Solved Strange behavior

learninmypc · Jan 9, 2016

For unknown reasons, yesterday when I clicked on a folder of bookmarked websites a pop up told me I was about to open X amount of bookmarks which may slow FF down. This morning same happened with google chrome. This pc was offline for about 8 days & the last scans with Mbam & Avast showed clean.
I'll post requested logs shortly.

learninmypc · Jan 9, 2016

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-01-2015
Ran by ciber surfer (2016-01-09 11:32:47)
Running from C:\Users\Thomas Paine\Pictures\OTHER FOLDERS\Desktop
Windows 10 Home (X64) (2015-11-14 22:52:43)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-555829191-1849574639-2068614983-500 - Administrator - Disabled)
ciber surfer (S-1-5-21-555829191-1849574639-2068614983-1001 - Administrator - Enabled) => C:\Users\Thomas Paine
DefaultAccount (S-1-5-21-555829191-1849574639-2068614983-503 - Limited - Disabled)
Guest (S-1-5-21-555829191-1849574639-2068614983-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-555829191-1849574639-2068614983-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C5D8EEB2-EDBC-4375-829D-BE50547C8890}) (Version: 1.3 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{1ce01891-839b-4ad1-b629-2e608ba0c6ba}) (Version: 1.0 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B93CD779-D1C1-4B4D-A9E5-564A542C6DFD}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Belkin Connect Wireless USB Adapter (HKLM-x32\...\InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}) (Version: 1.0.0.3 - Belkin)
Belkin Connect Wireless USB Adapter (x32 Version: 1.0.0.3 - Belkin) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Digital Cable Advisor (HKLM\...\{07ECF9FC-BB47-4325-8345-7BFEC708DDD7}) (Version: 1.0.0.0 - Microsoft Corporation)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\Google Chrome SxS) (Version: 49.0.2617.0 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HostsMan 3.2.73 (HKLM-x32\...\{6ED53E0C-EAC0-4F0F-947D-6BA817E4C8C3}) (Version: 3.2.73 - abelhadigital.com)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.162.0 - ATI Technologies Inc.) Hidden
I-Menu version 4.1.3 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.1.3 - AOC)
iTunes (HKLM\...\{8A4D15F4-2148-48DF-AC31-9513E5B734ED}) (Version: 12.3.2.35 - Apple Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 43.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 43.0.4 (x64 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 - Microsoft)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.5 - AMD)
RAIDXpert (x32 Version: 3.2.1540.5 - AMD) Hidden
RealSpeak Solo Direct English-Spanish Voices (HKLM-x32\...\{32BE2B3D-3579-42DE-B5A1-C3EFB84180E4}) (Version: 1.0.75.101 - Freedom Scientific)
RealSpeak Solo Direct Karen (HKLM-x32\...\RSDKaren) (Version: 1.0.84.101 - Freedom Scientific)
RealSpeak Solo Direct Karen (x32 Version: 1.0.84.101 - Freedom Scientific) Hidden
RealSpeak Solo Direct Samantha (HKLM-x32\...\RSDSamantha) (Version: 1.0.84.101 - Freedom Scientific)
RealSpeak Solo Direct Samantha (x32 Version: 1.0.84.101 - Freedom Scientific) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sentinel System Driver Installer 7.5.0 (HKLM-x32\...\{FAEE61D3-2A5E-4F7F-926F-77AAC08CE4DD}) (Version: 7.5.0 - SafeNet, Inc.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SpywareBlaster 5.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1206 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)

