Go Back   Cyber Tech Help Support Forums > Operating Systems > Windows 10

Notices

Reply
 
Topic Tools
  #1  
Old February 7th, 2017, 11:14 AM
onemac's Avatar
onemac onemac is offline
New Member
 
Join Date: Feb 2017
O/S: Windows 10 Home
Location: Lossiemouth, Scotland
Posts: 14
Cursor Virus

I seem to have downloaded a cursor virus which has changed my cursor into a small circle/star and refuses to allow me change back to the Windows Aero cursor. When I go through the procedure to change it appears on screen for a few seconds before reverting back to the circle.

I have AVG (paid) anti-virus installed and have run this along with Spybot and CCleaner to no avail. Computer is working fine apart from this. I have Windows 10 installed (upgraded from 7). Any help would be appreciated, Thanks.

Al
Reply With Quote


  #2  
Old February 8th, 2017, 01:27 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
Howdy onemac,

Welcome to CTH.

Not sure a malware would do only that, but let's take a look.


To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


If you know how, it's best to disable your antivirus while doing these steps.


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Reply With Quote
  #3  
Old February 8th, 2017, 05:36 PM
onemac's Avatar
onemac onemac is offline
New Member
 
Join Date: Feb 2017
O/S: Windows 10 Home
Location: Lossiemouth, Scotland
Posts: 14
Hi Tom

Thanks for the reply. Long time member (OneMacGuru) but had to re-register as forgot password etc. I should probably have said that a few months back I had a Windows update go wrong - it failed to implement at restart but resolved itself after shutting down completely and re-booting. I've therefore probably stuck this in the wrong section but I can live with the update fallout but not the cursor saga

First problem - FIRST.txt is too long so here's part 1:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by Al (administrator) on ALS_COMP (08-02-2017 15:49:24)
Running from C:\Users\Al\Desktop
Loaded Profiles: Al & ntp (Available Profiles: Al & UpdatusUser & ntp & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Tools\NTP\bin\ntpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\U3\U3Launcher\LaunchU3.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\360Radar\mlat-client.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\360Radar\modesmixer2.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kinetic Avionic Products Ltd) C:\Program Files (x86)\Kinetic\BaseStation\BaseStation.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x 64__kzf8qxf38zg5c\SkypeHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Kinetic Avionic Products Ltd) C:\Program Files (x86)\Kinetic\BaseStation\BaseStationReporter.exe
(Gatwick Aviation Society) C:\Users\Al\AppData\Local\Apps\2.0\CBEX2Q6V.XT7\0G OVP6O5.NLL\acti..tion_d45369983457ba68_0001.0040_f e9c60493357e534\ActiveDisplayLite.exe
(COAA) C:\Tools\PlanePlotter\PlanePlotter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\360Radar-ADSB\AdsbFilter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcfgex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-03-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSyst emStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTray.exe [9533688 2016-12-15] ()
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [CloudSystemBooster] => C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe [527544 2014-08-20] (Anvisoft)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [Google Update] => C:\Users\Al\AppData\Local\Google\Update\1.3.32.7\G oogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\adsbfilter.bat - Shortcut.lnk [2016-11-17]
ShortcutTarget: adsbfilter.bat - Shortcut.lnk -> C:\360Radar-ADSB\adsbfilter.bat ()
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\Dropbox.lnk [2014-11-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Al\AppData\Roaming\Dropbox\bin\Dropbox.ex e (Dropbox, Inc.)
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\LaunchU3.exe.lnk [2016-09-26]
ShortcutTarget: LaunchU3.exe.lnk -> C:\Users\Al\AppData\Roaming\Microsoft\Installer\{D 8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk [2014-11-25]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\start_mlat_client.bat - Shortcut.lnk [2016-10-14]
ShortcutTarget: start_mlat_client.bat - Shortcut.lnk -> C:\360Radar\start_mlat_client.bat ()
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\start_modesmixer2.bat - Shortcut.lnk [2016-10-14]
ShortcutTarget: start_modesmixer2.bat - Shortcut.lnk -> C:\360Radar\start_modesmixer2.bat ()
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\Stoic Joker's T-Clock 2010 x64.lnk [2012-03-03]
ShortcutTarget: Stoic Joker's T-Clock 2010 x64.lnk -> C:\ProgsLoad\T_Clock\T-Clock 2010 (build X - Release to DC)\x64\Clock.exe (Stoic Joker's Network)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4b14bed6-6f5f-494f-9c78-a23137e1a16f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{947d86da-468c-4822-b6da-29239bcbb276}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gfe_rd=cr&ei=t6DJVsndN-XW8gfquq-oCA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-05] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-05] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: vy6ih178.default-1416502492888
FF ProfilePath: C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888 [2017-02-08]
FF Homepage: Mozilla\Firefox\Profiles\vy6ih178.default-1416502492888 -> hxxps://www.google.co.uk/
FF Extension: (Anti-Aliasing Tuner) - C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888\Extensions\aatuner@hotmint.com [2016-03-09]
FF Extension: (Google Image Help) - C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888\Extensions\googleimagehelp@shivam.or g.xpi [2017-01-22]
FF Extension: (YoutubeAdBlocke) - C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888\Extensions\UspC@F.com [2014-11-20] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-25]
FF Extension: (AnviAdblock) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\AnviAdblock@anvisoft.co m.xpi [2014-04-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_ 194.dll [2017-01-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_ 194.dll [2017-01-27] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1 .dll [2017-02-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Al\AppData\Roaming\Mozilla\plugins\npgoog letalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1000: @talk.google.com/O1DPlugin -> C:\Users\Al\AppData\Roaming\Mozilla\plugins\npo1d. dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Al\AppData\Local\Google\Update\1.3.32.7\n pGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Al\AppData\Local\Google\Update\1.3.32.7\n pGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1000: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [2014-04-30] (Anvisoft)
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1005: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Al\AppData\Roaming\mozilla\plugins\npgoog letalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Al\AppData\Roaming\mozilla\plugins\npo1d. dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default [2017-02-08]
CHR Extension: (Adobe Acrobat) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefi ndmkaj [2017-01-30]
CHR Extension: (AnviAdblock) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmiofmipcpmhgihiecmpiekca cigpgb [2014-11-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-01-19]
CHR Extension: (Facebook Font Changer) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkmjdncgblppfakdnmcbljlng aodoaf [2015-11-16]
CHR Extension: (Chrome Media Router) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-02-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2014-04-30]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42680 2014-08-20] (Anvisoft)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ASD2Svc; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe [1206504 2014-08-20] (Anvisoft)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [1824184 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-03-08] (NVIDIA Corporation)
S3 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService6 4.exe [192200 2016-08-26] ()
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareService.exe [630976 2016-12-15] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 NTP; C:\Tools\NTP\bin\ntpd.exe [573840 2012-08-15] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-03-08] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-03-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-03-08] (NVIDIA Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\RpcAgentSrv.exe [93336 2009-08-24] (SiSoftware) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 asd2fsm; C:\WINDOWS\System32\DRIVERS\asd2fsm.sys [48656 2014-08-20] (Anvisoft) [File not signed]
S1 Asdids; C:\WINDOWS\System32\DRIVERS\asdids.sys [47632 2014-08-20] (Anvisoft) [File not signed]
S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\WINDOWS\system32\DRIVERS\avgfwd6a.sys [73992 2016-10-23] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-20] (AVG Technologies)
R0 avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
S1 BdfNdisf; C:\WINDOWS\system32\DRIVERS\bdfndisf6.sys [107496 2016-02-16] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.1.0\Drivers\bdfwfpf.sys [115800 2016-02-16] (BitDefender LLC)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [38096 2012-12-17] (GFI Software)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [14456 2013-01-16] (GFI Software)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\gzflt.sys [161592 2016-04-28] (BitDefender LLC)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-03-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2016-03-08] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RTL8023x64; C:\WINDOWS\System32\drivers\Rtnic64.sys [51712 2016-07-16] (Realtek Semiconductor Corporation )
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 seehcri; C:\WINDOWS\System32\drivers\seehcri.sys [34032 2014-09-20] (Sony Ericsson Mobile Communications)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath

Part 2 (continued) below:
Reply With Quote
  #4  
Old February 8th, 2017, 05:38 PM
onemac's Avatar
onemac onemac is offline
New Member
 
Join Date: Feb 2017
O/S: Windows 10 Home
Location: Lossiemouth, Scotland
Posts: 14
Can you let me know if you need Addition.txt as I can't seem to attach it?

Part Two (Continued):


