Solved Win 7 - can't reach Control Panel

[MH Lindsey]

Hi, I am helping my girlfriend attempt to recover her HP Pavillion dv7-6143cl laptop running Windows 7. When she gave it to me, it repeatedly asked for a missing iertutil.dll. Using dos commands, I managed to get a clean copy installed and stopped that error. Can get to desktop where she gets a prompt that AVG License Error, not able to recognize your License Number, but she was using AVG 2015 (free version), so we opt out to close. Attempts to reach the Control Panel fail with error ::{26EE0668-A00A-44D7-9371-BEB064C98683} No such interface supported. or I would proceed to uninstall it. Present on the desktop is McAfee Security. I'm resisting connecting to the internet, so I did not follow their request to scan. I managed to install Avast Free but can not access the log due to Explore.exe "not supported". I'll read you the report off the screen: Virus Chest holds...F3EZSETP.DLL in Program Files (x86)\FunWebProducts\Installr\1/bin )Virus Win32:FunWeb[PUP] imagestore.dat Users\MS Admin\AppData\LocalMicrosoft\Internet Explorer\imagestore\zl76mnt (Virus Win32:GenMalicious-IYO[Trj] and LBA-0-1465148624-k.mbam from ProgramData\Malwarebytes (Virus MBR"Alureon-B[Rtk] Windows Defender prompts win32/Zwang_Names Snipping tool exe and Win 64/Alureon.gen!AI. Malwarebytes' report is an extensive list of PUP's, Registy Vlaues & such. My attempt to run sfc/scannow as admin, "regular" and in "safe mode" to find other corrupt files repeadly fails at 20%. Please help.

 

[Broni]

You know the drill...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[MH Lindsey]

I would be happy to post the logs - but I need to be instructed on how to access them because I can not open the explore folder - to get to where the logs reside.

 

[Broni]

If you download FRST to your Desktop as our instructions say logs will be created there too.

 

[MH Lindsey]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Jacqueline (administrator) on JACQUELINE-HP (06-10-2015 17:32:16)
Running from C:\Users\Jacqueline\Desktop
Loaded Profiles: Jacqueline (Available Profiles: Jacqueline)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{0024C23C-596C-458F-AEBF-257F4CBCD6BB}\GoogleToolbarInstaller_updater_signed.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-12-01] (Synaptics Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-12-01] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-12-01] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-07-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2563472 2015-07-21] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-11] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-06-10] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2103894636-1046192603-3950623487-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_Plugin.exe [1156296 2015-08-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-2103894636-1046192603-3950623487-1000\...\MountPoints2: {98b9bbc0-2cbc-11e1-8d56-cc52af77973b} - F:\DPFMate.exe
HKU\S-1-5-21-2103894636-1046192603-3950623487-1000\...\MountPoints2: {dff70196-134d-11e2-b7c6-cc52af77973b} - F:\TLBootstrap_WPP.exe
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe -update activex
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-08] (EasyBits Software Corp.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-11] (AVAST Software)
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [2010-04-13] (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [2010-04-13] (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll [2010-04-13] (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3C1D4D5B-20D1-4851-AFF7-6013A227EB15}: [DhcpNameServer] 192.168.44.1
Tcpip\..\Interfaces\{9185E063-E294-42E2-9912-F65C85EB39C7}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-2103894636-1046192603-3950623487-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://aol.com/
HKU\S-1-5-21-2103894636-1046192603-3950623487-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
URLSearchHook: HKU\S-1-5-21-2103894636-1046192603-3950623487-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {A195C577-4E26-4327-AEA3-CE76B29C425C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {A195C577-4E26-4327-AEA3-CE76B29C425C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2103894636-1046192603-3950623487-1000 -> DefaultScope {6905DDF7-9472-438C-A4AD-F232702D7D42} URL = hxxp://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2103894636-1046192603-3950623487-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2103894636-1046192603-3950623487-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2103894636-1046192603-3950623487-1000 -> {6905DDF7-9472-438C-A4AD-F232702D7D42} URL = hxxp://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2103894636-1046192603-3950623487-1000 -> {8CC52BEE-DAE6-4C44-BAB4-3D03399632DD} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=96ECAFE3-CD4D-4D52-A2A0-839F7B851254&apn_sauid=22D37E5B-0FA4-4006-A8B7-EDDC927A2982&
SearchScopes: HKU\S-1-5-21-2103894636-1046192603-3950623487-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={76CF50C1-E715-412F-B883-2441F8D59684}&mid=0c0d3ae676ec47d3aa781d1be9937ec8-ede6f5e0e6343c1e06119a5a69e077883bbf5213&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-02-27 13:11:39&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2103894636-1046192603-3950623487-1000 -> {A195C577-4E26-4327-AEA3-CE76B29C425C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2103894636-1046192603-3950623487-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2103894636-1046192603-3950623487-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80857&iwk=279&lng=en
SearchScopes: HKU\S-1-5-21-2103894636-1046192603-3950623487-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2103894636-1046192603-3950623487-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120426092248.dll [2012-03-20] (McAfee, Inc.)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-02-17] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-16] (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-11-20] (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-08] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [2014-01-15] (McAfee, Inc.)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll [2015-05-04] (PasswordBox, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426092248.dll [2012-03-20] (McAfee, Inc.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-02-17] (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-11] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.7.0.147\AVG SafeGuard toolbar_toolbar.dll [2015-07-21] (AVG Secure Search)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2013-11-20] (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-08-23] (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-16] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-08-23] (Ask)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.7.0.147\AVG SafeGuard toolbar_toolbar.dll [2015-07-21] (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-2103894636-1046192603-3950623487-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2103894636-1046192603-3950623487-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-24] (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-11-20] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2013-11-20] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.7.0\ViProtocol.dll [2015-07-21] (AVG Secure Search)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2012-03-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2012-03-21] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Jacqueline\AppData\Roaming\Mozilla\Firefox\Profiles\vbo092ro.default
FF DefaultSearchEngine: Secure Search
FF DefaultSearchEngine.US: AVG Secure Search
FF DefaultSearchUrl: hxxp://search.aol.com/search/search?q={searchTerms}&s_it=customfirefox-ff&s_qt=sb&tb_uuid=20110817004921426&tb_oid=17-08-2011&tb_mrud=25-02-2015
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://www.aol.com/?mtmhp=hyplogusaolp00000003
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&type=A111US0&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-08] (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2012-03-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.7.0\\npsitesafety.dll [No File]
FF Plugin-x32: @funwebproducts.com/Plugin -> C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-10] (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [2014-01-15] (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll [2012-03-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-06] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2012-03-26] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-20] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-20] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-05-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-05-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-05-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-05-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-05-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-05-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-05-19] (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-08-20]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-08-25]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-06-02]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-09-01]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-06-23]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011-06-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-11]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-11]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-06-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-11] (AVAST Software)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-07-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-07-07] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-12-01] (Realsil Microelectronics Inc.) [File not signed]
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [502032 2012-03-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2012-03-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [210584 2012-03-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [162192 2012-03-20] (McAfee, Inc.)
S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 vToolbarUpdater18.7.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe [1842576 2015-07-21] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

 