learninmypc · Jan 9, 2016

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\Thomas Paine\AppData\Local\Google\Chrome SxS\Application\49.0.2617.0\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Thomas Paine\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005F1375-9C0E-47A8-981F-827A978C5B2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {08DC76E9-B27E-42DC-B8BA-E63D2C84CE50} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {092FE23C-F652-46ED-9319-642CF49C0063} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {10FC2F7A-B7D7-4E3B-9617-ED9783B0EF1C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.)
Task: {14B221DB-FB32-43D8-8F4E-D41A574802D2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001UA => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1C641E22-FBBB-4C98-8729-E607FC00A132} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {29879A44-907F-481B-BBD1-60C86993AD6F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {2BAB05F5-A873-46FB-9645-C0B4A0AA6777} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {319C828C-C5BC-4773-9727-3F7B0B232556} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-07] (Adobe Systems Incorporated)
Task: {3BADF559-8FD5-40CA-B3A5-E215A7B5F526} - System32\Tasks\{B5B9C26E-ACE6-47E5-8C5E-71E04B0E5E69} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe [2015-05-21] (Google)
Task: {40014DDA-124E-49FC-8E13-88738442458A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {425A8D0B-C82B-4061-921F-FF3953278822} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {42D1A755-CDA7-4097-A5D4-7AB8814C1D86} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {48BDE76F-33E8-4D9E-A3FA-7B17C8FB08A2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {4B50C778-4328-4AC3-AE30-E34B52C3F64E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {5034A9AA-841C-4B18-8FC3-83C4C5610F1D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {529C6C24-A2B3-4FA7-B501-4B06B701C3C1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {52D1BCA6-92E6-4513-BC2B-EFBBF6863B8D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001Core1d12e07e993e88d => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {58F24E48-3400-474B-95A4-8510774FE8AC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001UA1d12e07e9b93886 => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5989BFE6-1611-430A-9B21-BFA6DE855CF6} - System32\Tasks\{0D13E01F-326A-4C22-ADC7-E7CD296E1500} => pcalua.exe -a "C:\Users\Thomas Paine\Desktop\GoogleEarthWin.exe"
Task: {5BD9670B-B0E8-499F-B1CA-48A3525D07F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {5FF6E4BF-D06C-48FC-8818-076C8C02DD63} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {6083225E-7385-4289-B43D-2214E7DEEEC4} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {618CEDCC-17B5-4A95-8DB3-1A0FD0E9CD5E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {6573E848-EB23-491D-82AB-F6E398077877} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {664145F1-4C4F-470F-A9C9-3943C313BAD4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {6A72AC2A-F500-4020-ACA0-A33096F052C5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {6E72837F-9420-474D-95AB-41D42CC7C7A6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001Core => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {72839123-2A23-4ADC-B510-AC735562227C} - System32\Tasks\{1806723F-2FD6-46E4-8F8F-FE49714C4F1E} => pcalua.exe -a H:\pulsingcolorsviz.exe -d H:\
Task: {7348BF02-FD74-4DEA-8B1C-0D9389CE7A95} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {736E719D-C8BE-40D9-A004-4363530D6105} - System32\Tasks\{45C5CDEF-BB3F-45C5-A053-9172611709B9} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe [2015-05-21] (Google)
Task: {7530F4D1-C197-4C6B-9784-C4DA954FF0E5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7777393E-F97A-45C3-AF37-E990FEA7331F} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {7EB1103C-11D5-418E-9A56-3A82EFA4C11D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {804309E7-85B9-4B33-8C3A-F0538D3E0526} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {83C07305-C382-444E-8CCD-7E5C09D17F57} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {8C7B9AEA-EBB0-406D-803F-3DA57C795197} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {8CB86F41-0D8B-42E5-B387-5EEB0F9EC37C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {8EFEC5C0-30D4-4A07-98D0-5F2B02A7225B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {91002F39-5C52-465C-A59A-8D4DFC299DB9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {942403C0-7207-4CCB-B43A-2405CB67888B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {95D48E3D-92CD-44A8-8F77-4B3628E3C908} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN486DW0FZ => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.)
Task: {97F0E2EF-C3B8-4DF9-9F39-C5D581C26B51} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {9860E47B-CC08-4F23-AC1E-CA265A85986A} - System32\Tasks\{B4438C33-94C4-4758-B5FF-8AEA54353D8F} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {9A4C9CD0-9498-455C-83D9-6B2895B8E9F7} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {9B58AA67-EEBD-44C6-8E92-5738408C18AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9DD811A0-587D-4B41-A6C5-B5F99899ED1E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {A079D799-B781-48B6-A48E-E8980807804E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A3EB0E60-F93E-4645-A45C-56E12C58BBC1} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {A4A6882B-F846-441B-80C7-38AB65668606} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A586EA31-1A86-454C-9752-848C929D550F} - System32\Tasks\{669392A8-DC8E-4BA7-B1AC-9D0A1E2F71DF} => pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Task: {A6477607-775D-48A5-B04E-BB43EE364E60} - System32\Tasks\{ABED777E-0929-47A0-8F19-940088E35483} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe [2015-05-21] (Google)
Task: {B3F4B099-BC92-419E-82E6-54D46862878E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B993CAFA-B26B-4C35-A888-8BE4A0354BF5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {BF2F39F2-98EA-4906-8D84-D3EA4C6B2DAA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CB6682AD-5654-4952-868D-E22B81CFBB58} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {D16FFC7C-5C52-4312-A9DA-2366E72CFF35} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {D3CF82B4-DC60-4A37-9FDC-B44E75409242} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2015-11-30] (Hewlett-Packard)
Task: {D5E836A3-CB98-4FA9-BA08-D8DD2E5AF7F1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {D6771D24-B7FA-4BDE-8C18-4F942774F086} - System32\Tasks\{FF880037-DE52-42CC-ABA3-ADB916ED4286} => pcalua.exe -a "C:\Users\Thomas Paine\Desktop\vcredist_x86.exe"
Task: {D808BBF2-F7FD-46C0-B408-0A500536A556} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-04] (AVAST Software)
Task: {D9918583-5A32-465B-A890-B5E0E9DD44FE} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {E140EF6A-E214-420B-B529-68843974526C} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-17] (PC-Doctor, Inc.)
Task: {E96E1773-03A4-4E88-BD76-0E4AA10CBF5E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {EBB2B077-6AC5-4FAD-BDDE-B5731BE84060} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {EBD8641A-D490-4DA7-93A0-8DDDF42C7124} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {F3904465-6F17-482E-91CE-5F582D6859E2} - System32\Tasks\{A5D1341D-316C-46D2-A029-CAA277B0F774} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe"
Task: {F42749C6-0DC7-4748-9C19-15A06358B595} - System32\Tasks\{92FDD299-A9AB-4EBC-90BD-14E938EAFD1D} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter
Task: {F7603521-87FF-40AD-96BD-D38123C26155} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {F9029F2E-1836-4D2E-BAED-148E7353A2A9} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F9C8F7A5-6BFD-4879-BD9E-30F754CE0FFC} - System32\Tasks\Microsoft_Hardware_Launch_LcBuddy_exe => C:\Program Files (x86)\Microsoft LifeCam\LcBuddy.exe [2010-12-13] (Microsoft Corporation)
Task: {F9DD678E-281F-44C4-BA55-2815166AE1A3} - System32\Tasks\HPCeeScheduleForciber surfer => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {FD01D2CE-B260-4661-AE32-452075AEBEB5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001Core.job => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001Core1d12e07e993e88d.job => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001UA.job => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001UA1d12e07e9b93886.job => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForciber surfer.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

learninmypc · Jan 9, 2016

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by ciber surfer (administrator) on HAL-9000 (09-01-2016 11:30:35)
Running from C:\Users\Thomas Paine\Pictures\OTHER FOLDERS\Desktop
Loaded Profiles: ciber surfer (Available Profiles: ciber surfer & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Google Inc.) C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-04] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157456 2015-12-09] (Apple Inc.)
HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2010-03-10] (AMD)
HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-01] (SUPERAntiSpyware)
HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\Run: [Google Update] => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\RunOnce: [Uninstall C:\Users\Thomas Paine\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Thomas Paine\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\RunOnce: [Uninstall C:\Users\Thomas Paine\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Thomas Paine\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-04] (AVAST Software)
Startup: C:\Users\Thomas Paine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-07-08]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Thomas Paine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-07-08]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 74.40.74.40
Tcpip\..\Interfaces\{68DCC1FE-B1FE-4DE6-B3F7-CCFA26D59F49}: [DhcpNameServer] 192.168.1.1 74.40.74.40
Tcpip\..\Interfaces\{C2B7D062-17BE-4DC5-B38E-3D552D756FB4}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{e29d7a26-daf3-4f3f-8796-4482f6715ff1}: [DhcpNameServer] 192.168.1.1 74.40.74.40
Tcpip\..\Interfaces\{fa94d0aa-568a-4dca-bb37-6e76dd2ca3f1}: [DhcpNameServer] 192.168.1.1 74.40.74.40

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-555829191-1849574639-2068614983-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kirotv.com/
HKU\S-1-5-21-555829191-1849574639-2068614983-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {3412F329-7A6D-49A7-9296-1D66AB3B03F2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {3412F329-7A6D-49A7-9296-1D66AB3B03F2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-05] (AVAST Software)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Adblock Plus)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-05] (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-555829191-1849574639-2068614983-1001 -> hxxp://www.google.com/

FireFox:
========
FF ProfilePath: C:\Users\Thomas Paine\AppData\Roaming\Mozilla\Firefox\Profiles\ncsia7fm.default
FF DefaultSearchEngine.US: Google
FF Homepage: www.kirotv.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-18] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-555829191-1849574639-2068614983-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Thomas Paine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-555829191-1849574639-2068614983-1001: @talk.google.com/O1DPlugin -> C:\Users\Thomas Paine\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-555829191-1849574639-2068614983-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-555829191-1849574639-2068614983-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas Paine\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas Paine\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: X-notifier - C:\Users\Thomas Paine\AppData\Roaming\Mozilla\Firefox\Profiles\ncsia7fm.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2015-12-07]
FF Extension: WOT - C:\Users\Thomas Paine\AppData\Roaming\Mozilla\Firefox\Profiles\ncsia7fm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF Extension: Video DownloadHelper - C:\Users\Thomas Paine\AppData\Roaming\Mozilla\Firefox\Profiles\ncsia7fm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-12-09]
FF Extension: Adblock Plus - C:\Users\Thomas Paine\AppData\Roaming\Mozilla\Firefox\Profiles\ncsia7fm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-04]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.kirotv.com/
CHR StartupUrls: Default -> "hxxp://kirotv.com/"
CHR Profile: C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-19]
CHR Extension: (YouTube) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Simple Seahawk) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmgbljlcieegghkddgbmlinncpobcolf [2015-12-04]
CHR Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco [2015-10-27]
CHR Extension: (Adblock Plus) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-07]
CHR Extension: (Google Search) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Avast Online Security) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (SmoothScroll) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbokbjkabcmbfdlbddjidfmibcpneigj [2015-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22]
CHR Extension: (Gmail) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-05]

Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-04] (AVAST Software)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)

learninmypc · Jan 9, 2016

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-04] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [214008 2015-11-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-04] (AVAST Software)
S3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-29] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-09-01] (Kaspersky Lab)
S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [37912 2015-09-27] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-29] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-09 11:30 - 2016-01-09 11:30 - 00000000 ____D C:\FRST
2016-01-07 16:24 - 2016-01-07 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I-Menu
2016-01-07 16:24 - 2016-01-07 16:24 - 00000000 ____D C:\Program Files (x86)\I-Menu
2016-01-07 12:40 - 2016-01-07 13:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-07 12:39 - 2016-01-07 12:39 - 00000000 ____D C:\Users\Thomas Paine\Documents\My Filehippo Downloads
2015-12-18 16:49 - 2015-12-18 16:49 - 00000000 ____D C:\ProgramData\ATI
2015-12-18 05:28 - 2015-12-06 19:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-18 05:27 - 2015-12-06 20:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 05:27 - 2015-12-06 20:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-18 05:27 - 2015-12-06 20:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-18 05:27 - 2015-12-06 20:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 05:27 - 2015-12-06 20:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 05:27 - 2015-12-06 20:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 05:27 - 2015-12-06 20:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 05:27 - 2015-12-06 20:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-18 05:27 - 2015-12-06 20:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-18 05:27 - 2015-12-06 20:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-18 05:27 - 2015-12-06 20:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-18 05:27 - 2015-12-06 20:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-18 05:27 - 2015-12-06 20:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 05:27 - 2015-12-06 20:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-18 05:27 - 2015-12-06 20:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-18 05:27 - 2015-12-06 20:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-18 05:27 - 2015-12-06 20:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-18 05:27 - 2015-12-06 20:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-18 05:27 - 2015-12-06 20:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-18 05:27 - 2015-12-06 20:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-18 05:27 - 2015-12-06 20:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 05:27 - 2015-12-06 20:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-18 05:27 - 2015-12-06 20:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-18 05:27 - 2015-12-06 20:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-18 05:27 - 2015-12-06 20:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-18 05:27 - 2015-12-06 20:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-18 05:27 - 2015-12-06 20:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-18 05:27 - 2015-12-06 20:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-18 05:27 - 2015-12-06 20:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-18 05:27 - 2015-12-06 20:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 05:27 - 2015-12-06 20:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-18 05:27 - 2015-12-06 20:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-18 05:27 - 2015-12-06 20:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-18 05:27 - 2015-12-06 20:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-18 05:27 - 2015-12-06 20:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-18 05:27 - 2015-12-06 20:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-18 05:27 - 2015-12-06 19:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-18 05:27 - 2015-12-06 19:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-18 05:27 - 2015-12-06 19:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-18 05:27 - 2015-12-06 19:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-18 05:27 - 2015-12-06 19:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-18 05:27 - 2015-12-06 19:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 05:27 - 2015-12-06 19:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-18 05:27 - 2015-12-06 19:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 05:27 - 2015-12-06 19:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-18 05:27 - 2015-12-06 19:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-18 05:27 - 2015-12-06 19:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-18 05:27 - 2015-12-06 19:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 05:27 - 2015-12-06 19:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-18 05:27 - 2015-12-06 19:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-18 05:27 - 2015-12-06 19:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-18 05:27 - 2015-12-06 19:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 05:27 - 2015-12-06 19:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-18 05:27 - 2015-12-06 19:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-18 05:27 - 2015-12-06 19:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-18 05:27 - 2015-12-06 19:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 05:27 - 2015-12-06 19:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-18 05:27 - 2015-12-06 19:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-18 05:27 - 2015-12-06 19:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-18 05:27 - 2015-12-06 19:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-18 05:27 - 2015-12-06 19:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 05:27 - 2015-12-06 19:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-18 05:27 - 2015-12-06 19:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-18 05:27 - 2015-12-06 19:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-18 05:27 - 2015-12-06 19:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 05:27 - 2015-12-06 19:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-18 05:27 - 2015-12-06 19:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-18 05:27 - 2015-12-06 19:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 05:27 - 2015-12-06 19:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-18 05:27 - 2015-12-06 19:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 05:27 - 2015-12-06 19:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-18 05:27 - 2015-12-06 19:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-17 08:22 - 2015-12-17 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-12-16 20:07 - 2015-12-16 20:07 - 47794160 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 39720944 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 30775792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 22327280 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 15725552 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 14310896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00631792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00199664 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00168944 _____ C:\WINDOWS\system32\atieah64.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00068080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00060912 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00057840 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00038384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 07482560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00471320 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00112360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-12-14 18:43 - 2015-12-14 18:43 - 00001854 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-14 18:43 - 2015-12-14 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-14 18:42 - 2015-12-14 18:43 - 00000000 ____D C:\Program Files\iTunes
2015-12-14 18:42 - 2015-12-14 18:43 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-14 18:42 - 2015-12-14 18:42 - 00000000 ____D C:\Program Files\iPod
2015-12-13 07:49 - 2015-12-15 14:08 - 00000000 ____D C:\Users\Thomas Paine\AppData\Roaming\Moonchild Productions
2015-12-13 07:49 - 2015-12-13 07:49 - 00000000 ____D C:\Users\Thomas Paine\AppData\Local\Moonchild Productions