==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-08 15:49 - 2017-02-08 15:50 - 00030391 _____ C:\Users\Al\Desktop\FRST.txt
2017-02-08 15:48 - 2017-02-08 15:49 - 00000000 ____D C:\FRST
2017-02-08 15:48 - 2017-02-08 15:48 - 02421248 _____ (Farbar) C:\Users\Al\Desktop\FRST64.exe
2017-02-08 15:47 - 2017-02-08 15:47 - 02421248 _____ (Farbar) C:\Users\Al\Downloads\FRST64.exe
2017-02-08 09:06 - 2016-12-29 12:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 09:04 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-08 09:04 - 2017-01-04 15:24 - 00210360 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-02-08 09:04 - 2016-12-29 13:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-08 09:02 - 2017-02-08 09:07 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-07 13:25 - 2017-02-07 13:36 - 00514780 _____ C:\WINDOWS\Minidump\020717-38750-01.dmp
2017-02-07 13:25 - 2017-02-07 13:25 - 839646933 _____ C:\WINDOWS\MEMORY.DMP
2017-02-07 09:49 - 2017-02-07 09:49 - 00000000 ____D C:\WINDOWS\Trend Micro
2017-02-07 09:49 - 2017-02-07 09:49 - 00000000 ____D C:\ProgramData\Trend Micro
2017-02-07 09:47 - 2017-02-07 09:47 - 02526736 _____ (Trend Micro Inc.) C:\Users\Al\Downloads\HousecallLauncher64.exe
2017-02-07 09:47 - 2017-02-07 09:47 - 00000036 _____ C:\Users\Al\AppData\Local\housecall.guid.cache
2017-02-07 09:47 - 2015-05-29 07:43 - 00307352 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-02-07 04:41 - 2016-11-28 10:10 - 00000002 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170207-044148.backup
2017-02-07 03:41 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-02-07 03:40 - 2017-02-07 03:40 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-02-07 03:40 - 2017-02-07 03:40 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-02-07 03:40 - 2017-02-07 03:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-02-07 03:40 - 2017-02-07 03:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-02-07 03:39 - 2017-02-07 13:02 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-07 03:39 - 2017-02-07 04:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-07 03:39 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-02-07 03:19 - 2017-02-07 03:39 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Al\Downloads\spybot-2.4.exe
2017-02-06 18:30 - 2017-02-06 18:30 - 00004332 _____ C:\WINDOWS\System32\Tasks\ReimageUpdater
2017-02-06 18:12 - 2017-02-06 18:14 - 00000000 ____D C:\Users\Al\Downloads\Red_Cursor
2017-02-06 18:12 - 2017-02-06 18:12 - 00013942 _____ C:\Users\Al\Downloads\red_aero_arrow.cur
2017-02-06 12:37 - 2017-02-07 03:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-06 12:37 - 2017-02-06 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-02-06 12:37 - 2017-02-06 12:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-02-06 12:37 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-06 12:37 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-02-06 12:37 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-06 12:36 - 2017-02-06 12:36 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Al\Downloads\mbam-setup-2.0.0.1000.exe
2017-02-05 22:12 - 2017-02-05 22:12 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign13569270ab7ad 42a
2017-02-05 22:05 - 2017-02-05 22:05 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignd1701aba86883 e13
2017-02-05 20:59 - 2017-02-05 20:59 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsigndc92407412b8b a4a
2017-02-05 20:58 - 2017-02-05 20:58 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign52a0f6bdd6e08 b42
2017-02-05 20:26 - 2017-02-05 20:26 - 00002850 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-02-05 20:26 - 2017-02-05 20:26 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-05 20:26 - 2017-02-05 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-05 20:25 - 2017-02-05 20:26 - 00000000 ____D C:\Program Files\CCleaner
2017-02-05 20:24 - 2017-02-05 20:25 - 08813488 _____ (Piriform Ltd) C:\Users\Al\Downloads\ccsetup526.exe
2017-02-05 14:17 - 2017-02-05 14:17 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign0dea630d24ec8 1e1
2017-02-05 14:16 - 2017-02-05 14:16 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignd2e5ec2401cc7 c15
2017-02-05 13:18 - 2017-02-06 13:16 - 00000000 ____D C:\Users\Al\AppData\Roaming\ParetoLogic
2017-02-05 13:18 - 2017-02-06 13:16 - 00000000 ____D C:\ProgramData\ParetoLogic
2017-02-05 12:56 - 2017-02-05 12:56 - 00000000 ____D C:\Users\Public\Thunder Network
2017-02-05 12:56 - 2017-02-05 12:56 - 00000000 ____D C:\ProgramData\Thunder Network
2017-02-05 12:52 - 2017-02-05 13:41 - 00000000 ____D C:\Program Files (x86)\OSTotoSoft
2017-02-05 12:52 - 2017-02-05 12:53 - 00000054 _____ C:\ProgramData\serverclasscache.ini
2017-02-05 12:52 - 2017-02-05 12:53 - 00000000 ____D C:\ProgramData\DriverTalent
2017-02-05 12:52 - 2017-02-05 12:52 - 00000000 ____D C:\Users\Al\AppData\Roaming\DriverTalent
2017-02-05 12:52 - 2017-02-05 12:52 - 00000000 ____D C:\OSTotoFolder
2017-02-05 12:06 - 2017-02-05 12:07 - 10909696 _____ C:\Users\Al\Downloads\WIN_Driver12.2.14.zip
2017-02-04 19:41 - 2017-02-04 19:41 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignf12685fb3134d ec7
2017-02-04 19:38 - 2017-02-04 19:38 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignf1686038aa3b3 89b
2017-02-04 16:41 - 2017-02-04 16:41 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign70bb2589b35bf 3de
2017-02-04 16:28 - 2017-02-04 16:28 - 00000000 ____D C:\ProgramData\ProductData
2017-02-04 16:27 - 2017-02-04 16:28 - 00000000 ____D C:\Users\Al\AppData\LocalLow\IObit
2017-02-04 16:27 - 2017-02-04 16:27 - 00002462 _____ C:\WINDOWS\System32\Tasks\Uninstaller_Install_Al
2017-02-04 16:27 - 2017-02-04 16:27 - 00002264 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2017-02-04 16:27 - 2017-02-04 16:27 - 00000288 _____ C:\WINDOWS\Tasks\Uninstaller_Install_Al.job
2017-02-04 16:27 - 2017-02-04 16:27 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2017-02-04 16:27 - 2017-02-04 16:27 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-02-04 16:26 - 2017-02-04 16:29 - 00000000 ____D C:\Users\Al\AppData\Roaming\IObit
2017-02-04 16:25 - 2017-02-05 21:11 - 00000000 ____D C:\Program Files (x86)\IObit
2017-02-04 16:25 - 2017-02-05 09:40 - 00000000 ____D C:\ProgramData\IObit
2017-02-04 13:09 - 2017-02-04 13:09 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign36254ff4f5ef8 b49
2017-02-03 23:26 - 2017-02-03 23:26 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign4a2350f0f662f 3a5
2017-02-03 23:23 - 2017-02-03 23:23 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignfc38370499922 ce9
2017-02-02 20:44 - 2017-02-02 20:44 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign35c586d55bc1c 223
2017-02-02 20:43 - 2017-02-02 20:43 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign3636bd018931c 403
2017-02-01 22:14 - 2017-02-01 22:14 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign5b1ed45ecc226 461
2017-02-01 22:10 - 2017-02-01 22:10 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign7b6f7d70f1a60 b2d
2017-01-30 12:30 - 2017-01-30 14:25 - 00804440 _____ (Adobe Systems Incorporated) C:\Users\Al\Downloads\CreativeCloudSet-Up.exe
2017-01-29 22:57 - 2017-01-29 22:57 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign5717c2db86ab7 834
2017-01-29 22:56 - 2017-01-29 22:56 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign28d1c6d80c3c6 bc2
2017-01-29 01:45 - 2017-01-29 01:45 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign4c8bfdde73fdd bd1
2017-01-29 01:44 - 2017-01-29 01:44 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign9f74ebea85ad1 588
2017-01-28 10:51 - 2017-01-28 10:51 - 00000000 ___HD C:\$SysReset
2017-01-27 17:52 - 2017-01-27 17:52 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsigncd0df65f5833d da5
2017-01-27 14:31 - 2017-01-27 14:31 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignc04a31324aaea cc6
2017-01-25 13:05 - 2016-12-21 07:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 13:05 - 2016-12-21 04:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 22:54 - 2017-01-24 22:54 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign1656fe852c2bd 21c
2017-01-24 22:40 - 2017-01-24 22:40 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign31b6e29b96889 d86
2017-01-22 20:04 - 2017-01-22 20:04 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign1006ed5a4cecb d14
2017-01-22 20:02 - 2017-01-22 20:02 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign186bfa7826907 69a
2017-01-17 19:23 - 2017-01-17 19:23 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign2e93c4c7bf59b 602
2017-01-17 19:17 - 2017-01-17 19:17 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign71b6b8050a536 032
2017-01-16 21:23 - 2017-01-16 21:23 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsigned24262e4f333 c5e
2017-01-16 21:22 - 2017-01-16 21:22 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsigne3f3bdbc6b22b fbf
2017-01-15 18:00 - 2017-02-06 20:44 - 00053760 ___SH C:\Users\Al\Desktop\Thumbs.db
2017-01-14 14:49 - 2017-01-14 14:49 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignbb2b2d8b4694f 6ff
2017-01-14 14:46 - 2017-01-14 14:46 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign6023e6e3aeed0 590
2017-01-13 11:37 - 2017-01-13 11:37 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsigncdb71019e6061 a9a
2017-01-13 11:36 - 2017-01-13 11:36 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign43606fee088b9 758
2017-01-12 22:31 - 2017-01-12 22:31 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign3660428d0f601 4f6
2017-01-12 11:15 - 2017-01-12 11:15 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign4ed31ca813084 424
2017-01-11 11:03 - 2016-12-21 08:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 11:03 - 2016-12-21 08:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 11:03 - 2016-12-21 08:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 11:03 - 2016-12-21 07:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationDat a.dll
2017-01-11 11:03 - 2016-12-21 07:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 11:03 - 2016-12-21 07:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-11 11:03 - 2016-12-21 07:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 11:03 - 2016-12-21 07:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 11:03 - 2016-12-21 07:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 11:03 - 2016-12-21 07:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 11:03 - 2016-12-21 07:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 11:03 - 2016-12-21 07:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 11:03 - 2016-12-21 07:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 11:03 - 2016-12-21 07:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 11:03 - 2016-12-21 07:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 11:03 - 2016-12-21 07:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 11:03 - 2016-12-21 07:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 11:03 - 2016-12-21 07:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 11:03 - 2016-12-21 07:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 11:03 - 2016-12-21 07:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 11:03 - 2016-12-21 07:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 11:03 - 2016-12-21 07:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 11:03 - 2016-12-21 07:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandle rs.dll
2017-01-11 11:03 - 2016-12-21 07:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 11:03 - 2016-12-21 07:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 11:03 - 2016-12-21 07:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 11:03 - 2016-12-21 07:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 11:03 - 2016-12-21 07:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 11:03 - 2016-12-21 07:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 11:03 - 2016-12-21 07:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 11:03 - 2016-12-21 07:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 11:03 - 2016-12-21 07:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 11:03 - 2016-12-21 07:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 11:03 - 2016-12-21 07:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 11:03 - 2016-12-21 06:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 11:03 - 2016-12-21 06:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 11:03 - 2016-12-21 06:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 11:03 - 2016-12-21 06:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 11:03 - 2016-12-21 06:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 11:03 - 2016-12-21 06:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 11:03 - 2016-12-21 06:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 11:03 - 2016-12-21 06:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 11:03 - 2016-12-21 06:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 11:03 - 2016-12-21 06:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 11:03 - 2016-12-21 06:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 11:03 - 2016-12-21 06:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2017-01-11 11:03 - 2016-12-21 06:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 11:03 - 2016-12-21 06:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 11:03 - 2016-12-21 06:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 11:03 - 2016-12-21 06:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 11:03 - 2016-12-21 06:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 11:03 - 2016-12-21 06:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 11:03 - 2016-12-21 06:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 11:03 - 2016-12-21 06:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 11:03 - 2016-12-21 05:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 11:03 - 2016-12-21 05:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationDat a.dll
2017-01-11 11:03 - 2016-12-21 05:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-11 11:03 - 2016-12-21 05:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 11:03 - 2016-12-21 05:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 11:03 - 2016-12-21 05:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 11:03 - 2016-12-21 05:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 11:03 - 2016-12-21 05:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 11:03 - 2016-12-21 05:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 11:03 - 2016-12-21 05:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 11:03 - 2016-12-21 04:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 11:03 - 2016-12-21 04:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 11:03 - 2016-12-21 04:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 11:03 - 2016-12-21 04:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockS creen.dll
2017-01-11 11:03 - 2016-12-21 04:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 11:03 - 2016-12-21 04:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 11:03 - 2016-12-21 04:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 11:03 - 2016-12-21 04:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 11:03 - 2016-12-21 04:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 11:03 - 2016-12-21 04:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 11:03 - 2016-12-21 04:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 11:03 - 2016-12-21 04:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 11:03 - 2016-12-21 04:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 11:03 - 2016-12-21 04:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 11:03 - 2016-12-21 04:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 11:03 - 2016-12-21 04:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 11:03 - 2016-12-21 04:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 11:03 - 2016-12-21 04:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 11:03 - 2016-12-21 04:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 11:03 - 2016-12-21 04:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 11:03 - 2016-12-21 04:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 11:03 - 2016-12-21 04:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 11:03 - 2016-12-21 04:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 11:03 - 2016-12-21 04:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 11:03 - 2016-12-21 04:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 11:03 - 2016-12-14 05:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 11:03 - 2016-12-14 05:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 11:03 - 2016-12-14 05:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 11:03 - 2016-12-14 05:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 11:03 - 2016-12-14 05:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 11:03 - 2016-12-14 05:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 11:03 - 2016-12-14 05:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 11:03 - 2016-12-14 05:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 11:03 - 2016-12-14 05:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 11:03 - 2016-12-14 05:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 11:03 - 2016-12-14 05:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 11:03 - 2016-12-14 05:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 11:03 - 2016-12-14 05:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 11:03 - 2016-12-14 05:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 11:03 - 2016-12-14 05:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 11:03 - 2016-12-14 05:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 11:03 - 2016-12-14 05:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 11:03 - 2016-12-14 04:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 11:03 - 2016-12-14 04:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 11:03 - 2016-12-14 04:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 11:03 - 2016-12-14 04:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 11:03 - 2016-12-14 04:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 11:03 - 2016-12-14 04:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 11:03 - 2016-12-14 04:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.Prox yStub.dll
2017-01-11 11:03 - 2016-12-14 04:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 11:03 - 2016-12-14 04:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 11:03 - 2016-12-14 04:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 11:03 - 2016-12-14 04:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 11:03 - 2016-12-14 04:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 11:03 - 2016-12-14 04:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 11:03 - 2016-12-14 04:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 11:03 - 2016-12-14 04:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogControlle r.dll
2017-01-11 11:03 - 2016-12-14 04:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 11:03 - 2016-12-14 04:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 11:03 - 2016-12-14 04:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 11:03 - 2016-12-14 04:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogControlle r.dll
2017-01-11 11:03 - 2016-12-14 04:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 11:03 - 2016-12-14 04:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 11:03 - 2016-12-14 04:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 11:03 - 2016-12-14 04:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 11:03 - 2016-12-14 04:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 11:03 - 2016-12-14 04:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 11:03 - 2016-12-14 04:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 11:03 - 2016-12-14 04:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 11:03 - 2016-12-14 04:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 11:03 - 2016-12-14 04:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 11:03 - 2016-12-14 04:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 11:03 - 2016-12-14 04:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 11:03 - 2016-12-14 04:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 11:03 - 2016-12-14 04:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 11:03 - 2016-12-14 04:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 11:03 - 2016-12-14 04:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 11:03 - 2016-12-14 04:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 11:03 - 2016-12-14 04:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 11:03 - 2016-12-14 04:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 11:03 - 2016-12-14 04:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 11:03 - 2016-12-14 04:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 11:03 - 2016-12-14 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 11:03 - 2016-11-02 12:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 11:03 - 2016-11-02 11:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 11:03 - 2016-11-02 10:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockS creen.dll
2017-01-11 11:03 - 2016-11-02 10:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 11:03 - 2016-11-02 10:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-11 11:03 - 2016-08-02 04:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 11:02 - 2016-12-21 07:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 11:02 - 2016-12-21 07:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 11:02 - 2016-12-21 07:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 11:02 - 2016-12-21 07:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 11:02 - 2016-12-21 07:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 11:02 - 2016-12-21 07:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 11:02 - 2016-12-21 04:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 11:02 - 2016-12-21 04:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 11:02 - 2016-12-21 04:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 11:02 - 2016-12-14 05:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 11:02 - 2016-12-14 04:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 11:02 - 2016-12-14 04:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 11:02 - 2016-12-14 04:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.Prox yStub.dll
2017-01-11 11:02 - 2016-12-14 04:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 11:02 - 2016-12-14 04:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-08 14:55 - 2016-09-26 09:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-08 14:24 - 2012-03-01 11:39 - 00000000 ____D C:\ProgramData\MFAData
2017-02-08 10:57 - 2016-11-25 10:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-08 09:06 - 2016-09-26 09:41 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-08 09:06 - 2016-09-26 09:40 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 09:06 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 09:06 - 2016-03-14 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 09:06 - 2016-03-14 18:21 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 09:04 - 2016-09-26 09:40 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 09:04 - 2016-09-26 09:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-08 08:31 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-08 08:31 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-08 08:27 - 2015-12-06 23:35 - 00000000 ___RD C:\Users\Al\Creative Cloud Files
2017-02-08 08:23 - 2016-11-18 11:21 - 00000000 ____D C:\Users\Al\AppData\LocalLow\Mozilla
2017-02-08 08:18 - 2016-09-26 10:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-08 08:18 - 2014-11-17 20:18 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-02-07 22:48 - 2016-09-26 09:46 - 00000000 ____D C:\Users\ntp
2017-02-07 22:48 - 2016-07-16 06:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-02-07 14:45 - 2016-09-26 10:26 - 00003658 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-02-07 13:25 - 2016-09-26 17:40 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-07 10:17 - 2016-07-16 06:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-07 04:05 - 2013-07-28 11:19 - 00004039 _____ C:\WINDOWS\wininit.ini
2017-02-07 03:41 - 2015-06-12 09:47 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-07 03:23 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Cursors
2017-02-06 20:44 - 2016-12-23 11:20 - 00000000 ____D C:\Program Files\Macrium
2017-02-06 20:17 - 2016-02-21 11:40 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 19:46 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-06 08:01 - 2010-11-21 03:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-05 20:34 - 2012-03-01 12:32 - 00000000 ___HD C:\Users\Al\AppData\Roaming\uTorrent
2017-02-05 20:33 - 2016-03-14 18:31 - 00000000 ____D C:\Users\Al\AppData\Local\CrashDumps
2017-02-05 18:14 - 2014-10-20 10:18 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-05 18:14 - 2014-10-20 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-05 18:14 - 2014-10-20 10:18 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-05 18:14 - 2013-10-19 21:39 - 00000000 ____D C:\ProgramData\Oracle
2017-02-04 21:37 - 2012-05-31 21:01 - 00001456 ____H C:\Users\Al\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-02-04 18:19 - 2016-11-26 20:07 - 00000000 ____D C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\ByteFence
2017-02-04 18:18 - 2016-09-26 18:34 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-04 18:14 - 2012-06-22 23:45 - 00000000 ___HD C:\Users\Al\AppData\Roaming\Azureus
2017-02-04 17:09 - 2009-03-30 22:38 - 00000000 ____D C:\AlsMusic
2017-01-30 14:28 - 2016-11-07 21:04 - 00001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-01-29 12:12 - 2016-02-21 13:12 - 00000000 ____D C:\Users\Al\AppData\Local\VirtualRadar
2017-01-29 10:23 - 2015-12-02 12:34 - 00000017 _____ C:\Users\Al\Desktop\fr24feed.key
2017-01-29 01:04 - 2016-11-30 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-29 01:04 - 2013-12-09 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-28 10:07 - 2012-03-31 08:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-27 09:13 - 2012-03-02 09:12 - 00000000 ___HD C:\Users\Al\AppData\Local\Adobe
2017-01-27 09:12 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-27 09:12 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-25 14:29 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 17:58 - 2016-12-17 13:57 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-24 17:58 - 2016-03-13 18:56 - 00002396 _____ C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\OneDrive.lnk
2017-01-24 17:58 - 2016-03-13 18:56 - 00000000 ___RD C:\Users\Al\OneDrive
2017-01-24 13:07 - 2016-09-26 09:46 - 00000000 ____D C:\Users\Al
2017-01-19 16:59 - 2015-11-09 19:22 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 10:08 - 2016-09-07 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-01-14 11:20 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-12 16:15 - 2016-09-26 10:26 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 18:09 - 2016-04-27 06:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 17:37 - 2016-09-26 09:37 - 08367784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-11 17:34 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 17:34 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 17:34 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 17:34 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 17:34 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 12:04 - 2013-04-10 20:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-11 12:03 - 2009-07-14 02:34 - 00000543 _____ C:\WINDOWS\win.ini
2017-01-11 11:57 - 2013-08-17 23:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 11:53 - 2012-03-05 15:21 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2013-05-20 21:16 - 2014-01-08 15:18 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-06-15 16:40 - 2013-06-15 16:40 - 0000132 ____H () C:\Users\Al\AppData\Roaming\Adobe BMP Format CS6 Prefs
2012-11-24 10:44 - 2013-06-15 16:41 - 0000132 ____H () C:\Users\Al\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-08-29 21:26 - 2013-09-01 13:29 - 0000000 ____H () C:\Users\Al\AppData\Roaming\bitlord_log.txt
2017-02-05 13:18 - 2017-02-05 13:39 - 0000115 _____ () C:\Users\Al\AppData\Roaming\LogFile.txt
2012-05-30 21:41 - 2012-06-20 21:40 - 0001456 ____H () C:\Users\Al\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-05-31 21:01 - 2017-02-04 21:37 - 0001456 ____H () C:\Users\Al\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-02-07 09:47 - 2017-02-07 09:47 - 0000036 _____ () C:\Users\Al\AppData\Local\housecall.guid.cache
2014-01-28 08:59 - 2014-02-18 23:23 - 0007597 ____H () C:\Users\Al\AppData\Local\Resmon.ResmonCfg
2012-03-12 22:54 - 2012-03-12 22:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-06-20 19:20 - 2009-11-26 12:59 - 12177408 _____ () C:\ProgramData\sandra.mda
2017-02-05 12:52 - 2017-02-05 12:53 - 0000054 _____ () C:\ProgramData\serverclasscache.ini
2016-03-14 17:05 - 2016-03-14 17:05 - 0000000 _____ () C:\ProgramData\xml30B2.tmp
2016-03-14 17:05 - 2016-03-14 17:05 - 0000000 _____ () C:\ProgramData\xml320A.tmp
2016-03-14 17:05 - 2016-03-14 17:05 - 0000000 _____ () C:\ProgramData\xml323A.tmp
2016-03-14 17:05 - 2016-03-14 17:05 - 0000000 _____ () C:\ProgramData\xml327A.tmp
2012-06-20 22:52 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xml342E.tmp
2012-06-20 22:52 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xml346E.tmp
2015-12-05 18:07 - 2015-12-05 18:07 - 0000000 _____ () C:\ProgramData\xml3517.tmp
2015-12-05 18:07 - 2015-12-05 18:07 - 0000000 _____ () C:\ProgramData\xml3528.tmp
2012-06-20 22:52 - 2012-06-20 22:52 - 0000000 _____ () C:\ProgramData\xml35B6.tmp
2012-06-20 22:52 - 2012-06-20 22:52 - 0000000 _____ () C:\ProgramData\xml36E0.tmp
2015-12-05 14:03 - 2015-12-05 14:03 - 0000000 _____ () C:\ProgramData\xml5C23.tmp
2015-12-05 14:03 - 2015-12-05 14:03 - 0000000 _____ () C:\ProgramData\xml5C34.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml63F9.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml64A6.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml64E5.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml6515.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml6564.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml6565.tmp
2015-12-23 13:57 - 2015-12-23 13:57 - 0000000 _____ () C:\ProgramData\xml859.tmp
2015-12-23 13:57 - 2015-12-23 13:57 - 0000000 _____ () C:\ProgramData\xml9A2.tmp
2015-12-23 13:57 - 2015-12-23 13:57 - 0000000 _____ () C:\ProgramData\xmlA00.tmp
2015-12-23 13:57 - 2015-12-23 13:57 - 0000000 _____ () C:\ProgramData\xmlA6F.tmp
2016-01-16 15:08 - 2016-01-16 15:08 - 0000000 _____ () C:\ProgramData\xmlB28F.tmp
2016-01-16 15:08 - 2016-01-16 15:08 - 0000000 _____ () C:\ProgramData\xmlB399.tmp
2016-01-16 15:08 - 2016-01-16 15:08 - 0000000 _____ () C:\ProgramData\xmlB511.tmp
2016-01-16 15:08 - 2016-01-16 15:08 - 0000000 _____ () C:\ProgramData\xmlB59E.tmp
2012-06-20 19:22 - 2012-06-20 19:22 - 0009053 _____ () C:\ProgramData\xmlC33F.tmp
2015-12-06 20:32 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xmlD6A8.tmp
2015-12-06 20:32 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xmlD754.tmp
2015-12-06 20:32 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xmlD7B3.tmp
2015-12-05 17:50 - 2015-12-05 17:50 - 0000000 _____ () C:\ProgramData\xmlD7DB.tmp
2015-12-05 17:50 - 2015-12-05 17:50 - 0000000 _____ () C:\ProgramData\xmlD7EC.tmp
2015-12-06 20:32 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xmlD85F.tmp
2012-06-20 19:22 - 2012-06-20 19:22 - 0013598 _____ () C:\ProgramData\xmlDE7E.tmp
2012-06-20 19:22 - 2012-06-20 19:22 - 0000000 _____ () C:\ProgramData\xmlDF3A.tmp
2012-06-20 19:22 - 2012-06-20 19:22 - 0000000 _____ () C:\ProgramData\xmlE082.tmp

Files to move or delete:
====================
C:\Users\Al\test.exe


Some files in TEMP:
====================
2017-02-05 18:12 - 2017-02-05 18:12 - 0739904 _____ (Oracle Corporation) C:\Users\Al\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-02-06 20:41 - 2016-12-12 09:56 - 2630968 _____ (Paramount Software UK Ltd) C:\Users\Al\AppData\Local\Temp\xReflect.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-05 10:40

==================== End of FRST.txt ============================
Reply With Quote
  #5  
Old February 9th, 2017, 01:12 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
I will need the Additions log. I shows your installs in part, and the logs so far show two antivirus's installed.
Reply With Quote
  #6  
Old February 9th, 2017, 11:43 AM
onemac's Avatar
onemac onemac is offline
New Member
 
Join Date: Feb 2017
O/S: Windows 10 Home
Location: Lossiemouth, Scotland
Posts: 14
I've been puzzling over the AVG install. I purchased the prog in Sept of 2015 and paid the annual fee in Sept of 2016 but the version that I can see says it's the free one?

