Inactive-A Viruses I can't delete

Status
Not open for further replies.
J

Josh Archiee

Posts: 12   +0
Hi, so yesterday I was trying to get a free music creator application but in doing this I've managed to fill my laptop with a bug. AVG can't shred it and my laptop can't delete it. It makes browsers randomly open on google and even after using malware detector and attempting to remove the viruses, they're still there.

Here's my FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2017 01
Ran by Ryan (administrator) on GODDARD (19-04-2017 00:14:29)
Running from C:\Users\Ryan\Downloads
Loaded Profiles: Ryan (Available Profiles: Ryan)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(OSBASE) C:\Windows\System32\ddmgr.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
() C:\Windows\System32\flvga_tray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-17] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [flvga_tray64] => C:\Windows\system32\flvga_tray.exe [419328 2015-04-16] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-10-13] (Apple Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263088 2017-04-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2183752 2017-04-17] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-2856192324-1670486770-184617106-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-2856192324-1670486770-184617106-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-10-28]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4FA33E17-9D6D-4F5B-A0BD-8BB696FD65C2}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6CFF5382-1DA3-4BA8-B2DE-772C442EEF3D}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-2856192324-1670486770-184617106-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={B9A5E77E-00E4-4EB8-BC2F-11A093F4E232}&mid=88db67dffb9847cda1dc1171d0a94489-9400211cfc35d2a60588c350dddfaa5957a14817&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915av&pr=fr&d=2015-03-08 12:03:06&v=4.3.1.831&pid=wtu&sg=&sap=hp
SearchScopes: HKLM-x32 -> {2A9B7E4B-67F4-492D-877C-57FF10723308} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2856192324-1670486770-184617106-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={B9A5E77E-00E4-4EB8-BC2F-11A093F4E232}&mid=88db67dffb9847cda1dc1171d0a94489-9400211cfc35d2a60588c350dddfaa5957a14817&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-03-08 12:03:06&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2856192324-1670486770-184617106-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={B9A5E77E-00E4-4EB8-BC2F-11A093F4E232}&mid=88db67dffb9847cda1dc1171d0a94489-9400211cfc35d2a60588c350dddfaa5957a14817&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-03-08 12:03:06&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-04-17] (AVG)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-04-17] (AVG)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxp://websearch.goodforsearch.info/?pid=22542&r=2015/04/12&hid=10132273870285119354&lg=EN&cc=GB&unqvl=86"
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default [2017-04-19]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (AVG Secure Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-04-18]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Skype) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-10]
CHR Extension: (OpenLink) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcineedipafihgkbecmkabpofbfjaljn [2017-04-18]
CHR Extension: (Tab Layouts - Arrange Tabs Into Layouts) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnolcokfhilodfohiidmaelobjleppf [2017-04-17]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-01]
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\System Profile [2015-07-30]
CHR HKU\S-1-5-21-2856192324-1670486770-184617106-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [262696 2017-04-01] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7448992 2017-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428680 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94936 2014-07-04] ()
R2 ddmgr; C:\Windows\system32\ddmgr.exe [857248 2015-05-06] (OSBASE)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-10-12] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-05-15] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-17] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-04-17] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-04-17] ()
S2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166136 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [310056 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336408 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-04-01] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [128096 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102136 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76688 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1006040 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [557776 2017-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [165048 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340688 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R4 ddkmd; C:\Windows\system32\drivers\ddkmd.sys [245408 2015-05-06] (OSBASE)
R0 ddkmdldr; C:\Windows\System32\drivers\ddkmdldr.sys [19616 2015-05-06] (OSBASE)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 FLxHCIv; C:\Windows\System32\Drivers\FLxHCIv.sys [184952 2015-05-07] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-05-03] ()
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [573144 2014-06-17] (Realtek Semiconductor Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [476888 2014-03-22] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3463896 2014-06-21] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-17] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-17] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-19 00:14 - 2017-04-19 00:15 - 00027069 _____ C:\Users\Ryan\Downloads\FRST.txt
2017-04-19 00:14 - 2017-04-19 00:14 - 00000000 ____D C:\FRST
2017-04-19 00:13 - 2017-04-19 00:13 - 02424832 _____ (Farbar) C:\Users\Ryan\Downloads\FRST64.exe
2017-04-18 00:37 - 2017-04-18 00:36 - 00718497 _____ C:\Windows\unins000.exe
2017-04-18 00:35 - 2017-04-18 00:37 - 00016096 _____ C:\Windows\unins000.dat
2017-04-18 00:35 - 2017-04-18 00:35 - 00000000 ____D C:\ProgramData\One Small Clue
2017-04-18 00:35 - 2013-10-09 12:18 - 00311296 _____ C:\Windows\system32\r8bsrc.dll
2017-04-18 00:35 - 2011-05-23 23:59 - 05857280 _____ C:\Windows\system32\MtxVec.Spld4.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 19656192 _____ (DewResearch) C:\Windows\system32\MtxVec.Lapack4d.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 15143424 _____ (DewResearch) C:\Windows\system32\MtxVec.Fft.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 08947712 _____ (DewResearch) C:\Windows\system32\MtxVec.Random.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 06683648 _____ (DewResearch) C:\Windows\system32\MtxVec.Vmld.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 02355200 _____ (DewResearch) C:\Windows\system32\MtxVec.Sparse4d.dll
2017-04-18 00:35 - 2010-01-06 22:33 - 02354176 _____ C:\Windows\system32\MtxVec.Vml4d.dll
2017-04-18 00:35 - 2008-11-06 05:29 - 00543928 _____ (Intel Corporation) C:\Windows\system32\libiomp5md.dll
2017-04-18 00:34 - 2017-04-18 00:35 - 14240846 _____ (One Small Clue ) C:\Users\Ryan\Downloads\Setup_Grace_64bit_Full_1-0-4-9_Windows.exe
2017-04-18 00:22 - 2017-04-18 00:42 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Tracktion 4
2017-04-18 00:22 - 2017-04-18 00:22 - 00000000 ____D C:\Program Files\Tracktion 5
2017-04-18 00:21 - 2017-04-18 00:22 - 07983168 _____ (Tracktion Software Corp.) C:\Users\Ryan\Downloads\TracktionInstall_5_Windows_64Bit_latest.exe
2017-04-18 00:12 - 2017-04-18 00:15 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\REAPER
2017-04-18 00:10 - 2017-04-18 00:10 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2017-04-18 00:09 - 2017-04-18 00:10 - 00000000 ____D C:\Program Files\REAPER (x64)
2017-04-18 00:09 - 2017-04-18 00:09 - 11068976 _____ C:\Users\Ryan\Downloads\reaper540_x64-install.exe
2017-04-18 00:09 - 2017-04-18 00:09 - 11068976 _____ C:\Users\Ryan\Downloads\reaper540_x64-install (1).exe
2017-04-17 23:40 - 2017-04-17 23:40 - 00892928 _____ C:\Users\Ryan\Downloads\Acoustica_Mixcraft_Pro_Studio_8_Crack_Full_x86x64.iso
2017-04-01 16:29 - 2017-04-01 16:29 - 00000000 ____D C:\Windows\%LOCALAPPDATA%
2017-04-01 16:26 - 2017-04-18 23:16 - 00004178 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-04-01 16:26 - 2017-04-01 16:26 - 00557776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00400928 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-04-01 16:26 - 2017-04-01 16:26 - 00340688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00165048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00128096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00102136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00076688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 01006040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00336408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00310056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00166136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-04-01 16:23 - 2017-04-05 19:57 - 00001028 _____ C:\Users\Public\Desktop\AVG.lnk
2017-03-21 01:21 - 2017-03-21 01:21 - 10832476 _____ C:\Users\Ryan\Desktop\CCTV .7z
2017-03-21 01:17 - 2017-03-21 01:17 - 02674240 _____ C:\Users\Ryan\Downloads\video-1489864643.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 02394136 _____ C:\Users\Ryan\Downloads\video-1489864676.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 01609472 _____ C:\Users\Ryan\Downloads\video-1489864633.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 01465963 _____ C:\Users\Ryan\Downloads\video-1489864621.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 00814382 _____ C:\Users\Ryan\Downloads\video-1489864603.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 00705199 _____ C:\Users\Ryan\Downloads\video-1489864654.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 00665109 _____ C:\Users\Ryan\Downloads\video-1489864595.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 00180695 _____ C:\Users\Ryan\Downloads\video-1489864607.mp4
2017-03-21 01:16 - 2017-03-21 01:16 - 00540866 _____ C:\Users\Ryan\Downloads\video-1489864661.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-19 00:07 - 2015-01-22 23:03 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2017-04-18 23:54 - 2015-01-06 19:48 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2856192324-1670486770-184617106-1001
2017-04-18 23:54 - 2015-01-06 19:31 - 00000000 ____D C:\Users\Ryan\Documents\Youcam
2017-04-18 23:53 - 2015-01-22 23:29 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\ClassicShell
2017-04-18 23:53 - 2015-01-06 19:43 - 00000000 ____D C:\Users\Ryan\OneDrive
2017-04-18 23:47 - 2015-01-23 00:27 - 00000000 ____D C:\Windows\PCHEALTH
2017-04-18 23:47 - 2015-01-14 18:39 - 00000000 ____D C:\ProgramData\Kodak
2017-04-18 23:47 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-18 23:13 - 2015-05-03 15:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-18 22:52 - 2014-03-18 10:53 - 00958356 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-18 22:52 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2017-04-18 22:44 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-04-18 22:25 - 2015-01-06 19:49 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2BB99B5E-7CB3-4055-8AFC-B0A85EBE6872}
2017-04-18 22:23 - 2017-03-10 15:12 - 00003156 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRyan
2017-04-18 22:23 - 2017-03-10 15:12 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForRyan.job
2017-04-18 22:21 - 2015-03-03 23:02 - 00000000 ____D C:\Users\Ryan\AppData\Local\CrashDumps
2017-04-18 00:51 - 2015-10-27 11:01 - 00000000 ____D C:\ProgramData\Avg
2017-04-18 00:23 - 2015-09-13 14:19 - 00000000 ____D C:\Users\Ryan\Documents\Homework JOSH
2017-04-18 00:03 - 2017-03-18 19:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-17 23:47 - 2015-07-16 17:08 - 00868352 ___SH C:\Users\Ryan\Downloads\Thumbs.db
2017-04-17 23:45 - 2016-10-12 20:12 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-04-17 23:43 - 2015-01-23 00:48 - 00000000 ____D C:\Users\Ryan\AppData\Local\Adobe
2017-04-17 23:37 - 2015-03-08 13:03 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2017-04-17 23:36 - 2015-03-08 13:02 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2017-04-17 23:30 - 2015-05-23 11:06 - 00000000 ____D C:\Users\Ryan\AppData\Local\Avg
2017-04-17 23:29 - 2015-03-08 12:50 - 00000000 ____D C:\ProgramData\MFAData
2017-04-14 22:15 - 2015-01-24 00:05 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-12 22:21 - 2015-01-06 19:54 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-12 22:21 - 2015-01-06 19:54 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-05 19:57 - 2015-03-08 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-04-01 16:39 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-04-01 16:27 - 2015-10-27 11:07 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\AVG
2017-04-01 16:27 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2017-04-01 16:24 - 2015-03-08 12:54 - 00000000 ____D C:\Program Files (x86)\AVG
2017-04-01 16:23 - 2015-03-08 13:03 - 00000000 ____D C:\Users\Ryan\AppData\Local\AVG Web TuneUp
2017-04-01 15:45 - 2015-01-06 19:55 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-01 15:45 - 2015-01-06 19:55 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2015-05-03 14:38 - 2015-05-03 14:38 - 0197243 _____ () C:\Users\Ryan\AppData\Local\ars.cache
2015-05-03 14:39 - 2015-05-03 14:39 - 0416312 _____ () C:\Users\Ryan\AppData\Local\census.cache
2015-05-03 12:42 - 2015-05-03 12:42 - 0000036 _____ () C:\Users\Ryan\AppData\Local\housecall.guid.cache
2015-01-15 18:45 - 2015-01-15 18:45 - 0004548 _____ () C:\Users\Ryan\AppData\Local\installer.log
2015-05-03 12:49 - 2015-05-03 12:49 - 0000010 _____ () C:\Users\Ryan\AppData\Local\sponge.last.runtime.cache

