67
2015-03-25 20:54 - 2015-03-25 20:54 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.67.lck
2015-03-27 12:05 - 2015-03-27 12:05 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.68
2015-03-27 12:05 - 2015-03-27 12:05 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.68.lck
2015-03-29 22:30 - 2015-03-29 22:30 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.69
2015-03-29 22:30 - 2015-03-29 22:30 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.69.lck
2015-01-14 22:31 - 2015-01-14 22:31 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.7
2015-01-14 22:31 - 2015-01-14 22:31 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.7.lck
2015-03-30 21:31 - 2015-03-30 21:32 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.70
2015-03-30 21:31 - 2015-03-30 21:31 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.70.lck
2015-03-31 18:32 - 2015-03-31 18:32 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.71
2015-03-31 18:32 - 2015-03-31 18:32 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.71.lck
2015-03-31 19:30 - 2015-03-31 19:30 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.72
2015-03-31 19:30 - 2015-03-31 19:30 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.72.lck
2015-04-01 10:21 - 2015-04-01 10:22 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.73
2015-04-01 10:21 - 2015-04-01 10:21 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.73.lck
2015-04-03 14:27 - 2015-04-03 21:55 - 0012992 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.74
2015-04-03 14:27 - 2015-04-03 14:27 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.74.lck
2015-04-04 20:13 - 2015-04-04 20:43 - 0022153 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.75
2015-04-04 20:13 - 2015-04-04 20:13 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.75.lck
2015-04-05 00:40 - 2015-04-05 00:41 - 0021529 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.76
2015-04-05 00:40 - 2015-04-05 00:40 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.76.lck
2015-04-06 13:31 - 2015-04-06 13:32 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.77
2015-04-06 13:31 - 2015-04-06 13:31 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.77.lck
2015-04-06 16:54 - 2015-04-07 19:05 - 0005669 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.78
2015-04-06 16:54 - 2015-04-06 16:54 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.78.lck
2015-04-07 20:13 - 2015-04-07 20:15 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.79
2015-04-07 20:13 - 2015-04-07 20:13 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.79.lck
2015-01-19 12:22 - 2015-01-19 12:22 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.8
2015-01-19 12:22 - 2015-01-19 12:22 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.8.lck
2015-04-08 14:13 - 2015-04-08 18:24 - 0028645 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.80
2015-04-08 14:13 - 2015-04-08 14:13 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.80.lck
2015-04-08 18:28 - 2015-04-09 02:03 - 0011967 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.81
2015-04-08 18:28 - 2015-04-08 18:28 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.81.lck
2015-04-09 10:04 - 2015-04-09 15:17 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.82
2015-04-09 10:04 - 2015-04-09 10:04 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.82.lck
2015-04-09 10:11 - 2015-04-09 10:12 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.83
2015-04-09 10:11 - 2015-04-09 10:11 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.83.lck
2015-04-09 10:49 - 2015-04-09 10:50 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.84
2015-04-09 10:49 - 2015-04-09 10:49 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.84.lck
2015-04-09 15:21 - 2015-04-12 11:45 - 0017061 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.85
2015-04-09 15:21 - 2015-04-09 15:21 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.85.lck
2015-04-12 21:50 - 2015-04-13 00:52 - 0007267 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.86
2015-04-12 21:50 - 2015-04-12 21:50 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.86.lck
2015-04-13 18:17 - 2015-04-14 23:21 - 0008116 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.87
2015-04-13 18:17 - 2015-04-13 18:17 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.87.lck
2015-04-13 18:17 - 2015-04-14 23:21 - 0005470 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.88
2015-04-13 18:17 - 2015-04-13 18:17 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.88.lck
2015-04-16 15:26 - 2015-04-16 21:31 - 0005701 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.89
2015-04-16 15:26 - 2015-04-16 15:26 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.89.lck
2015-01-20 11:34 - 2015-01-20 11:39 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.9
2015-01-20 11:34 - 2015-01-20 11:34 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.9.lck
2015-04-18 21:24 - 2015-04-18 21:24 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.90
2015-04-18 21:24 - 2015-04-18 21:24 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.90.lck
2015-04-19 09:28 - 2015-04-19 09:29 - 0010553 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.91
2015-04-19 09:28 - 2015-04-19 09:28 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.91.lck
2015-04-20 13:14 - 2015-04-20 13:16 - 0005235 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.92
2015-04-20 13:14 - 2015-04-20 13:14 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.92.lck
2015-04-20 13:23 - 2015-04-23 22:58 - 0040828 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.93
2015-04-20 13:23 - 2015-04-20 13:23 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.93.lck
2015-04-23 23:05 - 2015-04-24 11:50 - 0007331 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.94
2015-04-23 23:05 - 2015-04-23 23:05 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.94.lck
2015-04-23 23:06 - 2015-04-23 23:06 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.95
2015-04-23 23:06 - 2015-04-23 23:06 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.95.lck
2015-04-27 20:04 - 2015-04-27 20:05 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.96
2015-04-27 20:04 - 2015-04-27 20:04 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.96.lck
2015-04-27 21:41 - 2015-04-30 17:19 - 0007503 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.97
2015-04-27 21:41 - 2015-04-27 21:41 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.97.lck
2015-05-01 10:45 - 2015-05-02 11:09 - 0006235 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.98
2015-05-01 10:45 - 2015-05-01 10:45 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.98.lck
2015-05-02 15:34 - 2015-05-02 15:34 - 0005002 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.99
2015-05-02 15:34 - 2015-05-02 15:34 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.99.lck
2014-04-25 07:07 - 2016-03-22 16:03 - 0000000 _____ () C:\Users\MindyL\AppData\Local\pq.log.0.lck
2014-04-25 07:07 - 2014-04-25 07:07 - 0000235 _____ () C:\Users\MindyL\AppData\Local\pq.properties
2013-11-06 16:56 - 2013-11-06 16:57 - 0022833 _____ () C:\Users\MindyL\AppData\Local\WiDiSetupLog.20131106.165617.txt
2013-03-19 12:52 - 2014-04-25 02:17 - 3956736 _____ () C:\Users\MindyL\AppData\Local\wnc.db
2013-03-19 12:52 - 2014-04-25 02:03 - 1681217 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0
2013-06-20 22:50 - 2014-03-18 21:14 - 0017747 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.1
2013-06-20 22:50 - 2014-03-18 21:14 - 0000000 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.1.lck
2013-09-02 22:35 - 2013-10-20 22:46 - 0003066 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.2
2013-09-02 22:35 - 2013-10-20 22:46 - 0000000 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.2.lck
2013-09-02 22:36 - 2013-09-02 22:36 - 0001533 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.3
2013-09-02 22:36 - 2013-09-02 22:40 - 0000000 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.3.lck
2013-09-02 22:39 - 2013-09-02 22:39 - 0001533 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.4
2013-09-02 22:39 - 2013-09-02 22:40 - 0000000 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.4.lck
2013-09-02 22:40 - 2013-09-02 22:40 - 0001533 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.5
2013-09-02 22:40 - 2013-09-02 22:40 - 0000000 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.5.lck
2013-03-19 12:52 - 2014-04-23 10:30 - 0000000 _____ () C:\Users\MindyL\AppData\Local\wnc.log.0.lck
2013-03-19 12:52 - 2013-03-19 12:52 - 0000440 _____ () C:\Users\MindyL\AppData\Local\wnc.properties
2015-03-03 22:51 - 2015-03-03 22:51 - 0000000 _____ () C:\Users\MindyL\AppData\Local\{06761334-41CB-480F-998C-E27D030AE501}
2015-03-29 22:51 - 2015-03-29 22:51 - 0000000 _____ () C:\Users\MindyL\AppData\Local\{36220170-ADF9-4CE7-9F93-90B84C3605B8}
2015-01-24 21:46 - 2015-01-24 21:46 - 0000000 _____ () C:\Users\MindyL\AppData\Local\{8CA1D048-5AC1-471D-81B0-27004745E381}
2015-02-18 22:51 - 2015-02-18 22:51 - 0000000 _____ () C:\Users\MindyL\AppData\Local\{A8774D95-8BB7-4728-B8B6-38E8FCC980D4}
2016-01-17 17:04 - 2016-01-17 17:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-03-06 15:36 - 2013-03-08 17:18 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\MindyL\AppData\Local\Temp\avguirn_081281335976.exe
C:\Users\MindyL\AppData\Local\Temp\proxy_vole2350349421929708191.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-29 18:12