Anyway, part one (of 3) of the Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by Al (08-02-2017 15:51:07)
Running from C:\Users\Al\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-26 10:30:12)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-1118254938-2305694269-2017895754-500 - Administrator - Disabled)
Al (S-1-5-21-1118254938-2305694269-2017895754-1000 - Administrator - Enabled) => C:\Users\Al
DefaultAccount (S-1-5-21-1118254938-2305694269-2017895754-503 - Limited - Disabled)
Guest (S-1-5-21-1118254938-2305694269-2017895754-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1118254938-2305694269-2017895754-1002 - Limited - Enabled)
ntp (S-1-5-21-1118254938-2305694269-2017895754-1005 - Limited - Enabled) => C:\Users\ntp
UpdatusUser (S-1-5-21-1118254938-2305694269-2017895754-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Spybot - Search and Destroy (Disabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Active Display Lite (HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\a463269a76ae8c3c) (Version: 1.64.0.30 - Gatwick Aviation Society)
Ad-Aware Antivirus (HKLM\...\{AD9CEBD6-442D-4979-9D1D-E1050F2E272D}_AdAwareUpdater) (Version: 11.15.1046.10613 - Lavasoft)
AdAwareInstaller (Version: 11.15.1046.10613 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.15.1046.10613 - Lavasoft) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Bridge CC 2017 (HKLM-x32\...\KBRG_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8 CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.7 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702 B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Amazon Kindle (HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Amazon Kindle) (Version: - Amazon)
AntimalwareEngine (Version: 3.0.129.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.5.0.320 - Lavasoft) Hidden
Anvi Smart Defender 2.3 (HKLM-x32\...\Anvi Smart Defender) (Version: 2.3 - Anvisoft)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG (Version: 16.141.7998 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4756 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.141.7998 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.0.19 - AVG Technologies)
BaseStation (HKLM-x32\...\{8D94F7BA-48A7-4E22-89BD-43C07E11CF70}) (Version: 1.2.3.179 - Kinetic Avionics Products Ltd)
BitLord 2.4 (HKLM-x32\...\BitLord) (Version: 2.4.4-312 - House of Life)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{8CDE6A53-B721-407E-B59B-9E9E9605BF23}) (Version: 1.39.0 - Kovid Goyal)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.1.0.6 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.0.1.3 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Cloud System Booster (HKLM-x32\...\Cloud System Booster) (Version: 3.5 - Anvisoft)
Dropbox (HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EasyLife Gadget (HKLM\...\{ACE9FB2A-31A5-4285-9510-43F1636EAB21}) (Version: 1.0 - EasyLife Gadget)
EOSInfo (HKLM-x32\...\{CC23FF9A-989C-4DEB-8970-50E6E4862315}) (Version: 0.2.0 - astrojargon.net)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{710D4D91-1924-4A6B-8659-9CDE02DC7207}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Menu Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Migratr (HKLM-x32\...\{8B973103-BAA5-465F-ADFE-55A9E9D1130D}) (Version: 1.06 - Alexander Lucas)
MilModeSLogger 4.1 (HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\2db60cfa1f1e7a2c) (Version: 1.0.0.95 - MilModeSLogger 4.1)
ModeSLogger version 4.1 (HKLM-x32\...\{137244DE-F6FA-468B-A7B2-07D6E94586EA}_is1) (Version: 4.1 - live-mode-s.info)
Movie Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Mozilla Thunderbird 45.7.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 45.7.0 (x86 en-GB)) (Version: 45.7.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MySQL Connector Net 6.5.4 (HKLM-x32\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)
Network Time Protocol (HKLM-x32\...\NTP) (Version: 4.2.6p5@london-o-lpv - )
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version: - )
NTP Time Server Monitor 1.04 (HKLM-x32\...\NTP Time Server Monitor 1.04) (Version: 0.9g - Meinberg Radio Clocks)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OnlineThreatsEngine (Version: 3.0.1.23 - Lavasoft) Hidden
Open Downloader Manager (HKLM-x32\...\OpenDownloaderManager) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PFPortChecker 1.0.39 (HKLM-x32\...\PFPortChecker) (Version: 1.0.39 - Portforward.com)
PIXELA AAC LC CODEC (HKLM-x32\...\PIXELA AAC LC CODEC) (Version: 1.1.0.1 - Canon Inc.)
PlanePlotter version PlanePlotter 6.4.5.2 (HKLM-x32\...\PlanePlotter_is1) (Version: PlanePlotter 6.4.5.2 - COAA)
Portforward Static IP Address 1.0.47 (HKLM-x32\...\Portforward Static IP Address) (Version: 1.0.47 - Portforward.com)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Reimage Protector (HKLM\...\Reimage Protector) (Version: - Reimage) <==== ATTENTION
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
SBS-resources (HKLM-x32\...\{3B046B0B-D0EC-40B4-86A8-49F900289198}) (Version: 6.2 - Kinetic Avionic Products Ltd)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
SiSoftware Sandra Professional Business 2010 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1) (Version: 16.10.2010.1 - SiSoftware)
Sony Mobile Emma (HKLM-x32\...\Emma) (Version: 2.14.4.201403101311 - Sony Mobile Communications AB)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.13.201409122125 - Sony Mobile Communications AB)
Sony PC Companion 2.10.226 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.226 - Sony)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SQLite Expert Personal 3.5.58 (HKLM-x32\...\SQLite Expert Personal 3_is1) (Version: - Bogdan Ureche)
Tablet Driver V8.01 (HKLM-x32\...\TabletDriver) (Version: - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
TomTom MyDrive Connect 4.1.0.2658 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.0.2658 - TomTom)
U3Launcher (HKLM-x32\...\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}) (Version: 1.0.0 - U3)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3141468) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CB85A0CF-0448-43D8-8006-173A8C84A018}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3141468) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CB85A0CF-0448-43D8-8006-173A8C84A018}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3141468) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{CB85A0CF-0448-43D8-8006-173A8C84A018}) (Version: - Microsoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Virtual Radar 2.3.1 (HKLM-x32\...\Virtual Radar_is1) (Version: - )
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vuze Remote Toolbar v8.5 (HKLM-x32\...\{EDF914BD-584C-48CE-8254-324201560529}) (Version: 8.5 - Spigot, Inc.) <==== ATTENTION
WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17329 - Microsoft Corporation)
WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24011}) (Version: 15.5.9580 - WinZip Computing, S.L. )
ZoneAlarm Antivirus (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Al\AppData\Roaming\Dropbox\bin\Dropbox.ex e (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Al\AppData\Local\Google\Update\1.3.32.7\p suser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Al\AppData\Local\Google\Update\1.3.32.7\p suser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Al\AppData\Roaming\Dropbox\bin\DropboxExt 64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Al\AppData\Roaming\Dropbox\bin\DropboxExt 64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Al\AppData\Roaming\Dropbox\bin\DropboxExt 64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Al\AppData\Roaming\Dropbox\bin\DropboxExt 64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Al\AppData\Roaming\Dropbox\bin\DropboxExt 64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Al\AppData\Roaming\Dropbox\bin\DropboxExt 64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Al\AppData\Roaming\Dropbox\bin\DropboxExt 64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Al\AppData\Roaming\Dropbox\bin\DropboxExt 64.24.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00D61269-6750-4B2D-B845-073A80A9FDB2} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenan ce2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Task: {109CBEBF-4316-44EE-8742-60CA2A641877} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab6a6bb 995f7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-21] (Google Inc.)
Task: {12078FAD-28B5-43B6-BD36-272B778F273B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {14B7ECE6-8F7B-4D98-88C1-04D488EBDE82} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {198F364C-581D-4534-93B3-9325A596B9BA} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {21820F5F-E680-4A52-896D-FBA27EB83476} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {22BD7FB8-A79B-4CF6-B628-593838FAD41A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {26793AA0-9230-466F-B3C2-42799D676B99} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {29664BE1-E2D8-4BC4-AA2F-BE00DA6AFD01} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {2AB407C1-2712-47D4-8A37-11AA92A6C2B7} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2C1B8ACB-F5C9-4ECB-AC6D-0B3F71FF3512} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2C27BF37-35F8-4C0C-BEEB-C2334545437F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {376E90E6-C310-412E-9B15-DAB6160CED36} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {3ACE6F47-4AED-4DA5-8C55-6AF7B9AF6FC2} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {45D239F2-3F2D-4DC4-ACC0-E8965FA48542} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4B83675E-7A7F-453E-86E3-15F88FA5ABCA} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {4CE91C33-FFE2-41CA-8F7A-78D04CA78FBB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {515F1911-9000-43D1-94B5-5F92EF0B0868} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {568F219E-2D84-4531-8E3B-B2BB4DD17085} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {5D3F6121-9011-42D1-A10D-7FD093D3F196} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-21] (Google Inc.)
Task: {5E2F4665-A3A0-4968-8E62-E45B7DBCA2D4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1118254938-2305694269-2017895754-1000Core => C:\Users\Al\AppData\Local\Google\Update\GoogleUpda te.exe [2016-09-12] (Google Inc.)
Task: {61F69AA8-38BC-4889-8ACA-FA30AB59CC4B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgra deReminderTime -> No File <==== ATTENTION
Task: {67062635-A65A-410A-8E51-7B593F65C7FA} - System32\Tasks\Uninstaller_Install_Al => C:\Program Files (x86)\IObit\Advanced SystemCare\IObitUninstaller.exe
Task: {6B6F913D-C4A4-4F00-B2A4-676CF1BE8351} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-21] (Google Inc.)
Task: {6C6BE3A6-4A89-4101-8E0F-696E816615D3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1118254938-2305694269-2017895754-1000UA1d257d73cd545bf => C:\Users\Al\AppData\Local\Google\Update\GoogleUpda te.exe [2016-09-12] (Google Inc.)
Task: {6EB92FEF-879E-4BC4-94D2-B1A4086CC21A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {6F559501-7DC6-4C3D-A0CC-514CC0694AC2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {704E3389-AAAC-428A-821B-59E802387565} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {70E0928D-4E98-424A-B236-99E8B0AB5758} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {74542BE6-4222-46D2-B0E9-73CD2E2EA069} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-12-12] (Oracle Corporation)
Task: {76C9B68C-6358-4721-ACAF-35F3C5D79BB3} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Al\AppData\Local\Microsoft\OneDrive\17.3. 6517.0809\OneDriveStandaloneUpdater.exe
Task: {7FFDDDAA-E821-4618-B43D-D9066C1C02F7} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {81AA2D63-03C6-4AD1-A554-23AB705AA0F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {83802DEF-7145-4335-BBE6-DA63A629B865} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8462DF0F-3357-47A4-BFE0-742CEDCB4868} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {87BE09FB-CDED-423F-A433-4EE5ECA38703} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {89F5DF4A-FE85-45D8-B803-438EC9FFB7B0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {8C2FC8E4-D013-463A-8870-52E1DFEABA01} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {952CEAF4-97B9-4AFF-8BE5-B82871A5AC88} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
Task: {96BAC98A-1D67-442F-85E2-9AC36534FDB7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1118254938-2305694269-2017895754-1000UA => C:\Users\Al\AppData\Local\Google\Update\GoogleUpda te.exe [2016-09-12] (Google Inc.)
Task: {987B32ED-3D3D-4496-915B-D4B7103E7058} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {9BADEE4E-85A1-424F-A386-AF820F166CA2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1118254938-2305694269-2017895754-1000Core1d257d73c93db02 => C:\Users\Al\AppData\Local\Google\Update\GoogleUpda te.exe [2016-09-12] (Google Inc.)
Task: {9BF35362-65C8-4E32-AD33-3279E8108111} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {9ED37873-1733-40A2-A1FC-CBBAF28F7ACA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {A1690681-2085-4B98-B621-550C8D3AA83A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {A58AF69E-AD31-4EE7-9514-AF943C006F4C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A686EEA8-F346-49A7-8860-0661E05D7612} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A6F45203-5FB3-43D2-B964-819A1913E8BA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION
Task: {A7A6915E-A7BC-4E17-A5A3-453F06F33FF8} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {A8D2C174-20BD-4028-8F7D-986F1C387F87} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: {A93C1539-6CBB-4257-B33C-E7F4376F45D0} - System32\Tasks\hpUrlLauncher.exe_{0A47A60F-8BF3-400E-BC0E-9B5A71DC875C} => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\utils\hpUrlLauncher.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {ADECE40F-6518-476B-BBAF-FA35A5C8C76E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B2462203-46BD-4C17-9A63-01446D7D8783} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B73AE017-8611-4CFC-97BF-0DC6C66ECF6B} - System32\Tasks\AdobeAAMUpdater-1.0-Als_Comp-Al => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [2016-07-01] (Adobe Systems Incorporated)
Task: {B8CD9DCD-9931-4367-A63A-89EF2F7F9409} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgra deTime -> No File <==== ATTENTION
Task: {BA482F2E-1956-4395-974E-D71C2D79429F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2017-01-27] (Adobe Systems Incorporated)
Task: {BBEB2713-E56D-4A1B-A24C-27C5A601D263} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {BCEB2354-DCF2-4368-9D85-BED3226B4D9A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD0F8ABE-08F1-4C09-8140-8488E6E3AC99} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C5100DC8-1C38-4F20-8C7F-CE2125EB1302} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C8461052-566B-42DC-B729-DDF1C9FA121F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D3D897FF-DBBA-4605-A6A6-344F80104E4E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D93F0451-66AC-462A-914D-1F5F23A1B278} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DD03B3E7-1A7A-43B3-BDAA-A736BC684669} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E4D26631-590C-4714-9E35-ADB981CDF427} - System32\Tasks\ASD_Main => C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2.exe [2014-08-20] (Anvisoft)
Task: {EF45E860-81FE-4A59-809A-78ADBB9BFD71} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab6a6 b9156c6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-21] (Google Inc.)
Task: {F73CE36A-87A0-4822-AEC5-EC5234F645D0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION
Task: {F8242A65-FE8E-4D9B-BFD1-1C363372A862} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {FBF172CB-465A-46BD-82F2-8787BEF65C11} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FCAF8B5A-CFA5-4600-B89B-03E03D07E399} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FD38E79C-0EFB-4132-B190-E24BEDA7FF3B} - System32\Tasks\REGUtilities Task => C:\Program Files (x86)\REGUtilities\REGUtilities.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpda teService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1118254938-2305694269-2017895754-1000Core.job => C:\Users\Al\AppData\Local\Google\Update\GoogleUpda te.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1118254938-2305694269-2017895754-1000UA.job => C:\Users\Al\AppData\Local\Google\Update\GoogleUpda te.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\WINDOWS\Tasks\REGUtilities Task.job => C:\Program Files (x86)\REGUtilities\REGUtilities.exe -t C:\Program Files (x86)\REGUtilities\REGUtilities.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\WINDOWS\Tasks\Uninstaller_Install_Al.job => C:\Program Files (x86)\IObit\Advanced SystemCare\IObitUninstaller.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\adsbfilter.bat - Shortcut.lnk -> C:\360Radar-ADSB\adsbfilter.bat ()
Shortcut: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\start_mlat_client.bat - Shortcut.lnk -> C:\360Radar\start_mlat_client.bat ()
Shortcut: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\start_modesmixer2.bat - Shortcut.lnk -> C:\360Radar\start_modesmixer2.bat ()

Thanks for your time.