Some files in TEMP:
====================
2015-10-27 10:50 - 2015-10-27 10:50 - 2892128 _____ (AVG Technologies) C:\Users\Ryan\AppData\Local\Temp\avg-88f86c59-e9bf-474c-bb83-63002265e670.exe
2016-10-12 20:13 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_081489361345.exe
2016-06-30 16:15 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_081893776745.exe
2015-11-18 13:22 - 2015-10-16 14:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_08193828765.exe
2016-08-11 09:51 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_082012129805.exe
2016-06-08 17:49 - 2016-02-18 13:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_08230783752.exe
2016-03-06 02:31 - 2016-01-12 17:23 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_08406797947.exe
2015-12-11 13:35 - 2015-10-22 02:08 - 0595656 _____ (Hewlett-Packard) C:\Users\Ryan\AppData\Local\Temp\HPSFUpdater.exe
2016-07-27 15:48 - 2016-07-27 15:48 - 0741440 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-10-28 22:02 - 2016-10-28 22:02 - 0737856 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u111-windows-au.exe
2015-07-21 20:28 - 2015-07-21 20:28 - 0563808 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u51-windows-au.exe
2016-04-28 18:35 - 2016-05-31 18:51 - 0739904 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u91-windows-au.exe
2014-11-08 09:33 - 2015-04-30 22:11 - 0606208 _____ () C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe
2015-03-26 19:29 - 2017-03-18 18:55 - 57547224 _____ (Skype Technologies S.A.) C:\Users\Ryan\AppData\Local\Temp\SkypeSetup.exe
2014-11-08 09:47 - 2014-10-17 12:39 - 0665682 _____ (SQLite Development Team) C:\Users\Ryan\AppData\Local\Temp\sqlite3.dll
2015-12-11 13:48 - 2015-09-28 10:36 - 0144912 _____ (Hewlett-Packard Company) C:\Users\Ryan\AppData\Local\Temp\UninstallHPSA.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-05 17:36

==================== End of FRST.txt ============================
 
Here's the Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2017 01
Ran by Ryan (19-04-2017 00:16:14)
Running from C:\Users\Ryan\Downloads
Windows 8.1 (Update) (X64) (2015-01-06 18:30:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2856192324-1670486770-184617106-500 - Administrator - Disabled)
Guest (S-1-5-21-2856192324-1670486770-184617106-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2856192324-1670486770-184617106-1003 - Limited - Enabled)
Ryan (S-1-5-21-2856192324-1670486770-184617106-1001 - Administrator - Enabled) => C:\Users\Ryan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.171.3.211 - AVG Technologies)
AVG (Version: 1.171.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.3.3011 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.7.452 - AVG Technologies)
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.1.5406 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.1.5406 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3121 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.1.3121 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden
FMW 1 (Version: 1.182.1 - AVG Technologies) Hidden
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Grace 64bit 1.0.4.9 (HKLM\...\Grace_is1) (Version: - One Small Clue)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.14.41 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.6.14.19 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{DCD5C599-5CCC-4E37-8938-FBB548D780C6}) (Version: 2.5.3 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
iTunes (HKLM\...\{F11677B7-0D8E-4F34-BEBB-6869FE861CDF}) (Version: 12.5.2.36 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
K-Lite Mega Codec Pack 11.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.1.0 - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{5A1E898D-B35C-421B-B02F-5745259F907E}) (Version: 2.42.1 - The Pokémon Company International)
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.17 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.33 - REALTEK Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Thin2000 USB Display Adapter (HKLM\...\{893D18DB-4353-45B6-9D5B-94F5A36A01AA}) (Version: 1.1.314.0 - Fresco Logic)
Tracktion 5 (HKLM\...\Tracktion 5) (Version: 5.0.10.0 - Tracktion Software Corp.)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2856192324-1670486770-184617106-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02586715-8D99-4C54-B782-83EAFEF9BD81} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {1C0A47C2-799E-4E23-8C53-E17F45A35F91} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-04-15] ()
Task: {1EC8C358-49E4-4B1A-A258-2069CDB9C493} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {3DDD8769-A5A7-4A2E-9DB5-72F567DD4AB4} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {55ECD5B0-7FB3-4D07-BB11-F00419D06598} - System32\Tasks\0215tb_RML => C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe
Task: {60E93928-E824-4636-88F7-3672EA6CF1D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6B3639A8-68D1-4104-B89E-A40428275AF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {6F422AC1-ACC3-4C40-969C-D953CB41165F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {6F614129-AEDF-42F4-84A0-1580DBCC589C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-24] (HP Inc.)
Task: {78905EB5-BCE7-4399-8406-F15AAF023596} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-04-01] (AVG Technologies CZ, s.r.o.)
Task: {81A59E9C-803D-493F-8BA7-26F88E49FF88} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.)
Task: {9BD68091-BCAC-4C1C-8DC5-4C4E4DF0AEC6} - System32\Tasks\HPCeeScheduleForRyan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {9EE8F73F-7CC2-4EB4-849B-4B4B8FCC3196} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {B590A4D4-EC2E-4DE7-B1C1-17F831A9ECDF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C9B47539-0B31-40E9-AE13-7B77C1463FA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {D2A27EF4-1F9C-4E7A-B26D-7E4E69AD0B98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-03-10] (HP Inc.)
Task: {D41F9662-ED3B-4082-849A-C9A07DACFD10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {EB2AB8D9-17D7-4B73-A782-37580C065BB7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0215tb_RML.job => C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRyan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Ryan\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_2574111287_en-gb.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=youtube&cc=GB&setlang=en-GB&inlang=en-GB&adlt=moderate&scale=100&contrast=none&hw=768%2C1366&CVID=5C1328012AD4490192130F7501B8CD1

ShortcutWithArgument: C:\Users\Public\Desktop\Get Dropbox Offer.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=en_gb&pf=cnnb&s=db_dticon&tp=dropbox

==================== Loaded Modules (Whitelisted) ==============

2015-03-08 13:02 - 2017-04-17 23:36 - 00981576 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2014-03-28 13:31 - 2014-03-28 13:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-28 02:10 - 2014-07-04 12:24 - 00094936 ____N () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2013-12-04 09:44 - 2013-12-04 09:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 09:44 - 2013-12-04 09:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 09:44 - 2013-12-04 09:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-10-28 02:40 - 2014-04-14 19:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-03-28 13:36 - 2014-03-28 13:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-04-16 04:04 - 2015-04-16 04:04 - 00419328 _____ () C:\Windows\System32\flvga_tray.exe
2015-03-08 13:02 - 2017-04-17 23:36 - 02183752 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2016-12-14 22:34 - 2016-12-14 22:34 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2015-12-05 11:21 - 2015-12-05 11:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2017-04-01 16:25 - 2017-04-01 16:25 - 00171208 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-04-01 16:26 - 2017-04-01 16:26 - 48936448 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-04-01 16:26 - 2017-04-01 16:26 - 00177472 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-04-01 16:26 - 2017-04-01 16:26 - 00654504 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2010-01-09 21:18 - 2010-01-09 21:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:34 - 2010-01-21 02:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-28 02:01 - 2013-12-10 16:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-04-01 15:45 - 2017-03-29 03:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-01 15:45 - 2017-03-29 03:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2856192324-1670486770-184617106-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\Desktop\14257549_10210861681236703_5584451349347789910_o.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0DAD4C8A-72EA-4F3B-A2E0-F3AD7EFE0A87}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F6F8B7BA-3AA3-48CA-AFC0-FCF29232751D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CCD03A0A-2631-419F-B663-CE70C7234530}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D8FC72B9-1700-4177-B535-5CD1DF213EC1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{82DE6B70-79D8-40AE-BB50-F571C1C772F7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{DDDDB9C8-4A2F-4EF5-B6CE-FB2EFDDC9317}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{A4499100-F0E8-4A20-B875-FCAC525DBEBB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{41BC8C59-3FCC-4249-A9B6-7253A600CC27}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{9A4D8FF3-0865-453E-A231-B0162CF2F758}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{E4E76B55-EE95-40E8-A688-51BDDDEC0747}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{A8A800A2-4119-4360-B062-D6706677CFC6}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7F15C737-519F-405B-B777-689583B9FD69}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A0927AB4-A851-4255-A36C-7C242DED9355}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{0C6C7231-1E3E-470B-8E07-0613200649D3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BE9A306E-B655-45C2-AB56-6A173348A420}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C7116E71-C45D-4147-81E5-316834934759}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E49E5296-6410-4FC7-BE12-ED2AADA80D0B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{23EE1483-FB93-4127-8724-73519FC4A5DD}] => (Allow) LPort=9322
FirewallRules: [{FC2B0AD6-8850-49AE-8B23-58AA6A9F921B}] => (Allow) LPort=5353
FirewallRules: [{67AC4B81-C8BF-4FAC-804A-4010F524C949}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{760C40AB-74E7-4A56-B5FC-9F49E9D18EAE}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{426A03A0-54CD-49B0-8B04-CA160D0AC0E0}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{EDB713E5-CBFE-4BB2-AD93-A9A672DCD704}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{73547E89-926A-40E0-BB67-621D5DE07EA7}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{11375191-BF74-4512-8A14-C5DC02066E5B}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{3BF40F0A-BA01-424D-9ECB-CA057516D31A}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{3D51E299-F394-410C-932C-6D6FBD5D931D}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{286DCCBE-92EC-4F2E-A2C2-6A35D01E75A6}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{056CB21C-A574-4CEC-946A-6BB990399354}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{802D8F41-3EE2-40D3-B866-E54B39B54DF8}] => (Allow) LPort=9322
FirewallRules: [{4A34DE42-5879-417F-A355-647AA3660437}] => (Allow) LPort=5353
FirewallRules: [TCP Query User{B3DA05B0-20E1-4FE8-8251-1EB85077D888}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9ABEB932-D061-4C28-B401-C1A1779AA3B2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{AFB48E53-E413-40E5-8CE1-57D80776C3B3}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A088CCE7-388C-4110-BF86-34774E2010E7}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{BBC04F70-92F2-400B-AB55-E4954F94B9F9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9DD1E8EB-C424-4FF4-B89A-654D896FD1B0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1918D485-1FCD-46D5-81B4-0F87D2BB8A92}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{AAF003BB-CC29-435C-B4AC-FB8411F92723}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{06985D41-AE71-4C04-AF97-5479AF266E0D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{9671A002-ACFC-426C-95C4-911277F83512}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{10DF4104-CB5A-44D4-B5FE-8B62F0C9AF7C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E024C63B-8196-4574-B9E3-5919AF4BD6A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E9DEC9EE-2C2D-4A16-80AC-752EF17B0CCF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{07BDDF54-F04F-4236-B6B4-6456B9C96C07}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{9D32EE86-CDC6-475D-83AE-7AC4FA929A04}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{98E3DCA2-8247-4B1A-8722-DD4E8DE5AA50}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{2BE2725E-517C-4D3C-AA7F-4E804527A371}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{478769B6-39CA-4E93-BB7B-A4E7F92C0556}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{3FCC23C7-24CD-4B36-8E93-DC71C35A3685}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{CD363787-C07D-475E-AE6F-3E6C692D0EE1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{36A774E6-EE3C-4F79-A637-1041FE57D22E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BE950B7C-53F8-4CAE-A57B-1182F4BB73F7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{80570D55-1139-4BF0-82D9-3D96EEB0C9D4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F05E02BC-C448-4960-B161-21A43F5C2B62}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{95F10662-8DBE-4D9C-9062-C219D436BE40}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

19-02-2017 13:23:07 Scheduled Checkpoint
05-03-2017 17:32:04 Scheduled Checkpoint
06-03-2017 20:46:50 Restore Operation
01-04-2017 16:35:02 Removed AVG
18-04-2017 22:34:46 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2017 11:56:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.10600.0, time stamp: 0x53618404
Exception code: 0xc0000005
Fault offset: 0x000000000061133e
Faulting process ID: 0xf58
Faulting application start time: 0x01d2b896d80a400f
Faulting application path: C:\Program Files\Windows Defender\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll
Report ID: 44383ec9-248a-11e7-828c-3863bb8dd7bd
Faulting package full name:
Faulting package-relative application ID:

Error: (04/18/2017 11:54:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.10600.0, time stamp: 0x53618404
Exception code: 0xc0000005
Fault offset: 0x000000000061133e
Faulting process ID: 0xd3c
Faulting application start time: 0x01d2b8960bb53911
Faulting application path: C:\Program Files\Windows Defender\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll
Report ID: f1ce8c0e-2489-11e7-828c-3863bb8dd7bd
Faulting package full name:
Faulting package-relative application ID:

Error: (04/18/2017 11:48:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.10600.0, time stamp: 0x53618404
Exception code: 0xc0000005
Fault offset: 0x000000000061133e
Faulting process ID: 0x7a8
Faulting application start time: 0x01d2b895da424502
Faulting application path: C:\Program Files\Windows Defender\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll
Report ID: 22b15953-2489-11e7-828c-3863bb8dd7bd
Faulting package full name:
Faulting package-relative application ID:

Error: (04/18/2017 11:15:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.10600.0, time stamp: 0x53618404
Exception code: 0xc0000005
Fault offset: 0x000000000061133e
Faulting process ID: 0x19c8
Faulting application start time: 0x01d2b89111827392
Faulting application path: C:\Program Files\Windows Defender\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll
Report ID: 76c6cd64-2484-11e7-828b-3863bb8dd7bd
Faulting package full name:
Faulting package-relative application ID:

Error: (04/18/2017 11:12:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.10600.0, time stamp: 0x53618404
Exception code: 0xc0000005
Fault offset: 0x000000000061133e
Faulting process ID: 0x13ac
Faulting application start time: 0x01d2b8907499ee20
Faulting application path: C:\Program Files\Windows Defender\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll
Report ID: 2b3a309c-2484-11e7-828b-3863bb8dd7bd
Faulting package full name:
Faulting package-relative application ID:

Error: (04/18/2017 11:08:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.10600.0, time stamp: 0x53618404
Exception code: 0xc0000005
Fault offset: 0x000000000061133e
Faulting process ID: 0xd94
Faulting application start time: 0x01d2b890334e6cb2
Faulting application path: C:\Program Files\Windows Defender\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll
Report ID: 7dc8f15d-2483-11e7-828b-3863bb8dd7bd
Faulting package full name:
Faulting package-relative application ID:

Error: (04/18/2017 11:07:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 7.0.168.192.in-addr.arpa. PTR Goddard.local.