==================== End of FRST.txt ============================

Offline mmlawre1

  • Bronze Member
  • Posts: 16
Re: [In Progress] pop-ups and alerts for urgent virus attention
« Reply #11 on: May 11, 2016, 11:00:51 PM »
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by MindyL (2016-05-11 21:48:03)
Running from C:\Users\MindyL\Downloads
Windows 10 Home Version 1511 (X64) (2016-01-18 00:45:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3731359467-3889665967-61734404-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3731359467-3889665967-61734404-503 - Limited - Disabled)
Guest (S-1-5-21-3731359467-3889665967-61734404-501 - Limited - Disabled)
MindyL (S-1-5-21-3731359467-3889665967-61734404-1001 - Administrator - Enabled) => C:\Users\MindyL

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Ancestral Quest 14 (HKLM-x32\...\InstallShield_{1CB5AAB3-A8E9-4E79-8B65-6EDB170B747E}) (Version: 14.00.0012 - Incline Software, LC)
Ancestral Quest 14 (HKLM-x32\...\InstallShield_{74CC3DCC-3518-4A22-9816-55BE9F659C76}) (Version: 14.00.0017 - Incline Software, LC)
Ancestral Quest 14 (x32 Version: 14.00.0017 - Incline Software, LC) Hidden
Ancestral Quest Collaboration Support (HKLM-x32\...\InstallShield_{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}) (Version: 1.10.0010 - Incline Software)
Ancestral Quest Collaboration Support (x32 Version: 1.10.0010 - Incline Software) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AVG (Version: 16.12.7303 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.9.726 - AVG Technologies)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.276 - Blue Coat Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Edraw Max 7.7 (HKLM-x32\...\Edraw Max_is1) (Version:  - EdrawSoft)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Evernote v. 5.2 (HKLM-x32\...\{090931D6-A2F4-11E3-AD9C-00163E98E7D0}) (Version: 5.2.0.2946 - Evernote Corp.)
FamilySearch Indexing 3.24.2 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.24.2 - FamilySearch)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.17.0.4911 (HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\GoToMeeting) (Version: 7.17.0.4911 - CitrixOnline)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 41504 - Intel)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{C2A72E57-2CC7-4C02-BE19-0A12D74C5D63}) (Version: 18.1.1525.1445 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{e6f0207e-ac43-48a9-bfff-3d879b45694d}) (Version: 18.12.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{DD7D6D84-93AB-48CA-A759-94324E341CBA}) (Version: 2.00.0012.0723 - Lenovo)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
KeePass Password Safe 1.29 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.29 - Dominik Reichl)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.8400.10182 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.69.4 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4815.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mindjet MindManager 14 (HKLM-x32\...\{1E4FB051-7CE0-4872-B15C-C592F7D60D47}) (Version: 14.2.321 - Mindjet)
Mindjet MindManager 15 (HKLM-x32\...\{52229551-2608-48A2-BB1C-704085BAAA1B}) (Version: 15.0.160 - Mindjet)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Nitro Pro 7 (HKLM\...\{72D264E5-0C44-42DF-820B-621303E5C183}) (Version: 7.4.1.21 - Nitro PDF Software)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
OneClickdigital Media Manager (HKLM-x32\...\{FDFDEC8B-1047-49D8-B2D2-45C0B02F92FC}) (Version: 67.0.0.0 - Recorded Books)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
ProQuest For Word (HKLM-x32\...\{F1161AFB-9E5B-4775-BD4C-5E88461F7868}) (Version: 4.4.1298 - ProQuest)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.)
Reference Point Software Template for APA format, Word 2010 (HKLM-x32\...\Reference Point Software Template for APA format, Word 2010) (Version:  - Reference Point Software, LLC)
Reference Point Template ver: Word 2010, APA 6th Ed. (HKLM-x32\...\Reference Point Template ver: Word 2010, APA 6th Ed.) (Version:  - Reference Point Software, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{75BBD24C-C19A-4885-B8FD-EB15009277D3}) (Version: 7.5.0.123 - Skype Technologies S.A.)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\Spotify) (Version: 1.0.21.143.g76c19bcd - Spotify AB)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\MindyL\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{59CA9673-A08B-489C-8932-1C3E0CF244D8}\localserver32 -> C:\Users\MindyL\AppData\Local\SkypePlugin\7.5.0.123\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\MindyL\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\MindyL\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\MindyL\AppData\Local\Citrix\GoToMeeting\2331\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{B982932A-124D-489C-A7B3-8BCD1FDB8DD3}\InprocServer32 -> C:\Users\MindyL\AppData\Local\SkypePlugin\7.5.0.123\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\MindyL\AppData\Local\SkypePlugin\7.5.0.123\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\MindyL\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\MindyL\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00AE2AA9-9CF6-4B09-9DA5-0CD94A6CF2E2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-19] (Microsoft Corporation)
Task: {06AD3FB7-0FF4-47D6-AA17-850E3A47DAE3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0E43F7FE-3084-4CB3-A932-63A834AB8203} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1FD4F08C-C6A4-4CFB-A7A5-1E514BC89255} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {21CE0E6C-50EB-4F1B-88CC-3C91348A347B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-15] (Adobe Systems Incorporated)