Al
Reply With Quote
  #7  
Old February 9th, 2017, 11:45 AM
onemac's Avatar
onemac onemac is offline
New Member
 
Join Date: Feb 2017
O/S: Windows 10 Home
Location: Lossiemouth, Scotland
Posts: 14
Part 2 of the Addition.txt:


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\adsbfilter.bat - Shortcut.lnk -> C:\360Radar-ADSB\adsbfilter.bat ()
Shortcut: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\start_mlat_client.bat - Shortcut.lnk -> C:\360Radar\start_mlat_client.bat ()
Shortcut: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\start_modesmixer2.bat - Shortcut.lnk -> C:\360Radar\start_modesmixer2.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-15 10:25 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-15 13:02 - 2016-12-15 13:02 - 00630976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareService.exe
2016-12-15 13:06 - 2016-12-15 13:06 - 00122104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_thread-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00030968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_system-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00067832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_date_time-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00145144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_filesystem-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00733432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_log-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00525048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_locale-vc140-mt-1_61.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00039672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_chrono-vc140-mt-1_61.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 11504888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareServiceKernel.dl l
2016-12-15 13:06 - 2016-12-15 13:06 - 03713272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\RCF.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 01001208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_regex-vc140-mt-1_61.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01061624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareActivation.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00634616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareApplicationUpdat er.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00843000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareGamingMode.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00120568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareReset.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00142584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTime.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01025272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareDefinitionsUpdat er.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00904440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareDefinitionsUpdat erScheduler.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01468664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareIgnoreList.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00252664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareQuarantine.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01644280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareAntiMalwareEngin e.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00223992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareAntiRootkitEngin e.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01192184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareScannerHistory.d ll
2016-12-15 13:05 - 2016-12-15 13:05 - 01370360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareScanner.dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00039672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_timer-vc140-mt-1_61.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01030904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareScannerScheduler .dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01212152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareRealTimeProtecti on.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 02879736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareIncompatibles.dl l
2016-12-15 13:05 - 2016-12-15 13:05 - 01524472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareAntiSpam.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01456376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareAntiPhishing.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 03462904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareParentalControl. dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01599224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareWebProtection.dl l
2016-12-15 13:05 - 2016-12-15 13:05 - 01339640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareEmailProtection. dll
2016-12-15 13:06 - 2016-12-15 13:06 - 00073464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\boost_iostreams-vc140-mt-1_61.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01645816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareNetworkProtectio n.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01042680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwarePromo.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00475384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareFeedback.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 03165944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareThreatWorkAllian ce.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01325304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwarePinCode.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01044216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareNotice.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01597688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareAvcEngine.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01496312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareRealTimeProtecti onHistory.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 01380088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareStatistics.dll
2017-02-07 11:12 - 2017-02-07 11:12 - 01008448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc2\ashttpbr.mdl
2017-02-07 11:12 - 2017-02-07 11:12 - 00541952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc2\ashttpdsp.mdl
2017-02-07 11:12 - 2017-02-07 11:12 - 03243920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc2\ashttpph.mdl
2017-02-07 11:12 - 2017-02-07 11:12 - 01544568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc2\ashttprbl.mdl
2016-03-14 18:22 - 2016-03-08 10:27 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-14 18:22 - 2016-03-08 10:27 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-14 18:22 - 2016-03-08 10:27 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2011-06-08 21:57 - 2011-06-08 21:57 - 02812776 _____ () C:\WINDOWS\system32\HPScanTRDrv_DJ3050A_J611.dll
2012-08-15 09:36 - 2012-08-15 09:36 - 00573840 _____ () C:\Tools\NTP\bin\ntpd.exe
2016-12-15 10:25 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-06-14 12:37 - 2016-06-14 12:37 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-09-26 18:27 - 2016-09-26 18:27 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.Share dUtilities.dll
2017-01-11 11:03 - 2016-12-21 07:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 11:03 - 2016-12-21 07:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-11 11:03 - 2016-12-21 06:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CortanaApi.dll
2017-01-11 11:03 - 2016-12-21 06:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
2017-01-11 11:03 - 2016-12-21 06:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 11:03 - 2016-12-21 06:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Actions.dll
2017-01-11 11:03 - 2016-12-21 06:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 11:03 - 2016-12-21 06:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\RemindersUI.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 09533688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTray.exe
2016-12-15 13:05 - 2016-12-15 13:05 - 02479864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\HtmlFramework.dll
2016-12-15 13:05 - 2016-12-15 13:05 - 00871672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.15.1046.10613\AdAwareTrayDefaultSkin. dll
2007-10-23 08:45 - 2007-10-23 08:45 - 01336632 _____ () C:\ProgramData\U3\U3Launcher\LaunchU3.exe
2016-02-21 07:24 - 2016-02-21 07:24 - 01336984 _____ () C:\360Radar\mlat-client.exe
2016-02-21 07:24 - 2016-02-21 07:24 - 00052224 _____ () C:\360Radar\_socket.pyd
2016-02-21 07:24 - 2016-02-21 07:24 - 00017920 _____ () C:\360Radar\_modes.pyd
2016-02-21 07:24 - 2016-02-21 07:24 - 00010752 _____ () C:\360Radar\select.pyd
2016-02-21 07:24 - 2016-02-21 07:24 - 00762880 _____ () C:\360Radar\unicodedata.pyd
2015-08-23 12:21 - 2016-09-08 21:23 - 02134528 _____ () C:\360Radar\modesmixer2.exe
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-02-06 08:10 - 2017-02-06 08:10 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x 64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 08:10 - 2017-02-06 08:10 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x 64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 08:10 - 2017-02-06 08:10 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x 64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 08:10 - 2017-02-06 08:10 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x 64__kzf8qxf38zg5c\roottools.dll
2014-01-26 21:30 - 2014-01-26 21:30 - 01083392 ____H () C:\Users\Al\AppData\Local\Apps\2.0\CBEX2Q6V.XT7\0G OVP6O5.NLL\acti..tion_d45369983457ba68_0001.0040_f e9c60493357e534\System.Data.SQLite.dll
2016-12-08 03:52 - 2016-12-09 12:14 - 00057856 _____ () C:\360Radar-ADSB\AdsbFilter.exe
2016-09-26 09:41 - 2016-12-29 12:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-20 06:51 - 2014-08-20 06:51 - 00500968 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\http_hook.dll
2014-04-30 02:04 - 2014-04-30 02:04 - 00088080 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\libglog.dll
2014-08-20 06:51 - 2014-08-20 06:51 - 01040616 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Engine.dll
2014-08-20 06:51 - 2014-08-20 06:51 - 00041704 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\fsmlib.dll
2014-04-30 01:27 - 2014-04-30 01:27 - 00649744 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll
2014-04-30 02:04 - 2014-04-30 02:04 - 00038928 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\fuzzy.dll
2014-04-30 02:04 - 2014-04-30 02:04 - 00093712 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\zlibwapi.dll
2014-08-20 06:51 - 2014-08-20 06:51 - 00135400 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ExtractImpl.dll
2014-08-20 06:52 - 2014-08-20 06:52 - 00030440 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\UnpackImpl.dll
2014-08-20 06:51 - 2014-08-20 06:51 - 00437480 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\InnoExtractDll.dll
2014-08-20 06:52 - 2014-08-20 06:52 - 00259816 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\pyunpacker.dll
2017-02-07 03:39 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-02-07 03:39 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-03-14 18:22 - 2016-03-08 10:27 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-11-28 11:55 - 2016-11-28 11:55 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2016-12-09 15:09 - 2016-12-09 15:09 - 52051544 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-02-07 03:39 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-03-09 22:17 - 2016-03-09 22:17 - 00098304 _____ () C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888\extensions\aatuner@hotmint.com\platf orm\WINNT_x86-msvc\EasyHook32.dll
2016-03-09 22:17 - 2016-03-09 22:17 - 00073728 _____ () C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888\extensions\aatuner@hotmint.com\platf orm\WINNT_x86-msvc\aatuner.dll
2016-12-02 01:54 - 2016-12-02 01:54 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-12-02 01:54 - 2016-12-02 01:54 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-12-02 01:54 - 2016-12-02 01:54 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release \binding.node
2016-12-02 01:54 - 2016-12-02 01:54 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release \ffi_bindings.node
2016-12-09 15:09 - 2016-12-09 15:09 - 00099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-12-02 01:54 - 2016-12-02 01:54 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2012-03-20 21:21 - 2012-03-20 21:21 - 00580701 _____ () C:\Program Files (x86)\Kinetic\BaseStation\SQLite3.dll
2016-10-10 23:15 - 2016-10-10 23:15 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-10 23:15 - 2016-10-10 23:15 - 00117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\ binding.node
2016-10-10 23:15 - 2016-10-10 23:15 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ ffi_bindings.node
2016-10-10 23:17 - 2016-10-10 23:17 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-12-09 15:02 - 2016-12-09 15:02 - 00099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-10 23:14 - 2016-10-10 23:14 - 00121856 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\R elease\bufferutil.node
2016-10-10 23:14 - 2016-10-10 23:14 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2013-10-27 21:32 - 2006-08-20 17:34 - 00069632 _____ () C:\Tools\PlanePlotter\MMAPI.dll
2013-10-27 21:32 - 2008-03-06 21:28 - 00170496 _____ () C:\Tools\PlanePlotter\libspeex.dll
2017-02-06 20:17 - 2017-02-01 09:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libgl esv2.dll
2017-02-06 20:17 - 2017-02-01 09:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libeg l.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\LavasoftAdAwareService11 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\LavasoftAdAwareService11 => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7927 more sites.

IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\123simsen.com -> www.123simsen.com

There are 7927 more sites.

IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\123simsen.com -> www.123simsen.com

There are 7927 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-11-20 21:44 - 2017-02-07 04:41 - 00453194 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
Reply With Quote
  #8  
Old February 9th, 2017, 11:46 AM
onemac's Avatar
onemac onemac is offline
New Member
 
Join Date: Feb 2017
O/S: Windows 10 Home
Location: Lossiemouth, Scotland
Posts: 14
Part 3 of Addition.txt:

There are 15580 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Control Panel\Desktop\\Wallpaper -> E:\Desktops\_MG_0252_Hawk_2012Display.jpg
HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{A0BC5EC2-FD58-4DA0-AE39-4C94237878FE}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{DCED7241-93D2-4266-8358-F2ACEC7691FA}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{C3712C2D-BE7C-48E9-B5FE-2922EAD8F43A}] => LPort=80
FirewallRules: [{54020C70-3C91-416A-AB86-EECDDF2687EA}] => C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{B4D3B2E0-9A1C-468E-9363-AD359C923DFE}] => C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{BFA5ACBC-52EC-44D2-8466-EE3A2A2AA9FE}] => C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{3E6A0693-241E-4144-81EC-0A1FFF4733F3}] => C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{81277528-1D4C-492F-90D9-AED62BD94AB5}] => C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{CA998486-FE65-43E3-BD07-2566A0534BCC}] => C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{42B5A04B-0A4C-4D28-B849-CA978054FC09}] => C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{51135656-35F8-4656-99BD-EE44E5670162}] => C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{EA675A5F-EFC6-41A9-94AA-EAAB2991CA6A}] => C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{A43B3B20-62EC-4BD5-8445-FDD017B8924D}] => C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{4D387E36-726E-4E07-8FB0-E1C21F8E6DF4}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4EFEE6D5-A6CA-41E4-B738-264CA09295CB}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5784F598-25A7-4C8F-A4EB-95897798AAD6}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{50EFAD29-1DB6-415F-ACFE-6257C55F39A1}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{83176566-C74F-4521-ABF4-7B996CBADBB2}C:\tools\mlat-client\mlat-client_win7_x64-201\mlat-client_win7_x64-201\mlat_client_201\mlat-client.exe] => C:\tools\mlat-client\mlat-client_win7_x64-201\mlat-client_win7_x64-201\mlat_client_201\mlat-client.exe
FirewallRules: [TCP Query User{C0E9E08D-A72E-4984-9E20-B4E76F0093AD}C:\tools\mlat-client\mlat-client_win7_x64-201\mlat-client_win7_x64-201\mlat_client_201\mlat-client.exe] => C:\tools\mlat-client\mlat-client_win7_x64-201\mlat-client_win7_x64-201\mlat_client_201\mlat-client.exe
FirewallRules: [UDP Query User{FAE0E3A8-6834-4197-8AC3-49585C43F409}C:\program files (x86)\kinetic\basestation\basestation.exe] => C:\program files (x86)\kinetic\basestation\basestation.exe
FirewallRules: [TCP Query User{C3AEC4D9-AFC9-4817-B561-F1F59F4EA74D}C:\program files (x86)\kinetic\basestation\basestation.exe] => C:\program files (x86)\kinetic\basestation\basestation.exe
FirewallRules: [{098BB873-ECB5-4CE6-80F9-3018DDFB748D}] => C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{9C2AD1D9-DB73-4AE4-B32A-642437AD6A1B}] => C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{25B9A82D-BD26-4717-96C8-D8505CD8BF89}] => C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{22BB2926-F5E2-408E-8894-02DABDFAF177}] => C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [UDP Query User{4E0201FD-F77D-46CA-8F55-A16F7F710303}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D961563A-0A57-4249-9C67-53627DFF031C}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0E858677-2B1F-4910-BA4D-D352F5FE16A9}C:\users\al\desktop\fr24feed.exe] => C:\users\al\desktop\fr24feed.exe
FirewallRules: [TCP Query User{8D27AA5C-D6D2-4940-B686-A565715B7E43}C:\users\al\desktop\fr24feed.exe] => C:\users\al\desktop\fr24feed.exe
FirewallRules: [UDP Query User{882E8784-038B-4511-8AB8-1FA4540F8D0B}C:\tools\fr24\fr24feed.exe] => C:\tools\fr24\fr24feed.exe
FirewallRules: [TCP Query User{77D606CF-F494-4BA9-9FBE-760593016D05}C:\tools\fr24\fr24feed.exe] => C:\tools\fr24\fr24feed.exe
FirewallRules: [UDP Query User{D3C43490-2920-480E-8EBE-7F858FE3231E}C:\users\al\appdata\roaming\utorrent\ updates\3.4.2_37754.exe] => C:\users\al\appdata\roaming\utorrent\updates\3.4.2 _37754.exe
FirewallRules: [TCP Query User{3E700D02-E716-4E73-9EFE-3ECD3612EB98}C:\users\al\appdata\roaming\utorrent\ updates\3.4.2_37754.exe] => C:\users\al\appdata\roaming\utorrent\updates\3.4.2 _37754.exe
FirewallRules: [{3F1A59FE-0936-4F90-8ECA-688D9707F192}] => %SystemDrive%\Tools\PlanePlotter\PlanePlotter.exe
FirewallRules: [{D9CBFFD6-A453-4E65-9C1D-1533E6A0B420}] => C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{C1A7D210-FC2C-425E-A07A-B3DD6E9FF664}] => C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{FA9D21B0-07DA-4253-905A-9289659D7346}] => C:\Program Files (x86)\Sony Mobile\Emma\Emma.exe
FirewallRules: [{7BBFB863-CB60-45B5-9B7A-A5C5318A0EA6}] => C:\Program Files (x86)\Sony Mobile\Emma\Emma.exe
FirewallRules: [{02C71012-0B5C-40E1-87E6-B0B6D423CF15}] => C:\Users\Al\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3C01776B-924F-463F-9F0A-EE800D5D5158}] => C:\Users\Al\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{626E8798-4AA4-47BB-B12C-85FD4565A2BA}] => %SystemDrive%\Tools\PlanePlotter\PlanePlotter.exe
FirewallRules: [{49205F59-7544-462C-869A-4ED4B2BA8B3A}] => C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{CE5E3A0D-B10F-42F1-9261-4E6C189556D4}] => C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{44C8EC83-3423-4B9C-84DC-F4F5EE2586BF}] => %SystemDrive%\Tools\PlanePlotter\PlanePlotter.exe
FirewallRules: [UDP Query User{E7E17337-E3B5-4C3A-A765-7089E110E169}C:\users\al\appdata\roaming\dropbox\b in\dropbox.exe] => C:\users\al\appdata\roaming\dropbox\bin\dropbox.ex e
FirewallRules: [TCP Query User{4B192A6F-2681-45F0-A135-31120B8E66D5}C:\users\al\appdata\roaming\dropbox\b in\dropbox.exe] => C:\users\al\appdata\roaming\dropbox\bin\dropbox.ex e
FirewallRules: [UDP Query User{B4A8ADB4-E40D-40C7-AB7F-96924AC7B67B}C:\program files (x86)\kinetic\basestation\basestation.exe] => C:\program files (x86)\kinetic\basestation\basestation.exe
FirewallRules: [TCP Query User{45D59947-6602-482B-96E8-8253586BC19A}C:\program files (x86)\kinetic\basestation\basestation.exe] => C:\program files (x86)\kinetic\basestation\basestation.exe
FirewallRules: [UDP Query User{03FB757A-61C1-4C02-A538-FB563F8B1EBF}C:\program files (x86)\pfportchecker\pfportchecker.exe] => C:\program files (x86)\pfportchecker\pfportchecker.exe
FirewallRules: [TCP Query User{DD79216F-6655-4B24-B2D5-CBDB05FBA4F3}C:\program files (x86)\pfportchecker\pfportchecker.exe] => C:\program files (x86)\pfportchecker\pfportchecker.exe
FirewallRules: [{97150842-6A11-4024-8DEE-FC41A2E8A725}] => C:\Users\Al\AppData\Roaming\Dropbox\bin\Dropbox.ex e
FirewallRules: [{44CFF46D-0839-483A-B028-F1F8E0D6B632}] => C:\Users\Al\AppData\Roaming\Dropbox\bin\Dropbox.ex e
FirewallRules: [{9FB5E81F-E725-4906-B41F-7BE09487E4D0}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5EF2E1A0-3675-4872-A72E-81DFD666DEFD}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5678E179-1348-47F4-90EA-C7136811D6BC}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7DBF9493-6579-47F1-BB24-369B6664CB4F}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{EA45F5E2-0A4E-46B8-B4DB-A59987C60C3B}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{95527AAA-1E8E-4A1A-B210-E80F9DB469BB}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0D1DAC6C-9268-481C-BC0A-2381A744200F}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3D853E53-51F4-47B6-AE8C-7DE234B12227}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{04959A44-7836-44A1-A919-FDBA15EF82B8}] => C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{3D0BF63F-A58D-476F-BD4E-261EBB3A2362}] => C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{F47112DF-57E7-4EEA-8AB6-958F8D57EA0B}] => C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{F9A3C3F2-BD82-4860-B964-6C7534308C02}] => C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{931D2317-71E5-4CD0-8BBE-5830538B464C}] => C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\RpcAgentSrv.exe
FirewallRules: [{6093E392-3BB6-4F28-8AAA-66B6B78851C3}] => C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\RpcAgentSrv.exe
FirewallRules: [{56670482-E182-4B4C-AA26-60915D023DE8}] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{DAD6564C-2C66-4DEF-88D9-020DE6E5E8E4}] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{54C46471-F9AB-4366-B9B5-2AB40C3BDB24}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{835A62C9-4713-4CC7-ADE7-E3B271F65B2E}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DBE21B74-7BE1-4B82-9A53-B2D6C272ADEB}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6A9CCA8F-64E8-4441-A271-E180E31794C1}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E221C208-BDE3-475C-A3AE-D9F290B73A91}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E83ACBE5-835C-4FBB-A5DA-B675A655D7FC}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2D43D369-2CAA-4486-A69C-0822AAF7A8AF}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7F6F853D-95F4-4F88-BB60-CC9A3AD5913B}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9A0EE9F5-CCD2-4A33-A61E-0B8E2B480828}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D6B7B7D5-77B7-46FD-A3DD-087C817735BB}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{15F2C0F2-672E-4DA6-8338-D0CD5FA40120}] => C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [{69B65EB5-08DA-4B8B-B4E4-DB04A36C1C6A}] => C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [{9CF71CBD-16EC-452F-907F-24B7A14EC4EC}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{DF0AEDDB-CB9F-49EA-AA55-7B3D33B5CD6D}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{EB907DAD-44BD-4A62-8448-33FDE96405BF}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{EF301BB0-F6E8-46B5-B561-0C5D622E1CEA}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{CE9A33A7-5FA5-4A35-9476-A90AB4AEDFAC}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{6C74C2B5-5314-419E-A8F5-D80AF5A7C361}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{DD31917B-D26A-4394-81A6-564CB12639DC}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