[MH Lindsey]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-09-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-09-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-09-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-11] (AVAST Software)
S3 AtiDCM; C:\Users\Jacqueline\AppData\Local\Temp\atdcm64a.sys [26640 2011-03-15] (Advanced Micro Devices, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-06] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-06 17:32 - 2015-10-06 17:32 - 00037682 _____ C:\Users\Jacqueline\Desktop\FRST.txt
2015-10-06 17:30 - 2015-10-06 17:32 - 00000000 ____D C:\FRST
2015-10-06 17:30 - 2015-10-06 17:30 - 02193920 _____ (Farbar) C:\Users\Jacqueline\Desktop\FRST64.exe
2015-10-06 17:26 - 2015-10-06 17:26 - 01697792 _____ (Farbar) C:\Users\Jacqueline\Downloads\FRST.exe
2015-10-06 16:29 - 2015-10-06 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-10-01 19:41 - 2015-10-01 19:41 - 00000000 ____D C:\Program Files\IDT
2015-10-01 19:39 - 2015-10-01 19:39 - 00000000 ____D C:\Users\Jacqueline\AppData\Roaming\Roxio Log Files
2015-10-01 19:39 - 2015-10-01 19:39 - 00000000 ____D C:\ProgramData\Sonic
2015-09-30 18:44 - 2015-09-30 18:44 - 00000000 _____ C:\AdobeDebug.txt
2015-09-30 16:30 - 2015-09-30 16:30 - 00004096 _____ C:\conf.dat
2015-09-30 16:07 - 2015-09-30 16:07 - 00000000 ____D C:\ProgramData\Roxio
2015-09-12 07:28 - 2015-10-06 16:23 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-12 07:26 - 2015-09-12 07:26 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-12 07:26 - 2015-09-12 07:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-12 07:26 - 2015-09-12 07:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-12 07:26 - 2015-09-12 07:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-12 07:26 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-12 07:26 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-12 07:26 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-12 07:25 - 2015-07-30 06:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-12 07:25 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-09-12 07:22 - 2015-09-12 07:25 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Jacqueline\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-12 06:56 - 2015-09-12 06:56 - 00032768 _____ C:\cache.dat
2015-09-12 06:56 - 2015-09-12 06:56 - 00000000 _____ C:\manifest.dat
2015-09-11 19:35 - 2015-07-20 17:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-11 19:35 - 2015-07-16 13:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-11 19:35 - 2015-07-16 13:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-11 19:35 - 2015-07-16 13:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-11 19:35 - 2015-07-16 13:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-11 19:35 - 2015-07-16 13:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-11 19:35 - 2015-07-16 12:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-11 19:35 - 2015-07-16 12:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-11 19:35 - 2015-07-16 12:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-11 19:35 - 2015-07-16 12:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-11 19:35 - 2015-07-16 12:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-11 19:34 - 2015-07-28 13:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-09-11 19:34 - 2015-07-28 13:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-09-11 19:34 - 2015-07-28 13:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-09-11 19:34 - 2015-07-28 13:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-09-11 19:34 - 2015-07-28 13:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-09-11 19:34 - 2015-07-28 13:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-09-11 19:34 - 2015-07-28 13:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-09-11 19:34 - 2015-07-28 12:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-09-11 19:34 - 2015-07-20 17:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-11 19:34 - 2015-07-16 14:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-11 19:34 - 2015-07-16 13:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-11 19:34 - 2015-07-16 13:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-11 19:34 - 2015-07-16 13:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-11 19:34 - 2015-07-16 13:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-11 19:34 - 2015-07-16 13:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-11 19:34 - 2015-07-16 13:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-11 19:34 - 2015-07-16 13:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-11 19:34 - 2015-07-16 13:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-11 19:34 - 2015-07-16 13:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-11 19:34 - 2015-07-16 13:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-11 19:34 - 2015-07-16 13:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-11 19:34 - 2015-07-16 13:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-11 19:34 - 2015-07-16 13:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-11 19:34 - 2015-07-16 13:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-11 19:34 - 2015-07-16 13:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-11 19:34 - 2015-07-16 13:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-11 19:34 - 2015-07-16 12:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-11 19:34 - 2015-07-16 12:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-11 19:34 - 2015-07-16 12:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-11 19:34 - 2015-07-16 12:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-11 19:34 - 2015-07-16 12:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-11 19:34 - 2015-07-16 12:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-11 19:34 - 2015-07-16 12:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-11 19:34 - 2015-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-11 19:34 - 2015-07-16 12:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-11 19:34 - 2015-07-16 12:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-11 19:34 - 2015-07-16 12:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-11 19:34 - 2015-07-16 12:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-11 19:34 - 2015-07-16 12:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-11 19:34 - 2015-07-16 12:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-11 19:34 - 2015-07-16 12:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-11 19:34 - 2015-07-16 12:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-11 19:34 - 2015-07-16 12:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-11 19:34 - 2015-07-16 12:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-11 19:34 - 2015-07-16 12:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-11 19:34 - 2015-07-16 12:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-11 19:34 - 2015-07-16 12:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-11 19:34 - 2015-07-16 12:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-11 19:34 - 2015-07-16 12:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-11 19:34 - 2015-07-16 12:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-11 19:34 - 2015-07-16 12:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-11 19:34 - 2015-07-16 12:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-11 19:34 - 2015-07-16 12:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-11 19:34 - 2015-07-16 11:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-11 19:34 - 2015-07-16 11:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-11 19:34 - 2015-07-16 11:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-11 19:34 - 2015-07-16 11:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-11 19:33 - 2015-07-15 11:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-11 19:33 - 2015-07-15 11:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-11 19:33 - 2015-07-15 11:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-11 19:33 - 2015-07-15 11:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-09-11 19:33 - 2015-07-15 11:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-11 19:33 - 2015-07-15 11:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-11 19:33 - 2015-07-15 11:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-11 19:33 - 2015-07-15 11:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-11 19:33 - 2015-07-15 11:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-11 19:33 - 2015-07-15 11:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-11 19:33 - 2015-07-15 11:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-11 19:33 - 2015-07-15 11:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-11 19:33 - 2015-07-15 11:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-11 19:33 - 2015-07-15 11:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-09-11 19:33 - 2015-07-15 11:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-11 19:33 - 2015-07-15 11:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-11 19:33 - 2015-07-15 11:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-11 19:33 - 2015-07-15 11:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-11 19:33 - 2015-07-15 10:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-11 19:33 - 2015-07-15 10:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-11 19:33 - 2015-07-15 10:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-11 19:33 - 2015-07-15 10:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-11 19:33 - 2015-07-15 10:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-11 19:33 - 2015-07-15 10:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-11 19:33 - 2015-07-15 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-11 19:33 - 2015-07-15 10:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-11 19:33 - 2015-07-15 10:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-11 19:33 - 2015-07-15 10:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-11 19:33 - 2015-07-15 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-11 19:33 - 2015-07-15 10:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-11 19:33 - 2015-07-15 10:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-11 19:33 - 2015-07-15 10:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-11 19:33 - 2015-07-15 10:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-11 19:33 - 2015-07-15 10:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-11 19:33 - 2015-07-15 10:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-11 19:33 - 2015-07-15 10:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-11 19:33 - 2015-07-15 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-11 19:33 - 2015-07-15 10:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-11 19:33 - 2015-07-15 10:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-11 19:33 - 2015-07-15 10:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 09:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-11 19:33 - 2015-07-15 09:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-11 19:33 - 2015-07-15 09:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-11 19:33 - 2015-07-15 09:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-11 19:33 - 2015-07-15 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-11 19:33 - 2015-07-15 09:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 09:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 09:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-11 19:33 - 2015-07-15 09:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-11 19:33 - 2015-07-14 20:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-09-11 19:33 - 2015-07-10 10:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-09-11 19:33 - 2015-07-10 10:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-09-11 19:33 - 2015-07-10 10:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-09-11 19:33 - 2015-07-10 10:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-09-11 19:33 - 2015-07-10 10:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-09-11 19:33 - 2015-07-10 10:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-09-11 19:27 - 2015-07-30 11:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-09-11 19:27 - 2015-07-30 11:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-09-11 19:27 - 2015-07-30 11:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-09-11 19:27 - 2015-07-30 11:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-11 19:27 - 2015-07-30 11:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-11 19:27 - 2015-07-30 11:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-11 19:27 - 2015-07-30 11:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-11 19:27 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-09-11 19:27 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-09-11 19:27 - 2015-07-30 10:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-11 19:27 - 2015-07-30 10:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-11 19:27 - 2015-07-30 10:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-11 19:27 - 2015-07-30 10:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-11 19:27 - 2015-07-30 09:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-11 19:27 - 2015-07-30 09:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-11 19:27 - 2015-07-30 09:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-11 19:27 - 2015-07-20 11:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-11 19:27 - 2015-07-20 11:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-11 19:27 - 2015-07-20 11:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-11 19:27 - 2015-07-20 11:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-11 19:27 - 2015-07-20 11:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-11 19:27 - 2015-07-20 11:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-11 19:27 - 2015-07-20 11:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-11 19:27 - 2015-07-20 11:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-11 19:27 - 2015-07-20 11:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-11 19:27 - 2015-07-20 11:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-11 19:27 - 2015-07-20 11:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-11 19:27 - 2015-07-20 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-11 19:27 - 2015-07-20 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-11 19:27 - 2015-07-20 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-11 19:27 - 2015-07-20 10:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-11 19:27 - 2015-07-20 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-11 19:27 - 2015-07-14 20:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-11 19:27 - 2015-07-14 20:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-11 19:27 - 2015-07-14 20:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-11 19:27 - 2015-07-14 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-11 19:27 - 2015-07-14 19:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-11 19:27 - 2015-07-14 19:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-11 19:27 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-11 19:27 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-11 19:27 - 2015-07-10 10:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-09-11 19:27 - 2015-07-10 10:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-09-11 19:27 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-09-11 19:27 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-09-11 19:27 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-09-11 19:27 - 2015-07-01 13:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-09-11 19:27 - 2015-07-01 13:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-09-11 19:27 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-09-11 19:27 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-09-11 19:19 - 2015-09-11 19:19 - 00000000 ____D C:\Users\Jacqueline\AppData\Roaming\AVAST Software
2015-09-11 19:18 - 2015-09-11 19:18 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-11 19:18 - 2015-09-11 19:18 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-09-11 19:18 - 2015-09-11 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-11 19:17 - 2015-09-11 19:18 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-09-11 19:17 - 2015-09-11 19:17 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-11 19:17 - 2015-09-11 19:17 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-11 19:17 - 2015-09-11 19:17 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-11 19:17 - 2015-09-11 19:17 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-11 19:17 - 2015-09-11 19:17 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-11 19:17 - 2015-09-11 19:17 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-11 19:17 - 2015-09-11 19:17 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-11 19:17 - 2015-09-11 19:17 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-11 19:17 - 2015-09-11 19:17 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-11 19:00 - 2015-09-11 19:00 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-11 18:59 - 2015-09-11 18:59 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-11 18:58 - 2015-09-11 18:58 - 05685712 _____ (AVAST Software) C:\Users\Jacqueline\Downloads\avast_free_antivirus_setup_online.exe
2015-09-11 16:14 - 2015-09-11 16:14 - 00000000 ____D C:\ProgramData\Blio
2015-09-11 16:13 - 2015-09-11 16:14 - 00000000 ____D C:\Users\Jacqueline\AppData\Roaming\Blio
2015-09-11 16:13 - 2015-09-11 16:13 - 00000000 ____D C:\Users\Jacqueline\Documents\Blio
2015-09-11 13:56 - 2015-09-12 07:30 - 00000000 ____D C:\Windows\system32\MpEngineStore

 

[MH Lindsey]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-06 17:31 - 2011-05-28 15:18 - 01470648 _____ C:\Windows\WindowsUpdate.log
2015-10-06 17:28 - 2012-01-09 18:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-06 17:28 - 2012-01-09 18:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-06 17:26 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-06 17:26 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-06 17:23 - 2012-01-09 18:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-06 17:23 - 2012-01-09 18:33 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-06 17:20 - 2012-03-21 12:28 - 00000266 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2015-10-06 17:20 - 2011-06-23 00:31 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{62BF689D-F1CB-45A1-9314-820592EAEC0D}
2015-10-06 17:20 - 2011-06-22 21:36 - 00000000 ____D C:\Users\Jacqueline\AppData\LocalLow\AuthenTec
2015-10-06 16:38 - 2013-12-15 19:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-06 16:29 - 2011-06-23 12:11 - 00001828 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2015-10-06 16:24 - 2011-08-11 21:50 - 00000000 ____D C:\Users\Jacqueline\AppData\Local\CrashDumps
2015-10-06 16:23 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-06 16:22 - 2009-07-13 21:51 - 00080968 _____ C:\Windows\setupact.log
2015-10-06 15:46 - 2015-06-08 17:42 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJacqueline
2015-10-06 15:46 - 2015-06-08 17:42 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForJacqueline.job
2015-10-01 19:46 - 2010-11-20 20:47 - 00813980 _____ C:\Windows\PFRO.log
2015-10-01 19:43 - 2011-12-01 15:53 - 00001414 _____ C:\Windows\Synaptics.log
2015-10-01 19:43 - 2011-05-28 15:25 - 00024484 _____ C:\Windows\DPINST.LOG
2015-10-01 19:42 - 2011-05-28 15:24 - 00000000 ____D C:\Windows\SysWOW64\sda
2015-10-01 19:42 - 2011-05-28 15:24 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-10-01 19:42 - 2011-05-28 15:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-10-01 19:41 - 2011-05-28 15:20 - 00000000 ____D C:\Program Files (x86)\Intel
2015-10-01 19:40 - 2011-05-28 15:38 - 00000000 ____D C:\ProgramData\Downloaded Installations
2015-10-01 19:40 - 2011-04-08 13:48 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-10-01 19:39 - 2011-06-23 00:31 - 00000000 ____D C:\Users\Jacqueline\AppData\Roaming\hpqlog
2015-10-01 19:39 - 2011-04-08 13:54 - 00000000 ___RD C:\Program Files\Online Services
2015-10-01 19:39 - 2011-04-08 13:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2015-10-01 19:39 - 2011-04-08 13:40 - 00000000 ___RD C:\Program Files (x86)\Online Services
2015-10-01 17:21 - 2009-07-13 22:08 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-12 08:36 - 2011-04-08 13:52 - 00000000 ____D C:\Windows\en
2015-09-12 07:33 - 2009-07-13 21:45 - 00357432 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-12 07:31 - 2012-05-27 10:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-12 07:31 - 2012-05-27 10:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-12 07:30 - 2014-12-27 19:30 - 00000000 ____D C:\Windows\system32\appraiser
2015-09-12 07:30 - 2014-05-21 18:40 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-09-12 07:25 - 2012-05-27 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-12 07:22 - 2011-07-24 21:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-11 14:51 - 2015-06-02 14:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-11 14:51 - 2015-04-05 11:14 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-11 14:51 - 2013-11-26 17:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-11 14:51 - 2011-04-08 13:47 - 00000000 ____D C:\ProgramData\RoxioNow
2015-09-11 14:51 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-09-11 14:51 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2015-09-11 14:51 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-11 14:50 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2015-09-11 13:53 - 2011-06-22 21:35 - 00000000 ____D C:\Users\Jacqueline

==================== Files in the root of some directories =======

2012-03-07 15:44 - 2015-05-13 10:21 - 0029696 _____ () C:\Users\Jacqueline\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-25 21:01 - 2014-12-25 21:01 - 0000000 _____ () C:\Users\Jacqueline\AppData\Local\{C36D0A3D-5FB4-4FAD-A2A4-C9623DD123FB}
2012-03-21 12:25 - 2012-03-21 12:25 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Jacqueline\AppData\Local\Temp\kchf77lt.dll
C:\Users\Jacqueline\AppData\Local\Temp\pfn8qlnz.dll
C:\Users\Jacqueline\AppData\Local\Temp\sp64126.exe
C:\Users\Jacqueline\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Jacqueline\AppData\Local\Temp\w-iwvaky.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-30 19:11

==================== End of FRST.txt ============================

 

[MH Lindsey]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Jacqueline (2015-10-06 17:33:27)
Running from C:\Users\Jacqueline\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-06-23 04:35:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2103894636-1046192603-3950623487-500 - Administrator - Disabled)
Guest (S-1-5-21-2103894636-1046192603-3950623487-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2103894636-1046192603-3950623487-1002 - Limited - Enabled)
Jacqueline (S-1-5-21-2103894636-1046192603-3950623487-1000 - Administrator - Enabled) => C:\Users\Jacqueline

