Josh Archiee
Posts: 12 +0
Hi, so yesterday I was trying to get a free music creator application but in doing this I've managed to fill my laptop with a bug. AVG can't shred it and my laptop can't delete it. It makes browsers randomly open on google and even after using malware detector and attempting to remove the viruses, they're still there.
Here's my FRST.TXT
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2017 01
Ran by Ryan (administrator) on GODDARD (19-04-2017 00:14:29)
Running from C:\Users\Ryan\Downloads
Loaded Profiles: Ryan (Available Profiles: Ryan)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(OSBASE) C:\Windows\System32\ddmgr.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
() C:\Windows\System32\flvga_tray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-17] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [flvga_tray64] => C:\Windows\system32\flvga_tray.exe [419328 2015-04-16] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-10-13] (Apple Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263088 2017-04-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2183752 2017-04-17] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-2856192324-1670486770-184617106-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-2856192324-1670486770-184617106-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-10-28]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4FA33E17-9D6D-4F5B-A0BD-8BB696FD65C2}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6CFF5382-1DA3-4BA8-B2DE-772C442EEF3D}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-2856192324-1670486770-184617106-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={B9A5E77E-00E4-4EB8-BC2F-11A093F4E232}&mid=88db67dffb9847cda1dc1171d0a94489-9400211cfc35d2a60588c350dddfaa5957a14817&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915av&pr=fr&d=2015-03-08 12:03:06&v=4.3.1.831&pid=wtu&sg=&sap=hp
SearchScopes: HKLM-x32 -> {2A9B7E4B-67F4-492D-877C-57FF10723308} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2856192324-1670486770-184617106-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={B9A5E77E-00E4-4EB8-BC2F-11A093F4E232}&mid=88db67dffb9847cda1dc1171d0a94489-9400211cfc35d2a60588c350dddfaa5957a14817&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-03-08 12:03:06&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2856192324-1670486770-184617106-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={B9A5E77E-00E4-4EB8-BC2F-11A093F4E232}&mid=88db67dffb9847cda1dc1171d0a94489-9400211cfc35d2a60588c350dddfaa5957a14817&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-03-08 12:03:06&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-04-17] (AVG)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-04-17] (AVG)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxp://websearch.goodforsearch.info/?pid=22542&r=2015/04/12&hid=10132273870285119354&lg=EN&cc=GB&unqvl=86"
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default [2017-04-19]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (AVG Secure Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-04-18]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Skype) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-10]
CHR Extension: (OpenLink) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcineedipafihgkbecmkabpofbfjaljn [2017-04-18]
CHR Extension: (Tab Layouts - Arrange Tabs Into Layouts) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnolcokfhilodfohiidmaelobjleppf [2017-04-17]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-01]
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\System Profile [2015-07-30]
CHR HKU\S-1-5-21-2856192324-1670486770-184617106-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [262696 2017-04-01] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7448992 2017-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428680 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94936 2014-07-04] ()
R2 ddmgr; C:\Windows\system32\ddmgr.exe [857248 2015-05-06] (OSBASE)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-10-12] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-05-15] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-17] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-04-17] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-04-17] ()