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-09 11:30 - 2015-10-29 22:28 - 00000000 ____D C:\Windows
2016-01-09 11:24 - 2015-12-03 12:19 - 00000954 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001UA1d12e07e9b93886.job
2016-01-09 11:18 - 2014-10-21 18:43 - 00000954 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001UA.job
2016-01-09 11:10 - 2014-06-19 06:13 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-09 11:06 - 2014-04-28 17:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-09 11:01 - 2015-10-16 13:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-09 10:52 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-09 10:52 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-09 10:48 - 2014-06-19 06:13 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-09 10:43 - 2015-11-14 14:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-09 10:42 - 2015-10-29 22:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-08 20:32 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-08 16:18 - 2014-10-21 18:43 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001Core.job
2016-01-08 14:29 - 2013-01-26 08:16 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{44E06F25-55A1-432C-804B-FFCCBEE7FEAD}
2016-01-08 12:24 - 2015-12-03 12:19 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001Core1d12e07e993e88d.job
2016-01-08 09:45 - 2014-03-17 07:26 - 00000000 ____D C:\Users\Thomas Paine\AppData\Roaming\MPC-HC
2016-01-07 20:51 - 2015-11-14 14:11 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-07 13:57 - 2015-09-25 03:54 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-07 13:33 - 2015-10-08 04:55 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-01-07 13:30 - 2015-06-03 07:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-07 13:29 - 2015-11-14 14:12 - 00000000 ____D C:\Users\Thomas Paine
2016-01-07 12:39 - 2015-08-21 11:55 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-01-07 12:39 - 2010-02-22 18:38 - 00000000 ____D C:\ProgramData\Temp
2016-01-07 12:38 - 2015-10-29 23:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-07 12:38 - 2015-10-26 04:08 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-01-02 17:40 - 2015-10-29 23:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 17:40 - 2015-10-29 23:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-28 01:21 - 2015-09-27 13:36 - 00000378 _____ C:\WINDOWS\Tasks\HPCeeScheduleForciber surfer.job
2015-12-27 14:51 - 2015-09-27 13:36 - 00003298 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForciber surfer
2015-12-26 10:46 - 2014-04-20 10:34 - 00000000 ____D C:\Users\Thomas Paine\Documents\GREAT
2015-12-26 09:29 - 2015-05-27 05:29 - 00002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-12-26 08:09 - 2015-03-03 17:02 - 00000000 ____D C:\Users\Thomas Paine\Documents\MANUALS
2015-12-26 07:01 - 2015-08-12 21:18 - 00000000 ___RD C:\Users\Thomas Paine\OneDrive
2015-12-26 06:38 - 2013-01-06 14:45 - 00000000 ____D C:\Users\Thomas Paine\AppData\Local\AMD
2015-12-24 11:51 - 2015-09-29 10:15 - 00000000 ____D C:\Users\Thomas Paine\AppData\Roaming\vlc
2015-12-22 11:05 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-22 11:04 - 2010-09-12 14:01 - 00000000 ____D C:\Users\Thomas Paine\AppData\Local\ElevatedDiagnostics
2015-12-21 05:51 - 2015-09-25 03:55 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-21 05:49 - 2015-10-26 04:08 - 00001150 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-12-21 05:49 - 2015-10-26 04:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-12-18 16:37 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-18 16:37 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-18 16:37 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-18 09:00 - 2015-10-08 04:54 - 00451040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-12-18 09:00 - 2015-10-08 04:54 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-12-17 08:22 - 2015-11-14 14:06 - 00000000 ____D C:\ProgramData\AMD
2015-12-17 08:21 - 2015-11-14 14:06 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-12-17 08:19 - 2015-08-12 20:18 - 00000000 ____D C:\AMD
2015-12-16 20:07 - 2015-10-07 05:19 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-12-16 20:07 - 2015-10-07 05:19 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-12-16 20:07 - 2015-10-07 05:19 - 00683504 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-12-16 20:07 - 2015-10-07 05:19 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-12-16 20:07 - 2015-10-07 05:19 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-12-16 20:07 - 2015-10-07 05:19 - 00255472 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-12-16 20:07 - 2015-10-07 05:18 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 12088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 10211016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 08982432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 08864920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 01223544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 00162232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 00143056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 00130064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-12-16 18:55 - 2015-12-07 06:33 - 00001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-16 11:45 - 2014-12-04 08:16 - 00000000 ____D C:\Users\Thomas Paine\dwhelper
2015-12-16 05:52 - 2015-12-03 13:16 - 00001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-16 05:52 - 2015-12-03 13:16 - 00001030 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2015-12-16 05:52 - 2015-11-29 19:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-16 04:20 - 2012-01-01 11:03 - 00000000 ____D C:\Users\Thomas Paine\AppData\Roaming\Mozilla
2015-12-14 18:42 - 2015-11-17 13:48 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-14 06:50 - 2015-08-12 21:18 - 00002426 _____ C:\Users\Thomas Paine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-13 10:01 - 2015-11-14 13:57 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-13 09:02 - 2015-11-06 08:51 - 00000000 ____D C:\Users\Thomas Paine\Documents\BLUE ANGELS

==================== Files in the root of some directories =======

2015-01-10 18:23 - 2015-01-10 18:23 - 0002395 _____ () C:\Users\Thomas Paine\AppData\Roaming\FSS.txt
2011-08-01 12:10 - 2011-09-01 12:10 - 0001854 _____ () C:\Users\Thomas Paine\AppData\Roaming\GhostObjGAFix.xml
2012-12-31 22:27 - 2012-12-31 22:27 - 0029434 _____ () C:\Users\Thomas Paine\AppData\Roaming\UserTile.png
2010-07-26 17:15 - 2015-10-10 13:45 - 0067584 _____ () C:\Users\Thomas Paine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-08-07 19:42 - 2010-12-01 18:32 - 0000000 _____ () C:\Users\Thomas Paine\AppData\Local\prvlcl.dat
2015-01-17 13:46 - 2015-01-17 13:46 - 0000915 _____ () C:\Users\Thomas Paine\AppData\Local\recently-used.xbel

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-07 18:33

==================== End of FRST.txt ============================

Broni · Jan 9, 2016

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

learninmypc · Jan 9, 2016

RogueKiller V11.0.6.0 [Jan 4 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : ciber surfer [Administrator]
Started from : C:\Users\Thomas Paine\Pictures\OTHER FOLDERS\Desktop\RogueKiller.exe
Mode : Delete -- Date : 01/09/2016 16:00:56

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Applian Technologies -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-555829191-1849574639-2068614983-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.kirotv.com/ -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-555829191-1849574639-2068614983-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.kirotv.com/ -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-555829191-1849574639-2068614983-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-555829191-1849574639-2068614983-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C2B7D062-17BE-4DC5-B38E-3D552D756FB4} | DhcpNameServer : 172.20.10.1 ([X]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C2B7D062-17BE-4DC5-B38E-3D552D756FB4} | DhcpNameServer : 172.20.10.1 ([X]) -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[Hidden.ADS][[[ADS]]] C:\Windows\SysWOW64:Win32App_1 -> Deleted
[PUP][Folder] C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} -> Deleted
[PUP][File] C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}\0x0409.ini -> Deleted
[PUP][File] C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}\HP Support Assistant.msi -> Deleted
[PUP][Folder] C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9} -> Deleted
[PUP][File] C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.dat -> Deleted
[PUP][File] C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.exe -> Deleted
[PUP][File] C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.lan -> Deleted
[PUP][File] C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.msi -> Deleted
[PUP][File] C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.par -> Deleted
[PUP][File] C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\HP_Remote_Solution_Install.res -> Deleted
[PUP][File] C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}\mia.lib -> Deleted

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 8 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll!LdrUnloadDll : Unknown @ 0xdc03fc (jmp 0x8981f0cc|jmp 0x6412d334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll!LdrUnloadDll : Unknown @ 0x6203fc (jmp 0x8907f0cc|jmp 0x648cd334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll!LdrUnloadDll : Unknown @ 0xa303fc (jmp 0x8948f0cc|jmp 0x644bd334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll!LdrUnloadDll : Unknown @ 0xe003fc (jmp 0x8985f0cc|jmp 0x640ed334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll!LdrUnloadDll : Unknown @ 0x5503fc (jmp 0x88faf0cc|jmp 0x6499d334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll!LdrUnloadDll : Unknown @ 0xc403fc (jmp 0x8969f0cc|jmp 0x642ad334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll!LdrUnloadDll : Unknown @ 0xdb03fc (jmp 0x8980f0cc|jmp 0x6413d334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll!LdrUnloadDll : Unknown @ 0xcd03fc (jmp 0x8972f0cc|jmp 0x6421d334)