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.02 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.13.1.0 - Ask.com) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
AuthenTec TrueAPI (Version: 1.2.1.33 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6086 - AVG Technologies)
AVG 2015 (Version: 15.0.4401 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6086 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.7.0.147 - AVG Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Photosmart 6510 series Basic Device Software (HKLM\...\{B53F9744-F0FB-44A6-9739-335CDAB4488A}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Photosmart 6510 series Help (HKLM-x32\...\{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 6510 series Product Improvement Study (HKLM\...\{85CB0687-0239-473E-943B-E8AFEE6E044C}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13231.3673 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{BCFAA37D-A6DB-43BF-A351-43F183E52D07}) (Version: 5.1.0.495 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel(R) Wireless Display (HKLM-x32\...\{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}) (Version: 2.0.30.0 - Intel Corporation)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.5.0 - iolo technologies, LLC)
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java(TM) 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.300 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version: - McAfee, Inc.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 11.0.669 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Palette Previewer(TM) Consumer Edition (HKLM-x32\...\Palette Previewer(TM) Consumer Edition) (Version: - Autech)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.2.14 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.0.25 - iolo technologies, LLC)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

29-08-2015 22:50:26 Windows Update
02-09-2015 13:20:07 Windows Update
11-09-2015 14:10:43 Windows Defender Checkpoint
11-09-2015 18:59:44 avast! antivirus system restore point
12-09-2015 07:13:22 Windows Update
12-09-2015 09:23:42 Windows Update
30-09-2015 14:32:10 Windows Update
01-10-2015 16:36:40 Windows Update
01-10-2015 19:53:58 Windows Defender Checkpoint
01-10-2015 20:20:14 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08190AAF-E8B5-4CE8-B486-EACCF69451D6} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {0AAF52D1-E4DA-40C3-9FFF-A80BCACC28F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {17C001CE-72EB-4F40-83D5-311E75BAFFDC} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {257560AE-0EBD-4D09-8851-CB2C851C1281} - System32\Tasks\{CAB83FCE-7F4F-46FA-BC73-C6FBF9E18571} => C:\Program Files (x86)\Adobe\Elements Organizer 8.0\Photoshop Elements 8.0.exe [2009-09-06] (Adobe Systems Incorporated)
Task: {25CF4D30-1478-4A56-8B11-C63E58821190} - System32\Tasks\{251400CF-5368-4BFB-B796-06FF3149800D} => C:\Program Files (x86)\Adobe\Elements Organizer 8.0\Photoshop Elements 8.0.exe [2009-09-06] (Adobe Systems Incorporated)
Task: {3068D45D-A297-44F2-B2F0-5723481DCD6F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3BE5DDDA-1919-4129-9079-ED1F86DA69E7} - System32\Tasks\{695DA913-12DF-451D-8174-F3F8DB9F288C} => C:\Program Files (x86)\Adobe\Elements Organizer 8.0\Photoshop Elements 8.0.exe [2009-09-06] (Adobe Systems Incorporated)
Task: {4214B6FF-B370-4FAF-B1F2-84F2762D2DDB} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2014-02-25] ()
Task: {45437DC6-1B4D-44E4-9BE8-47637A417AA2} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2011-08-23] () <==== ATTENTION
Task: {5071E63A-8BA6-4358-B463-8553CCBE67BD} - System32\Tasks\HPCustParticipation HP Photosmart 6510 series => C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2011-09-16] (Hewlett-Packard Co.)
Task: {73BDC4DB-C6DE-412B-A32E-1822E763AC56} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)
Task: {7AEB9184-0E13-41F2-A7A6-99C63FB327CE} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {808DA898-C841-4920-8D60-ACF64F39509C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {90A56754-19A4-4D2B-B08D-2133376F2BEE} - System32\Tasks\{22829F7C-B3F1-4A69-9FC1-6AC3A7A448B7} => C:\Program Files (x86)\Adobe\Elements Organizer 8.0\Photoshop Elements 8.0.exe [2009-09-06] (Adobe Systems Incorporated)
Task: {9C5ACC55-E791-4B28-BF54-04BCA2CB0B84} - System32\Tasks\{C9CA9CE6-CF7C-4969-B70A-0AE8A6BE15A7} => C:\Program Files (x86)\Adobe\Elements Organizer 8.0\Photoshop Elements 8.0.exe [2009-09-06] (Adobe Systems Incorporated)
Task: {A365EB1A-06F3-4258-A528-652EBA59081F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {B918B5ED-AD00-42ED-AF85-4D1883489CB5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {B925B52D-08F6-4844-9BDF-D5AC1816C855} - System32\Tasks\HPCeeScheduleForJacqueline => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {BAAC1B65-B5E8-45D3-A844-7D8880CCB9B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)
Task: {D1040EA1-D493-4D55-A509-9762C275866D} - System32\Tasks\0215tb_RML => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0215tb.exe [2015-03-06] ()
Task: {D5A4B5E4-8254-440F-9114-442EE86A2A84} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {DDA231CB-CFA9-4A8E-8EFB-E86DFABF9D2A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-11] (AVAST Software)
Task: {E46889A1-98F9-45A7-8344-AB58E721FFD9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {E4CB39CF-A35D-434F-946A-FE63021A9704} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2013-12-03] (iolo technologies, LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0215tb_RML.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0215tb.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJacqueline.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2011-07-27 21:07 - 2011-07-27 21:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-07-21 10:36 - 2015-07-21 10:36 - 00168336 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
2011-05-28 15:21 - 2011-01-27 09:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-27 21:07 - 2011-07-27 21:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-02-27 14:11 - 2015-07-21 10:36 - 02563472 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-15 09:57 - 2011-03-15 09:57 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-09-11 19:17 - 2015-09-11 19:17 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-11 19:17 - 2015-09-11 19:17 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-11 19:17 - 2015-09-11 19:17 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091109\algo.dll
2015-10-06 17:24 - 2015-10-06 17:24 - 02967040 _____ () C:\Program Files\AVAST Software\Avast\defs\15100601\algo.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-14 09:45 - 2014-05-14 09:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2015-07-21 10:36 - 2015-07-21 10:36 - 00528272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\log4cplusU.dll
2015-09-11 19:17 - 2015-09-11 19:17 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-10-01 19:42 - 2015-10-01 19:42 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2011-05-28 15:20 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-08-11 13:41 - 2015-08-11 13:41 - 17482952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\CN1C14129905QB:NW
AlternateDataStreams: C:\ProgramData\Temp:612B5BD9
AlternateDataStreams: C:\Users\Jacqueline\Documents\Fw_ Fw_ This is very cool (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jacqueline\Documents\Fw_ Fw_ This is very cool.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jacqueline\Documents\Fw_FriendshipBraceletFROMYOURFRIENDIAPPRECIATEYOU] (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jacqueline\Documents\Fw_FriendshipBraceletFROMYOURFRIENDIAPPRECIATEYOU].eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2103894636-1046192603-3950623487-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jacqueline\Pictures\Adobe\Desktop Wallpaper\wallpaper.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jacqueline^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - .lnk => C:\Windows\pss\Monitor Ink Alerts - .lnk.Startup
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: HP Photosmart 6510 series (NET) => "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1C14129905QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPConnectionManager => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: InboxToolbar => "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C1DC52E6-9EDB-4C8B-B4A1-4F1A0396ADF6}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{FC38A29F-6BD6-4D35-BF60-3CB07D0ABD91}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{C1E40A21-2210-4B71-8532-537B55A71026}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{C6FE28B5-A31B-4A07-B40B-34704D2506FF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{0FF39452-9140-47DB-97AA-845A8D17A421}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{232A45B6-4D0A-41AC-AFED-34E070E52ED7}] => (Allow) LPort=2869
FirewallRules: [{5878BC40-4270-4540-831D-A09D4677F8F8}] => (Allow) LPort=1900
FirewallRules: [{BE0F2DC6-834E-44AE-8423-48F9E658B052}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3A46CC13-D644-4570-AAFA-2AC8A1341943}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{33C8B1DB-CFC3-417D-8256-5DC5D0C72BCE}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{E08CD860-7D93-4277-B8A1-2AB9BB9FABE7}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{4E32A595-9AC2-49C4-B686-2FEDF017AED2}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{824BC4FE-4C3E-4A41-8FA0-4A031AD58C40}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{BB8F289B-5781-41AD-A03A-27CFEED05D4D}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{D5AD41BD-B9C9-4DAA-8C25-7CB0C02832CB}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{56B427FB-13B5-4BEF-AE2B-66F3C1B57A23}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{2AF8FE62-A273-4A4A-91C1-57D1319C2B01}] => (Allow) LPort=7000
FirewallRules: [{E28879B4-AF1A-4A17-82CF-432E8C63CD7D}] => (Allow) LPort=7000
FirewallRules: [{CA74C074-5D3D-407B-9E28-CECAD7E8A305}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{EA657A60-64E6-436E-9282-8E1FA1B40848}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{5F1D8CC7-2391-48F6-BABC-EA86402D5D84}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{18BD6D4D-2E33-4A8B-8367-EFE1FA5F05DB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0C260D34-7BCB-42C0-9635-E3AAC63C60EE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{61C797EB-CC8F-4A10-9A83-AC1E8E3BC692}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{01B6E491-C4A4-4321-83BC-5C298B69220B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{40B97EC3-D4FC-4949-8C4D-1FC5E84F102A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdater.exe
FirewallRules: [{F84D1CC4-48AA-4757-B455-7FF4DCCA86A2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{691ADC16-D2FE-46C3-B5AD-ABE3DA1AABD9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{BC9BFFDF-E349-47E9-851C-F4EF3BF9E167}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{538D9915-BA24-4399-A9DB-1C53EC7B6725}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{9CC771B3-99AE-4D43-B467-9891153C1C88}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{C3E2EEE8-9F6F-4288-B1C7-BE37FD1AD810}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe
FirewallRules: [{2F36449C-1324-4A96-8BFB-CB935512BD4B}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{CF987F7D-CFAC-4A05-B23A-15E85632C4B3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1C1766CF-1F96-4AFA-89D9-2D98FD7B10EF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{251E1197-DCC1-4C3E-8D32-338FB22459F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{E577CF43-AF37-48DC-A163-C30E6BAE78C7}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{90121A96-F441-4887-BCF1-8F461E92D4B2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{644CD1D8-E910-49AF-98CB-4ACF397C706B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{3B9C961A-145F-494D-B1E9-9C8C822A87AE}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{55B9B2D7-4AF2-4F8D-92EC-8C5E09327A9B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{864134BE-DD4A-467A-9767-17360D30D478}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{45D9438D-542F-4FE4-BFB1-98F4BB2F5BA4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{9A1C2D5D-03E9-47E3-8F3B-FB7606678D25}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{28689C02-C085-490E-A070-19250EAD4FB4}] => (Allow) C:\Users\Jacqueline\Desktop\Autech\Palette Previewer(TM) Consumer Edition\Paint.exe
FirewallRules: [{B8906F0A-5245-4E93-A161-6F40C46CDBE6}] => (Allow) C:\Users\Jacqueline\Desktop\Autech\Palette Previewer(TM) Consumer Edition\Paint.exe
FirewallRules: [{4149D1B3-EB19-4D5B-A71D-798F73AC5207}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{64A39925-11E7-4C13-83DE-445F7B2EAC75}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{65FCC9CC-0B5A-4414-9C1C-F6C643DF5925}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{77389A93-D2C2-46A2-B4F4-1DE22427C761}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2169AFCC-EA77-4A6E-9FE2-1E122A3FBCDB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7AC3E4AB-64D2-4CF4-8FA6-7C4F18BEFBE7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{658E8015-218A-45E4-AE73-BEF2B203BA7E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{18B133DD-07A0-4530-BE62-25361726C0CC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6E22163F-B604-41C5-A3DF-80328DD5BF0F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{38AA64A0-786B-4E08-B87A-E1F972F4ED8E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{7871A2AD-1FD3-47CC-A298-B85A3CCA7D71}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{9BC446E1-4904-482B-AD86-B55DF7CF8AB6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{890A33B6-07AF-44C8-AD42-258065B82406}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{131DDE09-D0AB-4844-B8A4-18E26F4BAF0D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{0907D7C5-6B92-472E-B3EA-BF65F0D88932}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{AF817D77-5FC6-4C98-9BFE-0AFE48F34271}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{CA553B1D-ADA1-408E-A3F7-8123E0977C0A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6C01591A-EFC4-4CAB-A4B8-561B26CA0169}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{CE69BC05-7BDB-4FC0-9F63-50F052A045DA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{43F528F9-94BD-4970-8198-A28D7F55319F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

==================== Faulty Device Manager Devices =============

Name: USB Receiver
Description: USB Receiver
Class Guid:
Manufacturer:
Service:
Problem: : This device is not configured correctly. (Code1)
Resolution: You may be prompted to provide the path of the driver. Windows may have the driver built-in, or may still have the driver files installed from the last time that you set up the device. If you are asked for the driver and you do not have it, you can try to download the latest driver from the hardware vendor�s Web site.
In the device properties dialog box, click the "Driver" tab, and then click "Update Driver" to start the "Hardware Update Wizard". Follow the instructions to update the driver. If updating the driver does not work, see your hardware documentation for more information.