Error: (04/18/2017 11:07:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353 17 7.0.168.192.in-addr.arpa. PTR Goddard-2.local.

Error: (04/18/2017 10:54:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.10600.0, time stamp: 0x53618404
Exception code: 0xc0000005
Fault offset: 0x000000000061133e
Faulting process ID: 0x1d14
Faulting application start time: 0x01d2b88e3f7cb2b8
Faulting application path: C:\Program Files\Windows Defender\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll
Report ID: a5283030-2481-11e7-828a-3863bb8dd7bd
Faulting package full name:
Faulting package-relative application ID:

Error: (04/18/2017 10:52:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.10600.0, time stamp: 0x53618404
Exception code: 0xc0000005
Fault offset: 0x000000000061133e
Faulting process ID: 0x894
Faulting application start time: 0x01d2b88d6080b660
Faulting application path: C:\Program Files\Windows Defender\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll
Report ID: 5927dd50-2481-11e7-828a-3863bb8dd7bd
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (04/18/2017 11:56:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 3 time(s).

Error: (04/18/2017 11:54:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/18/2017 11:48:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/18/2017 11:48:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.4.0 service failed to start due to the following error:
The system cannot find the file specified.

Error: (04/18/2017 11:15:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 3 time(s).

Error: (04/18/2017 11:12:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/18/2017 11:08:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/18/2017 11:07:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.4.0 service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (04/18/2017 10:54:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 3 time(s).

Error: (04/18/2017 10:52:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2017-04-01 16:24:32.530
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:31.635
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:29.732
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:27.652
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:27.088
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:25.983
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:21.046
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:14.787
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:13.670
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:08.360
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4288U CPU @ 2.60GHz
Percentage of memory in use: 33%
Total physical RAM: 8122.15 MB
Available physical RAM: 5385.55 MB
Total Virtual: 9402.15 MB
Available Virtual: 6618.77 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1375.16 GB) (Free:1292.4 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.08 GB) (Free:2.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:0.12 GB) (Free:0.01 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 39ED847C)

Partition: GPT.

========================================================
Disk: 1 (Size: 120.1 MB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Roguekiller first txt

RogueKiller V12.10.5.0 (x64) [Apr 18 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Ryan [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 04/19/2017 18:32:06 (Duration : 01:23:26)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll) -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\AVG Secure Search -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\AVG Tuneup -> Deleted
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll) -> Deleted
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll) -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" [7] -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2856192324-1670486770-184617106-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={B9A5E77E-00E4-4EB8-BC2F-11A093F4E232}&mid=88db67dffb9847cda1dc1171d0a94489-9400211cfc35d2a60588c350dddfaa5957a14817&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915av&pr=fr&d=2015-03-08 12:03:06&v=4.3.1.831&pid=wtu&sg=&sap=hp -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2856192324-1670486770-184617106-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={B9A5E77E-00E4-4EB8-BC2F-11A093F4E232}&mid=88db67dffb9847cda1dc1171d0a94489-9400211cfc35d2a60588c350dddfaa5957a14817&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915av&pr=fr&d=2015-03-08 12:03:06&v=4.3.1.831&pid=wtu&sg=&sap=hp -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2856192324-1670486770-184617106-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2856192324-1670486770-184617106-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)

¤¤¤ Tasks : 2 ¤¤¤
[PUP.Gen1] %WINDIR%\Tasks\0215tb_RML.job -- C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe ( /PROMPT /CMPID=0215tb) -> Deleted
[PUP.Gen1] \0215tb_RML -- C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe (/PROMPT /CMPID=0215tb) -> Deleted

¤¤¤ Files : 9 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search -> Removed at reboot [91]
[PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search\Logger -> ERROR [5]
[PUP.Gen1][Folder] C:\ProgramData\AVG Security Toolbar -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Security Toolbar\TBCampaignINSP.txt -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp -> Removed at reboot [91]
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt -> ERROR [5]
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\CrashReport -> ERROR [5]
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\FireFoxExt -> ERROR [5]
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\FirefoxSaps\4.3.7.452\FireFoxSearchXml.tmp -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\FirefoxSaps\4.3.7.452 -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\FirefoxSaps -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt -> ERROR [5]
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\UsersState.json -> Deleted
[PUP.Gen1][Folder] C:\Users\Ryan\AppData\Local\AVG Web TuneUp -> Removed at reboot [91]
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\1dc7944b31630f68.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\2b868cc65f31978b.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\3814452d3659e72a.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\460d92843f6ca7fe.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\4de633705cb16b14.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\4dedb263139d898b.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\62343dffda6ebc44.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\66717dc8181e6993.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\78407ebcf2564698.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\788bad3230473504.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\7ee75298cfb4729e.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\83e4af586c12f55c.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\83e4af586c12f55c__exp__08-09-2016 18-07-39 -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\94bdc89cf6b403b6.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\94bdc89cf6b403b6__exp__13-04-2016 16-52-38 -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\9ae360cfffb3e53d.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\b2f91c57b8cfb1f2.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\b954670a18b0b83f.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\bbf04c521a478ecc.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\cd6fc3ee6b6b972b.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\e45b835d6bba7460.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\e8f532c11aba22bc.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\e8f532c11aba22bc__exp__10-04-2016 18-24-12 -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\eb5431d245611bf3.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\fdc19b08b0715fef.fb -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\tmp\cd6fc3ee6b6b972b -> Deleted
[PUP.Gen1][Folder] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache\tmp -> Deleted
[PUP.Gen1][Folder] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\cache -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\Chrome\featureState.json -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\Chrome\install.js -> Deleted
[PUP.Gen1][Folder] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\Chrome -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\DNT\dt.dat -> Deleted
[PUP.Gen1][Folder] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\DNT -> Deleted
[PUP.Gen1][Folder] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\Firefox -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\cef_cache\Cookies -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\cef_cache\Cookies-journal -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\cef_cache\data_0 -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\cef_cache\data_1 -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\cef_cache\data_2 -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\cef_cache\data_3 -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\cef_cache\index -> Deleted
[PUP.Gen1][Folder] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\cef_cache -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\ExceptionalDomains.dat -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\LocalStorage.xml -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\SiteSafety.json -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\dbtmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp22BE.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp280C.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp29E1.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp39FB.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp3A0B.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp3DD7.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp4425.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp4659.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp54A.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp58CF.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp5994.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp6CAF.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp726B.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp7585.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp83C3.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp864F.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp8D2B.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp929.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp93C9.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp983D.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp99C0.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp9B82.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp9D67.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmp9EC6.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpAAD7.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpAE7C.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpAF28.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpB125.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpB52F.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpBC4D.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpBFC3.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpC0CA.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpC1DC.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpC404.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpC73C.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpCB2.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpCF72.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpD0EB.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpDEE3.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpE117.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpE47E.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpE4CF.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpECFE.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpF2CB.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpF854.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpFB2.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpFD2.tmp -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp\tmpFD6D.tmp -> Deleted
[PUP.Gen1][Folder] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE\tmp -> Deleted
[PUP.Gen1][Folder] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\IE -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\Paypal\data.dat -> Deleted
[PUP.Gen1][File] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\Paypal\data.zip -> Deleted
[PUP.Gen1][Folder] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\Paypal -> Deleted
[PUP.Gen1][Folder] C:\Users\Ryan\AppData\Local\AVG Web TuneUp\Statistics -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Secure Search\Logger\logger.properties -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search\Logger -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Security Toolbar -> ERROR [3]
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp -> Removed at reboot [91]
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.1.0.411 -> ERROR [5]
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.1.6.294 -> ERROR [5]
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.1.8.599\ExtensionTemplate.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.1.8.599\install.js -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.1.8.599 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.1.951\ExtensionTemplate.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.1.951\install.js -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.1.951 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.3.128\ExtensionTemplate.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.3.128\install.js -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.3.128 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.4.155\ExtensionTemplate.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.4.155\install.js -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.4.155 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.5.441\ExtensionTemplate.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.5.441\install.js -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.5.441 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.6.552\ExtensionTemplate.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.6.552\install.js -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.6.552 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.8.608\ExtensionTemplate.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.8.608\install.js -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.8.608 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.9.726\ExtensionTemplate.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.9.726\install.js -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.2.9.726 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.1.831\ExtensionTemplate.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.1.831\install.js -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.1.831 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.2.18\ExtensionTemplate.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.2.18\install.js -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.2.18 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.4.122\ExtensionTemplate.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.4.122\install.js -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.4.122 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.5.160\ExtensionTemplate.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.5.160\install.js -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.5.160 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.6.255\ExtensionTemplate.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.6.255\install.js -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.6.255 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.7.452\ExtensionTemplate.txt -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.7.452\install.js -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt\4.3.7.452 -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\ChromeExt -> Removed at reboot [91]
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\CrashReport\avgcommx.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\CrashReport\avgdiagex.exe -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\CrashReport\avgdumpx.exe -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\CrashReport\avgsysx.dll -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\CrashReport\crash.avgdx -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\CrashReport -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\FireFoxExt\4.3.7.452\avg@toolbar.xpi -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\FireFoxExt\4.3.7.452 -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\FireFoxExt -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt\4.1.0.411 -> ERROR [5]
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt\4.1.6.294 -> ERROR [5]
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.1.8.599\inflate.js -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.1.8.599\init.html -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.1.8.599\LocalStorage.xml -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt\4.1.8.599 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.1.951\inflate.js -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.1.951\init.html -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.1.951\LocalStorage.xml -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.1.951 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.3.128\inflate.js -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.3.128\init.html -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.3.128\LocalStorage.xml -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.3.128 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.4.155\inflate.js -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.4.155\init.html -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.4.155\LocalStorage.xml -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.4.155 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.5.441\inflate.js -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.5.441\init.html -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.5.441\LocalStorage.xml -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.5.441 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.6.552\inflate.js -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.6.552\init.html -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.6.552\LocalStorage.xml -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.6.552 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.8.608\inflate.js -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.8.608\init.html -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.8.608\LocalStorage.xml -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.8.608 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.9.726\inflate.js -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.9.726\init.html -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.9.726\LocalStorage.xml -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt\4.2.9.726 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.1.831\inflate.js -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.1.831\init.html -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.1.831\LocalStorage.xml -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.1.831 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.2.18\inflate.js -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.2.18\init.html -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.2.18\LocalStorage.xml -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.2.18 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.4.122\inflate.js -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.4.122\init.html -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.4.122\LocalStorage.xml -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.4.122 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.5.160\inflate.js -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.5.160\init.html -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.5.160\LocalStorage.xml -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.5.160 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.6.255\inflate.js -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.6.255\init.html -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.6.255\LocalStorage.xml -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.6.255 -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.7.452\inflate.js -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.7.452\init.html -> Deleted
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.7.452\LocalStorage.xml -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt\4.3.7.452 -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp\IeExt -> Removed at reboot [91]
[PUP.Gen1][File] C:\ProgramData\AVG Web TuneUp\UsersState.json -> Deleted
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp -> Removed at reboot [91]
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp\4.1.0.411 -> ERROR [5]
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp\4.1.6.294 -> ERROR [5]
[PUP.Gen1][File] C:\Program Files\AVG Web TuneUp\4.1.8.599\AVG Web TuneUp.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp\4.1.8.599 -> Deleted
[PUP.Gen1][File] C:\Program Files\AVG Web TuneUp\4.2.1.951\AVG Web TuneUp.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp\4.2.1.951 -> Deleted
[PUP.Gen1][File] C:\Program Files\AVG Web TuneUp\4.2.3.128\AVG Web TuneUp.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp\4.2.3.128 -> Deleted
[PUP.Gen1][File] C:\Program Files\AVG Web TuneUp\4.2.4.155\AVG Web TuneUp.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp\4.2.4.155 -> Deleted
[PUP.Gen1][File] C:\Program Files\AVG Web TuneUp\4.2.5.441\AVG Web TuneUp.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp\4.2.5.441 -> Deleted
[PUP.Gen1][File] C:\Program Files\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp\4.2.6.552 -> Deleted
[PUP.Gen1][File] C:\Program Files\AVG Web TuneUp\4.2.8.608\AVG Web TuneUp.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp\4.2.8.608 -> Deleted
[PUP.Gen1][File] C:\Program Files\AVG Web TuneUp\4.2.9.726\AVG Web TuneUp.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp\4.2.9.726 -> Deleted
[PUP.Gen1][File] C:\Program Files\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp\4.3.1.831 -> Deleted
[PUP.Gen1][File] C:\Program Files\AVG Web TuneUp\4.3.2.18\AVG Web TuneUp.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp\4.3.2.18 -> Deleted
[PUP.Gen1][File] C:\Program Files\AVG Web TuneUp\4.3.4.122\AVG Web TuneUp.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp\4.3.4.122 -> Deleted
[PUP.Gen1][File] C:\Program Files\AVG Web TuneUp\4.3.5.160\AVG Web TuneUp.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp\4.3.5.160 -> Deleted
[PUP.Gen1][File] C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp\4.3.6.255 -> Deleted
[PUP.Gen1][File] C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp\4.3.7.452 -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp -> Removed at reboot [91]
[PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\4.3.7.452 -> ERROR [5]
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\AVG Web TuneUp -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\BundleInstall -> ERROR [5]
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\BundleInstall.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\BundleInstaller.ini -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\buttonicon.ico -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\CefHost.exe -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\ChConfirmHelperRes -> ERROR [5]
[PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\ChromeGuardRes -> ERROR [5]
[PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\ChromeRes -> ERROR [5]
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\configuration.xml -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\crash.avgdx -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\data.zip -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\DSPDlg_IE -> ERROR [5]
[PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\EnableHelperRes -> ERROR [5]
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\favicon.ico -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\FireFoxSearchXml.tmp -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\icudt.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\IeDspHelperRes -> ERROR [5]
[PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\IeProtectedDspHelperRes -> ERROR [5]
[PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\IERes -> ERROR [5]
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\libcef.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\Licenses -> ERROR [5]
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\lip.exe -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\locales -> ERROR [5]
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\remote_configuration.xml -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\setup.bmp -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\TBRDialog -> ERROR [5]
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\Uninstall.exe -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp\UninstallRes -> ERROR [5]
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\vprot.exe -> ERROR [5]
[PUP.Gen1][File] C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe -> ERROR [5]