Task: {2CC195D1-ADD8-4586-B776-041D92F48DD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2F19CA11-129F-430C-9F1B-616086B747F7} - System32\Tasks\{5CE8BBBA-1F03-42AA-8545-D17E4DF0D8E4} => pcalua.exe -a C:\Users\MindyL\Downloads\Y07C_C1-gdi-win8-64-108_enus.EXE -d C:\WINDOWS\system32
Task: {33D9B8FB-EE1C-4194-AB07-4A4B86BBA68C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {46A9C2CC-C3E8-4692-AF2F-DE02FC8D5083} - \WebUpdater Task -> No File <==== ATTENTION
Task: {4F411F44-E911-4421-AC4D-D69C84D8FC49} - System32\Tasks\G2MUploadTask-S-1-5-21-3731359467-3889665967-61734404-1001 => C:\Users\MindyL\AppData\Local\Citrix\GoToMeeting\4911\g2mupload.exe [2016-05-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {5715AFB2-DD70-48B2-8EC1-9943F3972D82} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {608EDA35-312F-4B73-9BE0-0FFD940A4F8C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7BB12C7C-2A31-4D1B-BD73-A1C7967F18E0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3731359467-3889665967-61734404-1001UA => C:\Users\MindyL\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {81D5D4DF-A8B5-48E4-AF83-9597935D3345} - \{78790847-0D08-7D04-7A11-04097F041105} -> No File <==== ATTENTION
Task: {8908AE64-628C-41D5-8C37-C60DDD23FF4D} - System32\Tasks\AVG-SSU_0516tb => C:\ProgramData\Avg_Update_0516tb\AVG-Secure-Search-Update_0516tb.exe [2016-05-10] ()
Task: {908FFA2E-0BB6-4B24-B089-6B0D64785E80} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {99012C85-9459-4697-AC58-81771E7349FD} - System32\Tasks\Google Update => C:\Users\MindyL\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {99AE27A2-6D58-405D-8359-2B9B135989FE} - System32\Tasks\G2MUpdateTask-S-1-5-21-3731359467-3889665967-61734404-1001 => C:\Users\MindyL\AppData\Local\Citrix\GoToMeeting\4911\g2mupdate.exe [2016-05-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {9D80C251-970B-4F54-8376-786BCB2556E7} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09] (Oracle Corporation)
Task: {9F954203-4ACD-4099-9797-60761EF7DC02} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A5CF8E64-1345-44AC-BE13-4E58D4004329} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3731359467-3889665967-61734404-1001Core => C:\Users\MindyL\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A8059145-D8BA-4078-8021-83437A44C9C3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {ABC6B112-851B-4DDF-877A-89F752EC8148} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {ACB55285-0AE3-4205-9D13-1615F758EA2C} - \WebUpdater LaunchTask -> No File <==== ATTENTION
Task: {B4E1DE73-4BA3-4D01-8C5E-0128F219079B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B7E0ADDA-9809-422E-A28F-F46BDFAB5BF2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {BCF9A0B2-F03D-4B39-917B-2A1E2F2A2A44} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {C4C3E3C0-5227-4E04-BA66-96ECFBD99743} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {CCA2DE94-8BC0-42D6-936B-618A089134EA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D18E077A-731A-43D0-8F95-9D2E4B876DBB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DA84FD6F-BC94-4419-875A-881FDF562156} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DBE46B6B-F468-4025-BF94-7A2FA57B6447} - System32\Tasks\0316tbUpdateInfo => C:\ProgramData\Avg_Update_0316tb\0316tb_{2BD560EA-7DDD-4C82-8A98-9A8F477E337F}.exe [2016-03-22] ()
Task: {DE478FEF-A3F8-4D59-9BD8-C6866693E71C} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {DFA3DBBB-D697-4E8A-A33D-BE1B91D1C3BB} - System32\Tasks\{A7D3ECC3-67D7-1B2C-4376-624C095A082E} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\fea70748\9e7afae2.dll" <==== ATTENTION
Task: {E5C4FEA5-B76A-45B9-ACCB-008F5E08A8D8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EF77C1AA-4A82-4EB0-8C17-CB2516418C13} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3731359467-3889665967-61734404-1001.job => C:\Users\MindyL\AppData\Local\Citrix\GoToMeeting\4911\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3731359467-3889665967-61734404-1001.job => C:\Users\MindyL\AppData\Local\Citrix\GoToMeeting\4911\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3731359467-3889665967-61734404-1001Core.job => C:\Users\MindyL\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3731359467-3889665967-61734404-1001UA.job => C:\Users\MindyL\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-20 11:48 - 2016-03-01 17:15 - 01215560 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2014-12-12 12:47 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-19 19:19 - 2016-04-19 19:18 - 00192584 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\loggingserver.exe
2016-04-19 19:24 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-19 19:24 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-10 14:20 - 2016-05-10 14:20 - 00959176 _____ () C:\Users\MindyL\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-11-01 12:03 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-19 19:21 - 2016-04-19 19:24 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-19 20:41 - 2015-12-06 21:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-19 19:23 - 2016-04-01 20:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-19 19:23 - 2016-04-01 20:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-19 19:23 - 2016-04-01 19:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-19 19:24 - 2016-04-01 19:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-19 19:24 - 2016-04-01 20:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-20 11:48 - 2016-04-19 19:18 - 02885704 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2016-03-29 17:32 - 2016-03-29 17:33 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-29 17:32 - 2016-03-29 17:33 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-13 10:45 - 2016-03-13 10:46 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-19 19:19 - 2016-04-19 19:18 - 00533576 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\log4cplusU.dll