Name: USB Receiver
Description: USB Receiver
Class Guid:
Manufacturer:
Service:
Problem: : This device is not configured correctly. (Code1)
Resolution: You may be prompted to provide the path of the driver. Windows may have the driver built-in, or may still have the driver files installed from the last time that you set up the device. If you are asked for the driver and you do not have it, you can try to download the latest driver from the hardware vendor�s Web site.
In the device properties dialog box, click the "Driver" tab, and then click "Update Driver" to start the "Hardware Update Wizard". Follow the instructions to update the driver. If updating the driver does not work, see your hardware documentation for more information.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/06/2015 04:26:10 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7

Error: (10/06/2015 04:24:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a6a196
Exception code: 0xc0000005
Fault offset: 0x0000000000025c3f
Faulting process id: 0xe78
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (10/06/2015 04:23:47 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7

Error: (10/06/2015 04:23:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2015 04:18:23 PM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC

Error: (10/06/2015 03:31:48 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7

Error: (10/06/2015 03:29:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2015 03:29:16 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7

Error: (10/06/2015 03:22:44 PM) (Source: ATIeRecord) (EventID: 16398) (User: )
Description: ATI EEU failed to post message to CCC

Error: (10/06/2015 03:10:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 769350


System errors:
=============
Error: (10/06/2015 05:20:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (10/06/2015 05:20:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (10/06/2015 05:20:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147467262.

Error: (10/06/2015 05:20:19 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (10/06/2015 04:29:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (10/06/2015 04:26:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Online Backup service failed to start due to the following error:
%%1053

Error: (10/06/2015 04:26:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Online Backup service to connect.

Error: (10/06/2015 04:24:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (10/06/2015 04:24:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/06/2015 04:23:06 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 44%
Total physical RAM: 8139.86 MB
Available physical RAM: 4535.71 MB
Total Virtual: 16277.92 MB
Available Virtual: 12402.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:684 GB) (Free:585.98 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.34 GB) (Free:1.6 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 1A3F0DFB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=684 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================

 

[Broni]

You're running three AV programs, AVG, Avast and McAfee.
We must remove two of them.
Since you settled for Avast...

1. Uninstall AVG using AVG Remover: http://www.avg.com/us-en/utilities

2. We can try to uninstall McAfee using command line but first we have to find one file.
Re-run FRST again.
Type the following in the edit box after "Search:".

frminst.exe

Click Search files button and post the log (Search.txt) it makes in your reply.

I also strongly recommend uninstalling System Mechanic, which can be actually part of your problems since it deals with registry.

 

[MH Lindsey]

AVG has been uninstalled

Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Jacqueline (2015-10-06 18:51:17)
Running from C:\Users\Jacqueline\Desktop
Boot Mode: Normal

================== Search Files: "frminst.exe" =============

====== End of Search ======

 

[Broni]

It didn't find McAfee uninstall file.

See if you can reach "Programs & Features" from command line.
Go Start>Run, paste this:
control appwiz.cpl
Press Enter.

 

[MH Lindsey]