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : AVG Web TuneUp [chfdnecihphmhljaaejmgoiahnihplgn] -> Deleted
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://websearch.goodforsearch.info...hid=10132273870285119354&lg=EN&cc=GB&unqvl=86] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1500LM006 HN-M151RAD +++++
--- User ---
[MBR] 094e9ee37640a4c200de7d4264d35d0f
[BSP] 86f8fbc4dece3b54b94c707b7bd3aa7c : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 650 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1333248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1865728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2127872 | Size: 1408164 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 2886047744 | Size: 21591 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] 8528bd99381b150db605c9ae9b7fa1fd
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 97 | Size: 120 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
Roguekiller second txt

RogueKiller V12.10.5.0 (x64) [Apr 18 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Ryan [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 04/19/2017 18:32:06 (Duration : 01:23:26)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll) -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\AVG Secure Search -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\AVG Tuneup -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll) -> Found
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll) -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" [7] -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2856192324-1670486770-184617106-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={B9A5E77E-00E4-4EB8-BC2F-11A093F4E232}&mid=88db67dffb9847cda1dc1171d0a94489-9400211cfc35d2a60588c350dddfaa5957a14817&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915av&pr=fr&d=2015-03-08 12:03:06&v=4.3.1.831&pid=wtu&sg=&sap=hp -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2856192324-1670486770-184617106-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://mysearch.avg.com/?cid={B9A5E77E-00E4-4EB8-BC2F-11A093F4E232}&mid=88db67dffb9847cda1dc1171d0a94489-9400211cfc35d2a60588c350dddfaa5957a14817&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915av&pr=fr&d=2015-03-08 12:03:06&v=4.3.1.831&pid=wtu&sg=&sap=hp -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2856192324-1670486770-184617106-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2856192324-1670486770-184617106-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found

¤¤¤ Tasks : 2 ¤¤¤
[PUP.Gen1] %WINDIR%\Tasks\0215tb_RML.job -- C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe ( /PROMPT /CMPID=0215tb) -> Found
[PUP.Gen1] \0215tb_RML -- C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe (/PROMPT /CMPID=0215tb) -> Found

¤¤¤ Files : 9 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search -> Found
[PUP.Gen1][Folder] C:\ProgramData\AVG Security Toolbar -> Found
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp -> Found
[PUP.Gen1][Folder] C:\Users\Ryan\AppData\Local\AVG Web TuneUp -> Found
[PUP.Gen1][Folder] C:\ProgramData\AVG Secure Search -> Found
[PUP.Gen1][Folder] C:\ProgramData\AVG Security Toolbar -> Found
[PUP.Gen1][Folder] C:\ProgramData\AVG Web TuneUp -> Found
[PUP.Gen1][Folder] C:\Program Files\AVG Web TuneUp -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\AVG Web TuneUp -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : AVG Web TuneUp [chfdnecihphmhljaaejmgoiahnihplgn] -> Found
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://websearch.goodforsearch.info...hid=10132273870285119354&lg=EN&cc=GB&unqvl=86] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1500LM006 HN-M151RAD +++++
--- User ---
[MBR] 094e9ee37640a4c200de7d4264d35d0f
[BSP] 86f8fbc4dece3b54b94c707b7bd3aa7c : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 650 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1333248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1865728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2127872 | Size: 1408164 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 2886047744 | Size: 21591 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] 8528bd99381b150db605c9ae9b7fa1fd
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 97 | Size: 120 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
Malwarebytes txt

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/19/17
Scan Time: 8:37 PM
Logfile: Malwarebytes.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1763
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: GODDARD\Ryan

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367289
Time Elapsed: 9 min, 20 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

ADW cleaner txt

# AdwCleaner v6.045 - Logfile created 19/04/2017 at 21:03:58
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-19.2 [Server]
# Operating System : Windows 8.1 (X64)
# Username : Ryan - GODDARD
# Running from : C:\Users\Ryan\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: vToolbarUpdater18.4.0
[-] Service deleted: vToolbarUpdater40.3.7
[-] Service deleted: WtuSystemSupport


***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\Avg_Update_0215tb
[-] Folder deleted: C:\Users\Ryan\AppData\LocalLow\avg web tuneup
[-] Folder deleted: C:\Program Files\avg web tuneup
[-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search
[-] Folder deleted: C:\ProgramData\avg web tuneup
[#] Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\avg web tuneup
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKU\S-1-5-21-2856192324-1670486770-184617106-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKU\S-1-5-21-2856192324-1670486770-184617106-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn


***** [ Web browsers ] *****

[-] [C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: chfdnecihphmhljaaejmgoiahnihplgn


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5356 Bytes] - [19/04/2017 21:03:58]
C:\AdwCleaner\AdwCleaner[R0].txt - [5094 Bytes] - [03/05/2015 14:58:01]
C:\AdwCleaner\AdwCleaner[S0].txt - [4806 Bytes] - [03/05/2015 15:29:51]
C:\AdwCleaner\AdwCleaner[S1].txt - [5315 Bytes] - [19/04/2017 21:02:02]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5648 Bytes] ##########
 
Finally junkware txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 x64
Ran by Ryan (Administrator) on 19/04/2017 at 21:12:17.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2A9B7E4B-67F4-492D-877C-57FF10723308} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/04/2017 at 21:16:32.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2017
Ran by Ryan (20-04-2017 00:13:15)
Running from C:\Users\Ryan\Downloads
Windows 8.1 (Update) (X64) (2015-01-06 18:30:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2856192324-1670486770-184617106-500 - Administrator - Disabled)
Guest (S-1-5-21-2856192324-1670486770-184617106-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2856192324-1670486770-184617106-1003 - Limited - Enabled)
Ryan (S-1-5-21-2856192324-1670486770-184617106-1001 - Administrator - Enabled) => C:\Users\Ryan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.171.3.211 - AVG Technologies)
AVG (Version: 1.171.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.3.3011 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.7.452 - AVG Technologies)
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.1.5406 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.1.5406 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3121 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.1.3121 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden
FMW 1 (Version: 1.182.1 - AVG Technologies) Hidden
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Grace 64bit 1.0.4.9 (HKLM\...\Grace_is1) (Version: - One Small Clue)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.14.41 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.6.14.19 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{DCD5C599-5CCC-4E37-8938-FBB548D780C6}) (Version: 2.5.3 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
iTunes (HKLM\...\{F11677B7-0D8E-4F34-BEBB-6869FE861CDF}) (Version: 12.5.2.36 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
K-Lite Mega Codec Pack 11.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.1.0 - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{5A1E898D-B35C-421B-B02F-5745259F907E}) (Version: 2.42.1 - The Pokémon Company International)
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.17 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.33 - REALTEK Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
RogueKiller version 12.10.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.5.0 - Adlice Software)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Thin2000 USB Display Adapter (HKLM\...\{893D18DB-4353-45B6-9D5B-94F5A36A01AA}) (Version: 1.1.314.0 - Fresco Logic)
Tracktion 5 (HKLM\...\Tracktion 5) (Version: 5.0.10.0 - Tracktion Software Corp.)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2856192324-1670486770-184617106-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02586715-8D99-4C54-B782-83EAFEF9BD81} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {1C0A47C2-799E-4E23-8C53-E17F45A35F91} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-04-15] ()
Task: {1EC8C358-49E4-4B1A-A258-2069CDB9C493} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {373EEA88-57EE-4D75-AA66-18F08CCEF12F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {60E93928-E824-4636-88F7-3672EA6CF1D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6B3639A8-68D1-4104-B89E-A40428275AF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {6F422AC1-ACC3-4C40-969C-D953CB41165F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {6F614129-AEDF-42F4-84A0-1580DBCC589C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-24] (HP Inc.)
Task: {78905EB5-BCE7-4399-8406-F15AAF023596} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-04-01] (AVG Technologies CZ, s.r.o.)
Task: {81A59E9C-803D-493F-8BA7-26F88E49FF88} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.)
Task: {9BD68091-BCAC-4C1C-8DC5-4C4E4DF0AEC6} - System32\Tasks\HPCeeScheduleForRyan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {9EE8F73F-7CC2-4EB4-849B-4B4B8FCC3196} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {B590A4D4-EC2E-4DE7-B1C1-17F831A9ECDF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C9B47539-0B31-40E9-AE13-7B77C1463FA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {D2A27EF4-1F9C-4E7A-B26D-7E4E69AD0B98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-03-10] (HP Inc.)
Task: {D41F9662-ED3B-4082-849A-C9A07DACFD10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {EB2AB8D9-17D7-4B73-A782-37580C065BB7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForRyan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Ryan\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_2574111287_en-gb.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=youtube&cc=GB&setlang=en-GB&inlang=en-GB&adlt=moderate&scale=100&contrast=none&hw=768%2C1366&CVID=5C1328012AD4490192130F7501B8CD1

ShortcutWithArgument: C:\Users\Public\Desktop\Get Dropbox Offer.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=en_gb&pf=cnnb&s=db_dticon&tp=dropbox