2016-04-19 19:21 - 2016-04-19 19:24 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 19:21 - 2016-04-19 19:24 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-05-10 14:20 - 2016-05-10 14:20 - 00679624 _____ () C:\Users\MindyL\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2014-02-24 16:56 - 2014-02-24 16:56 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-02-24 16:56 - 2014-02-24 16:56 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2016-03-01 17:23 - 2016-03-01 17:23 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-11-13 22:55 - 2012-10-04 12:47 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2016-03-01 17:24 - 2016-03-01 17:24 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2012-11-13 22:25 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3731359467-3889665967-61734404-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MindyL\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{635a75d1-f9c6-45a3-8691-38bd1bf14d8b}.jpg
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "OnekeyStudio"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(R) center"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "MMReminderService"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_7BA9F92B06F33623D6E1FF3494EC2140"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{18530A81-4F9E-4BD3-B902-B8E3D09EEAF5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{6348B259-5763-411B-BC13-E1704D7D7B5F}C:\users\mindyl\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mindyl\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{69B20521-DA3F-4918-A229-F9752C13C858}C:\users\mindyl\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mindyl\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FFF414D1-CDBA-447B-A2D1-0313B51424A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A1BE7692-329A-40A0-828E-CA471150ADCD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{03D42BB2-ED0B-4B78-9ED3-7B14596C8FB4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{65B398AB-79E2-4A52-90BC-D3B5D5D03826}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C5933B03-F1F0-4BB8-9F0C-9D6D6FA493B1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{02B64C7E-F91D-473D-B0E9-6FCD9412C9BD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{212ABBD9-EE39-4EE2-84E2-CA45DD334964}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{908DE737-8810-4ECC-8F92-A7692D483E02}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{72AE42B0-7621-4473-8323-50A2D5D6780F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9553E6ED-C2A5-4CA0-AD3E-0AD421C51D7D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{8433F19E-3CB3-4EC3-926F-A91D8BA0EA3A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{B8EBCAE2-6535-4107-A93D-E60C874CA642}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{EEC16F8E-5F78-4CF5-A371-67C0937E2EA5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7A4492B4-C375-4A12-85F0-E8A7FD40F96E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2BCAA73B-5BEC-4CC8-88C8-E1D3C38B8BA7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2F527599-26AE-4114-A7D1-A909215E4E91}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4AFBF54C-D65A-462D-AE05-1A9E4D53610C}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{6E0829C7-532D-4C9C-8154-AF489A438626}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{5DED936E-99A1-4497-A45A-7EFA0856A338}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F69C2D86-2535-45A8-9AA4-4CD34964EB94}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{5A3A347A-DF93-40B4-8AA9-2065CFBA7996}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{28C0D7F6-94BA-4717-8302-BA452C4CA12F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{5B97EBA9-5991-46D1-8381-4D14F0FC456B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{349282F0-EC26-4F9A-92D5-B50AB79DE619}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{C865BA25-79D3-4646-8320-CAB6AA0DA6AA}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{EADD6DE2-F768-4E66-9938-5EDF95FB1A32}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{29899BB6-9476-4224-B9C5-E26EBE3CC0BE}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{DE46A26D-FE86-4204-B5A4-0DF2B9EF482F}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{F9CDB47A-6CCB-4866-8615-D7FD281A7EDB}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{E3FFDC4D-BF1C-4B93-9F6E-51F0A245F329}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{A7A6B177-F127-48B6-B466-9894B88AD447}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{1F0066FF-C965-4710-A37F-825FE85C7693}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{57E20378-41FE-4208-BA37-4ACE91928B1A}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{072C0101-5F60-4D73-84D5-E255AE2DB9EF}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{DD868C3B-BB81-4FFD-8FD7-4F366B31FE03}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{CCDD8BF8-329A-41C9-884C-00544EBFF04C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5FDDD44-1684-4728-832E-9068A374E5D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{02ECCEC4-C6C9-48B7-A4BD-834C87A78656}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