S2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166136 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [310056 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336408 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-04-01] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [128096 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102136 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76688 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1006040 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [557776 2017-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [165048 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340688 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R4 ddkmd; C:\Windows\system32\drivers\ddkmd.sys [245408 2015-05-06] (OSBASE)
R0 ddkmdldr; C:\Windows\System32\drivers\ddkmdldr.sys [19616 2015-05-06] (OSBASE)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 FLxHCIv; C:\Windows\System32\Drivers\FLxHCIv.sys [184952 2015-05-07] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-05-03] ()
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [573144 2014-06-17] (Realtek Semiconductor Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [476888 2014-03-22] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3463896 2014-06-21] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-17] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-17] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-19 00:14 - 2017-04-19 00:15 - 00027069 _____ C:\Users\Ryan\Downloads\FRST.txt
2017-04-19 00:14 - 2017-04-19 00:14 - 00000000 ____D C:\FRST
2017-04-19 00:13 - 2017-04-19 00:13 - 02424832 _____ (Farbar) C:\Users\Ryan\Downloads\FRST64.exe
2017-04-18 00:37 - 2017-04-18 00:36 - 00718497 _____ C:\Windows\unins000.exe
2017-04-18 00:35 - 2017-04-18 00:37 - 00016096 _____ C:\Windows\unins000.dat
2017-04-18 00:35 - 2017-04-18 00:35 - 00000000 ____D C:\ProgramData\One Small Clue
2017-04-18 00:35 - 2013-10-09 12:18 - 00311296 _____ C:\Windows\system32\r8bsrc.dll
2017-04-18 00:35 - 2011-05-23 23:59 - 05857280 _____ C:\Windows\system32\MtxVec.Spld4.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 19656192 _____ (DewResearch) C:\Windows\system32\MtxVec.Lapack4d.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 15143424 _____ (DewResearch) C:\Windows\system32\MtxVec.Fft.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 08947712 _____ (DewResearch) C:\Windows\system32\MtxVec.Random.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 06683648 _____ (DewResearch) C:\Windows\system32\MtxVec.Vmld.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 02355200 _____ (DewResearch) C:\Windows\system32\MtxVec.Sparse4d.dll
2017-04-18 00:35 - 2010-01-06 22:33 - 02354176 _____ C:\Windows\system32\MtxVec.Vml4d.dll
2017-04-18 00:35 - 2008-11-06 05:29 - 00543928 _____ (Intel Corporation) C:\Windows\system32\libiomp5md.dll
2017-04-18 00:34 - 2017-04-18 00:35 - 14240846 _____ (One Small Clue ) C:\Users\Ryan\Downloads\Setup_Grace_64bit_Full_1-0-4-9_Windows.exe
2017-04-18 00:22 - 2017-04-18 00:42 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Tracktion 4
2017-04-18 00:22 - 2017-04-18 00:22 - 00000000 ____D C:\Program Files\Tracktion 5
2017-04-18 00:21 - 2017-04-18 00:22 - 07983168 _____ (Tracktion Software Corp.) C:\Users\Ryan\Downloads\TracktionInstall_5_Windows_64Bit_latest.exe
2017-04-18 00:12 - 2017-04-18 00:15 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\REAPER
2017-04-18 00:10 - 2017-04-18 00:10 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2017-04-18 00:09 - 2017-04-18 00:10 - 00000000 ____D C:\Program Files\REAPER (x64)
2017-04-18 00:09 - 2017-04-18 00:09 - 11068976 _____ C:\Users\Ryan\Downloads\reaper540_x64-install.exe
2017-04-18 00:09 - 2017-04-18 00:09 - 11068976 _____ C:\Users\Ryan\Downloads\reaper540_x64-install (1).exe
2017-04-17 23:40 - 2017-04-17 23:40 - 00892928 _____ C:\Users\Ryan\Downloads\Acoustica_Mixcraft_Pro_Studio_8_Crack_Full_x86x64.iso
2017-04-01 16:29 - 2017-04-01 16:29 - 00000000 ____D C:\Windows\%LOCALAPPDATA%
2017-04-01 16:26 - 2017-04-18 23:16 - 00004178 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-04-01 16:26 - 2017-04-01 16:26 - 00557776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00400928 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-04-01 16:26 - 2017-04-01 16:26 - 00340688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00165048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00128096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00102136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00076688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 01006040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00336408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00310056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00166136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-04-01 16:23 - 2017-04-05 19:57 - 00001028 _____ C:\Users\Public\Desktop\AVG.lnk