***** Zapping data for user S-1-5-18 for product {ACCD4860-2B38-4301-B7C4-F27F567FE3EA} *****
MsiZapInfo: Performing operations for user S-1-5-18
Searching for the Windows Installer InProgress key. . .
Searching for the product {ACCD4860-2B38-4301-B7C4-F27F567FE3EA} cached package. . .
Removed file: C:\Windows\Installer\1e6231b2.msi
Searching for install property data for product {ACCD4860-2B38-4301-B7C4-F27F567FE3EA}. . .
Removed \0684DCCA83B210347B4C2FF765F73EAE\InstallProperties
Searching for product {ACCD4860-2B38-4301-B7C4-F27F567FE3EA} data in the HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall key. . .
Removed \{ACCD4860-2B38-4301-B7C4-F27F567FE3EA}
Searching user's global config location for product {ACCD4860-2B38-4301-B7C4-F27F567FE3EA} data. . .
Searching for product 0684DCCA83B210347B4C2FF765F73EAE upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Removed upgrade code '0684DCCA83B210347B4C2FF765F73EAE' at HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes
Searching for patches for product 0684DCCA83B210347B4C2FF765F73EAE in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0684DCCA83B210347B4C2FF765F73EAE\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0684DCCA83B210347B4C2FF765F73EAE for product data. . .
Removed \Features
Removed \Patches
Removed \Usage
Removed \Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0684DCCA83B210347B4C2FF765F73EAE
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\0684DCCA83B210347B4C2FF765F73EAE for product feature data. . .
Searching per-machine global config location for product {ACCD4860-2B38-4301-B7C4-F27F567FE3EA} data. . .
Searching for product 0684DCCA83B210347B4C2FF765F73EAE upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product 0684DCCA83B210347B4C2FF765F73EAE in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0684DCCA83B210347B4C2FF765F73EAE\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0684DCCA83B210347B4C2FF765F73EAE for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\0684DCCA83B210347B4C2FF765F73EAE for product feature data. . .
Searching old global config location for product {ACCD4860-2B38-4301-B7C4-F27F567FE3EA} data. . .
Searching for product 0684DCCA83B210347B4C2FF765F73EAE upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
Searching for patches for product 0684DCCA83B210347B4C2FF765F73EAE in Software\Microsoft\Windows\CurrentVersion\Installer\Products\0684DCCA83B210347B4C2FF765F73EAE\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\0684DCCA83B210347B4C2FF765F73EAE for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\0684DCCA83B210347B4C2FF765F73EAE for product feature data. . .
Searching per-machine location for product {ACCD4860-2B38-4301-B7C4-F27F567FE3EA} data. . .
Searching for product 0684DCCA83B210347B4C2FF765F73EAE upgrade codes in Software\Classes\Installer\UpgradeCodes...
Removed upgrade code '0684DCCA83B210347B4C2FF765F73EAE' at HKLM\Software\Classes\Installer\UpgradeCodes
Searching for patches for product 0684DCCA83B210347B4C2FF765F73EAE in Software\Classes\Installer\Products\0684DCCA83B210347B4C2FF765F73EAE\Patches
Searching HKLM\Software\Classes\Installer\Components for published component data for the product {ACCD4860-2B38-4301-B7C4-F27F567FE3EA}. . .
Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {ACCD4860-2B38-4301-B7C4-F27F567FE3EA}. . .
Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {ACCD4860-2B38-4301-B7C4-F27F567FE3EA}. . .
Searching HKLM\Software\Classes\Installer\Products\0684DCCA83B210347B4C2FF765F73EAE for product data. . .
Removed \Media
Removed \Net
Removed \SourceList
Removed \Software\Classes\Installer\Products\0684DCCA83B210347B4C2FF765F73EAE
Searching HKLM\Software\Classes\Installer\Features\0684DCCA83B210347B4C2FF765F73EAE for product feature data. . .
Removed \Software\Classes\Installer\Features\0684DCCA83B210347B4C2FF765F73EAE
Searching for product {ACCD4860-2B38-4301-B7C4-F27F567FE3EA} in per-user managed location. . .
Searching for product 0684DCCA83B210347B4C2FF765F73EAE upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes...
Searching for patches for product 0684DCCA83B210347B4C2FF765F73EAE in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\0684DCCA83B210347B4C2FF765F73EAE\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\0684DCCA83B210347B4C2FF765F73EAE for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\0684DCCA83B210347B4C2FF765F73EAE for product feature data. . .
Searching for shared DLL counts for components tied to the product 0684DCCA83B210347B4C2FF765F73EAE. . .
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product 0684DCCA83B210347B4C2FF765F73EAE. . .
Reduced shared DLL count to 998 for: C:\Program Files (x86)\AVG\AVG2015\default_uds.mdf
Searching for product 0684DCCA83B210347B4C2FF765F73EAE client info data. . .
Removed client of component 011DD4108A428874AA8183B1F8F717C4
Removed client of component 0178C28A924FB7041AA23F738361541C
Removed client of component 025027261E3EEEE49AF2D96355949344
Removed client of component 026369C70D49398429432A39420E05D8
Removed client of component 02C562B55B09B5448AE0CBC0C0E0DF1D
Removed client of component 02D3475DA821A3C44916BDFD77F2902A
Removed client of component 03458D997E9ECB846AF25AE76873B1A1
Removed client of component 03D710D54F4BA7B4EBE271A6C37C04DC
Removed client of component 043A378F794186345A6E2E31EE417DE4
Removed client of component 048574AB7FFFC5A40B11A8C6ED44494F
Removed client of component 04859C1433457984CAB2358AD1383F24
Removed client of component 049C153D52EAB834AAB46FFA9F211781
Removed client of component 055048D88852EAB4DADA1ECDEC2949A2
Removed client of component 058484D414A03164586F946652CAD449
Removed client of component 06D674D2AB8BC794B9F5EF0D09940175
Removed client of component 071B508341F47794595DE620C2A8064D
Removed client of component 0754F1EF85760CC4EA9C575C59614BC5
Removed client of component 0930E7718AFE983408DE8B2758615A4B
Removed client of component 0958544750741B549AE9266E52CD8217
Removed client of component 09AA30FB11267F64AA3242E4F0B9D43B
Removed client of component 0AF6B6D24B1BADE4E8D32E85B4CD09C3
Removed client of component 0C79EB7847511BE4BB072F312FB148F0
Removed client of component 0D20A73ACBC92604492C20AFF4DBCA54
Removed client of component 0E0A606E050C51546B3A568602BAE8D0
Removed client of component 0F2FECD8B9A2E99429AC1B6817994E8C
Removed client of component 10113185EAA56CB40B8671675A2B3330
Removed client of component 1160E1DA405F05E4D9EB901BD5A42B01
Removed client of component 11C75D739BB5C564CA67200F02502840
Removed client of component 1229C23182769C343810AD9DC875A619
Removed client of component 1294C22CEFB68FE47B16FC031014CEF3
Removed client of component 1331A197E49095A4AB9115E0EF11F4B9
Removed client of component 1334D3BDAED5B334D8DF32DA112EC02A
Removed client of component 13B9F017CD9E9F547986C5C9F0334941
Removed client of component 13D0A962B5874AE4E9DAA5B0AFB63C3F
Removed client of component 16822FF0B8B152D4BB7351722D0E9F42
Removed client of component 1753368CBA87DE6408986CF8877EDEEE
Removed client of component 17C3B139456DD294CA4772C76C4F3E29
Removed client of component 17D56CC4334E345428B32BBFE9FE489C
Removed client of component 18134877A5672094C862A55246A5A01F
Removed client of component 185212BE12943B64AB1C92557D1F22C6
Removed client of component 1917393323A4E5245B675DD7CB2E976C
Removed client of component 19D56AB20C62FA349A582148DDEF96BB
Removed client of component 1A2EA3E38BF32994FBB9C2383C964AF1
Removed client of component 1A6D521BED56300429CBE79587D04008
Removed client of component 1BDEE3BF73635124781CF703EB587AC0
Removed client of component 1CBB9E59A5B2231409D45741D0522BC8
Removed client of component 1E70484D3B09A6F4A974D245179DA847
Removed client of component 1E88D1972ECABC648A49D4EBA775AD30
Removed client of component 1F9C335B4A531DD438869858E210EF3F
Removed client of component 1FAFB23A98423F447A10821A30C48710
Removed client of component 1FDA6A8D88228584695F4C042FD8C081
Removed client of component 2008B947688C7984D8DD6AE403380A82
Removed client of component 2075993E0E66D024EA5AC8FAC72F5485
Removed client of component 20DE7B4777A71E54CAFB5C72365C10AA
Removed client of component 210E75C0E9DCBD945AF7B8F147387BFA
Removed client of component 211D94CBB2811FB49B891121BF602226
Removed client of component 22468562051534D448C2BBA8C4052EF2
Removed client of component 229F43BAF07535D4C8EC77E7139AFAFC
Removed client of component 22B5E2850963BC24B8D363516125D16F
Removed client of component 22FEBFC81CBA07349A7CDC1ADA12D1A8
Removed client of component 2325EE6A1284480499D3975F64BB3904
Removed client of component 23996BB0F4A4F0E498A1A5B660E05846
Removed client of component 23BFD610843EF554282072CC99201F5B
Removed client of component 24A5177023A30C541B8BB75CBE606780
Removed client of component 25550E98C966464429B5F85C26CF6676
Removed client of component 25E66B71806DAC84CACB255733924178
Removed client of component 25F1D7899CFBC50418BC7155E3D068CD
Removed client of component 2635E76F3A7B4F24AAD65FE657E05A49
Removed client of component 26C33E702E8EF864EB1C6CE0CE702AFC
Removed client of component 26E7AEB4FF20E544B9E7A77109792FD4
Removed client of component 27AFB6B10F18812478FB750FAB7F67F1
Removed client of component 28199E161D2C24449A79954BE824D977
Removed client of component 282DAE4956216FA44B1F075DF32A604D
Removed client of component 29EAA663140FF294682531A519954E78
Removed client of component 2A4A2AC62EE146B4AAD88E19272AEB43
Removed client of component 2AF699BADD1BB334BA222887EBFF0F6E
Removed client of component 2B76A3FBB9F78A8408A67A92ABBB4EBD
Removed client of component 2BE05E7ACED1F134585817FBEA16DFA4
Removed client of component 2C80E655B0968734CB8208895390FA5A
Removed client of component 2D56CCBB52263F141A29BD9F3755DA87
Removed client of component 2EF709E27AE69B246943ACA05E71EB90
Removed client of component 2F1B70D90DB5CEB498423D053F29E589
Removed client of component 2F374FE12BD03C74BB77EBCD71ACAE54
Removed client of component 2F542ACA503FECC4BBFC1900882BDD29
Removed client of component 2FCC76096F508F944B8BA1CA1D708D90
Removed client of component 3008A2A7F35ED0241A456490F3A7BE31
Removed client of component 3038FA51836630D4C988B2C630AB92A5
Removed client of component 30C6CBADEEF0D304F8CDE3809081C7A5
Removed client of component 31676CF96F91F9842B77010B5735C654
Removed client of component 3184777C5B70B8D498F23BB707BC37DF
Removed client of component 31C70B17390B5204FAC251403BDEC8FF
Removed client of component 3265130BA4F28BB45AECABBCEAA687BE
Removed client of component 337EF3FCDAD314C4ABA5575A4489533B
Removed client of component 33FAE42E266F6E34B8C81B6DC4F34E03
Removed client of component 343E25806F0F1B645A2A17BA9C68C0E3
Removed client of component 35B8C6954A2394B45B966F8C21F73FFA
Removed client of component 35E04A92CF2BB824D85B00DE1D5260EF
Removed client of component 35E7F773C56946D4D813954AC0E35EC1
Removed client of component 36A37EDAC6D3EFE4BA9F27AE56BD155D
Removed client of component 36E33FAE37AAB4B4B88E1684D1F1B82D
Removed client of component 37EE0A9716C4F0B4685B2F1AA59A7BEF
Removed client of component 396127410084AFF46B2FECCA2DF4DC40
Removed client of component 3A8F7C3820FAEC5408173CAC741FFDBE
Removed client of component 3B525E2629BADAC4C8B3CDA7C194DB7B
Removed client of component 3B950C22D1710DE42BCE3879312619CF
Removed client of component 3C2606CE7D180CE49B5CA5F80EE0BB5B
Removed client of component 3C86F9527337FC347AC400A08794EC68
Removed client of component 3C9F83B184E677240B9B6D71D80EAB14
Removed client of component 3D6E38EE2E13A8D4BA8FA9BDADF18C40
Removed client of component 3DBB7C8082B8AE243A1CE13DC94385C8
Removed client of component 3DD029C187318CD4BA09AB43538D5A7C
Removed client of component 3DDA2BB5EEF7C8D41868A3BB25A11911
Removed client of component 3F7C429BF1438DB4C9036880EA75DF56
Removed client of component 4141C572FDDEC994C8E852EA3DE9CB16
Removed client of component 41F4F9638B8EE534EB73D0BC25F57DC0
Removed client of component 421C936DB40364544A70696FCCA6AF0A
Removed client of component 4280B023517ED974B9BCC2F24902777E
Removed client of component 43719DFC812F04E49A6809F9D460C36A
Removed client of component 43C9C3E10FCFED24C8B92BA057284BC7
Removed client of component 44098108E9CBDB344A1E749D7A798720
Removed client of component 44324E6CB44B23F4F94E5C6BBCA17BBD
Removed client of component 44ACF0F7D64B5164FA1E60936AE2A863
Removed client of component 45794E297B4A24B458CE211C340481CD
Removed client of component 45DCB5E5A901E4D4FAD34616732F7864
Removed client of component 45F2EF8BD0399BA4EAE6110204588A1B
Removed client of component 462FD372902940B46A02CF1358EB6AB2
Removed client of component 46B5C99A18D5BB845BF5D15DB872DA45
Removed client of component 46D84DA84D3972148B6260B828714A3B
Removed client of component 46D9B5FED84296144898854802FF7B01
Removed client of component 4748CF3650E028F4597FD62988355E6B
Removed client of component 47B55272E8462B94290DCCC5EF93D888
Removed client of component 47BE1944849A0A6418775DFE70828C53
Removed client of component 47F29012320A9C847B26E0DAD41954B5
Removed client of component 4803E39B3CD237F4B83BA3B137E2DA92
Removed client of component 488AE3F84E10FE94AAC40B25111D1791
Removed client of component 48947077F1670344E8055B700CF07570
Removed client of component 48D78EE12D0E8BF46AD600696D7A8B39
Removed client of component 49A72B577E85DCB418F1086EC1DA502A
Removed client of component 49EE204195AB86B49889BC5A4F30D116
Removed client of component 4AB277B2631956F43954924F1B497A16
Removed client of component 4ABD5938F0394654D85244005FF774D8
Removed client of component 4C567125E922BA74E9F920102013463A
Removed client of component 4C5D6108EEFC9A448A058922A42567AF
Removed client of component 4C77AD161D1A2B946B0F0C225E174C59
Removed client of component 4CAB8509E4D29514E818B34FC2AD7EAA
Removed client of component 4CCC12613739D3F4BA0FEB9C97575BAE
Removed client of component 4CDAFE439DF04644B83616A27E715577
Removed client of component 4D4AE93FCFB97B54CBCA281AF96AE939
Removed client of component 4E101FE4A6705534E85778BEDCFAE954
Removed client of component 4E3519676F830274D820457C291C3988
Removed client of component 4F2676CA88CD11A4A982510711DA2CDC
Removed client of component 4F80A4ACB9CEA2C4F8C4B1C7C41B5CBE
Removed client of component 4FDD6182E4E36314AB36FC4229D05297
Removed client of component 502B009C4F39BE94A943EAD052765BB9
Removed client of component 5138EBA34F7B7F14F889AB4B0D8DCFD6
Removed client of component 513D9D177FF2D3D4F9BCC088F2948061
Removed client of component 514481C671BCC1D4D98977C85725A7F9
Removed client of component 51809D89B2C20B748B8065C6E4633E9C
Removed client of component 51B4AC74EA89F4C45A09D4AAC98C1AE4
Removed client of component 5216438FD02B4AE4F9C8E28A94FB3044
Removed client of component 52239F24B7B7AC14297D761D82E0F8EE
Removed client of component 531D44E433BE43743B90CFDA783B0A5F
Removed client of component 53256F994BE067047974E8F64D59E507
Removed client of component 54486E81CEF9C9249B6182AFA9E761EE
Removed client of component 548F4CD29C0E4A84DB9B3C48DE27C1AF
Removed client of component 55567FA34749D7241884E1018B1F71FF
Removed client of component 5576BBAE30254094C961F3781ED58199
Removed client of component 55B341951D642CB469421C6F62624FDA
Removed client of component 561591BE15EF7284BA6153D8C085A187
Removed client of component 561823DD02685B247B944FFFA410D1E1
Removed client of component 5654585E197228D408E7D99E895166BE
Removed client of component 566AF3C4AE1ED4E41BC9F8518B29AF81
Removed client of component 569134F94BC49AE458DD5AEF25F26254
Removed client of component 56D31CCDE3E38A342B9F6F58C09A6F99
Removed client of component 5721F1A6C652BD94F80BC1F749033938
Removed client of component 5951E01816274E44AA25FFFC567A9390
Removed client of component 59CD92F58573F8745AC982E7D349D0A2
Removed client of component 5C42B1BCB6E83064FA99344123B4393B
Removed client of component 5C748B3BDDEF53340976FE0AE4DFEABF
Removed client of component 5CAE4D57E5C1002499B6A9604F109607
Removed client of component 5D805BEFD13150A488FBD75C232FBFA8
Removed client of component 5D923EBC7BBBACB4BBBCB9A435F5E58D
Removed client of component 5DEA20E0D563C7940912C57B1DD758D5
Removed client of component 5DEADF40B3E135648A8F1D44A77BEDED
Removed client of component 5E0C6A0C6DA1CC541AC3DC19A6FAEE61
Removed client of component 5E53FE5B89491A1469AA24FE167E66F8
Removed client of component 5E8C5B61E578C1E409267CD36029EE34
Removed client of component 5EB687D9384D48D47BBB170573C15B7B
Removed client of component 5FF313487A131A441A9EBF4E82B47654
Removed client of component 5FFFBF4F757701E459B7EB15149421AC
Removed client of component 62B990691FFE2BE40B2093B2E8FADC29
Removed client of component 640B467D4E9FA4D43A5F5FC3CD474811
Removed client of component 64A79AF5F52152E4B94921B13F006BA0
Removed client of component 64E8B4104D3205845B6778C10A063AD8
Removed client of component 653EB90AB5F1FAB4EA3D4DF4E614CCD1
Removed client of component 654FD6FD7F74FF047BBF46A837C689F5
Removed client of component 65508D182CB53B94FA95D8C6C3B4C6D2
Removed client of component 65DE48E87B3F61B41A709287AEF35FDE
Removed client of component 6610CAB786A7D3440BC0DFB6DC9D9FE1
Removed client of component 6644148BA9523D4419015854A2C26E9F
Removed client of component 6799C9E4386AB314989FD7CD1EC0DB1F
Removed client of component 6857FE5E0F03B9C41970C58B3837E4AC
Removed client of component 6868CA0174CAC664EA78C674CBD350DE
Removed client of component 689EFAD38633314478A150224BB46661
Removed client of component 68DABAA9EAC5C1E419D1FA1F4B5DB0E7
Removed client of component 695ADC587FE7153498EE9E8FDCC83554
Removed client of component 69A6F144A153F364499AD9E627047D55
Removed client of component 6A220368D86090E47BEBED0AD6449FFA
Removed client of component 6A2B9EF819FDF784093273339A4D54B6
Removed client of component 6A93A02ADE963AB4EA3963505708CD0D
Removed client of component 6B07D2DD36B6BE7479714CE32B21789C
Removed client of component 6B91DFD870CD71547BCF0A998C7AB3B4
Removed client of component 6BA6F96819F8470439D8D52879235EA1
Removed client of component 6C5F01B9865CCA34DAD9DB9ED94E19D1
Removed client of component 6D3FAB5D95A61AC4BB214850B519B855
Removed client of component 6DFD7C34901596D439E1233487962F5F
Removed client of component 6E353241AC58CE445B138AE2DFC664CE
Removed client of component 6EA3FD44EB045A74AAB70C0BAE4AAC2C
Removed client of component 6FA581CD040024D418146D0C0673050E
Removed client of component 6FF063AE57C0AB9478DE4AF5C9A3EB6C
Removed client of component 706D29CA65F67F546A6EE02FD237B3F9
Removed client of component 70CD6E96A48481040A11C78D7D583535