06-03-2016 10:00:47 Windows Update
13-03-2016 11:08:15 Windows Update
13-03-2016 11:09:08 Windows Update
29-03-2016 17:47:52 Installed AVG
15-04-2016 14:57:13 Removed AVG
19-04-2016 20:02:30 Windows Update
19-04-2016 20:03:37 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/11/2016 09:40:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 105555188

Error: (05/11/2016 09:40:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 105555188

Error: (05/11/2016 09:40:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/19/2016 08:04:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/19/2016 08:02:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/19/2016 07:24:55 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MINDY)
Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.

Error: (04/15/2016 09:24:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10810641

Error: (04/15/2016 09:24:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10810641

Error: (04/15/2016 09:24:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/15/2016 09:24:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10805625


System errors:
=============
Error: (05/10/2016 04:21:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/10/2016 03:33:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053

Error: (05/10/2016 03:33:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.

Error: (05/10/2016 03:32:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HPSupportSolutionsFrameworkService service failed to start due to the following error:
%%1053

Error: (05/10/2016 03:32:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HPSupportSolutionsFrameworkService service to connect.

Error: (05/10/2016 03:30:37 PM) (Source: DCOM) (EventID: 10010) (User: MINDY)
Description: {0002DF02-0000-0000-C000-000000000046}

Error: (05/10/2016 03:30:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_10ab4f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/10/2016 03:30:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_10ab4f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/10/2016 03:30:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_10ab4f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/10/2016 03:30:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_10ab4f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-05-10 13:48:32.273
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-10 13:42:46.911
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-15 15:13:19.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-15 14:50:54.155
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-15 14:50:54.146
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-15 14:50:54.137
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-15 14:50:54.128
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-15 14:50:54.118
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-15 14:50:54.110
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-15 14:50:54.100
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
Percentage of memory in use: 29%
Total physical RAM: 8047.52 MB
Available physical RAM: 5664.12 MB
Total Virtual: 9327.52 MB
Available Virtual: 6686.01 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:883.84 GB) (Free:728.7 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 54E2A187)

Partition: GPT.

==================== End of Addition.txt ============================

Offline mmlawre1

  • Bronze Member
  • Posts: 16
Re: [In Progress] pop-ups and alerts for urgent virus attention
« Reply #12 on: May 11, 2016, 11:02:23 PM »
Thank you so much for helping me with this.  I really appreciate your time and patience. 

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] pop-ups and alerts for urgent virus attention
« Reply #13 on: May 13, 2016, 03:20:29 AM »


  Thanks for the updates, some new instructions for you:-  :)1

Regarding your copy of AVG Web Tuneup Unfortunately it is regarded as a "Rogue " & should be removed.
Once installed on a machine it becomes resistant to removal & it requires a special tool to remove it cleanly, it may even be part of your problem.


Please download and install Revo Uninstaller Free
Since it is a more powerful tool, please be sure to follow the instructions carefully.
There is a very useful video HERE
 I strongly recommend you watch it BEFORE following my instructions.

Step 1

  • Double click Revo Uninstaller to run it.
       
  • From the list of programs double click on AVG Web Tuneup to remove it.
       
  • When prompted if you want to uninstall this program, click Yes.
       
  • Be sure the Moderate option is selected then click Next
       
  • The program will run, If prompted again click Yes
       
  • When the built-in uninstaller is finished click on Next.
       
  • Once the program has searched for leftovers....(be patient here ! ) click Next.
       
  • Check /tick the PCcleanerPro Only, then click DELETE
       
  • When prompted click on Yes and then on Next.
       
  • Put a check on any folders that are found and select delete
       
  • When prompted select yes then on Next
       
  • Once done click Finish
        [/>>list]

    >>>>>>>>>>>>>>>>>
     

     Step 2
    You have AVG Secure Search which is undesirable & needs to be removed.

    Please go HERE & follow instructions carefully (Including video) to remove it please.