==================== Loaded Modules (Whitelisted) ==============

2014-03-28 13:31 - 2014-03-28 13:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-28 02:10 - 2014-07-04 12:24 - 00094936 ____N () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2013-12-04 09:44 - 2013-12-04 09:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 09:44 - 2013-12-04 09:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 09:44 - 2013-12-04 09:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-10-28 02:40 - 2014-04-14 19:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-04-19 20:27 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-19 20:27 - 2017-03-23 19:40 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-03-28 13:36 - 2014-03-28 13:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2017-04-01 16:25 - 2017-04-01 16:25 - 00171208 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-04-01 16:26 - 2017-04-01 16:26 - 48936448 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-04-01 16:26 - 2017-04-01 16:26 - 00177472 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-04-01 16:26 - 2017-04-01 16:26 - 00654504 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2015-12-05 11:21 - 2015-12-05 11:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2016-12-14 22:34 - 2016-12-14 22:34 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2014-10-28 02:01 - 2013-12-10 16:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-04-01 15:45 - 2017-03-29 03:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-01 15:45 - 2017-03-29 03:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2856192324-1670486770-184617106-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\Desktop\14257549_10210861681236703_5584451349347789910_o.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0DAD4C8A-72EA-4F3B-A2E0-F3AD7EFE0A87}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F6F8B7BA-3AA3-48CA-AFC0-FCF29232751D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CCD03A0A-2631-419F-B663-CE70C7234530}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D8FC72B9-1700-4177-B535-5CD1DF213EC1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{82DE6B70-79D8-40AE-BB50-F571C1C772F7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{DDDDB9C8-4A2F-4EF5-B6CE-FB2EFDDC9317}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{A4499100-F0E8-4A20-B875-FCAC525DBEBB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{41BC8C59-3FCC-4249-A9B6-7253A600CC27}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{9A4D8FF3-0865-453E-A231-B0162CF2F758}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{E4E76B55-EE95-40E8-A688-51BDDDEC0747}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{A8A800A2-4119-4360-B062-D6706677CFC6}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7F15C737-519F-405B-B777-689583B9FD69}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A0927AB4-A851-4255-A36C-7C242DED9355}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{0C6C7231-1E3E-470B-8E07-0613200649D3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BE9A306E-B655-45C2-AB56-6A173348A420}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C7116E71-C45D-4147-81E5-316834934759}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E49E5296-6410-4FC7-BE12-ED2AADA80D0B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{23EE1483-FB93-4127-8724-73519FC4A5DD}] => (Allow) LPort=9322
FirewallRules: [{FC2B0AD6-8850-49AE-8B23-58AA6A9F921B}] => (Allow) LPort=5353
FirewallRules: [{67AC4B81-C8BF-4FAC-804A-4010F524C949}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{760C40AB-74E7-4A56-B5FC-9F49E9D18EAE}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{426A03A0-54CD-49B0-8B04-CA160D0AC0E0}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{EDB713E5-CBFE-4BB2-AD93-A9A672DCD704}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{73547E89-926A-40E0-BB67-621D5DE07EA7}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{11375191-BF74-4512-8A14-C5DC02066E5B}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{3BF40F0A-BA01-424D-9ECB-CA057516D31A}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{3D51E299-F394-410C-932C-6D6FBD5D931D}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{286DCCBE-92EC-4F2E-A2C2-6A35D01E75A6}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{056CB21C-A574-4CEC-946A-6BB990399354}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{802D8F41-3EE2-40D3-B866-E54B39B54DF8}] => (Allow) LPort=9322
FirewallRules: [{4A34DE42-5879-417F-A355-647AA3660437}] => (Allow) LPort=5353
FirewallRules: [TCP Query User{B3DA05B0-20E1-4FE8-8251-1EB85077D888}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9ABEB932-D061-4C28-B401-C1A1779AA3B2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{AFB48E53-E413-40E5-8CE1-57D80776C3B3}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A088CCE7-388C-4110-BF86-34774E2010E7}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{BBC04F70-92F2-400B-AB55-E4954F94B9F9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9DD1E8EB-C424-4FF4-B89A-654D896FD1B0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1918D485-1FCD-46D5-81B4-0F87D2BB8A92}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{AAF003BB-CC29-435C-B4AC-FB8411F92723}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{06985D41-AE71-4C04-AF97-5479AF266E0D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{9671A002-ACFC-426C-95C4-911277F83512}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{10DF4104-CB5A-44D4-B5FE-8B62F0C9AF7C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E024C63B-8196-4574-B9E3-5919AF4BD6A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E9DEC9EE-2C2D-4A16-80AC-752EF17B0CCF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{07BDDF54-F04F-4236-B6B4-6456B9C96C07}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{9D32EE86-CDC6-475D-83AE-7AC4FA929A04}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{98E3DCA2-8247-4B1A-8722-DD4E8DE5AA50}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{2BE2725E-517C-4D3C-AA7F-4E804527A371}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{478769B6-39CA-4E93-BB7B-A4E7F92C0556}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{3FCC23C7-24CD-4B36-8E93-DC71C35A3685}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{CD363787-C07D-475E-AE6F-3E6C692D0EE1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{36A774E6-EE3C-4F79-A637-1041FE57D22E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BE950B7C-53F8-4CAE-A57B-1182F4BB73F7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{80570D55-1139-4BF0-82D9-3D96EEB0C9D4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F05E02BC-C448-4960-B161-21A43F5C2B62}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{95F10662-8DBE-4D9C-9062-C219D436BE40}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

19-02-2017 13:23:07 Scheduled Checkpoint
05-03-2017 17:32:04 Scheduled Checkpoint
06-03-2017 20:46:50 Restore Operation
01-04-2017 16:35:02 Removed AVG
18-04-2017 22:34:46 Restore Operation
19-04-2017 21:12:22 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2017 09:16:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.10600.0, time stamp: 0x53618404
Exception code: 0xc0000005
Fault offset: 0x000000000061133e
Faulting process ID: 0xb50
Faulting application start time: 0x01d2b949abefb15f
Faulting application path: C:\Program Files\Windows Defender\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll
Report ID: 00ee7aa6-253d-11e7-828e-3863bb8dd7bd
Faulting package full name:
Faulting package-relative application ID:

Error: (04/19/2017 09:14:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.10600.0, time stamp: 0x53618404
Exception code: 0xc0000005
Fault offset: 0x000000000061133e
Faulting process ID: 0x16f4
Faulting application start time: 0x01d2b9488fb95ac6
Faulting application path: C:\Program Files\Windows Defender\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll
Report ID: c4eb40c6-253c-11e7-828e-3863bb8dd7bd
Faulting package full name:
Faulting package-relative application ID:

Error: (04/19/2017 09:07:07 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (04/19/2017 09:06:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (04/19/2017 09:06:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.10600.0, time stamp: 0x53618404
Exception code: 0xc0000005
Fault offset: 0x000000000061133e
Faulting process ID: 0xb20
Faulting application start time: 0x01d2b9485214bdb8
Faulting application path: C:\Program Files\Windows Defender\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll
Report ID: a8c0f356-253b-11e7-828e-3863bb8dd7bd
Faulting package full name:
Faulting package-relative application ID:

Error: (04/19/2017 08:15:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.10600.0, time stamp: 0x53618404
Exception code: 0xc0000005
Fault offset: 0x000000000061133e
Faulting process ID: 0x468
Faulting application start time: 0x01d2b941073b3824
Faulting application path: C:\Program Files\Windows Defender\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll
Report ID: 9c03b2ce-2534-11e7-828d-3863bb8dd7bd
Faulting package full name:
Faulting package-relative application ID:

Error: (04/19/2017 08:14:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector\kernel\ces\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/19/2017 08:14:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector\kernel\ces\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/19/2017 08:12:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.10600.0, time stamp: 0x53618404
Exception code: 0xc0000005
Fault offset: 0x000000000061133e
Faulting process ID: 0x594
Faulting application start time: 0x01d2b93f74fcb2c0
Faulting application path: C:\Program Files\Windows Defender\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll
Report ID: 20ee98db-2534-11e7-828d-3863bb8dd7bd
Faulting package full name:
Faulting package-relative application ID:

Error: (04/19/2017 08:01:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb
Faulting module name: mpengine.dll, version: 1.1.10600.0, time stamp: 0x53618404
Exception code: 0xc0000005
Fault offset: 0x000000000061133e
Faulting process ID: 0xc6c
Faulting application start time: 0x01d2b93f4637520f
Faulting application path: C:\Program Files\Windows Defender\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll
Report ID: 8e2343b1-2532-11e7-828d-3863bb8dd7bd
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (04/20/2017 12:09:45 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (04/19/2017 09:16:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 3 time(s).

Error: (04/19/2017 09:14:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/19/2017 09:06:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/19/2017 09:04:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (04/19/2017 09:04:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (04/19/2017 09:04:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (04/19/2017 09:03:18 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (04/19/2017 09:02:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/19/2017 09:02:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2017-04-01 16:24:32.530
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:31.635
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:29.732
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:27.652
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:27.088
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:25.983
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:21.046
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:14.787
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:13.670
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-01 16:24:08.360
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4288U CPU @ 2.60GHz
Percentage of memory in use: 41%
Total physical RAM: 8122.15 MB
Available physical RAM: 4790.65 MB
Total Virtual: 9402.15 MB
Available Virtual: 6012.55 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1375.16 GB) (Free:1291.7 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.08 GB) (Free:2.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:0.12 GB) (Free:0.01 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 39ED847C)

Partition: GPT.