Removed client of component 712C017237A9EC44D86537290DD784AB
Removed client of component 71702346AF4BC564689B1CD845F3F57A
Removed client of component 71A2BDD38BCDE1F4488F394D4476AC0B
Removed client of component 720021D6561E7354C91F67FC93382997
Removed client of component 726D48A10AF429A46A8173FF00E539C7
Removed client of component 72908989578056247A810AC6158817A9
Removed client of component 72A8FF3BF56ED6B479F34F1FED3DCEBE
Removed client of component 72B8EA74BFCAFBC4E8D3B2F3721FD1C5
Removed client of component 7328D41C6000437469B01B21D10F187E
Removed client of component 735FBAA5909FDD24AB2B7ECE01CF4885
Removed client of component 75E932D8A8A95A5488100E46F2C66B8B
Removed client of component 7602F9CE7604DDD4282A97FDF29191BD
Removed client of component 77CD3417C7F0CD84FAD28CE58951C33F
Removed client of component 77D6962090E8D294AA3A7B2EE54BF46F
Removed client of component 79396622B4F9FAB4DA331BD90E4BC8A6
Removed client of component 798E6C16893665F47A2FC50DA13CAA1E
Removed client of component 79B4EF821F7493C4BB90332226772C75
Removed client of component 7AB633B85A12D8548B626C28C75B5A4B
Removed client of component 7AD897931EB87264F8A5B66B15778EE8
Removed client of component 7AE8A4C6FA6F1144EB0A7F8EDC02E54C
Removed client of component 7B197230686D7E145B5AFD8F824851FA
Removed client of component 7B21B3EAEC8E50E4F80DA5551725256F
Removed client of component 7B7D687F091929143A1242AE0F34327E
Removed client of component 7BF498EF10DC4EF47890866747C996A0
Removed client of component 7C2C19E0E35460D45B33FA888D94365E
Removed client of component 7C5B7B6A632F12B409D9EC556D324D89
Removed client of component 7C9EBE821800DF3468999A956B7E1EE1
Removed client of component 7CC68EAD596B5AB49A85ABD3A35C91C3
Removed client of component 7CCAC3A09B5E4FC4FBB6AB89499518FB
Removed client of component 7CD11BDE0B182F74889AECE3804FC38F
Removed client of component 7E654F64BF040CB42A9E991DB852BC56
Removed client of component 7E6AD18045545E74C8360BED280948BD
Removed client of component 7E6EAEC0ABC69964097C30F7C5FA7FC8
Removed client of component 7F32DA778918B884AAB03B3DC91E9512
Removed client of component 8004E75696E20F64AAE7B4F4FD11C4BF
Removed client of component 804593F436EFA6E4D8A68F2228D7A9EB
Removed client of component 80BA031215FE7E545AFE19C65116ACFF
Removed client of component 81084638CCCC3764686D1C5286F2BDE6
Removed client of component 810AB3FAF583DA84D9798C5B58E9DB1A
Removed client of component 821815BE7D9388442A155AC270B0EB20
Removed client of component 82ACF01C1922603408337A02477499A3
Removed client of component 834C62364C652BF448A64DDC0565B08D
Removed client of component 83AB40A8E511914499278F713FCA92A8
Removed client of component 83BE7F45F77FA6F44982EB6A4EF7FF08
Removed client of component 846D61A25B5F51542B35CBC87EA4F6F9
Removed client of component 8482382ACB4D36141A1088FDB251B22A
Removed client of component 84A6A39C7956A464280111A6F7506D23
Removed client of component 855333CDD2A30A84CAE4D3D278F9D35E
Removed client of component 8595E7F2925166D448512B87B0636EB3
Removed client of component 85EC1D8B7BE494A4A9DE14D2271176C6
Removed client of component 8623F49D40DDF6449ACF27765E3BFAC3
Removed client of component 86E06B6B7EB35F74393C0748AC5BB271
Removed client of component 87484B542ED1C9741BF8E61893BE49F2
Removed client of component 879524733267ADC45B480CC93814C034
Removed client of component 87E65CE61B37AA141A0673DBFCFA293B
Removed client of component 88212AFD50DF4224A89B3D4A54B261EF
Removed client of component 890DD8C4B31ABCB43AD4520A432C714D
Removed client of component 89DBC3A401686C34BBFB5C2E12E5039A
Removed client of component 8AEF85F049A135D4A8CBC42F05C8AC18
Removed client of component 8B4D9423A4CE8E143898292C762029DD
Removed client of component 8B54A4C4880524844A785118DC0B4586
Removed client of component 8B5BC1C170CABFA4D85081BEEA06E6A9
Removed client of component 8B81711D163FAE744A4520C02A1DD69F
Removed client of component 8BAB9EC16D38D5C40900C2D0A0E053B9
Removed client of component 8BEB9880787BF3441A7A14301B9F9FF8
Removed client of component 8D42F55342EC43749B1B4935297F162C
Removed client of component 8E365B3CCB629E2488BBE3D9321CF61F
Removed client of component 8E4BB229040580D4FAC0F30D3E4D2C9F
Removed client of component 8F80768C5A2FB724FA9A15F6933C7A9E
Removed client of component 911C7F6595BE4D54AA720DB0CE8DFBBB
Removed client of component 92BF1B389FC49114D9301F4A05399F30
Removed client of component 93307303F6740C441AAFD9703EC6BC3E
Removed client of component 9380ECFF44B81204EA8C3C155CB2AB18
Removed client of component 93E3091DF72BCC94583503A51E765C2A
Removed client of component 948FDA73393388B4F8E7A4206BEF1022
Removed client of component 953407AD6F7AA894B93C795CE5BAAF65
Removed client of component 9571466ACF8C58743A8E5EA195B19790
Removed client of component 961294F76542D2D428C51933F45EFD0A
Removed client of component 963B1A956C6C0254F8CFEC6E254994D9
Removed client of component 964A33E77500CC34B8D3F5DEAD6212A6
Removed client of component 9659B3B884B0F7C42AB85B70746BC680
Removed client of component 965AE790E109E2C42A261E6A07D6A8BC
Removed client of component 96AE0B51A5687F141A9C01576B2D7313
Removed client of component 97F18D5A521A9B442900BB97AF8C2359
Removed client of component 98178CB359DC479468E2BE534556FFB2
Removed client of component 987A4150037F34641B7012983A921BA9
Removed client of component 99528F39FC7D1294B9F16EDF422CC0ED
Removed client of component 99CF5F9438A103741BA140E8A1D41DB1
Removed client of component 99E9E0635B5043A46BC37FDCF2856EF2
Removed client of component 9B66115DC9AF0CE48B695D90843157DD
Removed client of component 9E32171526E035148ABB59864A80487C
Removed client of component 9F151BEC081DA8D41A98336AC4820180
Removed client of component A056AAF21F8A5154AA9AD46C3A0A0B7C
Removed client of component A06309057A52F51458781728A6C9451F
Removed client of component A07A6C2A00CB0EB4A83A31FFFB82B89E
Removed client of component A0C50F52AEB46744BBFD74E707E0187F
Removed client of component A108FF111F88767428119CE536448E7D
Removed client of component A10D6D7213395384493111C358326670
Removed client of component A1ADB485A68C51F44BA67FFD2EA5AF3D
Removed client of component A2394664852800849AF770B3BCDB381E
Removed client of component A353100DE5B41F14F91BC2FDA9D46295
Removed client of component A365C4EE69D3C7449A979CF8FE9FB627
Removed client of component A372D19968CEAD64E920EBBC901096AF
Removed client of component A3CCE180BE400EC41B9078E0A3F5620A
Removed client of component A5A2901B8ED3C74428038DDF0CAD1A41
Removed client of component A5E2A71974C4A174B98548B7A9E9326C
Removed client of component A66730D4E7D37FC4EB5AF9B674C3FD1D
Removed client of component A71ED46FC4B47D74D9613138FBDF7A99
Removed client of component A73F5A4BF80CF2E4CB1F213802A925FC
Removed client of component A754AE0AE1C52EC498470B0914896271
Removed client of component A7DE4D63330CBB44FA0177DB7AB0FFC3
Removed client of component A8DC272BCC1E9A44DA8DF6DD911CDD84
Removed client of component A939D52CC1BF142468A2CF31C9C8038E
Removed client of component A9C55700C1B97414892212F15ACD3BF4
Removed client of component AA19CADC81102DE4FB9357E094811401
Removed client of component AA19ED57572AA2D45AAEF965A23C9DF5
Removed client of component ABAFBE26F639A244C9661AC80A2948AA
Removed client of component ABC0F11F742154F4586F6952BBD914E6
Removed client of component ABE5CFE339AF1D2469A7E82216BEEE00
Removed client of component ADDD6E6F6A164D244863C8DC3A5E3B85
Removed client of component AE49AD56A5E5DD64AA073AA568EA7053
Removed client of component AF4F62019D8DF4A4A811B9EB71AC50B8
Removed client of component AF6EA2AA069A69649A27DFD569198B0D
Removed client of component AFE883C4C2BDEC84AAAB3CBDB9581120
Removed client of component AFF4164F45E5E66469907EDF0A2DC92D
Removed client of component B1609045546361B42BA8C7EF6CA8CF3F
Removed client of component B162234C0442B7B4A83BFAC9661DC700
Removed client of component B2549425970DBE34AA506964E890687A
Removed client of component B2662364214F67743BDC18FD57441EF1
Removed client of component B2C3D904566D94E449E0A031F56EECC8
Removed client of component B3410769502392F4189510EB8BBD0E91
Removed client of component B3B135D9E99694A4188E9ECF2D554EB1
Removed client of component B3B761886946D824FBBF093EC6DFE777
Removed client of component B45AE56C684CE154D836D70106B249BB
Removed client of component B511A9E16413AEC4EAD7976B62367C43
Removed client of component B58E047EDA358EA42BC32DBA1A233E83
Removed client of component B5EE2A4CD2BCC57488BFE8857AB8633F
Removed client of component B6461344879161949BBC4F5E380F406D
Removed client of component B661F51796FFF2E408DB50E00715729F
Removed client of component B6D0804A314D9794CB2DC1CA9447CC87
Removed client of component B77E399F316FB5B4499A11E50340623B
Removed client of component B8B508FCD147C084F83E018405A1C44C
Removed client of component B9CB1D94F8858C04BA13E89AAB1C0284
Removed client of component B9DF2D1F41354D442AF1F242A8665EFA
Removed client of component BA80C2C17E6945E44A0FD425DBB931CC
Removed client of component BBC446FC8355DFD449BC6166F1BBB613
Removed client of component BBD9AA3D4C93D684DB29A3DCB022AD12
Removed client of component BDC737DCD9DE0D643AC96DDCCE5C07B6
Removed client of component BDD1304A43E32BA41B0FFAB0108E8072
Removed client of component BFA11F3B084B5444A9D92BF7B93DB990
Removed client of component BFB21F994130BEF419041621F07E8782
Removed client of component BFFE52CB932A25D42BCC608713696FAB
Removed client of component C0261E6904BDF7348B44D356A7AA2309
Removed client of component C0B5014087ACDA945A587A729DF6DC48
Removed client of component C14785E9A058F9F41BF680F1D3724416
Removed client of component C17373E81B9FF224A990D931EDB16E69
Removed client of component C23CEAF07D0153E43A26AD188D760E84
Removed client of component C24F2351362B8B940B2D58E6B82086B7
Removed client of component C29B30BB29EB8CF4CB76AEDEAE6056F5
Removed client of component C319541FB2F4AB846A6F42BE9F8FB5FD
Removed client of component C43689236EC26024EB82FEE71B1D041E
Removed client of component C4EB236D40062004681585648F7CB3D7
Removed client of component C4EC124CE2BB77749A870FD954F75043
Removed client of component C5BD9E0B68A881F4C85FFD8B436EDB79
Removed client of component C6AC8CBE60036224AB11C8E1E6866658
Removed client of component C70E40151346A464CAC3BB3040C3FFE7
Removed client of component C72AD2BEFF57A234BB7D2E951AAC6D78
Removed client of component C72B5D609349ECA4295ADFB7489153F2
Removed client of component C76CBC221119192439CFB5E6C010C8DE
Removed client of component C80DF796BE0809D40A77E55ACDF71A31
Removed client of component C886527D8FC6F67409CC1785EAD83508
Removed client of component C8A2E4D07D50F364F99155DB781A9F58
Removed client of component C9BA4A51AAD9A744ABF5EF8242E802A0
Removed client of component C9BF59E72FEB9B242A5C0F3AE0D5A649
Removed client of component C9C9E1616F583904888ECE63AA74F5F3
Removed client of component CA6A832184C4EF04BAE9FEBFC497CE4E
Removed client of component CE1AA8C92466A6747BA25E4D01274A29
Removed client of component CEAA405BEB8763149A48126E6014F3C4
Removed client of component CEFC90340148BD342B596878A3121636
Removed client of component D0353734116C1D44690F8BECC2CD71CB
Removed client of component D0C974ECF4B51954B9B80E5112305086
Removed client of component D0E140E2372E47E47946907997F0312D
Removed client of component D1087D78F1AD9124CB794B0620A028D9
Removed client of component D117A111F55F063488943A615938D0DB
Removed client of component D179C80670F84B74A90E15A025625247
Removed client of component D1AF2E0DD13DB534880527814259979F
Removed client of component D278E9DD5A8002949B908CFBBFC017D9
Removed client of component D27BCA74867186D478F920A3BC04608C
Removed client of component D33B975E75A5EEC49B5E48741E43F5D4
Removed client of component D42F0AC01DB8ABB4180C0CC4C3765BBF
Removed client of component D4EFA60F474DBAB41A8EACBEF1B40AD3
Removed client of component D503CEFCF9265A541A280C86705BDB6C
Removed client of component D5115D25F1F0DAE448F839421C91EF22
Removed client of component D51BD8D8F58BD37469643BA3DC763517
Removed client of component D5698D794EF48174A9F9FD151E71D8BA
Removed client of component D61754AECEFF44740AF580DAD2E48103
Removed client of component D62C84E36A90EA64E8CF59FCB6A29548
Removed client of component D77F0BD452924A04CBD540F8DE8FDF7E
Removed client of component D78F64769AB6A8045B0DABF06D587428
Removed client of component D7A4EBFCA077D3B4F9554883D91B070F
Removed client of component D8162C27134D99A468E25922D6AB8583
Removed client of component D833DAB9F8C31374DBD853AAB1FB4660
Removed client of component D8EF955920A078E418BB50826E72C3E7
Removed client of component D9435ABFDF2100C44900D38F593F1188
Removed client of component D96F9FE9AA695B442A278E5C84FC3EFE
Removed client of component DA34FCB0EE9B39949B4F6B4739C5EE1F
Removed client of component DAFC7D66033AE2544A21D82D2BE4BF5F
Removed client of component DB5D87A6B240C3B4BADE455E73C7230A
Removed client of component DBB7540C11E99614D8097534A4F7F3A6
Removed client of component DBD29A8A1BDEA8C42B4608C10AE17C6B
Removed client of component DBE12B25B4303AE4C80EE2E93F3FC281
Removed client of component DBE477856286AA2429FF013F928E46FF
Removed client of component DBE57D6255BE5404BBC945E30F3E6347
Removed client of component DC1173CCCF2A3D044AF2B8129ABC57A4
Removed client of component DC868CC2B9633AC499E0C44E87F451D9
Removed client of component DCE0D7210CE76B24785DD118294B2495
Removed client of component DD8A1B762D5B1E54D94D1E37893F997B
Removed client of component DDBC80958C7824E469EDC81FC5BFF7C5
Removed client of component DEB17BFED186DF941BE28184F84DD44B
Removed client of component DED8294AE76892141A450C7B9E4E81CF
Removed client of component DF3FDAA316AC05C41A3BEE3314107B0F
Removed client of component DF481EEB8C8DEE34A9E0F3C901B6BDDF
Removed client of component E014501B4B3A47B4EA7CDB86C02B1C9F
Removed client of component E04EAF5E210808C499C92B2F882B196F
Removed client of component E0E55499C750B744D8AA2DD2C51F215B
Removed client of component E13066ED80B8DEF4EA22B0658D525544
Removed client of component E27993E4D0C921B43813964F4BEE467C
Removed client of component E2878CA19CFB8D0449EFA6688045BF1E
Removed client of component E2BEF61238C055243A935454CE9063E7
Removed client of component E2D0A72699D2B0442953D5A12658A819
Removed client of component E3296E451863A5B4C8AE952B7CAF3371
Removed client of component E40C0B1404B423E43A48473CF1D5D680
Removed client of component E45D29DDEA79F654993C609E664AB523
Removed client of component E4CDC7DA2906F864283C825FE1D1A6C8
Removed client of component E509A2CD6DD8F7047899816620D125B7
Removed client of component E536B234CAF84C547B881E3454E77311
Removed client of component E5C6183CF94C0D148ADE8AA2CD4B16A8
Removed client of component E5DAE992DBB3A074B998C5FE88B227E7
Removed client of component E6880F28CD5E41E40AAE25A13155EB6B
Removed client of component E6DDB8F1DA748394DB7D1BC21E874B17
Removed client of component E6EB31D633633574B9C3CBBEB2DFC828
Removed client of component E76ED55F0D7CF95448D10457D0BF4BC0
Removed client of component E7852A52685BE624292D38F757FE36CC
Removed client of component E78B6832311DA25428A1F669226E6AC6
Removed client of component E7C96231B0DA18F42A0342161D725E82
Removed client of component E8851D4B21181D1478FE69F9B611509D
Removed client of component E924B76507A48744AAA39DFECFB76574
Removed client of component E9E6C3BBD6FB3AD41BFC487195407F65
Removed client of component EA0CE4D6C5E08EB4B9CDBE0AE668C206
Removed client of component EAED265DBCDA4924EAD785619AA3CC58
Removed client of component EB06BD404D6EB77448B48C83D896EEAE
Removed client of component EC4B3DDAF5FD3454A8E97584BC3A554F
Removed client of component EC592B5E615887545864FD6C7486C831
Removed client of component EC8AA2BAB22DB2345BA394258AAAD4AD
Removed client of component EE30CAF1CC0336C4794F78416D385089
Removed client of component EE472FC57A9B09947BFEAA0985788026
Removed client of component EE8CA1ED3FD462A4395C95B424FEAD31
Removed client of component EEA4BA1D0B24CF14B8355A39160FF647
Removed client of component EEC5588768714D541A7428656F8C75A2
Removed client of component EF75FB5C7BF5BFA439BF365D71BF0617
Removed client of component F0839BF88786D904D842E3A12C0E09FD
Removed client of component F0F94B07BE1BE2648A67B781B951C179
Removed client of component F1AB1B5FABB546044B9BF2A322934DDE
Removed client of component F225404FEBE3F5C4C99A619664D3446F
Removed client of component F325D7BB7989D8F4D876651E5811E2A6
Removed client of component F3B41CD9DC2872841A5503E9322C1EE4
Removed client of component F41AF0103B63552448B4A5B7705A9545
Removed client of component F42F59C9A28B0444EA5CAF4938C0ED2B
Removed client of component F54AD994C5DD56F469087AF1C066AAE4
Removed client of component F653643A61A602E499471CC4049B2C4E
Removed client of component F664F7D49DCF66048A6FD6D98FDFD25D
Removed client of component F7335F2C73F64B3489DDD7399C0443D7
Removed client of component F754C366C000F584C975BC5590BFEB46
Removed client of component F91F9D38A6E8BE641A615DE460EC9877
Removed client of component F98C4D786BABE13449CE07B8F727071E
Removed client of component FAE5D93B42135D2489DD530FC0B83817
Removed client of component FC7B9D1C4E3BE5242A34014B01ABCC77
Removed client of component FCB5D3937B2951F49B31964074B72BD2
Removed client of component FCE1607A0136E9E458D28FF9D4755A89
Removed client of component FCF93C3488C5F374083DB45D2C022983
Removed client of component FE265706969CEDF4587F7EBF7583539B
Removed client of component FE33B95DA083E6448A6F8B5CA63679E1
Removed client of component FE591ED4921DEBF44A24182C3BEC254D
Removed client of component FEF04CF8569CEF44CA31AEF5E25AC88C
Removed client of component FF22F27BADB172549A3EF01ACD7BFD35
Removed client of component FFFC736AC7AD1424AA692D09D92EC491
Searching for product 0684DCCA83B210347B4C2FF765F73EAE client info data. . .
Searching for Installer files and folders associated with the product {ACCD4860-2B38-4301-B7C4-F27F567FE3EA}. . .
Searching for files and folders in the user's profile. . .
Searching for files and folders in the %WINDIR%\Installer folder
Removing orphaned cached files.
Error enumerating Products key for S-1-5-21-2103894636-1046192603-3950623487-1000 user. Error: 6.
Removed file: C:\Windows\Installer\14faf593.msi
Removed file: C:\Windows\Installer\14faf59e.msi
Removed file: C:\Windows\Installer\53653a6.msi
Removed file: C:\Windows\Installer\34e03.mst
Removed file: C:\Windows\Installer\53e1562.mst
Removed file: C:\Windows\Installer\34e04.msp
Removed file: C:\Windows\Installer\53e1563.msp
Removed file: C:\Windows\Installer\b07b0a8.msp
Removed file: C:\Windows\Installer\bc9c797.msp
Removed file: C:\Windows\Installer\f72dc42.msp
FAILED to clear all data.