    >>>>>>>>>>>>>>>>>>

    Step 3
    • Open notepad.
    • Please copy the contents of the code box below.
    • To do this highlight the contents of the box and right click on it.
    • Then paste it into the open notepad.
    • Save it on the Desktop as fixlist.txt
Code: [Select]
Start:
CloseProcesses:
CreateRestorePoint:
CreateRestorePoint:
) C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.9.726 - AVG Technologies)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2885704 2016-04-19
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
SearchScopes: HKU\S-1-5-21-3731359467-3889665967-61734404-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7FBC3BF5-1D47-426E-9428-FBA3C6DBE411}&mid=3be7bbf7994047cc9c9269c1a57242da-2fbef669bf5a82a2ada710deecc413c7ac63b2eb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-20 11:50:42&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.9.726\AVG Web TuneUp.dll [2016-04-19] (AVG)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.9.726\AVG Web TuneUp.dll [2016-04-19] (AVG)
FF DefaultSearchEngine: AVG Secure Search
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.9\\npsitesafety.dll [No File]
FF Extension: AVG Web TuneUp - C:\Users\MindyL\AppData\Roaming\Mozilla\Firefox\Profiles\yd2tqw0z.default-1449551652312\extensions\avg@toolbar.xpi [2016-04-19]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U6) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Users\MindyL\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.60.24) - C:\windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
R2 vToolbarUpdater40.2.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe [1964616 2016-04-19] (AVG Secure Search)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1215560 2016-03-01] ()
016-04-19 20:52 - 2015-12-20 11:49 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-04-19 19:19 - 2015-12-20 11:49 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-04-19 19:19 - 2015-12-20 11:48 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-04-15 15:17 - 2015-12-20 10:48 - 00000000 ____D C:\ProgramData\Avg
2016-04-15 15:17 - 2015-12-20 10:48 - 00000000 ____D C:\Program Files (x86)\AVG
AVG (Version: 16.12.7303 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.9.726 - AVG Technologies)
ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\MindyL\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\MindyL\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
Task: {06AD3FB7-0FF4-47D6-AA17-850E3A47DAE3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0E43F7FE-3084-4CB3-A932-63A834AB8203} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <====
ask: {2CC195D1-ADD8-4586-B776-041D92F48DD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
ask: {46A9C2CC-C3E8-4692-AF2F-DE02FC8D5083} - \WebUpdater Task -> No File <==== ATTENTION
ask: {5715AFB2-DD70-48B2-8EC1-9943F3972D82} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {608EDA35-312F-4B73-9BE0-0FFD940A4F8C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {81D5D4DF-A8B5-48E4-AF83-9597935D3345} - \{78790847-0D08-7D04-7A11-04097F041105} -> No File <==== ATTENTION
ask: {8908AE64-628C-41D5-8C37-C60DDD23FF4D} - System32\Tasks\AVG-SSU_0516tb => C:\ProgramData\Avg_Update_0516tb\AVG-Secure-Search-Update_0516tb.exe [2016-05-10] ()
Task: {908FFA2E-0BB6-4B24-B089-6B0D64785E80} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9F954203-4ACD-4099-9797-60761EF7DC02} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {ACB55285-0AE3-4205-9D13-1615F758EA2C} - \WebUpdater LaunchTask -> No File <==== ATTENTION
Task: {B4E1DE73-4BA3-4D01-8C5E-0128F219079B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CCA2DE94-8BC0-42D6-936B-618A089134EA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D18E077A-731A-43D0-8F95-9D2E4B876DBB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DBE46B6B-F468-4025-BF94-7A2FA57B6447} - System32\Tasks\0316tbUpdateInfo => C:\ProgramData\Avg_Update_0316tb\0316tb_{2BD560EA-7DDD-4C82-8A98-9A8F477E337F}.exe [2016-03-22]
Task: {DFA3DBBB-D697-4E8A-A33D-BE1B91D1C3BB} - System32\Tasks\{A7D3ECC3-67D7-1B2C-4376-624C095A082E} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\fea70748\9e7afae2.dll" <==== ATTENTION
Task: {E5C4FEA5-B76A-45B9-ACCB-008F5E08A8D8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
2015-12-20 11:48 - 2016-03-01 17:15 - 01215560 _____ () C:\Program Files (x86)192584 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\loggingserver.exe\AVG Web TuneUp\WtuSystemSupport.exe
2016-04-19 19:19 - 2016-04-19 19:18 - 00
2016-04-19 19:19 - 2016-04-19 19:18 - 00533576 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\log4cplusU.dll

IE trusted site: HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\driversupport.com -> hxxps://apps.driversupport.com
EmptyTemp:
CMD: ipconfig /flushdns
Reboot:


NOTE. It's important that both the program FRST64.exe and Fixlist.txt be on the Desktop or the fix will not work.

Now run your copy of FRST64 and press the FIX button just once, and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Step 3


Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.   
  • Vista/Windows 7/8/ users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
>>>>>>>>>>>>>>>>>
Step 4

Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.
>>>>>>>>>>>>>>>>>>

I need Fixlog.txt,AdwCleaner.txt & JRT.txt logs please.

How is the computer running now ?