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] ncsia7fm.default : user_pref("browser.startup.homepage", "www.kirotv.com"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EADS-65M2B1 SCSI Disk Device +++++
--- User ---
[MBR] d0d5c8781f2e3f601f6f702ac02ea8cb
[BSP] f8a8e634e7e5a470666b97c664cffb51 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 941527 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1928454144 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1929375744 | Size: 11595 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: PNY USB 3.0 FD USB Device +++++
--- User ---
[MBR] 71e69a4e0fce107497b09ab1dff5a9b2
[BSP] 61eaf76c2f1150b6e603d096fd0f7d40 : Empty|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 59871 MB
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

learninmypc · Jan 9, 2016

M.bam was clean

learninmypc · Jan 9, 2016

# AdwCleaner v5.028 - Logfile created 09/01/2016 at 16:37:48
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : ciber surfer - HAL-9000
# Running from : C:\Users\Thomas Paine\Pictures\OTHER FOLDERS\Desktop\adwcleaner_5.028.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}

***** [ Web browsers ] *****

[-] [C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner[C11].txt - [2780 bytes] - [08/12/2015 17:38:32]
C:\AdwCleaner[S11].txt - [2529 bytes] - [08/12/2015 17:34:36]

########## EOF - C:\AdwCleaner\AdwCleaner[C12].txt - [1179 bytes] ##########

learninmypc · Jan 9, 2016

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64
Ran by ciber surfer (Administrator) on Sat 01/09/2016 at 16:47:19.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/09/2016 at 16:53:57.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · Jan 9, 2016

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

learninmypc · Jan 9, 2016

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by ciber surfer (administrator) on HAL-9000 (09-01-2016 17:13:33)
Running from C:\Users\Thomas Paine\Pictures\OTHER FOLDERS\Desktop
Loaded Profiles: ciber surfer (Available Profiles: ciber surfer & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-04] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157456 2015-12-09] (Apple Inc.)
HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2010-03-10] (AMD)
HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-01] (SUPERAntiSpyware)
HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\Run: [Google Update] => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\RunOnce: [Uninstall C:\Users\Thomas Paine\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Thomas Paine\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\RunOnce: [Uninstall C:\Users\Thomas Paine\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Thomas Paine\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-04] (AVAST Software)
Startup: C:\Users\Thomas Paine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-07-08]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Thomas Paine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-07-08]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 74.40.74.40
Tcpip\..\Interfaces\{68DCC1FE-B1FE-4DE6-B3F7-CCFA26D59F49}: [DhcpNameServer] 192.168.1.1 74.40.74.40
Tcpip\..\Interfaces\{C2B7D062-17BE-4DC5-B38E-3D552D756FB4}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{e29d7a26-daf3-4f3f-8796-4482f6715ff1}: [DhcpNameServer] 192.168.1.1 74.40.74.40
Tcpip\..\Interfaces\{fa94d0aa-568a-4dca-bb37-6e76dd2ca3f1}: [DhcpNameServer] 192.168.1.1 74.40.74.40

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-555829191-1849574639-2068614983-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kirotv.com/
HKU\S-1-5-21-555829191-1849574639-2068614983-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {3412F329-7A6D-49A7-9296-1D66AB3B03F2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {3412F329-7A6D-49A7-9296-1D66AB3B03F2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-05] (AVAST Software)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Adblock Plus)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-05] (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-555829191-1849574639-2068614983-1001 -> hxxp://www.google.com/

FireFox:
========
FF ProfilePath: C:\Users\Thomas Paine\AppData\Roaming\Mozilla\Firefox\Profiles\ncsia7fm.default
FF DefaultSearchEngine.US: Google
FF Homepage: www.kirotv.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-18] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-555829191-1849574639-2068614983-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Thomas Paine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-555829191-1849574639-2068614983-1001: @talk.google.com/O1DPlugin -> C:\Users\Thomas Paine\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-555829191-1849574639-2068614983-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-555829191-1849574639-2068614983-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas Paine\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Thomas Paine\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: X-notifier - C:\Users\Thomas Paine\AppData\Roaming\Mozilla\Firefox\Profiles\ncsia7fm.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2015-12-07]
FF Extension: WOT - C:\Users\Thomas Paine\AppData\Roaming\Mozilla\Firefox\Profiles\ncsia7fm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF Extension: Video DownloadHelper - C:\Users\Thomas Paine\AppData\Roaming\Mozilla\Firefox\Profiles\ncsia7fm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-12-09]
FF Extension: Adblock Plus - C:\Users\Thomas Paine\AppData\Roaming\Mozilla\Firefox\Profiles\ncsia7fm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-04]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.kirotv.com/
CHR StartupUrls: Default -> "hxxp://kirotv.com/"
CHR Profile: C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-19]
CHR Extension: (YouTube) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Simple Seahawk) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmgbljlcieegghkddgbmlinncpobcolf [2015-12-04]
CHR Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco [2015-10-27]
CHR Extension: (Adblock Plus) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-07]
CHR Extension: (Google Search) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Avast Online Security) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (SmoothScroll) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbokbjkabcmbfdlbddjidfmibcpneigj [2015-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22]
CHR Extension: (Gmail) - C:\Users\Thomas Paine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-05]

Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-04] (AVAST Software)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-04] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [214008 2015-11-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-04] (AVAST Software)
S3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-29] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-09-01] (Kaspersky Lab)
S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [37912 2015-09-27] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-29] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2016-01-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-09 11:30 - 2016-01-09 17:13 - 00000000 ____D C:\FRST
2016-01-07 16:24 - 2016-01-07 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I-Menu
2016-01-07 16:24 - 2016-01-07 16:24 - 00000000 ____D C:\Program Files (x86)\I-Menu
2016-01-07 12:40 - 2016-01-07 13:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-07 12:39 - 2016-01-07 12:39 - 00000000 ____D C:\Users\Thomas Paine\Documents\My Filehippo Downloads
2015-12-18 16:49 - 2015-12-18 16:49 - 00000000 ____D C:\ProgramData\ATI
2015-12-18 05:28 - 2015-12-06 19:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-18 05:27 - 2015-12-06 20:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 05:27 - 2015-12-06 20:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-18 05:27 - 2015-12-06 20:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-18 05:27 - 2015-12-06 20:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-18 05:27 - 2015-12-06 20:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 05:27 - 2015-12-06 20:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 05:27 - 2015-12-06 20:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 05:27 - 2015-12-06 20:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 05:27 - 2015-12-06 20:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-18 05:27 - 2015-12-06 20:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-18 05:27 - 2015-12-06 20:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-18 05:27 - 2015-12-06 20:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-18 05:27 - 2015-12-06 20:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-18 05:27 - 2015-12-06 20:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 05:27 - 2015-12-06 20:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-18 05:27 - 2015-12-06 20:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-18 05:27 - 2015-12-06 20:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-18 05:27 - 2015-12-06 20:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-18 05:27 - 2015-12-06 20:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-18 05:27 - 2015-12-06 20:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-18 05:27 - 2015-12-06 20:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-18 05:27 - 2015-12-06 20:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 05:27 - 2015-12-06 20:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-18 05:27 - 2015-12-06 20:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-18 05:27 - 2015-12-06 20:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-18 05:27 - 2015-12-06 20:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-18 05:27 - 2015-12-06 20:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-18 05:27 - 2015-12-06 20:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-18 05:27 - 2015-12-06 20:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-18 05:27 - 2015-12-06 20:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-18 05:27 - 2015-12-06 20:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 05:27 - 2015-12-06 20:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-18 05:27 - 2015-12-06 20:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-18 05:27 - 2015-12-06 20:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-18 05:27 - 2015-12-06 20:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-18 05:27 - 2015-12-06 20:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-18 05:27 - 2015-12-06 20:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-18 05:27 - 2015-12-06 19:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-18 05:27 - 2015-12-06 19:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-18 05:27 - 2015-12-06 19:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-18 05:27 - 2015-12-06 19:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-18 05:27 - 2015-12-06 19:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-18 05:27 - 2015-12-06 19:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 05:27 - 2015-12-06 19:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-18 05:27 - 2015-12-06 19:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 05:27 - 2015-12-06 19:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-18 05:27 - 2015-12-06 19:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-18 05:27 - 2015-12-06 19:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-18 05:27 - 2015-12-06 19:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 05:27 - 2015-12-06 19:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-18 05:27 - 2015-12-06 19:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-18 05:27 - 2015-12-06 19:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-18 05:27 - 2015-12-06 19:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 05:27 - 2015-12-06 19:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-18 05:27 - 2015-12-06 19:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-18 05:27 - 2015-12-06 19:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-18 05:27 - 2015-12-06 19:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 05:27 - 2015-12-06 19:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-18 05:27 - 2015-12-06 19:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-18 05:27 - 2015-12-06 19:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-18 05:27 - 2015-12-06 19:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-18 05:27 - 2015-12-06 19:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 05:27 - 2015-12-06 19:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-18 05:27 - 2015-12-06 19:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-18 05:27 - 2015-12-06 19:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-18 05:27 - 2015-12-06 19:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 05:27 - 2015-12-06 19:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-18 05:27 - 2015-12-06 19:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-18 05:27 - 2015-12-06 19:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 05:27 - 2015-12-06 19:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-18 05:27 - 2015-12-06 19:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 05:27 - 2015-12-06 19:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-18 05:27 - 2015-12-06 19:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-17 08:22 - 2015-12-17 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-12-16 20:07 - 2015-12-16 20:07 - 47794160 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 39720944 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 30775792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 22327280 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 15725552 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 14310896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00631792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00199664 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00168944 _____ C:\WINDOWS\system32\atieah64.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00068080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00060912 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00057840 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00038384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 07482560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00471320 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00112360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-12-14 18:43 - 2015-12-14 18:43 - 00001854 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-14 18:43 - 2015-12-14 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-14 18:42 - 2015-12-14 18:43 - 00000000 ____D C:\Program Files\iTunes
2015-12-14 18:42 - 2015-12-14 18:43 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-14 18:42 - 2015-12-14 18:42 - 00000000 ____D C:\Program Files\iPod
2015-12-13 07:49 - 2015-12-15 14:08 - 00000000 ____D C:\Users\Thomas Paine\AppData\Roaming\Moonchild Productions
2015-12-13 07:49 - 2015-12-13 07:49 - 00000000 ____D C:\Users\Thomas Paine\AppData\Local\Moonchild Productions

==================== One Month Modified files and folders ========

learninmypc · Jan 9, 2016

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-09 17:10 - 2014-06-19 06:13 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-09 17:01 - 2015-10-16 13:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-09 16:43 - 2014-06-19 06:13 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-09 16:39 - 2015-11-14 14:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-09 16:38 - 2015-10-29 22:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-09 16:37 - 2015-12-08 17:34 - 00000000 ____D C:\AdwCleaner
2016-01-09 16:24 - 2015-12-03 12:19 - 00000954 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001UA1d12e07e9b93886.job
2016-01-09 16:18 - 2014-10-21 18:43 - 00000954 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001UA.job
2016-01-09 16:18 - 2014-10-21 18:43 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001Core.job
2016-01-09 16:05 - 2014-10-17 11:19 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-09 16:05 - 2014-04-28 17:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-09 16:05 - 2014-04-28 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-09 16:05 - 2014-04-28 17:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-09 16:04 - 2015-01-09 18:02 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-09 15:39 - 2015-01-09 18:02 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-01-09 15:10 - 2013-01-26 08:16 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{44E06F25-55A1-432C-804B-FFCCBEE7FEAD}
2016-01-09 12:24 - 2015-12-03 12:19 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001Core1d12e07e993e88d.job
2016-01-09 11:35 - 2015-10-29 22:28 - 00000000 ____D C:\Windows
2016-01-09 10:52 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-09 10:52 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-08 20:32 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-08 09:45 - 2014-03-17 07:26 - 00000000 ____D C:\Users\Thomas Paine\AppData\Roaming\MPC-HC
2016-01-07 20:51 - 2015-11-14 14:11 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-07 13:57 - 2015-09-25 03:54 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-07 13:33 - 2015-10-08 04:55 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-01-07 13:30 - 2015-06-03 07:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-07 13:29 - 2015-11-14 14:12 - 00000000 ____D C:\Users\Thomas Paine
2016-01-07 12:39 - 2015-08-21 11:55 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-01-07 12:39 - 2010-02-22 18:38 - 00000000 ____D C:\ProgramData\Temp
2016-01-07 12:38 - 2015-10-29 23:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-07 12:38 - 2015-10-26 04:08 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-01-02 17:40 - 2015-10-29 23:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 17:40 - 2015-10-29 23:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-28 01:21 - 2015-09-27 13:36 - 00000378 _____ C:\WINDOWS\Tasks\HPCeeScheduleForciber surfer.job
2015-12-27 14:51 - 2015-09-27 13:36 - 00003298 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForciber surfer
2015-12-26 10:46 - 2014-04-20 10:34 - 00000000 ____D C:\Users\Thomas Paine\Documents\GREAT
2015-12-26 09:29 - 2015-05-27 05:29 - 00002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-12-26 08:09 - 2015-03-03 17:02 - 00000000 ____D C:\Users\Thomas Paine\Documents\MANUALS
2015-12-26 07:01 - 2015-08-12 21:18 - 00000000 ___RD C:\Users\Thomas Paine\OneDrive
2015-12-26 06:38 - 2013-01-06 14:45 - 00000000 ____D C:\Users\Thomas Paine\AppData\Local\AMD
2015-12-24 11:51 - 2015-09-29 10:15 - 00000000 ____D C:\Users\Thomas Paine\AppData\Roaming\vlc
2015-12-22 11:05 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-22 11:04 - 2010-09-12 14:01 - 00000000 ____D C:\Users\Thomas Paine\AppData\Local\ElevatedDiagnostics
2015-12-21 05:51 - 2015-09-25 03:55 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-21 05:49 - 2015-10-26 04:08 - 00001150 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-12-21 05:49 - 2015-10-26 04:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-12-18 16:37 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-18 16:37 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-18 16:37 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-18 09:00 - 2015-10-08 04:54 - 00451040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-12-18 09:00 - 2015-10-08 04:54 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-12-17 08:22 - 2015-11-14 14:06 - 00000000 ____D C:\ProgramData\AMD
2015-12-17 08:21 - 2015-11-14 14:06 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-12-17 08:19 - 2015-08-12 20:18 - 00000000 ____D C:\AMD
2015-12-16 20:07 - 2015-10-07 05:19 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-12-16 20:07 - 2015-10-07 05:19 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-12-16 20:07 - 2015-10-07 05:19 - 00683504 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-12-16 20:07 - 2015-10-07 05:19 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-12-16 20:07 - 2015-10-07 05:19 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-12-16 20:07 - 2015-10-07 05:19 - 00255472 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-12-16 20:07 - 2015-10-07 05:18 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 12088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 10211016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 08982432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 08864920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 01223544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 00162232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 00143056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-12-16 20:06 - 2015-10-07 05:19 - 00130064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-12-16 18:55 - 2015-12-07 06:33 - 00001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-16 11:45 - 2014-12-04 08:16 - 00000000 ____D C:\Users\Thomas Paine\dwhelper
2015-12-16 05:52 - 2015-12-03 13:16 - 00001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-16 05:52 - 2015-12-03 13:16 - 00001030 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2015-12-16 05:52 - 2015-11-29 19:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-16 04:20 - 2012-01-01 11:03 - 00000000 ____D C:\Users\Thomas Paine\AppData\Roaming\Mozilla
2015-12-14 18:42 - 2015-11-17 13:48 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-14 06:50 - 2015-08-12 21:18 - 00002426 _____ C:\Users\Thomas Paine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-13 10:01 - 2015-11-14 13:57 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-13 09:02 - 2015-11-06 08:51 - 00000000 ____D C:\Users\Thomas Paine\Documents\BLUE ANGELS