***** Zapping data for user S-1-5-18 for product {0B7BE3CA-AF33-4CE3-BC27-1456C96EF996} *****
MsiZapInfo: Performing operations for user S-1-5-18
Searching for the Windows Installer InProgress key. . .
Searching for the product {0B7BE3CA-AF33-4CE3-BC27-1456C96EF996} cached package. . .
Removed file: C:\Windows\Installer\10ce1a54.msi
Searching for install property data for product {0B7BE3CA-AF33-4CE3-BC27-1456C96EF996}. . .
Removed \AC3EB7B033FA3EC4CB7241659CE69F69\InstallProperties
Searching for product {0B7BE3CA-AF33-4CE3-BC27-1456C96EF996} data in the HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall key. . .
Removed \{0B7BE3CA-AF33-4CE3-BC27-1456C96EF996}
Searching user's global config location for product {0B7BE3CA-AF33-4CE3-BC27-1456C96EF996} data. . .
Searching for product AC3EB7B033FA3EC4CB7241659CE69F69 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Removed upgrade code 'AC3EB7B033FA3EC4CB7241659CE69F69' at HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes
Searching for patches for product AC3EB7B033FA3EC4CB7241659CE69F69 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AC3EB7B033FA3EC4CB7241659CE69F69\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AC3EB7B033FA3EC4CB7241659CE69F69 for product data. . .
Removed \Features
Removed \Patches
Removed \Usage
Removed \Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AC3EB7B033FA3EC4CB7241659CE69F69
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\AC3EB7B033FA3EC4CB7241659CE69F69 for product feature data. . .
Searching per-machine global config location for product {0B7BE3CA-AF33-4CE3-BC27-1456C96EF996} data. . .
Searching for product AC3EB7B033FA3EC4CB7241659CE69F69 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product AC3EB7B033FA3EC4CB7241659CE69F69 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AC3EB7B033FA3EC4CB7241659CE69F69\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AC3EB7B033FA3EC4CB7241659CE69F69 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\AC3EB7B033FA3EC4CB7241659CE69F69 for product feature data. . .
Searching old global config location for product {0B7BE3CA-AF33-4CE3-BC27-1456C96EF996} data. . .
Searching for product AC3EB7B033FA3EC4CB7241659CE69F69 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
Searching for patches for product AC3EB7B033FA3EC4CB7241659CE69F69 in Software\Microsoft\Windows\CurrentVersion\Installer\Products\AC3EB7B033FA3EC4CB7241659CE69F69\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\AC3EB7B033FA3EC4CB7241659CE69F69 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\AC3EB7B033FA3EC4CB7241659CE69F69 for product feature data. . .
Searching per-machine location for product {0B7BE3CA-AF33-4CE3-BC27-1456C96EF996} data. . .
Searching for product AC3EB7B033FA3EC4CB7241659CE69F69 upgrade codes in Software\Classes\Installer\UpgradeCodes...
Removed upgrade code 'AC3EB7B033FA3EC4CB7241659CE69F69' at HKLM\Software\Classes\Installer\UpgradeCodes
Searching for patches for product AC3EB7B033FA3EC4CB7241659CE69F69 in Software\Classes\Installer\Products\AC3EB7B033FA3EC4CB7241659CE69F69\Patches
Searching HKLM\Software\Classes\Installer\Components for published component data for the product {0B7BE3CA-AF33-4CE3-BC27-1456C96EF996}. . .
Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {0B7BE3CA-AF33-4CE3-BC27-1456C96EF996}. . .
Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {0B7BE3CA-AF33-4CE3-BC27-1456C96EF996}. . .
Searching HKLM\Software\Classes\Installer\Products\AC3EB7B033FA3EC4CB7241659CE69F69 for product data. . .
Removed \Media
Removed \Net
Removed \SourceList
Removed \Software\Classes\Installer\Products\AC3EB7B033FA3EC4CB7241659CE69F69
Searching HKLM\Software\Classes\Installer\Features\AC3EB7B033FA3EC4CB7241659CE69F69 for product feature data. . .
Removed \Software\Classes\Installer\Features\AC3EB7B033FA3EC4CB7241659CE69F69
Searching for product {0B7BE3CA-AF33-4CE3-BC27-1456C96EF996} in per-user managed location. . .
Searching for product AC3EB7B033FA3EC4CB7241659CE69F69 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes...
Searching for patches for product AC3EB7B033FA3EC4CB7241659CE69F69 in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\AC3EB7B033FA3EC4CB7241659CE69F69\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\AC3EB7B033FA3EC4CB7241659CE69F69 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\AC3EB7B033FA3EC4CB7241659CE69F69 for product feature data. . .
Searching for shared DLL counts for components tied to the product AC3EB7B033FA3EC4CB7241659CE69F69. . .
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product AC3EB7B033FA3EC4CB7241659CE69F69. . .
Searching for product AC3EB7B033FA3EC4CB7241659CE69F69 client info data. . .
Removed client of component 1445E65C9B73E1349AE4CD26C1C70F38
Removed client of component AC395BE4B2B8635489A419917C137F01
Removed client of component D49E126AC9BDF1F478E1DB70D6BE2C4A
Removed client of component E93C68DB128DEB546801BD69347A4B83
Removed client of component EE206E74BA9268341900397599ACA8F4
Searching for product AC3EB7B033FA3EC4CB7241659CE69F69 client info data. . .
Searching for Installer files and folders associated with the product {0B7BE3CA-AF33-4CE3-BC27-1456C96EF996}. . .
Searching for files and folders in the user's profile. . .
Searching for files and folders in the %WINDIR%\Installer folder
Removing orphaned cached files.
Error enumerating Products key for S-1-5-21-2103894636-1046192603-3950623487-1000 user. Error: 6.
FAILED to clear all data.