2017-03-21 01:21 - 2017-03-21 01:21 - 10832476 _____ C:\Users\Ryan\Desktop\CCTV .7z
2017-03-21 01:17 - 2017-03-21 01:17 - 02674240 _____ C:\Users\Ryan\Downloads\video-1489864643.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 02394136 _____ C:\Users\Ryan\Downloads\video-1489864676.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 01609472 _____ C:\Users\Ryan\Downloads\video-1489864633.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 01465963 _____ C:\Users\Ryan\Downloads\video-1489864621.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 00814382 _____ C:\Users\Ryan\Downloads\video-1489864603.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 00705199 _____ C:\Users\Ryan\Downloads\video-1489864654.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 00665109 _____ C:\Users\Ryan\Downloads\video-1489864595.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 00180695 _____ C:\Users\Ryan\Downloads\video-1489864607.mp4
2017-03-21 01:16 - 2017-03-21 01:16 - 00540866 _____ C:\Users\Ryan\Downloads\video-1489864661.mp4
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-19 00:07 - 2015-01-22 23:03 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2017-04-18 23:54 - 2015-01-06 19:48 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2856192324-1670486770-184617106-1001
2017-04-18 23:54 - 2015-01-06 19:31 - 00000000 ____D C:\Users\Ryan\Documents\Youcam
2017-04-18 23:53 - 2015-01-22 23:29 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\ClassicShell
2017-04-18 23:53 - 2015-01-06 19:43 - 00000000 ____D C:\Users\Ryan\OneDrive
2017-04-18 23:47 - 2015-01-23 00:27 - 00000000 ____D C:\Windows\PCHEALTH
2017-04-18 23:47 - 2015-01-14 18:39 - 00000000 ____D C:\ProgramData\Kodak
2017-04-18 23:47 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-18 23:13 - 2015-05-03 15:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-18 22:52 - 2014-03-18 10:53 - 00958356 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-18 22:52 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2017-04-18 22:44 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-04-18 22:25 - 2015-01-06 19:49 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2BB99B5E-7CB3-4055-8AFC-B0A85EBE6872}
2017-04-18 22:23 - 2017-03-10 15:12 - 00003156 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRyan
2017-04-18 22:23 - 2017-03-10 15:12 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForRyan.job
2017-04-18 22:21 - 2015-03-03 23:02 - 00000000 ____D C:\Users\Ryan\AppData\Local\CrashDumps
2017-04-18 00:51 - 2015-10-27 11:01 - 00000000 ____D C:\ProgramData\Avg
2017-04-18 00:23 - 2015-09-13 14:19 - 00000000 ____D C:\Users\Ryan\Documents\Homework JOSH
2017-04-18 00:03 - 2017-03-18 19:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-17 23:47 - 2015-07-16 17:08 - 00868352 ___SH C:\Users\Ryan\Downloads\Thumbs.db
2017-04-17 23:45 - 2016-10-12 20:12 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-04-17 23:43 - 2015-01-23 00:48 - 00000000 ____D C:\Users\Ryan\AppData\Local\Adobe
2017-04-17 23:37 - 2015-03-08 13:03 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2017-04-17 23:36 - 2015-03-08 13:02 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2017-04-17 23:30 - 2015-05-23 11:06 - 00000000 ____D C:\Users\Ryan\AppData\Local\Avg
2017-04-17 23:29 - 2015-03-08 12:50 - 00000000 ____D C:\ProgramData\MFAData
2017-04-14 22:15 - 2015-01-24 00:05 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-12 22:21 - 2015-01-06 19:54 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-12 22:21 - 2015-01-06 19:54 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-05 19:57 - 2015-03-08 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-04-01 16:39 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-04-01 16:27 - 2015-10-27 11:07 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\AVG
2017-04-01 16:27 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2017-04-01 16:24 - 2015-03-08 12:54 - 00000000 ____D C:\Program Files (x86)\AVG
2017-04-01 16:23 - 2015-03-08 13:03 - 00000000 ____D C:\Users\Ryan\AppData\Local\AVG Web TuneUp
2017-04-01 15:45 - 2015-01-06 19:55 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-01 15:45 - 2015-01-06 19:55 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2015-05-03 14:38 - 2015-05-03 14:38 - 0197243 _____ () C:\Users\Ryan\AppData\Local\ars.cache