platypuss


















Offline mmlawre1

  • Bronze Member
  • Posts: 16
Re: [In Progress] pop-ups and alerts for urgent virus attention
« Reply #14 on: May 16, 2016, 11:26:34 PM »
Fix result of Farbar Recovery Scan Tool (x64) Version:16-05-2016
Ran by MindyL (2016-05-16 21:45:50) Run:1
Running from C:\Users\MindyL\Desktop
Loaded Profiles: MindyL (Available Profiles: MindyL)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start:
CloseProcesses:
CreateRestorePoint:
CreateRestorePoint:
) C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.9.726 - AVG Technologies)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2885704 2016-04-19
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
SearchScopes: HKU\S-1-5-21-3731359467-3889665967-61734404-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7FBC3BF5-1D47-426E-9428-FBA3C6DBE411}&mid=3be7bbf7994047cc9c9269c1a57242da-2fbef669bf5a82a2ada710deecc413c7ac63b2eb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-20 11:50:42&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.9.726\AVG Web TuneUp.dll [2016-04-19] (AVG)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.9.726\AVG Web TuneUp.dll [2016-04-19] (AVG)
FF DefaultSearchEngine: AVG Secure Search
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.9\\npsitesafety.dll [No File]
FF Extension: AVG Web TuneUp - C:\Users\MindyL\AppData\Roaming\Mozilla\Firefox\Profiles\yd2tqw0z.default-1449551652312\extensions\avg@toolbar.xpi [2016-04-19]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U6) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Users\MindyL\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.60.24) - C:\windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
R2 vToolbarUpdater40.2.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe [1964616 2016-04-19] (AVG Secure Search)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1215560 2016-03-01] ()
016-04-19 20:52 - 2015-12-20 11:49 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-04-19 19:19 - 2015-12-20 11:49 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-04-19 19:19 - 2015-12-20 11:48 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-04-15 15:17 - 2015-12-20 10:48 - 00000000 ____D C:\ProgramData\Avg
2016-04-15 15:17 - 2015-12-20 10:48 - 00000000 ____D C:\Program Files (x86)\AVG
AVG (Version: 16.12.7303 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.9.726 - AVG Technologies)
ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\MindyL\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\MindyL\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
Task: {06AD3FB7-0FF4-47D6-AA17-850E3A47DAE3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0E43F7FE-3084-4CB3-A932-63A834AB8203} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <====
ask: {2CC195D1-ADD8-4586-B776-041D92F48DD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
ask: {46A9C2CC-C3E8-4692-AF2F-DE02FC8D5083} - \WebUpdater Task -> No File <==== ATTENTION
ask: {5715AFB2-DD70-48B2-8EC1-9943F3972D82} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {608EDA35-312F-4B73-9BE0-0FFD940A4F8C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {81D5D4DF-A8B5-48E4-AF83-9597935D3345} - \{78790847-0D08-7D04-7A11-04097F041105} -> No File <==== ATTENTION
ask: {8908AE64-628C-41D5-8C37-C60DDD23FF4D} - System32\Tasks\AVG-SSU_0516tb => C:\ProgramData\Avg_Update_0516tb\AVG-Secure-Search-Update_0516tb.exe [2016-05-10] ()
Task: {908FFA2E-0BB6-4B24-B089-6B0D64785E80} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9F954203-4ACD-4099-9797-60761EF7DC02} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {ACB55285-0AE3-4205-9D13-1615F758EA2C} - \WebUpdater LaunchTask -> No File <==== ATTENTION
Task: {B4E1DE73-4BA3-4D01-8C5E-0128F219079B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CCA2DE94-8BC0-42D6-936B-618A089134EA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D18E077A-731A-43D0-8F95-9D2E4B876DBB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DBE46B6B-F468-4025-BF94-7A2FA57B6447} - System32\Tasks\0316tbUpdateInfo => C:\ProgramData\Avg_Update_0316tb\0316tb_{2BD560EA-7DDD-4C82-8A98-9A8F477E337F}.exe [2016-03-22]
Task: {DFA3DBBB-D697-4E8A-A33D-BE1B91D1C3BB} - System32\Tasks\{A7D3ECC3-67D7-1B2C-4376-624C095A082E} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\fea70748\9e7afae2.dll" <==== ATTENTION
Task: {E5C4FEA5-B76A-45B9-ACCB-008F5E08A8D8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
2015-12-20 11:48 - 2016-03-01 17:15 - 01215560 _____ () C:\Program Files (x86)192584 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\loggingserver.exe\AVG Web TuneUp\WtuSystemSupport.exe
2016-04-19 19:19 - 2016-04-19 19:18 - 00
2016-04-19 19:19 - 2016-04-19 19:18 - 00533576 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\log4cplusU.dll

IE trusted site: HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3731359467-3889665967-61734404-1001\...\driversupport.com -> hxxps://apps.driversupport.com
EmptyTemp:
CMD: ipconfig /flushdns
Reboot:
*****************