==================== Files in the root of some directories =======

2015-01-10 18:23 - 2015-01-10 18:23 - 0002395 _____ () C:\Users\Thomas Paine\AppData\Roaming\FSS.txt
2011-08-01 12:10 - 2011-09-01 12:10 - 0001854 _____ () C:\Users\Thomas Paine\AppData\Roaming\GhostObjGAFix.xml
2012-12-31 22:27 - 2012-12-31 22:27 - 0029434 _____ () C:\Users\Thomas Paine\AppData\Roaming\UserTile.png
2010-07-26 17:15 - 2015-10-10 13:45 - 0067584 _____ () C:\Users\Thomas Paine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-08-07 19:42 - 2010-12-01 18:32 - 0000000 _____ () C:\Users\Thomas Paine\AppData\Local\prvlcl.dat
2015-01-17 13:46 - 2015-01-17 13:46 - 0000915 _____ () C:\Users\Thomas Paine\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\Thomas Paine\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Thomas Paine\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-07 18:33

==================== End of FRST.txt ============================

learninmypc · Jan 9, 2016

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-01-2015
Ran by ciber surfer (2016-01-09 17:14:31)
Running from C:\Users\Thomas Paine\Pictures\OTHER FOLDERS\Desktop
Windows 10 Home (X64) (2015-11-14 22:52:43)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-555829191-1849574639-2068614983-500 - Administrator - Disabled)
ciber surfer (S-1-5-21-555829191-1849574639-2068614983-1001 - Administrator - Enabled) => C:\Users\Thomas Paine
DefaultAccount (S-1-5-21-555829191-1849574639-2068614983-503 - Limited - Disabled)
Guest (S-1-5-21-555829191-1849574639-2068614983-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-555829191-1849574639-2068614983-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C5D8EEB2-EDBC-4375-829D-BE50547C8890}) (Version: 1.3 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{1ce01891-839b-4ad1-b629-2e608ba0c6ba}) (Version: 1.0 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B93CD779-D1C1-4B4D-A9E5-564A542C6DFD}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Belkin Connect Wireless USB Adapter (HKLM-x32\...\InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}) (Version: 1.0.0.3 - Belkin)
Belkin Connect Wireless USB Adapter (x32 Version: 1.0.0.3 - Belkin) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Digital Cable Advisor (HKLM\...\{07ECF9FC-BB47-4325-8345-7BFEC708DDD7}) (Version: 1.0.0.0 - Microsoft Corporation)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\Google Chrome SxS) (Version: 49.0.2617.0 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HostsMan 3.2.73 (HKLM-x32\...\{6ED53E0C-EAC0-4F0F-947D-6BA817E4C8C3}) (Version: 3.2.73 - abelhadigital.com)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.162.0 - ATI Technologies Inc.) Hidden
I-Menu version 4.1.3 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.1.3 - AOC)
iTunes (HKLM\...\{8A4D15F4-2148-48DF-AC31-9513E5B734ED}) (Version: 12.3.2.35 - Apple Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 43.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 43.0.4 (x64 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 - Microsoft)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.5 - AMD)
RAIDXpert (x32 Version: 3.2.1540.5 - AMD) Hidden
RealSpeak Solo Direct English-Spanish Voices (HKLM-x32\...\{32BE2B3D-3579-42DE-B5A1-C3EFB84180E4}) (Version: 1.0.75.101 - Freedom Scientific)
RealSpeak Solo Direct Karen (HKLM-x32\...\RSDKaren) (Version: 1.0.84.101 - Freedom Scientific)
RealSpeak Solo Direct Karen (x32 Version: 1.0.84.101 - Freedom Scientific) Hidden
RealSpeak Solo Direct Samantha (HKLM-x32\...\RSDSamantha) (Version: 1.0.84.101 - Freedom Scientific)
RealSpeak Solo Direct Samantha (x32 Version: 1.0.84.101 - Freedom Scientific) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sentinel System Driver Installer 7.5.0 (HKLM-x32\...\{FAEE61D3-2A5E-4F7F-926F-77AAC08CE4DD}) (Version: 7.5.0 - SafeNet, Inc.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SpywareBlaster 5.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1206 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)