========================================================
Disk: 1 (Size: 120.1 MB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 
Accidentally sent the addition.txt first, here's the original
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2017
Ran by Ryan (administrator) on GODDARD (20-04-2017 00:12:18)
Running from C:\Users\Ryan\Downloads
Loaded Profiles: Ryan (Available Profiles: Ryan)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(OSBASE) C:\Windows\System32\ddmgr.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-17] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [flvga_tray64] => C:\Windows\system32\flvga_tray.exe [419328 2015-04-16] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-10-13] (Apple Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263088 2017-04-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-2856192324-1670486770-184617106-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-2856192324-1670486770-184617106-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-10-28]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4FA33E17-9D6D-4F5B-A0BD-8BB696FD65C2}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6CFF5382-1DA3-4BA8-B2DE-772C442EEF3D}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default [2017-04-20]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Skype) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-10]
CHR Extension: (OpenLink) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcineedipafihgkbecmkabpofbfjaljn [2017-04-18]
CHR Extension: (Tab Layouts - Arrange Tabs Into Layouts) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnolcokfhilodfohiidmaelobjleppf [2017-04-17]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-01]
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\System Profile [2015-07-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [262696 2017-04-01] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7448992 2017-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428680 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94936 2014-07-04] ()
R2 ddmgr; C:\Windows\system32\ddmgr.exe [857248 2015-05-06] (OSBASE)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-10-12] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-05-15] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-17] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166136 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [310056 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336408 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-04-01] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [128096 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102136 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76688 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1006040 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [557776 2017-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [165048 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340688 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R4 ddkmd; C:\Windows\system32\drivers\ddkmd.sys [245408 2015-05-06] (OSBASE)
R0 ddkmdldr; C:\Windows\System32\drivers\ddkmdldr.sys [19616 2015-05-06] (OSBASE)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] ()
S3 FLxHCIv; C:\Windows\System32\Drivers\FLxHCIv.sys [184952 2015-05-07] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-05-03] ()
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-19] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-19] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [92096 2017-04-19] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [573144 2014-06-17] (Realtek Semiconductor Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [476888 2014-03-22] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3463896 2014-06-21] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-17] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-17] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-04-19] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-20 00:12 - 2017-04-20 00:12 - 00000000 ____D C:\Users\Ryan\Downloads\FRST-OlderVersion
2017-04-19 21:16 - 2017-04-19 21:16 - 00000674 _____ C:\Users\Ryan\Desktop\JRT.txt
2017-04-19 21:11 - 2017-04-19 21:11 - 01663672 _____ (Malwarebytes) C:\Users\Ryan\Downloads\JRT.exe
2017-04-19 20:57 - 2017-04-19 20:57 - 04089296 _____ C:\Users\Ryan\Downloads\AdwCleaner.exe
2017-04-19 20:55 - 2017-04-19 20:55 - 00001088 _____ C:\Users\Ryan\Desktop\Malwarebytes.txt
2017-04-19 20:27 - 2017-04-19 21:06 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-19 20:27 - 2017-04-19 21:06 - 00092096 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-19 20:27 - 2017-04-19 21:06 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-19 20:27 - 2017-04-19 20:27 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-19 20:27 - 2017-04-19 20:27 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-19 20:27 - 2017-04-19 20:27 - 00001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-19 20:27 - 2017-04-19 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-19 20:27 - 2017-04-19 20:27 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-19 20:27 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-19 20:21 - 2017-04-19 20:22 - 60107896 _____ (Malwarebytes ) C:\Users\Ryan\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-19 18:32 - 2017-04-19 18:32 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-04-19 18:31 - 2017-04-19 20:51 - 00000000 ____D C:\ProgramData\RogueKiller
2017-04-19 18:31 - 2017-04-19 18:31 - 35331712 _____ (Adlice Software ) C:\Users\Ryan\Downloads\setup (2).exe
2017-04-19 18:31 - 2017-04-19 18:31 - 00000877 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-04-19 18:31 - 2017-04-19 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-04-19 18:31 - 2017-04-19 18:31 - 00000000 ____D C:\Program Files\RogueKiller
2017-04-19 18:29 - 2017-04-19 18:30 - 35331712 _____ (Adlice Software ) C:\Users\Ryan\Downloads\setup (1).exe
2017-04-19 17:24 - 2017-04-19 17:24 - 35331712 _____ (Adlice Software ) C:\Users\Ryan\Downloads\setup.exe
2017-04-19 00:16 - 2017-04-19 00:18 - 00043906 _____ C:\Users\Ryan\Downloads\Addition.txt
2017-04-19 00:14 - 2017-04-20 00:12 - 00023293 _____ C:\Users\Ryan\Downloads\FRST.txt
2017-04-19 00:14 - 2017-04-20 00:12 - 00000000 ____D C:\FRST
2017-04-19 00:13 - 2017-04-20 00:12 - 02424832 _____ (Farbar) C:\Users\Ryan\Downloads\FRST64.exe
2017-04-18 00:37 - 2017-04-18 00:36 - 00718497 _____ C:\Windows\unins000.exe
2017-04-18 00:35 - 2017-04-18 00:37 - 00016096 _____ C:\Windows\unins000.dat
2017-04-18 00:35 - 2017-04-18 00:35 - 00000000 ____D C:\ProgramData\One Small Clue
2017-04-18 00:35 - 2013-10-09 12:18 - 00311296 _____ C:\Windows\system32\r8bsrc.dll
2017-04-18 00:35 - 2011-05-23 23:59 - 05857280 _____ C:\Windows\system32\MtxVec.Spld4.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 19656192 _____ (DewResearch) C:\Windows\system32\MtxVec.Lapack4d.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 15143424 _____ (DewResearch) C:\Windows\system32\MtxVec.Fft.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 08947712 _____ (DewResearch) C:\Windows\system32\MtxVec.Random.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 06683648 _____ (DewResearch) C:\Windows\system32\MtxVec.Vmld.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 02355200 _____ (DewResearch) C:\Windows\system32\MtxVec.Sparse4d.dll
2017-04-18 00:35 - 2010-01-06 22:33 - 02354176 _____ C:\Windows\system32\MtxVec.Vml4d.dll
2017-04-18 00:35 - 2008-11-06 05:29 - 00543928 _____ (Intel Corporation) C:\Windows\system32\libiomp5md.dll
2017-04-18 00:34 - 2017-04-18 00:35 - 14240846 _____ (One Small Clue ) C:\Users\Ryan\Downloads\Setup_Grace_64bit_Full_1-0-4-9_Windows.exe
2017-04-18 00:22 - 2017-04-18 00:42 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Tracktion 4
2017-04-18 00:22 - 2017-04-18 00:22 - 00000000 ____D C:\Program Files\Tracktion 5
2017-04-18 00:21 - 2017-04-18 00:22 - 07983168 _____ (Tracktion Software Corp.) C:\Users\Ryan\Downloads\TracktionInstall_5_Windows_64Bit_latest.exe
2017-04-18 00:12 - 2017-04-18 00:15 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\REAPER
2017-04-18 00:10 - 2017-04-18 00:10 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2017-04-18 00:09 - 2017-04-18 00:10 - 00000000 ____D C:\Program Files\REAPER (x64)
2017-04-18 00:09 - 2017-04-18 00:09 - 11068976 _____ C:\Users\Ryan\Downloads\reaper540_x64-install.exe
2017-04-18 00:09 - 2017-04-18 00:09 - 11068976 _____ C:\Users\Ryan\Downloads\reaper540_x64-install (1).exe
2017-04-17 23:40 - 2017-04-17 23:40 - 00892928 _____ C:\Users\Ryan\Downloads\Acoustica_Mixcraft_Pro_Studio_8_Crack_Full_x86x64.iso
2017-04-01 16:29 - 2017-04-01 16:29 - 00000000 ____D C:\Windows\%LOCALAPPDATA%
2017-04-01 16:26 - 2017-04-18 23:16 - 00004178 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-04-01 16:26 - 2017-04-01 16:26 - 00557776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00400928 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-04-01 16:26 - 2017-04-01 16:26 - 00340688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00165048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00128096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00102136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00076688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 01006040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00336408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00310056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00166136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-04-01 16:23 - 2017-04-05 19:57 - 00001028 _____ C:\Users\Public\Desktop\AVG.lnk
2017-03-21 01:21 - 2017-03-21 01:21 - 10832476 _____ C:\Users\Ryan\Desktop\CCTV .7z
2017-03-21 01:17 - 2017-03-21 01:17 - 02674240 _____ C:\Users\Ryan\Downloads\video-1489864643.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 02394136 _____ C:\Users\Ryan\Downloads\video-1489864676.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 01609472 _____ C:\Users\Ryan\Downloads\video-1489864633.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 01465963 _____ C:\Users\Ryan\Downloads\video-1489864621.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 00814382 _____ C:\Users\Ryan\Downloads\video-1489864603.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 00705199 _____ C:\Users\Ryan\Downloads\video-1489864654.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 00665109 _____ C:\Users\Ryan\Downloads\video-1489864595.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 00180695 _____ C:\Users\Ryan\Downloads\video-1489864607.mp4
2017-03-21 01:16 - 2017-03-21 01:16 - 00540866 _____ C:\Users\Ryan\Downloads\video-1489864661.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-20 00:12 - 2015-01-06 19:49 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2BB99B5E-7CB3-4055-8AFC-B0A85EBE6872}
2017-04-20 00:11 - 2015-01-22 23:29 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\ClassicShell
2017-04-20 00:11 - 2015-01-14 18:39 - 00000000 ____D C:\ProgramData\Kodak
2017-04-20 00:09 - 2015-01-22 23:03 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2017-04-19 21:12 - 2015-01-06 19:48 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2856192324-1670486770-184617106-1001
2017-04-19 21:11 - 2015-01-06 19:43 - 00000000 ____D C:\Users\Ryan\OneDrive
2017-04-19 21:05 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-19 21:05 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2017-04-19 21:04 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-04-19 21:03 - 2015-05-03 14:55 - 00000000 ____D C:\AdwCleaner
2017-04-19 20:27 - 2015-05-03 14:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-19 20:07 - 2015-01-06 19:31 - 00000000 ____D C:\Users\Ryan\Documents\Youcam
2017-04-19 19:54 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-04-19 17:35 - 2016-10-12 20:12 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-04-18 23:47 - 2015-01-23 00:27 - 00000000 ____D C:\Windows\PCHEALTH
2017-04-18 22:52 - 2014-03-18 10:53 - 00958356 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-18 22:23 - 2017-03-10 15:12 - 00003156 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRyan
2017-04-18 22:23 - 2017-03-10 15:12 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForRyan.job
2017-04-18 22:21 - 2015-03-03 23:02 - 00000000 ____D C:\Users\Ryan\AppData\Local\CrashDumps
2017-04-18 00:51 - 2015-10-27 11:01 - 00000000 ____D C:\ProgramData\Avg
2017-04-18 00:23 - 2015-09-13 14:19 - 00000000 ____D C:\Users\Ryan\Documents\Homework JOSH
2017-04-18 00:03 - 2017-03-18 19:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-17 23:47 - 2015-07-16 17:08 - 00868352 ___SH C:\Users\Ryan\Downloads\Thumbs.db
2017-04-17 23:43 - 2015-01-23 00:48 - 00000000 ____D C:\Users\Ryan\AppData\Local\Adobe
2017-04-17 23:30 - 2015-05-23 11:06 - 00000000 ____D C:\Users\Ryan\AppData\Local\Avg
2017-04-17 23:29 - 2015-03-08 12:50 - 00000000 ____D C:\ProgramData\MFAData
2017-04-14 22:15 - 2015-01-24 00:05 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-12 22:21 - 2015-01-06 19:54 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-12 22:21 - 2015-01-06 19:54 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-05 19:57 - 2015-03-08 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-04-01 16:39 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-04-01 16:27 - 2015-10-27 11:07 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\AVG
2017-04-01 16:27 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2017-04-01 16:24 - 2015-03-08 12:54 - 00000000 ____D C:\Program Files (x86)\AVG
2017-04-01 15:45 - 2015-01-06 19:55 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-01 15:45 - 2015-01-06 19:55 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2015-05-03 14:38 - 2015-05-03 14:38 - 0197243 _____ () C:\Users\Ryan\AppData\Local\ars.cache
2015-05-03 14:39 - 2015-05-03 14:39 - 0416312 _____ () C:\Users\Ryan\AppData\Local\census.cache
2015-05-03 12:42 - 2015-05-03 12:42 - 0000036 _____ () C:\Users\Ryan\AppData\Local\housecall.guid.cache
2015-01-15 18:45 - 2015-01-15 18:45 - 0004548 _____ () C:\Users\Ryan\AppData\Local\installer.log
2015-05-03 12:49 - 2015-05-03 12:49 - 0000010 _____ () C:\Users\Ryan\AppData\Local\sponge.last.runtime.cache

Some files in TEMP:
====================
2015-10-27 10:50 - 2015-10-27 10:50 - 2892128 _____ (AVG Technologies) C:\Users\Ryan\AppData\Local\Temp\avg-88f86c59-e9bf-474c-bb83-63002265e670.exe
2016-10-12 20:13 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_081489361345.exe
2016-06-30 16:15 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_081893776745.exe
2015-11-18 13:22 - 2015-10-16 14:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_08193828765.exe
2016-08-11 09:51 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_082012129805.exe
2016-06-08 17:49 - 2016-02-18 13:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_08230783752.exe
2016-03-06 02:31 - 2016-01-12 17:23 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_08406797947.exe
2017-04-19 18:31 - 2015-03-23 22:59 - 1733952 _____ (Microsoft Corporation) C:\Users\Ryan\AppData\Local\Temp\dllnt_dump.dll
2015-12-11 13:35 - 2015-10-22 02:08 - 0595656 _____ (Hewlett-Packard) C:\Users\Ryan\AppData\Local\Temp\HPSFUpdater.exe
2016-07-27 15:48 - 2016-07-27 15:48 - 0741440 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-10-28 22:02 - 2016-10-28 22:02 - 0737856 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u111-windows-au.exe
2015-07-21 20:28 - 2015-07-21 20:28 - 0563808 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u51-windows-au.exe
2016-04-28 18:35 - 2016-05-31 18:51 - 0739904 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u91-windows-au.exe
2014-11-08 09:33 - 2015-04-30 22:11 - 0606208 _____ () C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe
2015-03-26 19:29 - 2017-03-18 18:55 - 57547224 _____ (Skype Technologies S.A.) C:\Users\Ryan\AppData\Local\Temp\SkypeSetup.exe
2014-11-08 09:47 - 2014-10-17 12:39 - 0665682 _____ (SQLite Development Team) C:\Users\Ryan\AppData\Local\Temp\sqlite3.dll
2015-12-11 13:48 - 2015-09-28 10:36 - 0144912 _____ (Hewlett-Packard Company) C:\Users\Ryan\AppData\Local\Temp\UninstallHPSA.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-05 17:36

==================== End of FRST.txt ============================
 
Those look clean.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Checkup.txt