2015-05-03 14:39 - 2015-05-03 14:39 - 0416312 _____ () C:\Users\Ryan\AppData\Local\census.cache
2015-05-03 12:42 - 2015-05-03 12:42 - 0000036 _____ () C:\Users\Ryan\AppData\Local\housecall.guid.cache
2015-01-15 18:45 - 2015-01-15 18:45 - 0004548 _____ () C:\Users\Ryan\AppData\Local\installer.log
2015-05-03 12:49 - 2015-05-03 12:49 - 0000010 _____ () C:\Users\Ryan\AppData\Local\sponge.last.runtime.cache
Some files in TEMP:
====================
2015-10-27 10:50 - 2015-10-27 10:50 - 2892128 _____ (AVG Technologies) C:\Users\Ryan\AppData\Local\Temp\avg-88f86c59-e9bf-474c-bb83-63002265e670.exe
2016-10-12 20:13 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_081489361345.exe
2016-06-30 16:15 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_081893776745.exe
2015-11-18 13:22 - 2015-10-16 14:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_08193828765.exe
2016-08-11 09:51 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_082012129805.exe
2016-06-08 17:49 - 2016-02-18 13:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_08230783752.exe
2016-03-06 02:31 - 2016-01-12 17:23 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_08406797947.exe
2015-12-11 13:35 - 2015-10-22 02:08 - 0595656 _____ (Hewlett-Packard) C:\Users\Ryan\AppData\Local\Temp\HPSFUpdater.exe
2016-07-27 15:48 - 2016-07-27 15:48 - 0741440 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-10-28 22:02 - 2016-10-28 22:02 - 0737856 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u111-windows-au.exe
2015-07-21 20:28 - 2015-07-21 20:28 - 0563808 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u51-windows-au.exe
2016-04-28 18:35 - 2016-05-31 18:51 - 0739904 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u91-windows-au.exe
2014-11-08 09:33 - 2015-04-30 22:11 - 0606208 _____ () C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe
2015-03-26 19:29 - 2017-03-18 18:55 - 57547224 _____ (Skype Technologies S.A.) C:\Users\Ryan\AppData\Local\Temp\SkypeSetup.exe
2014-11-08 09:47 - 2014-10-17 12:39 - 0665682 _____ (SQLite Development Team) C:\Users\Ryan\AppData\Local\Temp\sqlite3.dll
2015-12-11 13:48 - 2015-09-28 10:36 - 0144912 _____ (Hewlett-Packard Company) C:\Users\Ryan\AppData\Local\Temp\UninstallHPSA.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-05 17:36
==================== End of FRST.txt ============================
Here's my FRST.TXT
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2017 01
Ran by Ryan (administrator) on GODDARD (19-04-2017 00:14:29)
Running from C:\Users\Ryan\Downloads
Loaded Profiles: Ryan (Available Profiles: Ryan)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(OSBASE) C:\Windows\System32\ddmgr.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
() C:\Windows\System32\flvga_tray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-17] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [flvga_tray64] => C:\Windows\system32\flvga_tray.exe [419328 2015-04-16] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-10-13] (Apple Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263088 2017-04-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2183752 2017-04-17] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-2856192324-1670486770-184617106-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-2856192324-1670486770-184617106-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-10-28]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4FA33E17-9D6D-4F5B-A0BD-8BB696FD65C2}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6CFF5382-1DA3-4BA8-B2DE-772C442EEF3D}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-2856192324-1670486770-184617106-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={B9A5E77E-00E4-4EB8-BC2F-11A093F4E232}&mid=88db67dffb9847cda1dc1171d0a94489-9400211cfc35d2a60588c350dddfaa5957a14817&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915av&pr=fr&d=2015-03-08 12:03:06&v=4.3.1.831&pid=wtu&sg=&sap=hp
SearchScopes: HKLM-x32 -> {2A9B7E4B-67F4-492D-877C-57FF10723308} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2856192324-1670486770-184617106-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={B9A5E77E-00E4-4EB8-BC2F-11A093F4E232}&mid=88db67dffb9847cda1dc1171d0a94489-9400211cfc35d2a60588c350dddfaa5957a14817&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-03-08 12:03:06&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2856192324-1670486770-184617106-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={B9A5E77E-00E4-4EB8-BC2F-11A093F4E232}&mid=88db67dffb9847cda1dc1171d0a94489-9400211cfc35d2a60588c350dddfaa5957a14817&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-03-08 12:03:06&v=4.3.7.452&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-04-17] (AVG)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-04-17] (AVG)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxp://websearch.goodforsearch.info/?pid=22542&r=2015/04/12&hid=10132273870285119354&lg=EN&cc=GB&unqvl=86"