08-02-2017 08:59:40 Windows Update

==================== Faulty Device Manager Devices =============

Name: Prolific USB-to-Serial Comm Port (COM4)
Description: Prolific USB-to-Serial Comm Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: Prolific
Service: Ser2pl
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2017 09:15:52 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (02/08/2017 09:15:47 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (02/08/2017 09:15:42 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (02/08/2017 09:15:37 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (02/08/2017 09:15:32 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (02/08/2017 09:15:27 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (02/08/2017 09:15:22 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (02/08/2017 09:15:17 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (02/08/2017 09:15:12 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (02/08/2017 09:15:07 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).


System errors:
=============
Error: (02/08/2017 08:26:08 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (02/08/2017 08:24:08 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (02/08/2017 08:22:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (02/08/2017 08:22:52 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
The password for this account has expired.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/08/2017 08:19:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/08/2017 08:18:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetMsmqActivator service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/08/2017 08:18:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect.

Error: (02/08/2017 08:18:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetPipeActivator service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/08/2017 08:18:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.

Error: (02/08/2017 08:18:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDUpdateService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
Date: 2017-02-08 15:52:28.300
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-08 15:52:28.298
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-08 15:49:57.553
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-08 15:49:57.550
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-08 15:49:17.125
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.v c140.crt_f92d94485545da78_14.0.24210.0_none_69fa01 97d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-08 15:49:17.119
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.v c140.crt_f92d94485545da78_14.0.24210.0_none_69fa01 97d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-08 15:49:17.118
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.v c140.crt_f92d94485545da78_14.0.24210.0_none_69fa01 97d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-08 15:49:16.892
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.v c140.crt_f92d94485545da78_14.0.24210.0_none_69fa01 97d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-08 15:49:16.856
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.v c140.crt_f92d94485545da78_14.0.24210.0_none_69fa01 97d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-08 15:49:16.735
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.v c140.crt_f92d94485545da78_14.0.24210.0_none_69fa01 97d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 45%
Total physical RAM: 16353.18 MB
Available physical RAM: 8930.72 MB
Total Virtual: 32737.18 MB
Available Virtual: 26479.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.97 GB) (Free:208.3 GB) NTFS
Drive e: (Photos) (Fixed) (Total:1862.89 GB) (Free:125.49 GB) NTFS
Drive h: () (Removable) (Total:3.71 GB) (Free:3.71 GB) FAT32

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8E5B3ECD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)

================================================== ======
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

================================================== ======
Disk: 6 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
Reply With Quote
  #9  
Old February 10th, 2017, 01:34 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
Your multiple antivirus programs have corrupted each other, so will need to be uninstalled before we can continue. This includes AVG, so please be sure you know how to reinstall your paid version after we are done.


Go to Start - Control Panel - Programs - Programs and Features/Uninstall, then click on each of the following programs, if they show there, and click "Uninstall/Change".

Quote:
AVG
Ad-Aware Antivirus
AdAwareUpdater
Anvi Smart Defender
Spybot - Search & Destroy
Vuze Remote Toolbar
Reboot between each security software uninstall, then post a new FRST scan log please.
Reply With Quote
  #10  
Old February 10th, 2017, 04:09 PM
onemac's Avatar
onemac onemac is offline
New Member
 
Join Date: Feb 2017
O/S: Windows 10 Home
Location: Lossiemouth, Scotland
Posts: 14
Part one (of two) FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by Al (administrator) on ALS_COMP (10-02-2017 14:16:14)
Running from C:\Users\Al\Desktop
Loaded Profiles: Al & ntp (Available Profiles: Al & UpdatusUser & ntp & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
() C:\Tools\NTP\bin\ntpd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\U3\U3Launcher\LaunchU3.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\360Radar\mlat-client.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
() C:\360Radar\modesmixer2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x 64__kzf8qxf38zg5c\SkypeHost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-03-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSyst emStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [CloudSystemBooster] => C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe [527544 2014-08-20] (Anvisoft)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [Google Update] => C:\Users\Al\AppData\Local\Google\Update\1.3.32.7\G oogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\adsbfilter.bat - Shortcut.lnk [2016-11-17]
ShortcutTarget: adsbfilter.bat - Shortcut.lnk -> C:\360Radar-ADSB\adsbfilter.bat ()
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\Dropbox.lnk [2014-11-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Al\AppData\Roaming\Dropbox\bin\Dropbox.ex e (Dropbox, Inc.)
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\LaunchU3.exe.lnk [2016-09-26]
ShortcutTarget: LaunchU3.exe.lnk -> C:\Users\Al\AppData\Roaming\Microsoft\Installer\{D 8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk [2014-11-25]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\start_mlat_client.bat - Shortcut.lnk [2016-10-14]
ShortcutTarget: start_mlat_client.bat - Shortcut.lnk -> C:\360Radar\start_mlat_client.bat ()
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\start_modesmixer2.bat - Shortcut.lnk [2016-10-14]
ShortcutTarget: start_modesmixer2.bat - Shortcut.lnk -> C:\360Radar\start_modesmixer2.bat ()
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\Stoic Joker's T-Clock 2010 x64.lnk [2012-03-03]
ShortcutTarget: Stoic Joker's T-Clock 2010 x64.lnk -> C:\ProgsLoad\T_Clock\T-Clock 2010 (build X - Release to DC)\x64\Clock.exe (Stoic Joker's Network)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4b14bed6-6f5f-494f-9c78-a23137e1a16f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{947d86da-468c-4822-b6da-29239bcbb276}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gfe_rd=cr&ei=t6DJVsndN-XW8gfquq-oCA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-05] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-05] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: vy6ih178.default-1416502492888
FF ProfilePath: C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888 [2017-02-10]
FF Homepage: Mozilla\Firefox\Profiles\vy6ih178.default-1416502492888 -> hxxps://www.google.co.uk/
FF Extension: (Anti-Aliasing Tuner) - C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888\Extensions\aatuner@hotmint.com [2016-03-09]
FF Extension: (Google Image Help) - C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888\Extensions\googleimagehelp@shivam.or g.xpi [2017-01-22]
FF Extension: (YoutubeAdBlocke) - C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888\Extensions\UspC@F.com [2014-11-20] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-25]
FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_ 194.dll [2017-01-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_ 194.dll [2017-01-27] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1 .dll [2017-02-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Al\AppData\Roaming\Mozilla\plugins\npgoog letalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1000: @talk.google.com/O1DPlugin -> C:\Users\Al\AppData\Roaming\Mozilla\plugins\npo1d. dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Al\AppData\Local\Google\Update\1.3.32.7\n pGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Al\AppData\Local\Google\Update\1.3.32.7\n pGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1000: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1005: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Al\AppData\Roaming\mozilla\plugins\npgoog letalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Al\AppData\Roaming\mozilla\plugins\npo1d. dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default [2017-02-10]
CHR Extension: (Adobe Acrobat) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefi ndmkaj [2017-01-30]
CHR Extension: (AnviAdblock) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmiofmipcpmhgihiecmpiekca cigpgb [2014-11-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-01-19]
CHR Extension: (Facebook Font Changer) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkmjdncgblppfakdnmcbljlng aodoaf [2015-11-16]
CHR Extension: (Chrome Media Router) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-02-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42680 2014-08-20] (Anvisoft)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-03-08] (NVIDIA Corporation)
S3 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService6 4.exe [192200 2016-08-26] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 NTP; C:\Tools\NTP\bin\ntpd.exe [573840 2012-08-15] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-03-08] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-03-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-03-08] (NVIDIA Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\RpcAgentSrv.exe [93336 2009-08-24] (SiSoftware) [File not signed]
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 Asdids; C:\WINDOWS\System32\DRIVERS\asdids.sys [47632 2014-08-20] (Anvisoft) [File not signed]
S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\WINDOWS\system32\DRIVERS\avgfwd6a.sys [73992 2016-10-23] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-20] (AVG Technologies)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
S1 BdfNdisf; C:\WINDOWS\system32\DRIVERS\bdfndisf6.sys [107496 2016-02-16] (BitDefender LLC)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [38096 2012-12-17] (GFI Software)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [14456 2013-01-16] (GFI Software)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-03-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2016-03-08] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RTL8023x64; C:\WINDOWS\System32\drivers\Rtnic64.sys [51712 2016-07-16] (Realtek Semiconductor Corporation )
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 seehcri; C:\WINDOWS\System32\drivers\seehcri.sys [34032 2014-09-20] (Sony Ericsson Mobile Communications)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S1 bdfwfpf; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.1.0\Drivers\bdfwfpf.sys [X]
U3 idsvc; no ImagePath
Reply With Quote
  #11  
Old February 10th, 2017, 04:10 PM
onemac's Avatar
onemac onemac is offline
New Member
 
Join Date: Feb 2017
O/S: Windows 10 Home
Location: Lossiemouth, Scotland
Posts: 14
Part two of FRST.txt:

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-10 14:16 - 2017-02-10 14:16 - 00026156 _____ C:\Users\Al\Desktop\FRST.txt
2017-02-10 14:12 - 2017-02-10 14:13 - 00000000 ____D C:\Users\Al\Desktop\FRST_Results
2017-02-10 13:37 - 2017-02-10 14:18 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-02-10 12:55 - 2017-02-10 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-02-10 09:28 - 2017-02-10 09:28 - 00001655 _____ C:\Users\Al\Desktop\thunderbird.exe - Shortcut.lnk
2017-02-09 10:04 - 2017-02-09 10:15 - 00533132 _____ C:\WINDOWS\Minidump\020917-49062-01.dmp
2017-02-08 15:48 - 2017-02-10 14:16 - 00000000 ____D C:\FRST
2017-02-08 15:48 - 2017-02-08 15:48 - 02421248 _____ (Farbar) C:\Users\Al\Desktop\FRST64.exe
2017-02-08 15:47 - 2017-02-08 15:47 - 02421248 _____ (Farbar) C:\Users\Al\Downloads\FRST64.exe
2017-02-08 09:06 - 2016-12-29 12:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 09:04 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-08 09:04 - 2017-01-04 15:24 - 00210360 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-02-08 09:04 - 2016-12-29 13:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-08 09:02 - 2017-02-08 09:07 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-07 13:25 - 2017-02-09 10:04 - 961515533 _____ C:\WINDOWS\MEMORY.DMP
2017-02-07 13:25 - 2017-02-07 13:36 - 00514780 _____ C:\WINDOWS\Minidump\020717-38750-01.dmp
2017-02-07 09:49 - 2017-02-07 09:49 - 00000000 ____D C:\WINDOWS\Trend Micro
2017-02-07 09:49 - 2017-02-07 09:49 - 00000000 ____D C:\ProgramData\Trend Micro
2017-02-07 09:47 - 2017-02-07 09:47 - 02526736 _____ (Trend Micro Inc.) C:\Users\Al\Downloads\HousecallLauncher64.exe
2017-02-07 09:47 - 2017-02-07 09:47 - 00000036 _____ C:\Users\Al\AppData\Local\housecall.guid.cache
2017-02-07 09:47 - 2015-05-29 07:43 - 00307352 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-02-07 04:41 - 2016-11-28 10:10 - 00000002 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170207-044148.backup
2017-02-07 03:40 - 2017-02-07 03:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-02-07 03:39 - 2017-02-10 13:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-06 18:30 - 2017-02-06 18:30 - 00004332 _____ C:\WINDOWS\System32\Tasks\ReimageUpdater
2017-02-06 12:37 - 2017-02-07 03:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-06 12:37 - 2017-02-06 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-02-06 12:37 - 2017-02-06 12:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-02-06 12:37 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-06 12:37 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-02-06 12:37 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-06 12:36 - 2017-02-06 12:36 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Al\Downloads\mbam-setup-2.0.0.1000.exe
2017-02-05 22:12 - 2017-02-05 22:12 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign13569270ab7ad 42a
2017-02-05 22:05 - 2017-02-05 22:05 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignd1701aba86883 e13
2017-02-05 20:59 - 2017-02-05 20:59 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsigndc92407412b8b a4a
2017-02-05 20:58 - 2017-02-05 20:58 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign52a0f6bdd6e08 b42
2017-02-05 20:26 - 2017-02-05 20:26 - 00002850 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-02-05 20:26 - 2017-02-05 20:26 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-05 20:26 - 2017-02-05 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-05 20:25 - 2017-02-05 20:26 - 00000000 ____D C:\Program Files\CCleaner
2017-02-05 20:24 - 2017-02-05 20:25 - 08813488 _____ (Piriform Ltd) C:\Users\Al\Downloads\ccsetup526.exe
2017-02-05 14:17 - 2017-02-05 14:17 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign0dea630d24ec8 1e1
2017-02-05 14:16 - 2017-02-05 14:16 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignd2e5ec2401cc7 c15
2017-02-05 13:18 - 2017-02-06 13:16 - 00000000 ____D C:\Users\Al\AppData\Roaming\ParetoLogic
2017-02-05 13:18 - 2017-02-06 13:16 - 00000000 ____D C:\ProgramData\ParetoLogic
2017-02-05 12:56 - 2017-02-05 12:56 - 00000000 ____D C:\Users\Public\Thunder Network
2017-02-05 12:56 - 2017-02-05 12:56 - 00000000 ____D C:\ProgramData\Thunder Network
2017-02-05 12:52 - 2017-02-05 13:41 - 00000000 ____D C:\Program Files (x86)\OSTotoSoft
2017-02-05 12:52 - 2017-02-05 12:53 - 00000054 _____ C:\ProgramData\serverclasscache.ini
2017-02-05 12:52 - 2017-02-05 12:53 - 00000000 ____D C:\ProgramData\DriverTalent
2017-02-05 12:52 - 2017-02-05 12:52 - 00000000 ____D C:\Users\Al\AppData\Roaming\DriverTalent
2017-02-05 12:52 - 2017-02-05 12:52 - 00000000 ____D C:\OSTotoFolder
2017-02-05 12:06 - 2017-02-05 12:07 - 10909696 _____ C:\Users\Al\Downloads\WIN_Driver12.2.14.zip
2017-02-04 19:41 - 2017-02-04 19:41 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignf12685fb3134d ec7
2017-02-04 19:38 - 2017-02-04 19:38 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignf1686038aa3b3 89b
2017-02-04 16:41 - 2017-02-04 16:41 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign70bb2589b35bf 3de
2017-02-04 16:28 - 2017-02-04 16:28 - 00000000 ____D C:\ProgramData\ProductData
2017-02-04 16:27 - 2017-02-04 16:28 - 00000000 ____D C:\Users\Al\AppData\LocalLow\IObit
2017-02-04 16:27 - 2017-02-04 16:27 - 00002462 _____ C:\WINDOWS\System32\Tasks\Uninstaller_Install_Al
2017-02-04 16:27 - 2017-02-04 16:27 - 00000288 _____ C:\WINDOWS\Tasks\Uninstaller_Install_Al.job
2017-02-04 16:27 - 2017-02-04 16:27 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2017-02-04 16:27 - 2017-02-04 16:27 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-02-04 16:26 - 2017-02-04 16:29 - 00000000 ____D C:\Users\Al\AppData\Roaming\IObit
2017-02-04 16:25 - 2017-02-05 21:11 - 00000000 ____D C:\Program Files (x86)\IObit
2017-02-04 16:25 - 2017-02-05 09:40 - 00000000 ____D C:\ProgramData\IObit
2017-02-04 13:09 - 2017-02-04 13:09 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign36254ff4f5ef8 b49
2017-02-03 23:26 - 2017-02-03 23:26 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign4a2350f0f662f 3a5
2017-02-03 23:23 - 2017-02-03 23:23 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignfc38370499922 ce9
2017-02-02 20:44 - 2017-02-02 20:44 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign35c586d55bc1c 223
2017-02-02 20:43 - 2017-02-02 20:43 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign3636bd018931c 403
2017-02-01 22:14 - 2017-02-01 22:14 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign5b1ed45ecc226 461
2017-02-01 22:10 - 2017-02-01 22:10 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign7b6f7d70f1a60 b2d
2017-01-30 12:30 - 2017-01-30 14:25 - 00804440 _____ (Adobe Systems Incorporated) C:\Users\Al\Downloads\CreativeCloudSet-Up.exe
2017-01-29 22:57 - 2017-01-29 22:57 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign5717c2db86ab7 834
2017-01-29 22:56 - 2017-01-29 22:56 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign28d1c6d80c3c6 bc2
2017-01-29 01:45 - 2017-01-29 01:45 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign4c8bfdde73fdd bd1
2017-01-29 01:44 - 2017-01-29 01:44 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign9f74ebea85ad1 588
2017-01-28 10:51 - 2017-01-28 10:51 - 00000000 ___HD C:\$SysReset
2017-01-27 17:52 - 2017-01-27 17:52 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsigncd0df65f5833d da5
2017-01-27 14:31 - 2017-01-27 14:31 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignc04a31324aaea cc6
2017-01-25 13:05 - 2016-12-21 07:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 13:05 - 2016-12-21 04:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 22:54 - 2017-01-24 22:54 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign1656fe852c2bd 21c
2017-01-24 22:40 - 2017-01-24 22:40 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign31b6e29b96889 d86
2017-01-22 20:04 - 2017-01-22 20:04 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign1006ed5a4cecb d14
2017-01-22 20:02 - 2017-01-22 20:02 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign186bfa7826907 69a
2017-01-17 19:23 - 2017-01-17 19:23 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign2e93c4c7bf59b 602
2017-01-17 19:17 - 2017-01-17 19:17 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign71b6b8050a536 032
2017-01-16 21:23 - 2017-01-16 21:23 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsigned24262e4f333 c5e
2017-01-16 21:22 - 2017-01-16 21:22 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsigne3f3bdbc6b22b fbf
2017-01-15 18:00 - 2017-02-06 20:44 - 00053760 ___SH C:\Users\Al\Desktop\Thumbs.db
2017-01-14 14:49 - 2017-01-14 14:49 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignbb2b2d8b4694f 6ff
2017-01-14 14:46 - 2017-01-14 14:46 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign6023e6e3aeed0 590
2017-01-13 11:37 - 2017-01-13 11:37 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsigncdb71019e6061 a9a
2017-01-13 11:36 - 2017-01-13 11:36 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign43606fee088b9 758
2017-01-12 22:31 - 2017-01-12 22:31 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign3660428d0f601 4f6
2017-01-12 11:15 - 2017-01-12 11:15 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign4ed31ca813084 424
2017-01-11 11:03 - 2016-12-21 08:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 11:03 - 2016-12-21 08:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 11:03 - 2016-12-21 08:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 11:03 - 2016-12-21 07:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationDat a.dll
2017-01-11 11:03 - 2016-12-21 07:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 11:03 - 2016-12-21 07:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-11 11:03 - 2016-12-21 07:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 11:03 - 2016-12-21 07:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 11:03 - 2016-12-21 07:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 11:03 - 2016-12-21 07:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 11:03 - 2016-12-21 07:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 11:03 - 2016-12-21 07:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 11:03 - 2016-12-21 07:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 11:03 - 2016-12-21 07:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 11:03 - 2016-12-21 07:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 11:03 - 2016-12-21 07:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 11:03 - 2016-12-21 07:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 11:03 - 2016-12-21 07:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 11:03 - 2016-12-21 07:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 11:03 - 2016-12-21 07:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 11:03 - 2016-12-21 07:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 11:03 - 2016-12-21 07:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 11:03 - 2016-12-21 07:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandle rs.dll
2017-01-11 11:03 - 2016-12-21 07:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 11:03 - 2016-12-21 07:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 11:03 - 2016-12-21 07:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 11:03 - 2016-12-21 07:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 11:03 - 2016-12-21 07:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 11:03 - 2016-12-21 07:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 11:03 - 2016-12-21 07:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 11:03 - 2016-12-21 07:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 11:03 - 2016-12-21 07:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 11:03 - 2016-12-21 07:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 11:03 - 2016-12-21 07:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 11:03 - 2016-12-21 06:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 11:03 - 2016-12-21 06:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 11:03 - 2016-12-21 06:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 11:03 - 2016-12-21 06:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 11:03 - 2016-12-21 06:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 11:03 - 2016-12-21 06:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 11:03 - 2016-12-21 06:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 11:03 - 2016-12-21 06:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 11:03 - 2016-12-21 06:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 11:03 - 2016-12-21 06:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 11:03 - 2016-12-21 06:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 11:03 - 2016-12-21 06:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2017-01-11 11:03 - 2016-12-21 06:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 11:03 - 2016-12-21 06:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 11:03 - 2016-12-21 06:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 11:03 - 2016-12-21 06:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 11:03 - 2016-12-21 06:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 11:03 - 2016-12-21 06:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 11:03 - 2016-12-21 06:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 11:03 - 2016-12-21 06:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 11:03 - 2016-12-21 05:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 11:03 - 2016-12-21 05:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationDat a.dll
2017-01-11 11:03 - 2016-12-21 05:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-11 11:03 - 2016-12-21 05:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 11:03 - 2016-12-21 05:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 11:03 - 2016-12-21 05:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 11:03 - 2016-12-21 05:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 11:03 - 2016-12-21 05:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 11:03 - 2016-12-21 05:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 11:03 - 2016-12-21 05:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 11:03 - 2016-12-21 04:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 11:03 - 2016-12-21 04:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 11:03 - 2016-12-21 04:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 11:03 - 2016-12-21 04:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockS creen.dll
2017-01-11 11:03 - 2016-12-21 04:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 11:03 - 2016-12-21 04:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 11:03 - 2016-12-21 04:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 11:03 - 2016-12-21 04:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 11:03 - 2016-12-21 04:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 11:03 - 2016-12-21 04:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 11:03 - 2016-12-21 04:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 11:03 - 2016-12-21 04:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 11:03 - 2016-12-21 04:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 11:03 - 2016-12-21 04:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 11:03 - 2016-12-21 04:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 11:03 - 2016-12-21 04:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 11:03 - 2016-12-21 04:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 11:03 - 2016-12-21 04:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 11:03 - 2016-12-21 04:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 11:03 - 2016-12-21 04:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 11:03 - 2016-12-21 04:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 11:03 - 2016-12-21 04:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 11:03 - 2016-12-21 04:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 11:03 - 2016-12-21 04:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 11:03 - 2016-12-21 04:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 11:03 - 2016-12-14 05:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 11:03 - 2016-12-14 05:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 11:03 - 2016-12-14 05:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 11:03 - 2016-12-14 05:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 11:03 - 2016-12-14 05:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 11:03 - 2016-12-14 05:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 11:03 - 2016-12-14 05:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 11:03 - 2016-12-14 05:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 11:03 - 2016-12-14 05:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 11:03 - 2016-12-14 05:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 11:03 - 2016-12-14 05:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 11:03 - 2016-12-14 05:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 11:03 - 2016-12-14 05:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 11:03 - 2016-12-14 05:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 11:03 - 2016-12-14 05:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 11:03 - 2016-12-14 05:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 11:03 - 2016-12-14 05:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 11:03 - 2016-12-14 04:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 11:03 - 2016-12-14 04:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 11:03 - 2016-12-14 04:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 11:03 - 2016-12-14 04:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 11:03 - 2016-12-14 04:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 11:03 - 2016-12-14 04:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 11:03 - 2016-12-14 04:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.Prox yStub.dll
2017-01-11 11:03 - 2016-12-14 04:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 11:03 - 2016-12-14 04:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 11:03 - 2016-12-14 04:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 11:03 - 2016-12-14 04:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 11:03 - 2016-12-14 04:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 11:03 - 2016-12-14 04:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 11:03 - 2016-12-14 04:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 11:03 - 2016-12-14 04:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogControlle r.dll
2017-01-11 11:03 - 2016-12-14 04:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 11:03 - 2016-12-14 04:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 11:03 - 2016-12-14 04:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 11:03 - 2016-12-14 04:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogControlle r.dll
2017-01-11 11:03 - 2016-12-14 04:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 11:03 - 2016-12-14 04:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 11:03 - 2016-12-14 04:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 11:03 - 2016-12-14 04:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 11:03 - 2016-12-14 04:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 11:03 - 2016-12-14 04:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 11:03 - 2016-12-14 04:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 11:03 - 2016-12-14 04:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 11:03 - 2016-12-14 04:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 11:03 - 2016-12-14 04:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 11:03 - 2016-12-14 04:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 11:03 - 2016-12-14 04:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 11:03 - 2016-12-14 04:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 11:03 - 2016-12-14 04:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 11:03 - 2016-12-14 04:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 11:03 - 2016-12-14 04:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 11:03 - 2016-12-14 04:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 11:03 - 2016-12-14 04:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 11:03 - 2016-12-14 04:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 11:03 - 2016-12-14 04:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 11:03 - 2016-12-14 04:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 11:03 - 2016-12-14 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 11:03 - 2016-11-02 12:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 11:03 - 2016-11-02 11:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 11:03 - 2016-11-02 10:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockS creen.dll
2017-01-11 11:03 - 2016-11-02 10:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 11:03 - 2016-11-02 10:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-11 11:03 - 2016-08-02 04:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 11:02 - 2016-12-21 07:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 11:02 - 2016-12-21 07:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 11:02 - 2016-12-21 07:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 11:02 - 2016-12-21 07:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 11:02 - 2016-12-21 07:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 11:02 - 2016-12-21 07:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 11:02 - 2016-12-21 04:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 11:02 - 2016-12-21 04:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 11:02 - 2016-12-21 04:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 11:02 - 2016-12-14 05:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 11:02 - 2016-12-14 04:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 11:02 - 2016-12-14 04:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 11:02 - 2016-12-14 04:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.Prox yStub.dll
2017-01-11 11:02 - 2016-12-14 04:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 11:02 - 2016-12-14 04:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-10 14:14 - 2016-11-18 11:21 - 00000000 ____D C:\Users\Al\AppData\LocalLow\Mozilla
2017-02-10 14:14 - 2015-12-06 23:35 - 00000000 ___RD C:\Users\Al\Creative Cloud Files
2017-02-10 14:14 - 2014-11-17 20:18 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-02-10 14:10 - 2016-09-26 10:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-10 14:10 - 2016-09-26 09:41 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-10 14:08 - 2016-07-16 06:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-02-10 14:00 - 2016-09-07 21:07 - 00000000 ____D C:\Users\Al\AppData\Local\AvgSetupLog
2017-02-10 13:53 - 2013-07-28 11:19 - 00004089 _____ C:\WINDOWS\wininit.ini
2017-02-10 13:43 - 2014-02-26 08:10 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2017-02-10 13:42 - 2014-11-17 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2017-02-10 13:23 - 2016-09-26 09:46 - 00000000 ____D C:\Users\ntp
2017-02-10 13:21 - 2016-09-26 09:46 - 00000000 ____D C:\Users\Al
2017-02-10 13:08 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-10 13:08 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-10 12:59 - 2016-09-26 09:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-10 12:55 - 2012-12-04 16:26 - 00000000 ___HD C:\$AVG
2017-02-10 11:25 - 2012-03-01 11:39 - 00000000 ____D C:\ProgramData\MFAData
2017-02-10 08:58 - 2016-11-25 10:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-10 08:58 - 2013-12-09 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-09 17:19 - 2016-09-26 10:26 - 00003658 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-02-09 10:04 - 2016-09-26 17:40 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-08 18:47 - 2016-03-14 18:24 - 00000000 ____D C:\Users\Al\AppData\Local\NVIDIA Corporation
2017-02-08 09:06 - 2016-09-26 09:40 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 09:06 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 09:06 - 2016-03-14 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 09:06 - 2016-03-14 18:21 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 09:04 - 2016-09-26 09:40 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 09:04 - 2016-09-26 09:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-07 10:17 - 2016-07-16 06:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-07 03:41 - 2015-06-12 09:47 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-07 03:23 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Cursors
2017-02-06 20:44 - 2016-12-23 11:20 - 00000000 ____D C:\Program Files\Macrium
2017-02-06 20:17 - 2016-02-21 11:40 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 19:46 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-06 08:01 - 2010-11-21 03:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-05 20:34 - 2012-03-01 12:32 - 00000000 ___HD C:\Users\Al\AppData\Roaming\uTorrent
2017-02-05 20:33 - 2016-03-14 18:31 - 00000000 ____D C:\Users\Al\AppData\Local\CrashDumps
2017-02-05 18:14 - 2014-10-20 10:18 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-05 18:14 - 2014-10-20 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-05 18:14 - 2014-10-20 10:18 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-05 18:14 - 2013-10-19 21:39 - 00000000 ____D C:\ProgramData\Oracle
2017-02-04 21:37 - 2012-05-31 21:01 - 00001456 ____H C:\Users\Al\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-02-04 18:19 - 2016-11-26 20:07 - 00000000 ____D C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\ByteFence
2017-02-04 18:18 - 2016-09-26 18:34 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-04 18:14 - 2012-06-22 23:45 - 00000000 ___HD C:\Users\Al\AppData\Roaming\Azureus
2017-02-04 17:09 - 2009-03-30 22:38 - 00000000 ____D C:\AlsMusic
2017-01-30 14:28 - 2016-11-07 21:04 - 00001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-01-29 12:12 - 2016-02-21 13:12 - 00000000 ____D C:\Users\Al\AppData\Local\VirtualRadar
2017-01-29 10:23 - 2015-12-02 12:34 - 00000017 _____ C:\Users\Al\Desktop\fr24feed.key
2017-01-29 01:04 - 2016-11-30 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 10:07 - 2012-03-31 08:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-27 09:13 - 2012-03-02 09:12 - 00000000 ___HD C:\Users\Al\AppData\Local\Adobe
2017-01-27 09:12 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-27 09:12 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-25 14:29 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 17:58 - 2016-12-17 13:57 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-24 17:58 - 2016-03-13 18:56 - 00002396 _____ C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\OneDrive.lnk
2017-01-24 17:58 - 2016-03-13 18:56 - 00000000 ___RD C:\Users\Al\OneDrive
2017-01-19 16:59 - 2015-11-09 19:22 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-14 11:20 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-12 16:15 - 2016-09-26 10:26 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 18:09 - 2016-04-27 06:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 17:37 - 2016-09-26 09:37 - 08367784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-11 17:34 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 17:34 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 17:34 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 17:34 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 17:34 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 12:04 - 2013-04-10 20:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-11 12:03 - 2009-07-14 02:34 - 00000543 _____ C:\WINDOWS\win.ini
2017-01-11 11:57 - 2013-08-17 23:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 11:53 - 2012-03-05 15:21 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2013-05-20 21:16 - 2014-01-08 15:18 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-06-15 16:40 - 2013-06-15 16:40 - 0000132 ____H () C:\Users\Al\AppData\Roaming\Adobe BMP Format CS6 Prefs
2012-11-24 10:44 - 2013-06-15 16:41 - 0000132 ____H () C:\Users\Al\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-08-29 21:26 - 2013-09-01 13:29 - 0000000 ____H () C:\Users\Al\AppData\Roaming\bitlord_log.txt
2017-02-05 13:18 - 2017-02-05 13:39 - 0000115 _____ () C:\Users\Al\AppData\Roaming\LogFile.txt
2012-05-30 21:41 - 2012-06-20 21:40 - 0001456 ____H () C:\Users\Al\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-05-31 21:01 - 2017-02-04 21:37 - 0001456 ____H () C:\Users\Al\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-02-07 09:47 - 2017-02-07 09:47 - 0000036 _____ () C:\Users\Al\AppData\Local\housecall.guid.cache
2014-01-28 08:59 - 2014-02-18 23:23 - 0007597 ____H () C:\Users\Al\AppData\Local\Resmon.ResmonCfg
2012-03-12 22:54 - 2012-03-12 22:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-06-20 19:20 - 2009-11-26 12:59 - 12177408 _____ () C:\ProgramData\sandra.mda
2017-02-05 12:52 - 2017-02-05 12:53 - 0000054 _____ () C:\ProgramData\serverclasscache.ini
2016-03-14 17:05 - 2016-03-14 17:05 - 0000000 _____ () C:\ProgramData\xml30B2.tmp
2016-03-14 17:05 - 2016-03-14 17:05 - 0000000 _____ () C:\ProgramData\xml320A.tmp
2016-03-14 17:05 - 2016-03-14 17:05 - 0000000 _____ () C:\ProgramData\xml323A.tmp
2016-03-14 17:05 - 2016-03-14 17:05 - 0000000 _____ () C:\ProgramData\xml327A.tmp
2012-06-20 22:52 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xml342E.tmp
2012-06-20 22:52 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xml346E.tmp
2015-12-05 18:07 - 2015-12-05 18:07 - 0000000 _____ () C:\ProgramData\xml3517.tmp
2015-12-05 18:07 - 2015-12-05 18:07 - 0000000 _____ () C:\ProgramData\xml3528.tmp
2012-06-20 22:52 - 2012-06-20 22:52 - 0000000 _____ () C:\ProgramData\xml35B6.tmp
2012-06-20 22:52 - 2012-06-20 22:52 - 0000000 _____ () C:\ProgramData\xml36E0.tmp
2015-12-05 14:03 - 2015-12-05 14:03 - 0000000 _____ () C:\ProgramData\xml5C23.tmp
2015-12-05 14:03 - 2015-12-05 14:03 - 0000000 _____ () C:\ProgramData\xml5C34.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml63F9.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml64A6.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml64E5.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml6515.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml6564.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml6565.tmp
2015-12-23 13:57 - 2015-12-23 13:57 - 0000000 _____ () C:\ProgramData\xml859.tmp
2015-12-23 13:57 - 2015-12-23 13:57 - 0000000 _____ () C:\ProgramData\xml9A2.tmp
2015-12-23 13:57 - 2015-12-23 13:57 - 0000000 _____ () C:\ProgramData\xmlA00.tmp
2015-12-23 13:57 - 2015-12-23 13:57 - 0000000 _____ () C:\ProgramData\xmlA6F.tmp
2016-01-16 15:08 - 2016-01-16 15:08 - 0000000 _____ () C:\ProgramData\xmlB28F.tmp
2016-01-16 15:08 - 2016-01-16 15:08 - 0000000 _____ () C:\ProgramData\xmlB399.tmp
2016-01-16 15:08 - 2016-01-16 15:08 - 0000000 _____ () C:\ProgramData\xmlB511.tmp
2016-01-16 15:08 - 2016-01-16 15:08 - 0000000 _____ () C:\ProgramData\xmlB59E.tmp
2012-06-20 19:22 - 2012-06-20 19:22 - 0009053 _____ () C:\ProgramData\xmlC33F.tmp
2015-12-06 20:32 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xmlD6A8.tmp
2015-12-06 20:32 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xmlD754.tmp
2015-12-06 20:32 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xmlD7B3.tmp
2015-12-05 17:50 - 2015-12-05 17:50 - 0000000 _____ () C:\ProgramData\xmlD7DB.tmp
2015-12-05 17:50 - 2015-12-05 17:50 - 0000000 _____ () C:\ProgramData\xmlD7EC.tmp
2015-12-06 20:32 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xmlD85F.tmp
2012-06-20 19:22 - 2012-06-20 19:22 - 0013598 _____ () C:\ProgramData\xmlDE7E.tmp
2012-06-20 19:22 - 2012-06-20 19:22 - 0000000 _____ () C:\ProgramData\xmlDF3A.tmp
2012-06-20 19:22 - 2012-06-20 19:22 - 0000000 _____ () C:\ProgramData\xmlE082.tmp