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Malwarebytes
AVG Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
AVG Web TuneUp
Java 8 Update 40
Java version 32-bit out of Date!
Google Chrome (57.0.2987.133)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
AVG Antivirus AVGUI.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-04-2017 01
Ran by Ryan (administrator) on GODDARD (22-04-2017 21:17:41)
Running from C:\Users\Ryan\Downloads
Loaded Profiles: Ryan (Available Profiles: Ryan)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(OSBASE) C:\Windows\System32\ddmgr.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\setup\instup.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-17] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [flvga_tray64] => C:\Windows\system32\flvga_tray.exe [419328 2015-04-16] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-10-13] (Apple Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263088 2017-04-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-2856192324-1670486770-184617106-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-2856192324-1670486770-184617106-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-10-28]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4FA33E17-9D6D-4F5B-A0BD-8BB696FD65C2}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6CFF5382-1DA3-4BA8-B2DE-772C442EEF3D}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default [2017-04-22]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Skype) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-10]
CHR Extension: (OpenLink) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcineedipafihgkbecmkabpofbfjaljn [2017-04-18]
CHR Extension: (Tab Layouts - Arrange Tabs Into Layouts) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnolcokfhilodfohiidmaelobjleppf [2017-04-17]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-01]
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\System Profile [2015-07-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [262696 2017-04-01] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7448992 2017-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428680 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94936 2014-07-04] ()
R2 ddmgr; C:\Windows\system32\ddmgr.exe [857248 2015-05-06] (OSBASE)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-10-12] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-05-15] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-17] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166136 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [310056 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336408 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-04-01] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [128096 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102136 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76688 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1006040 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [557776 2017-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [165048 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340688 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R4 ddkmd; C:\Windows\system32\drivers\ddkmd.sys [245408 2015-05-06] (OSBASE)
R0 ddkmdldr; C:\Windows\System32\drivers\ddkmdldr.sys [19616 2015-05-06] (OSBASE)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] ()
S3 FLxHCIv; C:\Windows\System32\Drivers\FLxHCIv.sys [184952 2015-05-07] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-05-03] ()
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-19] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-19] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [92096 2017-04-19] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [573144 2014-06-17] (Realtek Semiconductor Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [476888 2014-03-22] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3463896 2014-06-21] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-17] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-17] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-04-19] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-22 21:13 - 2017-04-22 21:13 - 00852798 _____ C:\Users\Ryan\Downloads\SecurityCheck (1).exe
2017-04-22 21:09 - 2017-04-22 21:10 - 00852798 _____ C:\Users\Ryan\Downloads\SecurityCheck.exe
2017-04-20 00:12 - 2017-04-22 21:17 - 00000000 ____D C:\Users\Ryan\Downloads\FRST-OlderVersion
2017-04-19 21:16 - 2017-04-19 21:16 - 00000674 _____ C:\Users\Ryan\Desktop\JRT.txt
2017-04-19 21:11 - 2017-04-19 21:11 - 01663672 _____ (Malwarebytes) C:\Users\Ryan\Downloads\JRT.exe
2017-04-19 20:57 - 2017-04-19 20:57 - 04089296 _____ C:\Users\Ryan\Downloads\AdwCleaner.exe
2017-04-19 20:55 - 2017-04-19 20:55 - 00001088 _____ C:\Users\Ryan\Desktop\Malwarebytes.txt
2017-04-19 20:27 - 2017-04-19 21:06 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-19 20:27 - 2017-04-19 21:06 - 00092096 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-19 20:27 - 2017-04-19 21:06 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-19 20:27 - 2017-04-19 20:27 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-19 20:27 - 2017-04-19 20:27 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-19 20:27 - 2017-04-19 20:27 - 00001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-19 20:27 - 2017-04-19 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-19 20:27 - 2017-04-19 20:27 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-19 20:27 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-19 20:21 - 2017-04-19 20:22 - 60107896 _____ (Malwarebytes ) C:\Users\Ryan\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-19 18:32 - 2017-04-19 18:32 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-04-19 18:31 - 2017-04-19 20:51 - 00000000 ____D C:\ProgramData\RogueKiller
2017-04-19 18:31 - 2017-04-19 18:31 - 35331712 _____ (Adlice Software ) C:\Users\Ryan\Downloads\setup (2).exe
2017-04-19 18:31 - 2017-04-19 18:31 - 00000877 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-04-19 18:31 - 2017-04-19 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-04-19 18:31 - 2017-04-19 18:31 - 00000000 ____D C:\Program Files\RogueKiller
2017-04-19 18:29 - 2017-04-19 18:30 - 35331712 _____ (Adlice Software ) C:\Users\Ryan\Downloads\setup (1).exe
2017-04-19 17:24 - 2017-04-19 17:24 - 35331712 _____ (Adlice Software ) C:\Users\Ryan\Downloads\setup.exe
2017-04-19 00:16 - 2017-04-20 00:14 - 00043205 _____ C:\Users\Ryan\Downloads\Addition.txt
2017-04-19 00:14 - 2017-04-22 21:17 - 00023671 _____ C:\Users\Ryan\Downloads\FRST.txt
2017-04-19 00:14 - 2017-04-22 21:17 - 00000000 ____D C:\FRST
2017-04-19 00:13 - 2017-04-22 21:17 - 02425344 _____ (Farbar) C:\Users\Ryan\Downloads\FRST64.exe
2017-04-18 00:37 - 2017-04-18 00:36 - 00718497 _____ C:\Windows\unins000.exe
2017-04-18 00:35 - 2017-04-18 00:37 - 00016096 _____ C:\Windows\unins000.dat
2017-04-18 00:35 - 2017-04-18 00:35 - 00000000 ____D C:\ProgramData\One Small Clue
2017-04-18 00:35 - 2013-10-09 12:18 - 00311296 _____ C:\Windows\system32\r8bsrc.dll
2017-04-18 00:35 - 2011-05-23 23:59 - 05857280 _____ C:\Windows\system32\MtxVec.Spld4.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 19656192 _____ (DewResearch) C:\Windows\system32\MtxVec.Lapack4d.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 15143424 _____ (DewResearch) C:\Windows\system32\MtxVec.Fft.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 08947712 _____ (DewResearch) C:\Windows\system32\MtxVec.Random.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 06683648 _____ (DewResearch) C:\Windows\system32\MtxVec.Vmld.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 02355200 _____ (DewResearch) C:\Windows\system32\MtxVec.Sparse4d.dll
2017-04-18 00:35 - 2010-01-06 22:33 - 02354176 _____ C:\Windows\system32\MtxVec.Vml4d.dll
2017-04-18 00:35 - 2008-11-06 05:29 - 00543928 _____ (Intel Corporation) C:\Windows\system32\libiomp5md.dll
2017-04-18 00:34 - 2017-04-18 00:35 - 14240846 _____ (One Small Clue ) C:\Users\Ryan\Downloads\Setup_Grace_64bit_Full_1-0-4-9_Windows.exe
2017-04-18 00:22 - 2017-04-18 00:42 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Tracktion 4
2017-04-18 00:22 - 2017-04-18 00:22 - 00000000 ____D C:\Program Files\Tracktion 5
2017-04-18 00:21 - 2017-04-18 00:22 - 07983168 _____ (Tracktion Software Corp.) C:\Users\Ryan\Downloads\TracktionInstall_5_Windows_64Bit_latest.exe
2017-04-18 00:12 - 2017-04-18 00:15 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\REAPER
2017-04-18 00:10 - 2017-04-18 00:10 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2017-04-18 00:09 - 2017-04-18 00:10 - 00000000 ____D C:\Program Files\REAPER (x64)
2017-04-18 00:09 - 2017-04-18 00:09 - 11068976 _____ C:\Users\Ryan\Downloads\reaper540_x64-install.exe
2017-04-18 00:09 - 2017-04-18 00:09 - 11068976 _____ C:\Users\Ryan\Downloads\reaper540_x64-install (1).exe
2017-04-17 23:40 - 2017-04-17 23:40 - 00892928 _____ C:\Users\Ryan\Downloads\Acoustica_Mixcraft_Pro_Studio_8_Crack_Full_x86x64.iso
2017-04-01 16:29 - 2017-04-01 16:29 - 00000000 ____D C:\Windows\%LOCALAPPDATA%
2017-04-01 16:26 - 2017-04-18 23:16 - 00004178 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-04-01 16:26 - 2017-04-01 16:26 - 00557776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00400928 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-04-01 16:26 - 2017-04-01 16:26 - 00340688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00165048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00128096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00102136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00076688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 01006040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00336408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00310056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00166136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-04-01 16:23 - 2017-04-05 19:57 - 00001028 _____ C:\Users\Public\Desktop\AVG.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-22 21:18 - 2015-01-22 23:03 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2017-04-22 21:17 - 2015-01-22 23:29 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\ClassicShell
2017-04-22 21:12 - 2015-01-06 19:48 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2856192324-1670486770-184617106-1001
2017-04-22 21:08 - 2015-01-24 00:05 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-22 21:08 - 2015-01-06 19:49 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2BB99B5E-7CB3-4055-8AFC-B0A85EBE6872}
2017-04-22 21:07 - 2017-03-18 19:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-22 21:02 - 2015-01-14 18:39 - 00000000 ____D C:\ProgramData\Kodak
2017-04-19 21:11 - 2015-01-06 19:43 - 00000000 ____D C:\Users\Ryan\OneDrive
2017-04-19 21:05 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-19 21:05 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2017-04-19 21:04 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-04-19 21:03 - 2015-05-03 14:55 - 00000000 ____D C:\AdwCleaner
2017-04-19 20:27 - 2015-05-03 14:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-19 20:07 - 2015-01-06 19:31 - 00000000 ____D C:\Users\Ryan\Documents\Youcam
2017-04-19 19:54 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-04-19 17:35 - 2016-10-12 20:12 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-04-18 23:47 - 2015-01-23 00:27 - 00000000 ____D C:\Windows\PCHEALTH
2017-04-18 22:52 - 2014-03-18 10:53 - 00958356 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-18 22:23 - 2017-03-10 15:12 - 00003156 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRyan
2017-04-18 22:23 - 2017-03-10 15:12 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForRyan.job
2017-04-18 22:21 - 2015-03-03 23:02 - 00000000 ____D C:\Users\Ryan\AppData\Local\CrashDumps
2017-04-18 00:51 - 2015-10-27 11:01 - 00000000 ____D C:\ProgramData\Avg
2017-04-18 00:23 - 2015-09-13 14:19 - 00000000 ____D C:\Users\Ryan\Documents\Homework JOSH
2017-04-17 23:47 - 2015-07-16 17:08 - 00868352 ___SH C:\Users\Ryan\Downloads\Thumbs.db
2017-04-17 23:43 - 2015-01-23 00:48 - 00000000 ____D C:\Users\Ryan\AppData\Local\Adobe
2017-04-17 23:30 - 2015-05-23 11:06 - 00000000 ____D C:\Users\Ryan\AppData\Local\Avg
2017-04-17 23:29 - 2015-03-08 12:50 - 00000000 ____D C:\ProgramData\MFAData
2017-04-12 22:21 - 2015-01-06 19:54 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-12 22:21 - 2015-01-06 19:54 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-05 19:57 - 2015-03-08 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-04-01 16:39 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-04-01 16:27 - 2015-10-27 11:07 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\AVG
2017-04-01 16:27 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2017-04-01 16:24 - 2015-03-08 12:54 - 00000000 ____D C:\Program Files (x86)\AVG
2017-04-01 15:45 - 2015-01-06 19:55 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-01 15:45 - 2015-01-06 19:55 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2015-05-03 14:38 - 2015-05-03 14:38 - 0197243 _____ () C:\Users\Ryan\AppData\Local\ars.cache
2015-05-03 14:39 - 2015-05-03 14:39 - 0416312 _____ () C:\Users\Ryan\AppData\Local\census.cache
2015-05-03 12:42 - 2015-05-03 12:42 - 0000036 _____ () C:\Users\Ryan\AppData\Local\housecall.guid.cache
2015-01-15 18:45 - 2015-01-15 18:45 - 0004548 _____ () C:\Users\Ryan\AppData\Local\installer.log
2015-05-03 12:49 - 2015-05-03 12:49 - 0000010 _____ () C:\Users\Ryan\AppData\Local\sponge.last.runtime.cache