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default [2017-04-19]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (AVG Secure Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-04-18]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Skype) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-10]
CHR Extension: (OpenLink) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcineedipafihgkbecmkabpofbfjaljn [2017-04-18]
CHR Extension: (Tab Layouts - Arrange Tabs Into Layouts) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnolcokfhilodfohiidmaelobjleppf [2017-04-17]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-01]
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\System Profile [2015-07-30]
CHR HKU\S-1-5-21-2856192324-1670486770-184617106-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [262696 2017-04-01] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7448992 2017-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428680 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94936 2014-07-04] ()
R2 ddmgr; C:\Windows\system32\ddmgr.exe [857248 2015-05-06] (OSBASE)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-10-12] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-05-15] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-17] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-04-17] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-04-17] ()
S2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166136 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [310056 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336408 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-04-01] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [128096 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102136 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76688 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1006040 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [557776 2017-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [165048 2017-04-01] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340688 2017-04-01] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R4 ddkmd; C:\Windows\system32\drivers\ddkmd.sys [245408 2015-05-06] (OSBASE)
R0 ddkmdldr; C:\Windows\System32\drivers\ddkmdldr.sys [19616 2015-05-06] (OSBASE)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 FLxHCIv; C:\Windows\System32\Drivers\FLxHCIv.sys [184952 2015-05-07] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-05-03] ()
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [573144 2014-06-17] (Realtek Semiconductor Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [476888 2014-03-22] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3463896 2014-06-21] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-17] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-17] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-19 00:14 - 2017-04-19 00:15 - 00027069 _____ C:\Users\Ryan\Downloads\FRST.txt
2017-04-19 00:14 - 2017-04-19 00:14 - 00000000 ____D C:\FRST
2017-04-19 00:13 - 2017-04-19 00:13 - 02424832 _____ (Farbar) C:\Users\Ryan\Downloads\FRST64.exe
2017-04-18 00:37 - 2017-04-18 00:36 - 00718497 _____ C:\Windows\unins000.exe
2017-04-18 00:35 - 2017-04-18 00:37 - 00016096 _____ C:\Windows\unins000.dat
2017-04-18 00:35 - 2017-04-18 00:35 - 00000000 ____D C:\ProgramData\One Small Clue
2017-04-18 00:35 - 2013-10-09 12:18 - 00311296 _____ C:\Windows\system32\r8bsrc.dll
2017-04-18 00:35 - 2011-05-23 23:59 - 05857280 _____ C:\Windows\system32\MtxVec.Spld4.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 19656192 _____ (DewResearch) C:\Windows\system32\MtxVec.Lapack4d.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 15143424 _____ (DewResearch) C:\Windows\system32\MtxVec.Fft.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 08947712 _____ (DewResearch) C:\Windows\system32\MtxVec.Random.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 06683648 _____ (DewResearch) C:\Windows\system32\MtxVec.Vmld.dll
2017-04-18 00:35 - 2010-01-08 00:27 - 02355200 _____ (DewResearch) C:\Windows\system32\MtxVec.Sparse4d.dll
2017-04-18 00:35 - 2010-01-06 22:33 - 02354176 _____ C:\Windows\system32\MtxVec.Vml4d.dll