 

[Broni]

Please read my previous reply.

 

[MH Lindsey]

Went to Run, paste this:
control appwiz.cpl
Press Enter.

nothing happened

 

[Broni]

Try to uninstall McAfee using command prompt: http://www.sevenforums.com/tutorials/272460-programs-uninstall-using-command-prompt-windows.html

 

[MH Lindsey]

Got to run - will be back in the tomorrow - many thanks!

 

[Broni]

Sure

 

[MH Lindsey]

I'm back. Had to check on my heart patient, I'm a nurse. Can't you tell?...Sick patients,sick machines. Followed instructions for CMD prompt uninstall - found only McAfee Online Backup among the many listed. Put in the code but did not get a successfully uninstalled notice before machine did its own restart with windows update that got qued up. McAfee Total Protection & McAfee Security Scan Plus still remain on desktop after restart. Will be gone rest of day, will check for advice late tonight.

 

[Broni]

Let's leave it for now.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[MH Lindsey]

RogueKiller V10.10.9.0 [Oct 5 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jacqueline [Administrator]
Started from : C:\Users\Jacqueline\Desktop\RogueKiller.exe
Mode : Delete -- Date : 10/07/2015 19:00:43

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {95B7759C-8C7F-4BF1-B163-73684A933233} : -> Not selected
[PUP] (X64) HKEY_USERS\S-1-5-21-2103894636-1046192603-3950623487-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-21-2103894636-1046192603-3950623487-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Not selected
[PUP] (X64) HKEY_USERS\S-1-5-21-2103894636-1046192603-3950623487-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {00000000-6E41-4FD3-8538-502F5495E5FC} : -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-21-2103894636-1046192603-3950623487-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {00000000-6E41-4FD3-8538-502F5495E5FC} : -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" -> Not selected

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path|VT.Unknown] \iolo System Checkup -- C:\ProgramData\iolo\scustask.lnk (/toaster) -> Not selected

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] vbo092ro.default : user_pref("browser.startup.homepage", "http://www.aol.com/?mtmhp=hyplogusaolp00000003"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK7559GSXP +++++
--- User ---
[MBR] 5bb61c0679644e75896a17b03a8ecc0e
[BSP] 020c9e162599a6e0ef6bf64a048703f7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 700416 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1434861568 | Size: 14685 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
User != LL1 ... KO!
--- LL1 ---
[MBR] 34a6b3252255c2b8856211aa0b0995d8
[BSP] 020c9e162599a6e0ef6bf64a048703f7 : Windows Vista/7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 700416 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1434861568 | Size: 14685 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User != LL2 ... KO!
--- LL2 ---
[MBR] 34a6b3252255c2b8856211aa0b0995d8
[BSP] 020c9e162599a6e0ef6bf64a048703f7 : Windows Vista/7/8 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 700416 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1434861568 | Size: 14685 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

 

[MH Lindsey]

Sorry, I had Malwarebytes installed but it had expired and they are not giving me another free version. If you really want that report - you will need to instruct me on how to uninstall the prior version.I did attempt to "name' of product" call uninstall, but it failed to list malwarebytes so I guessed at its name several times but failed again. let me know

 

[MH Lindsey]

I wait to run the other programs in belief they may need to run.."in order given". Well, I fooled around with it and may have MB working so hold on..skipper! Yes, it's running and will post MB report in near future

 

[Broni]

When MBAM expires it simply becomes a free version.
It doesn't run in real time but it's still good for manual scanning. You have to update it manually though.

 

[MH Lindsey]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/7/2015
Scan Time: 7:33 PM
Logfile: malware-100715.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.07.06
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jacqueline

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 429546
Time Elapsed: 38 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.SearchProtect, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT, , [49d98bc97c0f1a1cce01598fbb49ef11],

Registry Values: 1
PUP.Optional.SearchProtect, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT|Publisher, Client Connect LTD, , [49d98bc97c0f1a1cce01598fbb49ef11]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\SearchProtect, , [839fce86583354e284a6eb56de2525db],
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\SearchProtect\Logs, , [839fce86583354e284a6eb56de2525db],

Files: 0
(No malicious items detected)

Physical Sectors: 3
Rootkit.Pihar.c.MBR, Physical Sector #34 on Drive #0, , [53343e92f0bca61cfa4e7b2c1f3cac06],
Rootkit.Pihar.c.MBR, Master Boot Record on Drive #0, , [9d78d3ca948ca743fcc55ecb9192d64d],
Forged physical sector, Physical Sector #1465148624 on Drive #0, , [de03fe65a6765caa8c91343acc62cffc],


(end)

 

[MH Lindsey]

# AdwCleaner v5.012 - Logfile created 08/10/2015 at 15:18:58
# Updated 08/10/2015 by Xplode
# Database : 2015-10-07.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jacqueline - JACQUELINE-HP
# Running from : C:\Users\Jacqueline\Desktop\adwcleaner_5.012.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater18.7.0

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Ask.com
[-] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
[-] Folder Deleted : C:\Program Files (x86)\BatBrowse
[-] Folder Deleted : C:\Program Files (x86)\Mobogenie
[-] Folder Deleted : C:\Program Files (x86)\Coupons
[!] Folder Not Deleted : C:\Program Files (x86)\Coupons
[-] Folder Deleted : C:\Program Files (x86)\Optimizer Pro
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\Ask
[-] Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\Avg_Update_0215tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_0814tb
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[!] Folder Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder Deleted : C:\Users\Jacqueline\AppData\Local\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\Jacqueline\AppData\Local\Mobogenie
[-] Folder Deleted : C:\Users\Jacqueline\AppData\LocalLow\AskToolbar
[-] Folder Deleted : C:\Users\Jacqueline\AppData\LocalLow\iac
[-] Folder Deleted : C:\Users\Jacqueline\AppData\LocalLow\Inbox Toolbar
[-] Folder Deleted : C:\Users\Jacqueline\AppData\Roaming\DriverCure
[-] Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
[-] File Deleted : C:\Users\Jacqueline\daemonprocess.txt

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Scheduled Update for Ask Toolbar

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\inbox
[-] Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Classes\S
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\APN
[-] Key Deleted : HKCU\Software\Ask.com
[-] Key Deleted : HKCU\Software\AVG SafeGuard toolbar
[-] Key Deleted : HKCU\Software\AVG Security Toolbar
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
[-] Key Deleted : HKLM\SOFTWARE\APN
[-] Key Deleted : HKLM\SOFTWARE\AskToolbar
[-] Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
[!] Key Not Deleted : [x64] HKCU\Software\APN
[!] Key Not Deleted : [x64] HKCU\Software\Ask.com
[!] Key Not Deleted : [x64] HKCU\Software\AVG SafeGuard toolbar
[!] Key Not Deleted : [x64] HKCU\Software\AVG Security Toolbar
[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update
[!] Key Not Deleted : HKU\S-1-5-21-2103894636-1046192603-3950623487-1000\Software\AppDataLow\Software\AskToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CC52BEE-DAE6-4C44-BAB4-3D03399632DD}
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CC52BEE-DAE6-4C44-BAB4-3D03399632DD}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[!] Key Not Deleted : HKU\S-1-5-21-2103894636-1046192603-3950623487-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[!] Key Not Deleted : HKU\S-1-5-21-2103894636-1046192603-3950623487-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8CC52BEE-DAE6-4C44-BAB4-3D03399632DD}
[!] Key Not Deleted : HKU\S-1-5-21-2103894636-1046192603-3950623487-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[!] Key Not Deleted : HKU\S-1-5-21-2103894636-1046192603-3950623487-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]