Start: => Error: No automatic fix found for this entry.
Processes closed successfully.
Restore point was successfully created.
Restore point was successfully created.
) C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe => Error: No automatic fix found for this entry.
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.9.726 - AVG Technologies) => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value removed successfully
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value not found.
"HKCR\PROTOCOLS\Handler\tbauth" => key removed successfully
"HKCR\CLSID\{14654CA6-5711-491D-B89A-58E571679951}" => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL: WebCheck - <orphaned> => value not found.
"HKU\S-1-5-21-3731359467-3889665967-61734404-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
"HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
Firefox DefaultSearchEngine removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found.
C:\Users\MindyL\AppData\Roaming\Mozilla\Firefox\Profiles\yd2tqw0z.default-1449551652312\extensions\avg@toolbar.xpi => path removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => moved successfully
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Users\MindyL\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll => not found.
C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll => not found.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll => not found.
C:\windows\SysWOW64\npDeployJava1.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => not found.
vToolbarUpdater40.2.9 => service not found.
WtuSystemSupport => service not found.
016-04-19 20:52 - 2015-12-20 11:49 - 00000000 ____D C:\ProgramData\AVG Web TuneUp => Error: No automatic fix found for this entry.
"C:\Program Files\AVG Web TuneUp" => not found.
"C:\Program Files (x86)\AVG Web TuneUp" => not found.
C:\ProgramData\Avg => moved successfully
C:\Program Files (x86)\AVG => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A597ED27-4945-4E0B-8E37-DCD93DD85AD0}\\SystemComponent => value removed successfully
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.9.726 - AVG Technologies) => Error: No automatic fix found for this entry.
ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\MindyL\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-3731359467-3889665967-61734404-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06AD3FB7-0FF4-47D6-AA17-850E3A47DAE3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06AD3FB7-0FF4-47D6-AA17-850E3A47DAE3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0E43F7FE-3084-4CB3-A932-63A834AB8203}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E43F7FE-3084-4CB3-A932-63A834AB8203}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
ask: {2CC195D1-ADD8-4586-B776-041D92F48DD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
ask: {46A9C2CC-C3E8-4692-AF2F-DE02FC8D5083} - \WebUpdater Task -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
ask: {5715AFB2-DD70-48B2-8EC1-9943F3972D82} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{608EDA35-312F-4B73-9BE0-0FFD940A4F8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{608EDA35-312F-4B73-9BE0-0FFD940A4F8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81D5D4DF-A8B5-48E4-AF83-9597935D3345}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81D5D4DF-A8B5-48E4-AF83-9597935D3345}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{78790847-0D08-7D04-7A11-04097F041105}" => key removed successfully
ask: {8908AE64-628C-41D5-8C37-C60DDD23FF4D} - System32\Tasks\AVG-SSU_0516tb => C:\ProgramData\Avg_Update_0516tb\AVG-Secure-Search-Update_0516tb.exe [2016-05-10] () => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{908FFA2E-0BB6-4B24-B089-6B0D64785E80}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{908FFA2E-0BB6-4B24-B089-6B0D64785E80}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F954203-4ACD-4099-9797-60761EF7DC02}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F954203-4ACD-4099-9797-60761EF7DC02}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ACB55285-0AE3-4205-9D13-1615F758EA2C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACB55285-0AE3-4205-9D13-1615F758EA2C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebUpdater LaunchTask => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4E1DE73-4BA3-4D01-8C5E-0128F219079B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4E1DE73-4BA3-4D01-8C5E-0128F219079B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCA2DE94-8BC0-42D6-936B-618A089134EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCA2DE94-8BC0-42D6-936B-618A089134EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D18E077A-731A-43D0-8F95-9D2E4B876DBB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D18E077A-731A-43D0-8F95-9D2E4B876DBB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBE46B6B-F468-4025-BF94-7A2FA57B6447}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBE46B6B-F468-4025-BF94-7A2FA57B6447}" => key removed successfully
C:\WINDOWS\System32\Tasks\0316tbUpdateInfo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0316tbUpdateInfo" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFA3DBBB-D697-4E8A-A33D-BE1B91D1C3BB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFA3DBBB-D697-4E8A-A33D-BE1B91D1C3BB}" => key removed successfully
C:\WINDOWS\System32\Tasks\{A7D3ECC3-67D7-1B2C-4376-624C095A082E} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A7D3ECC3-67D7-1B2C-4376-624C095A082E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E5C4FEA5-B76A-45B9-ACCB-008F5E08A8D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5C4FEA5-B76A-45B9-ACCB-008F5E08A8D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\loggingserver.exe\AVG Web TuneUp\WtuSystemSupport.exe" => not found.
"2016-04-19 19:19 - 2016-04-19 19:18 - 00" => not found.
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\log4cplusU.dll" => not found.
"HKU\S-1-5-21-3731359467-3889665967-61734404-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\driversupport.com" => key removed successfully
HKU\S-1-5-21-3731359467-3889665967-61734404-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\driversupport.com => key not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 1.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:46:30 ====


# AdwCleaner v5.117 - Logfile created 16/05/2016 at 22:02:56
# Updated 15/05/2016 by Xplode
# Database : 2016-05-15.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : MindyL - MINDY
# Running from : C:\Users\MindyL\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\Avg_Update_0116avz
[-] Folder Deleted : C:\ProgramData\Avg_Update_0316tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_0516tb
[-] Folder Deleted : C:\ProgramData\fea70748
  • Folder Deleted : C:\ProgramData\Application Data\AVG Security Toolbar
  • Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0116avz
  • Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0316tb
  • Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0516tb
  • Folder Deleted : C:\ProgramData\Application Data\fea70748
  • [-] Folder Deleted : C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aolcffalbhpnojekmimmelebjchjmmgn

    ***** [ Files ] *****

  • File Deleted : C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ccncljhbalbbkkfgopogabimepmfkmff
  • File Deleted : C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aolcffalbhpnojekmimmelebjchjmmgn


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\itibitiphone.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bestpriceninja.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.bestpriceninja.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bestpriceninja.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
[-] Value Deleted : HKU\S-1-5-21-3731359467-3889665967-61734404-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Itibiti.exe]

***** [ Web browsers ] *****

[-] [C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.avg.com
[-] [C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aolcffalbhpnojekmimmelebjchjmmgn
[-] [C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chfdnecihphmhljaaejmgoiahnihplgn
[-] [C:\Users\MindyL\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5608 bytes] - [16/05/2016 22:02:56]
C:\AdwCleaner\AdwCleaner[S1].txt - [5520 bytes] - [16/05/2016 21:59:44]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5754 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64
Ran by MindyL (Administrator) on Mon 05/16/2016 at 22:13:26.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\WINDOWS\couponprinter.ocx (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\Google Update (Task)
Successfully deleted: C:\WINDOWS\prefetch\TOOLBARUPDATER.EXE-87188CF4.pf (File)
Successfully deleted: C:\WINDOWS\system32\REN665C.tmp (File)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_7BA9F92B06F33623D6E1FF3494EC2140 (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/16/2016 at 22:17:07.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~