2017-04-18 00:35 - 2008-11-06 05:29 - 00543928 _____ (Intel Corporation) C:\Windows\system32\libiomp5md.dll
2017-04-18 00:34 - 2017-04-18 00:35 - 14240846 _____ (One Small Clue ) C:\Users\Ryan\Downloads\Setup_Grace_64bit_Full_1-0-4-9_Windows.exe
2017-04-18 00:22 - 2017-04-18 00:42 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Tracktion 4
2017-04-18 00:22 - 2017-04-18 00:22 - 00000000 ____D C:\Program Files\Tracktion 5
2017-04-18 00:21 - 2017-04-18 00:22 - 07983168 _____ (Tracktion Software Corp.) C:\Users\Ryan\Downloads\TracktionInstall_5_Windows_64Bit_latest.exe
2017-04-18 00:12 - 2017-04-18 00:15 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\REAPER
2017-04-18 00:10 - 2017-04-18 00:10 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2017-04-18 00:09 - 2017-04-18 00:10 - 00000000 ____D C:\Program Files\REAPER (x64)
2017-04-18 00:09 - 2017-04-18 00:09 - 11068976 _____ C:\Users\Ryan\Downloads\reaper540_x64-install.exe
2017-04-18 00:09 - 2017-04-18 00:09 - 11068976 _____ C:\Users\Ryan\Downloads\reaper540_x64-install (1).exe
2017-04-17 23:40 - 2017-04-17 23:40 - 00892928 _____ C:\Users\Ryan\Downloads\Acoustica_Mixcraft_Pro_Studio_8_Crack_Full_x86x64.iso
2017-04-01 16:29 - 2017-04-01 16:29 - 00000000 ____D C:\Windows\%LOCALAPPDATA%
2017-04-01 16:26 - 2017-04-18 23:16 - 00004178 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-04-01 16:26 - 2017-04-01 16:26 - 00557776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00400928 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-04-01 16:26 - 2017-04-01 16:26 - 00340688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00165048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00128096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00102136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00076688 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-04-01 16:26 - 2017-04-01 16:26 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 01006040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00336408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00310056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00166136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-04-01 16:26 - 2017-04-01 16:25 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-04-01 16:23 - 2017-04-05 19:57 - 00001028 _____ C:\Users\Public\Desktop\AVG.lnk
2017-03-21 01:21 - 2017-03-21 01:21 - 10832476 _____ C:\Users\Ryan\Desktop\CCTV .7z
2017-03-21 01:17 - 2017-03-21 01:17 - 02674240 _____ C:\Users\Ryan\Downloads\video-1489864643.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 02394136 _____ C:\Users\Ryan\Downloads\video-1489864676.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 01609472 _____ C:\Users\Ryan\Downloads\video-1489864633.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 01465963 _____ C:\Users\Ryan\Downloads\video-1489864621.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 00814382 _____ C:\Users\Ryan\Downloads\video-1489864603.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 00705199 _____ C:\Users\Ryan\Downloads\video-1489864654.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 00665109 _____ C:\Users\Ryan\Downloads\video-1489864595.mp4
2017-03-21 01:17 - 2017-03-21 01:17 - 00180695 _____ C:\Users\Ryan\Downloads\video-1489864607.mp4
2017-03-21 01:16 - 2017-03-21 01:16 - 00540866 _____ C:\Users\Ryan\Downloads\video-1489864661.mp4
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-19 00:07 - 2015-01-22 23:03 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2017-04-18 23:54 - 2015-01-06 19:48 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2856192324-1670486770-184617106-1001
2017-04-18 23:54 - 2015-01-06 19:31 - 00000000 ____D C:\Users\Ryan\Documents\Youcam
2017-04-18 23:53 - 2015-01-22 23:29 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\ClassicShell
2017-04-18 23:53 - 2015-01-06 19:43 - 00000000 ____D C:\Users\Ryan\OneDrive
2017-04-18 23:47 - 2015-01-23 00:27 - 00000000 ____D C:\Windows\PCHEALTH
2017-04-18 23:47 - 2015-01-14 18:39 - 00000000 ____D C:\ProgramData\Kodak
2017-04-18 23:47 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-18 23:13 - 2015-05-03 15:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-18 22:52 - 2014-03-18 10:53 - 00958356 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-18 22:52 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2017-04-18 22:44 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-04-18 22:25 - 2015-01-06 19:49 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2BB99B5E-7CB3-4055-8AFC-B0A85EBE6872}