Files to move or delete:
====================
C:\Users\Al\test.exe


Some files in TEMP:
====================
2017-02-05 18:12 - 2017-02-05 18:12 - 0739904 _____ (Oracle Corporation) C:\Users\Al\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-02-06 20:41 - 2016-12-12 09:56 - 2630968 _____ (Paramount Software UK Ltd) C:\Users\Al\AppData\Local\Temp\xReflect.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-05 10:40

==================== End of FRST.txt ============================
Reply With Quote
  #12  
Old February 11th, 2017, 01:36 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
Sorry to delay things, but AVG looks very installed and active. Did you check on how to uninstall it, then reinstall it with your license later?
Reply With Quote
  #13  
Old February 11th, 2017, 06:58 PM
onemac's Avatar
onemac onemac is offline
New Member
 
Join Date: Feb 2017
O/S: Windows 10 Home
Location: Lossiemouth, Scotland
Posts: 14
Quote:
Originally Posted by Jintan View Post
Sorry to delay things, but AVG looks very installed and active. Did you check on how to uninstall it, then reinstall it with your license later?
Apologies Tom - followed the instructions and just hoovered on at re-boot. Have now used the AVG Uninstall prog so all should be ok (hopefully).

Al

Part one (of Two) FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-02-2017 01
Ran by Al (administrator) on ALS_COMP (11-02-2017 14:50:44)
Running from C:\Users\Al\Desktop
Loaded Profiles: Al & ntp (Available Profiles: Al & UpdatusUser & ntp & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
() C:\Tools\NTP\bin\ntpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\U3\U3Launcher\LaunchU3.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\360Radar\mlat-client.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\360Radar\modesmixer2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x 64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-03-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSyst emStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [CloudSystemBooster] => C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe [527544 2014-08-20] (Anvisoft)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [Google Update] => C:\Users\Al\AppData\Local\Google\Update\1.3.32.7\G oogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1118254938-2305694269-2017895754-1005\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Al\AppData\Roaming\Dropbox\bin\DropboxExt 64.24.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Al\AppData\Roaming\Dropbox\bin\DropboxExt 64.24.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Al\AppData\Roaming\Dropbox\bin\DropboxExt 64.24.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Al\AppData\Roaming\Dropbox\bin\DropboxExt 64.24.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Al\AppData\Roaming\Dropbox\bin\DropboxExt .24.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Al\AppData\Roaming\Dropbox\bin\DropboxExt .24.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Al\AppData\Roaming\Dropbox\bin\DropboxExt .24.dll -> No File
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\adsbfilter.bat - Shortcut.lnk [2016-11-17]
ShortcutTarget: adsbfilter.bat - Shortcut.lnk -> C:\360Radar-ADSB\adsbfilter.bat ()
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\Dropbox.lnk [2014-11-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Al\AppData\Roaming\Dropbox\bin\Dropbox.ex e (No File)
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\LaunchU3.exe.lnk [2016-09-26]
ShortcutTarget: LaunchU3.exe.lnk -> C:\Users\Al\AppData\Roaming\Microsoft\Installer\{D 8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk [2014-11-25]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\start_mlat_client.bat - Shortcut.lnk [2016-10-14]
ShortcutTarget: start_mlat_client.bat - Shortcut.lnk -> C:\360Radar\start_mlat_client.bat ()
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\start_modesmixer2.bat - Shortcut.lnk [2016-10-14]
ShortcutTarget: start_modesmixer2.bat - Shortcut.lnk -> C:\360Radar\start_modesmixer2.bat ()
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\Startup\Stoic Joker's T-Clock 2010 x64.lnk [2012-03-03]
ShortcutTarget: Stoic Joker's T-Clock 2010 x64.lnk -> C:\ProgsLoad\T_Clock\T-Clock 2010 (build X - Release to DC)\x64\Clock.exe (Stoic Joker's Network)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4b14bed6-6f5f-494f-9c78-a23137e1a16f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{947d86da-468c-4822-b6da-29239bcbb276}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gfe_rd=cr&ei=t6DJVsndN-XW8gfquq-oCA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-05] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-05] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1118254938-2305694269-2017895754-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: vy6ih178.default-1416502492888
FF ProfilePath: C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888 [2017-02-11]
FF Homepage: Mozilla\Firefox\Profiles\vy6ih178.default-1416502492888 -> hxxps://www.google.co.uk/
FF Extension: (Anti-Aliasing Tuner) - C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888\Extensions\aatuner@hotmint.com [2016-03-09]
FF Extension: (Google Image Help) - C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888\Extensions\googleimagehelp@shivam.or g.xpi [2017-01-22]
FF Extension: (YoutubeAdBlocke) - C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888\Extensions\UspC@F.com [2014-11-20] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profil es\vy6ih178.default-1416502492888\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-25]
FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_ 194.dll [2017-01-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_ 194.dll [2017-01-27] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1 .dll [2017-02-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Al\AppData\Roaming\Mozilla\plugins\npgoog letalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1000: @talk.google.com/O1DPlugin -> C:\Users\Al\AppData\Roaming\Mozilla\plugins\npo1d. dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Al\AppData\Local\Google\Update\1.3.32.7\n pGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Al\AppData\Local\Google\Update\1.3.32.7\n pGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1000: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-1118254938-2305694269-2017895754-1005: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Al\AppData\Roaming\mozilla\plugins\npgoog letalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Al\AppData\Roaming\mozilla\plugins\npo1d. dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default [2017-02-11]
CHR Extension: (Adobe Acrobat) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefi ndmkaj [2017-01-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-01-19]
CHR Extension: (Facebook Font Changer) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkmjdncgblppfakdnmcbljlng aodoaf [2015-11-16]
CHR Extension: (Chrome Media Router) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-02-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42680 2014-08-20] (Anvisoft)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-03-08] (NVIDIA Corporation)
S3 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService6 4.exe [192200 2016-08-26] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 NTP; C:\Tools\NTP\bin\ntpd.exe [573840 2012-08-15] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-03-08] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-03-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-03-08] (NVIDIA Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\RpcAgentSrv.exe [93336 2009-08-24] (SiSoftware) [File not signed]
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 Asdids; C:\WINDOWS\System32\DRIVERS\asdids.sys [47632 2014-08-20] (Anvisoft) [File not signed]
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-20] (AVG Technologies)
S1 BdfNdisf; C:\WINDOWS\system32\DRIVERS\bdfndisf6.sys [107496 2016-02-16] (BitDefender LLC)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [38096 2012-12-17] (GFI Software)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [14456 2013-01-16] (GFI Software)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-03-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2016-03-08] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RTL8023x64; C:\WINDOWS\System32\drivers\Rtnic64.sys [51712 2016-07-16] (Realtek Semiconductor Corporation )
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 seehcri; C:\WINDOWS\System32\drivers\seehcri.sys [34032 2014-09-20] (Sony Ericsson Mobile Communications)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S1 bdfwfpf; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.1.0\Drivers\bdfwfpf.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Reply With Quote
  #14  
Old February 11th, 2017, 06:59 PM
onemac's Avatar
onemac onemac is offline
New Member
 
Join Date: Feb 2017
O/S: Windows 10 Home
Location: Lossiemouth, Scotland
Posts: 14
Part Two of FRST.txt:

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-11 14:50 - 2017-02-11 14:51 - 00025424 _____ C:\Users\Al\Desktop\FRST.txt
2017-02-11 14:50 - 2017-02-11 14:50 - 00000000 ____D C:\Users\Al\Desktop\FRST-OlderVersion
2017-02-11 14:30 - 2017-02-11 14:44 - 00000000 ____D C:\AVG_Remover
2017-02-11 14:18 - 2017-02-11 14:30 - 08111408 _____ ( ) C:\Users\Al\Downloads\AVG_Remover.exe
2017-02-10 14:12 - 2017-02-11 14:46 - 00000000 ____D C:\Users\Al\Desktop\FRST_Results
2017-02-10 09:28 - 2017-02-10 09:28 - 00001655 _____ C:\Users\Al\Desktop\thunderbird.exe - Shortcut.lnk
2017-02-09 10:04 - 2017-02-09 10:15 - 00533132 _____ C:\WINDOWS\Minidump\020917-49062-01.dmp
2017-02-08 15:48 - 2017-02-11 14:50 - 02421248 _____ (Farbar) C:\Users\Al\Desktop\FRST64.exe
2017-02-08 15:48 - 2017-02-11 14:50 - 00000000 ____D C:\FRST
2017-02-08 15:47 - 2017-02-08 15:47 - 02421248 _____ (Farbar) C:\Users\Al\Downloads\FRST64.exe
2017-02-08 09:06 - 2016-12-29 12:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 09:04 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-08 09:04 - 2017-01-04 15:24 - 00210360 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-02-08 09:04 - 2016-12-29 13:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-08 09:02 - 2017-02-08 09:07 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-07 13:25 - 2017-02-09 10:04 - 961515533 _____ C:\WINDOWS\MEMORY.DMP
2017-02-07 13:25 - 2017-02-07 13:36 - 00514780 _____ C:\WINDOWS\Minidump\020717-38750-01.dmp
2017-02-07 09:49 - 2017-02-07 09:49 - 00000000 ____D C:\WINDOWS\Trend Micro
2017-02-07 09:49 - 2017-02-07 09:49 - 00000000 ____D C:\ProgramData\Trend Micro
2017-02-07 09:47 - 2017-02-07 09:47 - 02526736 _____ (Trend Micro Inc.) C:\Users\Al\Downloads\HousecallLauncher64.exe
2017-02-07 09:47 - 2017-02-07 09:47 - 00000036 _____ C:\Users\Al\AppData\Local\housecall.guid.cache
2017-02-07 09:47 - 2015-05-29 07:43 - 00307352 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-02-07 04:41 - 2016-11-28 10:10 - 00000002 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170207-044148.backup
2017-02-07 03:40 - 2017-02-07 03:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-02-07 03:39 - 2017-02-10 13:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-06 18:30 - 2017-02-06 18:30 - 00004332 _____ C:\WINDOWS\System32\Tasks\ReimageUpdater
2017-02-06 12:37 - 2017-02-07 03:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-06 12:37 - 2017-02-06 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-02-06 12:37 - 2017-02-06 12:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-02-06 12:37 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-06 12:37 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-02-06 12:37 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-06 12:36 - 2017-02-06 12:36 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Al\Downloads\mbam-setup-2.0.0.1000.exe
2017-02-05 22:12 - 2017-02-05 22:12 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign13569270ab7ad 42a
2017-02-05 22:05 - 2017-02-05 22:05 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignd1701aba86883 e13
2017-02-05 20:59 - 2017-02-05 20:59 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsigndc92407412b8b a4a
2017-02-05 20:58 - 2017-02-05 20:58 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign52a0f6bdd6e08 b42
2017-02-05 20:26 - 2017-02-05 20:26 - 00002850 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-02-05 20:26 - 2017-02-05 20:26 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-05 20:26 - 2017-02-05 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-05 20:25 - 2017-02-05 20:26 - 00000000 ____D C:\Program Files\CCleaner
2017-02-05 20:24 - 2017-02-05 20:25 - 08813488 _____ (Piriform Ltd) C:\Users\Al\Downloads\ccsetup526.exe
2017-02-05 14:17 - 2017-02-05 14:17 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign0dea630d24ec8 1e1
2017-02-05 14:16 - 2017-02-05 14:16 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignd2e5ec2401cc7 c15
2017-02-05 13:18 - 2017-02-06 13:16 - 00000000 ____D C:\Users\Al\AppData\Roaming\ParetoLogic
2017-02-05 13:18 - 2017-02-06 13:16 - 00000000 ____D C:\ProgramData\ParetoLogic
2017-02-05 12:56 - 2017-02-05 12:56 - 00000000 ____D C:\Users\Public\Thunder Network
2017-02-05 12:56 - 2017-02-05 12:56 - 00000000 ____D C:\ProgramData\Thunder Network
2017-02-05 12:52 - 2017-02-05 13:41 - 00000000 ____D C:\Program Files (x86)\OSTotoSoft
2017-02-05 12:52 - 2017-02-05 12:53 - 00000054 _____ C:\ProgramData\serverclasscache.ini
2017-02-05 12:52 - 2017-02-05 12:53 - 00000000 ____D C:\ProgramData\DriverTalent
2017-02-05 12:52 - 2017-02-05 12:52 - 00000000 ____D C:\Users\Al\AppData\Roaming\DriverTalent
2017-02-05 12:52 - 2017-02-05 12:52 - 00000000 ____D C:\OSTotoFolder
2017-02-05 12:06 - 2017-02-05 12:07 - 10909696 _____ C:\Users\Al\Downloads\WIN_Driver12.2.14.zip
2017-02-04 19:41 - 2017-02-04 19:41 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignf12685fb3134d ec7
2017-02-04 19:38 - 2017-02-04 19:38 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignf1686038aa3b3 89b
2017-02-04 16:41 - 2017-02-04 16:41 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign70bb2589b35bf 3de
2017-02-04 16:28 - 2017-02-04 16:28 - 00000000 ____D C:\ProgramData\ProductData
2017-02-04 16:27 - 2017-02-04 16:28 - 00000000 ____D C:\Users\Al\AppData\LocalLow\IObit
2017-02-04 16:27 - 2017-02-04 16:27 - 00002462 _____ C:\WINDOWS\System32\Tasks\Uninstaller_Install_Al
2017-02-04 16:27 - 2017-02-04 16:27 - 00000288 _____ C:\WINDOWS\Tasks\Uninstaller_Install_Al.job
2017-02-04 16:27 - 2017-02-04 16:27 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2017-02-04 16:27 - 2017-02-04 16:27 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-02-04 16:26 - 2017-02-04 16:29 - 00000000 ____D C:\Users\Al\AppData\Roaming\IObit
2017-02-04 16:25 - 2017-02-05 21:11 - 00000000 ____D C:\Program Files (x86)\IObit
2017-02-04 16:25 - 2017-02-05 09:40 - 00000000 ____D C:\ProgramData\IObit
2017-02-04 13:09 - 2017-02-04 13:09 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign36254ff4f5ef8 b49
2017-02-03 23:26 - 2017-02-03 23:26 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign4a2350f0f662f 3a5
2017-02-03 23:23 - 2017-02-03 23:23 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignfc38370499922 ce9
2017-02-02 20:44 - 2017-02-02 20:44 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign35c586d55bc1c 223
2017-02-02 20:43 - 2017-02-02 20:43 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign3636bd018931c 403
2017-02-01 22:14 - 2017-02-01 22:14 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign5b1ed45ecc226 461
2017-02-01 22:10 - 2017-02-01 22:10 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign7b6f7d70f1a60 b2d
2017-01-30 12:30 - 2017-01-30 14:25 - 00804440 _____ (Adobe Systems Incorporated) C:\Users\Al\Downloads\CreativeCloudSet-Up.exe
2017-01-29 22:57 - 2017-01-29 22:57 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign5717c2db86ab7 834
2017-01-29 22:56 - 2017-01-29 22:56 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign28d1c6d80c3c6 bc2
2017-01-29 01:45 - 2017-01-29 01:45 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign4c8bfdde73fdd bd1
2017-01-29 01:44 - 2017-01-29 01:44 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign9f74ebea85ad1 588
2017-01-28 10:51 - 2017-01-28 10:51 - 00000000 ___HD C:\$SysReset
2017-01-27 17:52 - 2017-01-27 17:52 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsigncd0df65f5833d da5
2017-01-27 14:31 - 2017-01-27 14:31 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignc04a31324aaea cc6
2017-01-25 13:05 - 2016-12-21 07:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 13:05 - 2016-12-21 04:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 22:54 - 2017-01-24 22:54 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign1656fe852c2bd 21c
2017-01-24 22:40 - 2017-01-24 22:40 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign31b6e29b96889 d86
2017-01-22 20:04 - 2017-01-22 20:04 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign1006ed5a4cecb d14
2017-01-22 20:02 - 2017-01-22 20:02 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign186bfa7826907 69a
2017-01-17 19:23 - 2017-01-17 19:23 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign2e93c4c7bf59b 602
2017-01-17 19:17 - 2017-01-17 19:17 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign71b6b8050a536 032
2017-01-16 21:23 - 2017-01-16 21:23 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsigned24262e4f333 c5e
2017-01-16 21:22 - 2017-01-16 21:22 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsigne3f3bdbc6b22b fbf
2017-01-15 18:00 - 2017-02-06 20:44 - 00053760 ___SH C:\Users\Al\Desktop\Thumbs.db
2017-01-14 14:49 - 2017-01-14 14:49 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsignbb2b2d8b4694f 6ff
2017-01-14 14:46 - 2017-01-14 14:46 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign6023e6e3aeed0 590
2017-01-13 11:37 - 2017-01-13 11:37 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsigncdb71019e6061 a9a
2017-01-13 11:36 - 2017-01-13 11:36 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign43606fee088b9 758
2017-01-12 22:31 - 2017-01-12 22:31 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign3660428d0f601 4f6
2017-01-12 11:15 - 2017-01-12 11:15 - 00000000 ____D C:\Users\Al\AppData\Local\Tempzxpsign4ed31ca813084 424

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-11 14:49 - 2016-11-18 11:21 - 00000000 ____D C:\Users\Al\AppData\LocalLow\Mozilla
2017-02-11 14:44 - 2015-12-06 23:35 - 00000000 ___RD C:\Users\Al\Creative Cloud Files
2017-02-11 14:44 - 2014-11-17 20:18 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-02-11 14:42 - 2014-11-20 18:56 - 00000000 ___HD C:\Users\Al\AppData\Local\Avg
2017-02-11 14:37 - 2016-09-26 10:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-11 14:37 - 2016-09-26 09:41 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-11 14:36 - 2016-07-16 06:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-02-11 14:32 - 2015-06-12 09:47 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-11 14:25 - 2016-09-26 09:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-11 13:37 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-10 20:32 - 2012-03-01 11:35 - 00000000 ___HD C:\Users\Al\AppData\Roaming\CheckPoint
2017-02-10 13:53 - 2013-07-28 11:19 - 00004089 _____ C:\WINDOWS\wininit.ini
2017-02-10 13:43 - 2014-02-26 08:10 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2017-02-10 13:42 - 2014-11-17 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2017-02-10 13:23 - 2016-09-26 09:46 - 00000000 ____D C:\Users\ntp
2017-02-10 13:21 - 2016-09-26 09:46 - 00000000 ____D C:\Users\Al
2017-02-10 13:08 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-10 08:58 - 2016-11-25 10:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-10 08:58 - 2013-12-09 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-09 10:04 - 2016-09-26 17:40 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-08 18:47 - 2016-03-14 18:24 - 00000000 ____D C:\Users\Al\AppData\Local\NVIDIA Corporation
2017-02-08 09:06 - 2016-09-26 09:40 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 09:06 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 09:06 - 2016-03-14 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 09:06 - 2016-03-14 18:21 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 09:04 - 2016-09-26 09:40 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 09:04 - 2016-09-26 09:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-07 10:17 - 2016-07-16 06:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-07 03:23 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Cursors
2017-02-06 20:17 - 2016-02-21 11:40 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 19:46 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-06 08:01 - 2010-11-21 03:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-05 20:34 - 2012-03-01 12:32 - 00000000 ___HD C:\Users\Al\AppData\Roaming\uTorrent
2017-02-05 20:33 - 2016-03-14 18:31 - 00000000 ____D C:\Users\Al\AppData\Local\CrashDumps
2017-02-05 18:14 - 2014-10-20 10:18 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-05 18:14 - 2014-10-20 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-05 18:14 - 2014-10-20 10:18 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-05 18:14 - 2013-10-19 21:39 - 00000000 ____D C:\ProgramData\Oracle
2017-02-04 21:37 - 2012-05-31 21:01 - 00001456 ____H C:\Users\Al\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-02-04 18:19 - 2016-11-26 20:07 - 00000000 ____D C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\ByteFence
2017-02-04 18:18 - 2016-09-26 18:34 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-04 18:14 - 2012-06-22 23:45 - 00000000 ___HD C:\Users\Al\AppData\Roaming\Azureus
2017-02-04 17:09 - 2009-03-30 22:38 - 00000000 ____D C:\AlsMusic
2017-01-30 14:28 - 2016-11-07 21:04 - 00001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-01-29 12:12 - 2016-02-21 13:12 - 00000000 ____D C:\Users\Al\AppData\Local\VirtualRadar
2017-01-29 10:23 - 2015-12-02 12:34 - 00000017 _____ C:\Users\Al\Desktop\fr24feed.key
2017-01-29 01:04 - 2016-11-30 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 10:07 - 2012-03-31 08:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-27 09:13 - 2012-03-02 09:12 - 00000000 ___HD C:\Users\Al\AppData\Local\Adobe
2017-01-27 09:12 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-27 09:12 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-25 14:29 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 17:58 - 2016-12-17 13:57 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-24 17:58 - 2016-03-13 18:56 - 00002396 _____ C:\Users\Al\AppData\Roaming\Microsoft\Windows\Star t Menu\Programs\OneDrive.lnk
2017-01-24 17:58 - 2016-03-13 18:56 - 00000000 ___RD C:\Users\Al\OneDrive
2017-01-19 16:59 - 2015-11-09 19:22 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-14 11:20 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-12 16:15 - 2016-09-26 10:26 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2013-05-20 21:16 - 2014-01-08 15:18 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-06-15 16:40 - 2013-06-15 16:40 - 0000132 ____H () C:\Users\Al\AppData\Roaming\Adobe BMP Format CS6 Prefs
2012-11-24 10:44 - 2013-06-15 16:41 - 0000132 ____H () C:\Users\Al\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-08-29 21:26 - 2013-09-01 13:29 - 0000000 ____H () C:\Users\Al\AppData\Roaming\bitlord_log.txt
2017-02-05 13:18 - 2017-02-05 13:39 - 0000115 _____ () C:\Users\Al\AppData\Roaming\LogFile.txt
2012-05-30 21:41 - 2012-06-20 21:40 - 0001456 ____H () C:\Users\Al\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-05-31 21:01 - 2017-02-04 21:37 - 0001456 ____H () C:\Users\Al\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-02-07 09:47 - 2017-02-07 09:47 - 0000036 _____ () C:\Users\Al\AppData\Local\housecall.guid.cache
2014-01-28 08:59 - 2014-02-18 23:23 - 0007597 ____H () C:\Users\Al\AppData\Local\Resmon.ResmonCfg
2012-03-12 22:54 - 2012-03-12 22:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-06-20 19:20 - 2009-11-26 12:59 - 12177408 _____ () C:\ProgramData\sandra.mda
2017-02-05 12:52 - 2017-02-05 12:53 - 0000054 _____ () C:\ProgramData\serverclasscache.ini
2016-03-14 17:05 - 2016-03-14 17:05 - 0000000 _____ () C:\ProgramData\xml30B2.tmp
2016-03-14 17:05 - 2016-03-14 17:05 - 0000000 _____ () C:\ProgramData\xml320A.tmp
2016-03-14 17:05 - 2016-03-14 17:05 - 0000000 _____ () C:\ProgramData\xml323A.tmp
2016-03-14 17:05 - 2016-03-14 17:05 - 0000000 _____ () C:\ProgramData\xml327A.tmp
2012-06-20 22:52 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xml342E.tmp
2012-06-20 22:52 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xml346E.tmp
2015-12-05 18:07 - 2015-12-05 18:07 - 0000000 _____ () C:\ProgramData\xml3517.tmp
2015-12-05 18:07 - 2015-12-05 18:07 - 0000000 _____ () C:\ProgramData\xml3528.tmp
2012-06-20 22:52 - 2012-06-20 22:52 - 0000000 _____ () C:\ProgramData\xml35B6.tmp
2012-06-20 22:52 - 2012-06-20 22:52 - 0000000 _____ () C:\ProgramData\xml36E0.tmp
2015-12-05 14:03 - 2015-12-05 14:03 - 0000000 _____ () C:\ProgramData\xml5C23.tmp
2015-12-05 14:03 - 2015-12-05 14:03 - 0000000 _____ () C:\ProgramData\xml5C34.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml63F9.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml64A6.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml64E5.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml6515.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml6564.tmp
2016-01-16 15:14 - 2016-01-16 15:14 - 0000000 _____ () C:\ProgramData\xml6565.tmp
2015-12-23 13:57 - 2015-12-23 13:57 - 0000000 _____ () C:\ProgramData\xml859.tmp
2015-12-23 13:57 - 2015-12-23 13:57 - 0000000 _____ () C:\ProgramData\xml9A2.tmp
2015-12-23 13:57 - 2015-12-23 13:57 - 0000000 _____ () C:\ProgramData\xmlA00.tmp
2015-12-23 13:57 - 2015-12-23 13:57 - 0000000 _____ () C:\ProgramData\xmlA6F.tmp
2016-01-16 15:08 - 2016-01-16 15:08 - 0000000 _____ () C:\ProgramData\xmlB28F.tmp
2016-01-16 15:08 - 2016-01-16 15:08 - 0000000 _____ () C:\ProgramData\xmlB399.tmp
2016-01-16 15:08 - 2016-01-16 15:08 - 0000000 _____ () C:\ProgramData\xmlB511.tmp
2016-01-16 15:08 - 2016-01-16 15:08 - 0000000 _____ () C:\ProgramData\xmlB59E.tmp
2012-06-20 19:22 - 2012-06-20 19:22 - 0009053 _____ () C:\ProgramData\xmlC33F.tmp
2015-12-06 20:32 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xmlD6A8.tmp
2015-12-06 20:32 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xmlD754.tmp
2015-12-06 20:32 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xmlD7B3.tmp
2015-12-05 17:50 - 2015-12-05 17:50 - 0000000 _____ () C:\ProgramData\xmlD7DB.tmp
2015-12-05 17:50 - 2015-12-05 17:50 - 0000000 _____ () C:\ProgramData\xmlD7EC.tmp
2015-12-06 20:32 - 2015-12-06 20:32 - 0000000 _____ () C:\ProgramData\xmlD85F.tmp
2012-06-20 19:22 - 2012-06-20 19:22 - 0013598 _____ () C:\ProgramData\xmlDE7E.tmp
2012-06-20 19:22 - 2012-06-20 19:22 - 0000000 _____ () C:\ProgramData\xmlDF3A.tmp
2012-06-20 19:22 - 2012-06-20 19:22 - 0000000 _____ () C:\ProgramData\xmlE082.tmp

Files to move or delete:
====================
C:\Users\Al\test.exe


Some files in TEMP:
====================
2017-02-05 18:12 - 2017-02-05 18:12 - 0739904 _____ (Oracle Corporation) C:\Users\Al\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-02-06 20:41 - 2016-12-12 09:56 - 2630968 _____ (Paramount Software UK Ltd) C:\Users\Al\AppData\Local\Temp\xReflect.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-05 10:40

==================== End of FRST.txt ============================
Reply With Quote
  #15  
Old February 12th, 2017, 01:35 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
Better. Security software left a fair bit of active stuff behind. Just setting the stage to deal with the cursor issue.


Go to Start, Search, type notepad in the Search box, and hit Enter. In the open Notepad text box, copy and past the following (inside the Code box):

Code:
start
HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1118254938-2305694269-2017895754-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1118254938-2305694269-2017895754-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <not found>
R2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42680 2014-08-20] (Anvisoft)
S1 Asdids; C:\WINDOWS\System32\DRIVERS\asdids.sys [47632 2014-08-20] (Anvisoft) [File not signed]
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-20] (AVG Technologies)
S1 BdfNdisf; C:\WINDOWS\system32\DRIVERS\bdfndisf6.sys [107496 2016-02-16] (BitDefender LLC)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
S1 bdfwfpf; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.1.0\Drivers\bdfwfpf.sys [X]
end
Save it to C:\Users\M M N\Desktop\New folder (the same location as FRST.exe) as fixlist.txt

Then open FRST, and click the Fix button. Once it is done a text will open - post that back here please.

---------------

Download ADWCleaner and run it, then click Scan.

When the scan completes, click Logfile, and copy/paste that back here please. Best not to click Clean - ADWCleaner makes mistakes.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 01:02 AM.