Some files in TEMP:
====================
2015-10-27 10:50 - 2015-10-27 10:50 - 2892128 _____ (AVG Technologies) C:\Users\Ryan\AppData\Local\Temp\avg-88f86c59-e9bf-474c-bb83-63002265e670.exe
2016-10-12 20:13 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_081489361345.exe
2016-06-30 16:15 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_081893776745.exe
2015-11-18 13:22 - 2015-10-16 14:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_08193828765.exe
2016-08-11 09:51 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_082012129805.exe
2016-06-08 17:49 - 2016-02-18 13:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_08230783752.exe
2016-03-06 02:31 - 2016-01-12 17:23 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_08406797947.exe
2017-04-19 18:31 - 2015-03-23 22:59 - 1733952 _____ (Microsoft Corporation) C:\Users\Ryan\AppData\Local\Temp\dllnt_dump.dll
2015-12-11 13:35 - 2015-10-22 02:08 - 0595656 _____ (Hewlett-Packard) C:\Users\Ryan\AppData\Local\Temp\HPSFUpdater.exe
2016-07-27 15:48 - 2016-07-27 15:48 - 0741440 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-10-28 22:02 - 2016-10-28 22:02 - 0737856 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u111-windows-au.exe
2015-07-21 20:28 - 2015-07-21 20:28 - 0563808 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u51-windows-au.exe
2016-04-28 18:35 - 2016-05-31 18:51 - 0739904 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u91-windows-au.exe
2014-11-08 09:33 - 2015-04-30 22:11 - 0606208 _____ () C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe
2015-03-26 19:29 - 2017-03-18 18:55 - 57547224 _____ (Skype Technologies S.A.) C:\Users\Ryan\AppData\Local\Temp\SkypeSetup.exe
2014-11-08 09:47 - 2014-10-17 12:39 - 0665682 _____ (SQLite Development Team) C:\Users\Ryan\AppData\Local\Temp\sqlite3.dll
2015-12-11 13:48 - 2015-09-28 10:36 - 0144912 _____ (Hewlett-Packard Company) C:\Users\Ryan\AppData\Local\Temp\UninstallHPSA.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-05 17:36

==================== End of FRST.txt ============================
 
Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2017 01
Ran by Ryan (22-04-2017 21:18:49)
Running from C:\Users\Ryan\Downloads
Windows 8.1 (Update) (X64) (2015-01-06 18:30:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2856192324-1670486770-184617106-500 - Administrator - Disabled)
Guest (S-1-5-21-2856192324-1670486770-184617106-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2856192324-1670486770-184617106-1003 - Limited - Enabled)
Ryan (S-1-5-21-2856192324-1670486770-184617106-1001 - Administrator - Enabled) => C:\Users\Ryan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.171.3.211 - AVG Technologies)
AVG (Version: 1.171.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.3.3011 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.7.452 - AVG Technologies)
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.1.5406 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.1.5406 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3121 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.1.3121 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden
FMW 1 (Version: 1.182.1 - AVG Technologies) Hidden
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Grace 64bit 1.0.4.9 (HKLM\...\Grace_is1) (Version: - One Small Clue)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.14.41 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.6.14.19 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{DCD5C599-5CCC-4E37-8938-FBB548D780C6}) (Version: 2.5.3 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
iTunes (HKLM\...\{F11677B7-0D8E-4F34-BEBB-6869FE861CDF}) (Version: 12.5.2.36 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
K-Lite Mega Codec Pack 11.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.1.0 - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{5A1E898D-B35C-421B-B02F-5745259F907E}) (Version: 2.42.1 - The Pokémon Company International)
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.17 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.33 - REALTEK Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
RogueKiller version 12.10.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.5.0 - Adlice Software)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Thin2000 USB Display Adapter (HKLM\...\{893D18DB-4353-45B6-9D5B-94F5A36A01AA}) (Version: 1.1.314.0 - Fresco Logic)
Tracktion 5 (HKLM\...\Tracktion 5) (Version: 5.0.10.0 - Tracktion Software Corp.)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2856192324-1670486770-184617106-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1C0A47C2-799E-4E23-8C53-E17F45A35F91} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-04-15] ()
Task: {1EC8C358-49E4-4B1A-A258-2069CDB9C493} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {373EEA88-57EE-4D75-AA66-18F08CCEF12F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {3E90EC58-E31C-4B94-84D3-32A95EA886ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {60E93928-E824-4636-88F7-3672EA6CF1D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6B3639A8-68D1-4104-B89E-A40428275AF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {6F422AC1-ACC3-4C40-969C-D953CB41165F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {6F614129-AEDF-42F4-84A0-1580DBCC589C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-04-01] (HP Inc.)
Task: {78905EB5-BCE7-4399-8406-F15AAF023596} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-04-01] (AVG Technologies CZ, s.r.o.)
Task: {81A59E9C-803D-493F-8BA7-26F88E49FF88} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.)
Task: {9BD68091-BCAC-4C1C-8DC5-4C4E4DF0AEC6} - System32\Tasks\HPCeeScheduleForRyan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {9EE8F73F-7CC2-4EB4-849B-4B4B8FCC3196} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {B590A4D4-EC2E-4DE7-B1C1-17F831A9ECDF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C9B47539-0B31-40E9-AE13-7B77C1463FA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {D2A27EF4-1F9C-4E7A-B26D-7E4E69AD0B98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {D41F9662-ED3B-4082-849A-C9A07DACFD10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {EB2AB8D9-17D7-4B73-A782-37580C065BB7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForRyan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Ryan\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_2574111287_en-gb.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=youtube&cc=GB&setlang=en-GB&inlang=en-GB&adlt=moderate&scale=100&contrast=none&hw=768%2C1366&CVID=5C1328012AD4490192130F7501B8CD1

ShortcutWithArgument: C:\Users\Public\Desktop\Get Dropbox Offer.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=en_gb&pf=cnnb&s=db_dticon&tp=dropbox

==================== Loaded Modules (Whitelisted) ==============

2014-03-28 13:31 - 2014-03-28 13:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-28 02:10 - 2014-07-04 12:24 - 00094936 ____N () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2013-12-04 09:44 - 2013-12-04 09:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 09:44 - 2013-12-04 09:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 09:44 - 2013-12-04 09:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-10-28 02:40 - 2014-04-14 19:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-04-19 20:27 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-19 20:27 - 2017-03-23 19:40 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-03-28 13:36 - 2014-03-28 13:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2017-04-01 16:25 - 2017-04-01 16:25 - 00171208 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-04-01 16:26 - 2017-04-01 16:26 - 48936448 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-04-01 16:26 - 2017-04-01 16:26 - 00177472 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-04-01 16:26 - 2017-04-01 16:26 - 00654504 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2015-12-05 11:21 - 2015-12-05 11:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2016-12-14 22:34 - 2016-12-14 22:34 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2014-10-28 02:01 - 2013-12-10 16:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-04-01 15:45 - 2017-03-29 03:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-01 15:45 - 2017-03-29 03:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2856192324-1670486770-184617106-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\Desktop\14257549_10210861681236703_5584451349347789910_o.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0DAD4C8A-72EA-4F3B-A2E0-F3AD7EFE0A87}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F6F8B7BA-3AA3-48CA-AFC0-FCF29232751D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CCD03A0A-2631-419F-B663-CE70C7234530}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D8FC72B9-1700-4177-B535-5CD1DF213EC1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{82DE6B70-79D8-40AE-BB50-F571C1C772F7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{DDDDB9C8-4A2F-4EF5-B6CE-FB2EFDDC9317}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{A4499100-F0E8-4A20-B875-FCAC525DBEBB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{41BC8C59-3FCC-4249-A9B6-7253A600CC27}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{9A4D8FF3-0865-453E-A231-B0162CF2F758}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{E4E76B55-EE95-40E8-A688-51BDDDEC0747}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{A8A800A2-4119-4360-B062-D6706677CFC6}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7F15C737-519F-405B-B777-689583B9FD69}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A0927AB4-A851-4255-A36C-7C242DED9355}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{0C6C7231-1E3E-470B-8E07-0613200649D3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BE9A306E-B655-45C2-AB56-6A173348A420}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C7116E71-C45D-4147-81E5-316834934759}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E49E5296-6410-4FC7-BE12-ED2AADA80D0B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{23EE1483-FB93-4127-8724-73519FC4A5DD}] => (Allow) LPort=9322
FirewallRules: [{FC2B0AD6-8850-49AE-8B23-58AA6A9F921B}] => (Allow) LPort=5353
FirewallRules: [{67AC4B81-C8BF-4FAC-804A-4010F524C949}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{760C40AB-74E7-4A56-B5FC-9F49E9D18EAE}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{426A03A0-54CD-49B0-8B04-CA160D0AC0E0}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{EDB713E5-CBFE-4BB2-AD93-A9A672DCD704}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{73547E89-926A-40E0-BB67-621D5DE07EA7}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{11375191-BF74-4512-8A14-C5DC02066E5B}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{3BF40F0A-BA01-424D-9ECB-CA057516D31A}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{3D51E299-F394-410C-932C-6D6FBD5D931D}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{286DCCBE-92EC-4F2E-A2C2-6A35D01E75A6}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{056CB21C-A574-4CEC-946A-6BB990399354}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{802D8F41-3EE2-40D3-B866-E54B39B54DF8}] => (Allow) LPort=9322
FirewallRules: [{4A34DE42-5879-417F-A355-647AA3660437}] => (Allow) LPort=5353
FirewallRules: [TCP Query User{B3DA05B0-20E1-4FE8-8251-1EB85077D888}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9ABEB932-D061-4C28-B401-C1A1779AA3B2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{AFB48E53-E413-40E5-8CE1-57D80776C3B3}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A088CCE7-388C-4110-BF86-34774E2010E7}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{BBC04F70-92F2-400B-AB55-E4954F94B9F9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9DD1E8EB-C424-4FF4-B89A-654D896FD1B0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1918D485-1FCD-46D5-81B4-0F87D2BB8A92}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{AAF003BB-CC29-435C-B4AC-FB8411F92723}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{06985D41-AE71-4C04-AF97-5479AF266E0D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{9671A002-ACFC-426C-95C4-911277F83512}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{10DF4104-CB5A-44D4-B5FE-8B62F0C9AF7C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E024C63B-8196-4574-B9E3-5919AF4BD6A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E9DEC9EE-2C2D-4A16-80AC-752EF17B0CCF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{07BDDF54-F04F-4236-B6B4-6456B9C96C07}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{9D32EE86-CDC6-475D-83AE-7AC4FA929A04}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{98E3DCA2-8247-4B1A-8722-DD4E8DE5AA50}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{2BE2725E-517C-4D3C-AA7F-4E804527A371}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{478769B6-39CA-4E93-BB7B-A4E7F92C0556}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{3FCC23C7-24CD-4B36-8E93-DC71C35A3685}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{CD363787-C07D-475E-AE6F-3E6C692D0EE1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{36A774E6-EE3C-4F79-A637-1041FE57D22E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BE950B7C-53F8-4CAE-A57B-1182F4BB73F7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{80570D55-1139-4BF0-82D9-3D96EEB0C9D4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F05E02BC-C448-4960-B161-21A43F5C2B62}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{95F10662-8DBE-4D9C-9062-C219D436BE40}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

19-02-2017 13:23:07 Scheduled Checkpoint
05-03-2017 17:32:04 Scheduled Checkpoint
06-03-2017 20:46:50 Restore Operation
01-04-2017 16:35:02 Removed AVG
18-04-2017 22:34:46 Restore Operation
19-04-2017 21:12:22 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2017 09:01:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 119689703

Error: (04/22/2017 09:01:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 119689703

Error: (04/22/2017 09:01:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/21/2017 11:46:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7610

Error: (04/21/2017 11:46:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7610

Error: (04/21/2017 11:46:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/21/2017 11:46:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6547

Error: (04/21/2017 11:46:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6547

Error: (04/21/2017 11:46:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/21/2017 11:46:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4922


System errors:
=============
Error: (04/20/2017 12:09:45 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (04/19/2017 09:16:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 3 time(s).

Error: (04/19/2017 09:14:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/19/2017 09:06:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/19/2017 09:04:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (04/19/2017 09:04:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (04/19/2017 09:04:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (04/19/2017 09:03:18 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (04/19/2017 09:02:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/19/2017 09:02:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2017-04-22 21:15:15.583
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-22 21:15:15.195
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-22 21:15:14.805
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-22 21:15:14.486
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-22 21:15:14.194
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-22 21:15:13.954
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-22 21:15:13.534
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-22 21:15:13.185
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-22 21:15:12.856
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-22 21:15:12.527
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4288U CPU @ 2.60GHz
Percentage of memory in use: 48%
Total physical RAM: 8122.15 MB
Available physical RAM: 4145.35 MB
Total Virtual: 9402.15 MB
Available Virtual: 5164.05 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1375.16 GB) (Free:1291.11 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.08 GB) (Free:2.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:0.12 GB) (Free:0.01 GB) FAT
Drive z: () (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 39ED847C)

Partition: GPT.

========================================================
Disk: 1 (Size: 120.1 MB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 
Good, but...
You posted FRST log instead of FSS log.
I also need to see Sophos log if any.
 
Good, but...
You posted FRST log instead of FSS log.
I also need to see Sophos log if any.
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
781
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back