2017-04-18 22:23 - 2017-03-10 15:12 - 00003156 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRyan
2017-04-18 22:23 - 2017-03-10 15:12 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForRyan.job
2017-04-18 22:21 - 2015-03-03 23:02 - 00000000 ____D C:\Users\Ryan\AppData\Local\CrashDumps
2017-04-18 00:51 - 2015-10-27 11:01 - 00000000 ____D C:\ProgramData\Avg
2017-04-18 00:23 - 2015-09-13 14:19 - 00000000 ____D C:\Users\Ryan\Documents\Homework JOSH
2017-04-18 00:03 - 2017-03-18 19:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-17 23:47 - 2015-07-16 17:08 - 00868352 ___SH C:\Users\Ryan\Downloads\Thumbs.db
2017-04-17 23:45 - 2016-10-12 20:12 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-04-17 23:43 - 2015-01-23 00:48 - 00000000 ____D C:\Users\Ryan\AppData\Local\Adobe
2017-04-17 23:37 - 2015-03-08 13:03 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2017-04-17 23:36 - 2015-03-08 13:02 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2017-04-17 23:30 - 2015-05-23 11:06 - 00000000 ____D C:\Users\Ryan\AppData\Local\Avg
2017-04-17 23:29 - 2015-03-08 12:50 - 00000000 ____D C:\ProgramData\MFAData
2017-04-14 22:15 - 2015-01-24 00:05 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-12 22:21 - 2015-01-06 19:54 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-12 22:21 - 2015-01-06 19:54 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-05 19:57 - 2015-03-08 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-04-01 16:39 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-04-01 16:27 - 2015-10-27 11:07 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\AVG
2017-04-01 16:27 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2017-04-01 16:24 - 2015-03-08 12:54 - 00000000 ____D C:\Program Files (x86)\AVG
2017-04-01 16:23 - 2015-03-08 13:03 - 00000000 ____D C:\Users\Ryan\AppData\Local\AVG Web TuneUp
2017-04-01 15:45 - 2015-01-06 19:55 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-01 15:45 - 2015-01-06 19:55 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2015-05-03 14:38 - 2015-05-03 14:38 - 0197243 _____ () C:\Users\Ryan\AppData\Local\ars.cache
2015-05-03 14:39 - 2015-05-03 14:39 - 0416312 _____ () C:\Users\Ryan\AppData\Local\census.cache
2015-05-03 12:42 - 2015-05-03 12:42 - 0000036 _____ () C:\Users\Ryan\AppData\Local\housecall.guid.cache
2015-01-15 18:45 - 2015-01-15 18:45 - 0004548 _____ () C:\Users\Ryan\AppData\Local\installer.log
2015-05-03 12:49 - 2015-05-03 12:49 - 0000010 _____ () C:\Users\Ryan\AppData\Local\sponge.last.runtime.cache
Some files in TEMP:
====================
2015-10-27 10:50 - 2015-10-27 10:50 - 2892128 _____ (AVG Technologies) C:\Users\Ryan\AppData\Local\Temp\avg-88f86c59-e9bf-474c-bb83-63002265e670.exe
2016-10-12 20:13 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_081489361345.exe
2016-06-30 16:15 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_081893776745.exe
2015-11-18 13:22 - 2015-10-16 14:30 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_08193828765.exe
2016-08-11 09:51 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_082012129805.exe
2016-06-08 17:49 - 2016-02-18 13:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_08230783752.exe
2016-03-06 02:31 - 2016-01-12 17:23 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ryan\AppData\Local\Temp\avguirn_08406797947.exe
2015-12-11 13:35 - 2015-10-22 02:08 - 0595656 _____ (Hewlett-Packard) C:\Users\Ryan\AppData\Local\Temp\HPSFUpdater.exe
2016-07-27 15:48 - 2016-07-27 15:48 - 0741440 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-10-28 22:02 - 2016-10-28 22:02 - 0737856 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u111-windows-au.exe
2015-07-21 20:28 - 2015-07-21 20:28 - 0563808 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u51-windows-au.exe
2016-04-28 18:35 - 2016-05-31 18:51 - 0739904 _____ (Oracle Corporation) C:\Users\Ryan\AppData\Local\Temp\jre-8u91-windows-au.exe
2014-11-08 09:33 - 2015-04-30 22:11 - 0606208 _____ () C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe
2015-03-26 19:29 - 2017-03-18 18:55 - 57547224 _____ (Skype Technologies S.A.) C:\Users\Ryan\AppData\Local\Temp\SkypeSetup.exe
2014-11-08 09:47 - 2014-10-17 12:39 - 0665682 _____ (SQLite Development Team) C:\Users\Ryan\AppData\Local\Temp\sqlite3.dll
2015-12-11 13:48 - 2015-09-28 10:36 - 0144912 _____ (Hewlett-Packard Company) C:\Users\Ryan\AppData\Local\Temp\UninstallHPSA.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-05 17:36
==================== End of FRST.txt ============================