learninmypc · Jan 9, 2016

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\Thomas Paine\AppData\Local\Google\Chrome SxS\Application\49.0.2617.0\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Thomas Paine\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005F1375-9C0E-47A8-981F-827A978C5B2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {08DC76E9-B27E-42DC-B8BA-E63D2C84CE50} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {092FE23C-F652-46ED-9319-642CF49C0063} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {10FC2F7A-B7D7-4E3B-9617-ED9783B0EF1C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.)
Task: {14B221DB-FB32-43D8-8F4E-D41A574802D2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001UA => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1C641E22-FBBB-4C98-8729-E607FC00A132} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {29879A44-907F-481B-BBD1-60C86993AD6F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {2BAB05F5-A873-46FB-9645-C0B4A0AA6777} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {319C828C-C5BC-4773-9727-3F7B0B232556} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-07] (Adobe Systems Incorporated)
Task: {3BADF559-8FD5-40CA-B3A5-E215A7B5F526} - System32\Tasks\{B5B9C26E-ACE6-47E5-8C5E-71E04B0E5E69} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe [2015-05-21] (Google)
Task: {40014DDA-124E-49FC-8E13-88738442458A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {425A8D0B-C82B-4061-921F-FF3953278822} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {42D1A755-CDA7-4097-A5D4-7AB8814C1D86} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {48BDE76F-33E8-4D9E-A3FA-7B17C8FB08A2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {4B50C778-4328-4AC3-AE30-E34B52C3F64E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {5034A9AA-841C-4B18-8FC3-83C4C5610F1D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {529C6C24-A2B3-4FA7-B501-4B06B701C3C1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {52D1BCA6-92E6-4513-BC2B-EFBBF6863B8D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001Core1d12e07e993e88d => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {58F24E48-3400-474B-95A4-8510774FE8AC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001UA1d12e07e9b93886 => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5989BFE6-1611-430A-9B21-BFA6DE855CF6} - System32\Tasks\{0D13E01F-326A-4C22-ADC7-E7CD296E1500} => pcalua.exe -a "C:\Users\Thomas Paine\Desktop\GoogleEarthWin.exe"
Task: {5BD9670B-B0E8-499F-B1CA-48A3525D07F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {5FF6E4BF-D06C-48FC-8818-076C8C02DD63} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {6083225E-7385-4289-B43D-2214E7DEEEC4} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6573E848-EB23-491D-82AB-F6E398077877} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {664145F1-4C4F-470F-A9C9-3943C313BAD4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {6A72AC2A-F500-4020-ACA0-A33096F052C5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {6E72837F-9420-474D-95AB-41D42CC7C7A6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001Core => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {72839123-2A23-4ADC-B510-AC735562227C} - System32\Tasks\{1806723F-2FD6-46E4-8F8F-FE49714C4F1E} => pcalua.exe -a H:\pulsingcolorsviz.exe -d H:\
Task: {7348BF02-FD74-4DEA-8B1C-0D9389CE7A95} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {736E719D-C8BE-40D9-A004-4363530D6105} - System32\Tasks\{45C5CDEF-BB3F-45C5-A053-9172611709B9} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe [2015-05-21] (Google)
Task: {7530F4D1-C197-4C6B-9784-C4DA954FF0E5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7777393E-F97A-45C3-AF37-E990FEA7331F} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {7EB1103C-11D5-418E-9A56-3A82EFA4C11D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {804309E7-85B9-4B33-8C3A-F0538D3E0526} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {83C07305-C382-444E-8CCD-7E5C09D17F57} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {8C7B9AEA-EBB0-406D-803F-3DA57C795197} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {8CB86F41-0D8B-42E5-B387-5EEB0F9EC37C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {8EFEC5C0-30D4-4A07-98D0-5F2B02A7225B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {91002F39-5C52-465C-A59A-8D4DFC299DB9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {942403C0-7207-4CCB-B43A-2405CB67888B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {95D48E3D-92CD-44A8-8F77-4B3628E3C908} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN486DW0FZ => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.)
Task: {97F0E2EF-C3B8-4DF9-9F39-C5D581C26B51} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {9860E47B-CC08-4F23-AC1E-CA265A85986A} - System32\Tasks\{B4438C33-94C4-4758-B5FF-8AEA54353D8F} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {9A4C9CD0-9498-455C-83D9-6B2895B8E9F7} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {9B58AA67-EEBD-44C6-8E92-5738408C18AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9DD811A0-587D-4B41-A6C5-B5F99899ED1E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {A079D799-B781-48B6-A48E-E8980807804E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A3EB0E60-F93E-4645-A45C-56E12C58BBC1} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {A4A6882B-F846-441B-80C7-38AB65668606} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A586EA31-1A86-454C-9752-848C929D550F} - System32\Tasks\{669392A8-DC8E-4BA7-B1AC-9D0A1E2F71DF} => pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Task: {A6477607-775D-48A5-B04E-BB43EE364E60} - System32\Tasks\{ABED777E-0929-47A0-8F19-940088E35483} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe [2015-05-21] (Google)
Task: {B3F4B099-BC92-419E-82E6-54D46862878E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B993CAFA-B26B-4C35-A888-8BE4A0354BF5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {BF2F39F2-98EA-4906-8D84-D3EA4C6B2DAA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CB6682AD-5654-4952-868D-E22B81CFBB58} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {D16FFC7C-5C52-4312-A9DA-2366E72CFF35} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {D3CF82B4-DC60-4A37-9FDC-B44E75409242} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2015-11-30] (Hewlett-Packard)
Task: {D5E836A3-CB98-4FA9-BA08-D8DD2E5AF7F1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {D6771D24-B7FA-4BDE-8C18-4F942774F086} - System32\Tasks\{FF880037-DE52-42CC-ABA3-ADB916ED4286} => pcalua.exe -a "C:\Users\Thomas Paine\Desktop\vcredist_x86.exe"
Task: {D808BBF2-F7FD-46C0-B408-0A500536A556} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-04] (AVAST Software)
Task: {D93EECED-1213-4E33-8407-9CCB2770CCE8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {D9918583-5A32-465B-A890-B5E0E9DD44FE} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {E140EF6A-E214-420B-B529-68843974526C} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-17] (PC-Doctor, Inc.)
Task: {E96E1773-03A4-4E88-BD76-0E4AA10CBF5E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {EBB2B077-6AC5-4FAD-BDDE-B5731BE84060} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {EBD8641A-D490-4DA7-93A0-8DDDF42C7124} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {F3904465-6F17-482E-91CE-5F582D6859E2} - System32\Tasks\{A5D1341D-316C-46D2-A029-CAA277B0F774} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe"
Task: {F42749C6-0DC7-4748-9C19-15A06358B595} - System32\Tasks\{92FDD299-A9AB-4EBC-90BD-14E938EAFD1D} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter
Task: {F7603521-87FF-40AD-96BD-D38123C26155} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {F9029F2E-1836-4D2E-BAED-148E7353A2A9} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F9C8F7A5-6BFD-4879-BD9E-30F754CE0FFC} - System32\Tasks\Microsoft_Hardware_Launch_LcBuddy_exe => C:\Program Files (x86)\Microsoft LifeCam\LcBuddy.exe [2010-12-13] (Microsoft Corporation)
Task: {F9DD678E-281F-44C4-BA55-2815166AE1A3} - System32\Tasks\HPCeeScheduleForciber surfer => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {FD01D2CE-B260-4661-AE32-452075AEBEB5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001Core.job => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001Core1d12e07e993e88d.job => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001UA.job => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-555829191-1849574639-2068614983-1001UA1d12e07e9b93886.job => C:\Users\Thomas Paine\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForciber surfer.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2009-09-19 14:38 - 2009-09-19 14:38 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2015-12-03 13:05 - 2015-11-22 02:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 13:05 - 2015-11-22 02:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-16 17:12 - 2015-12-16 17:13 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2009-09-19 14:40 - 2009-09-19 14:40 - 00122880 _____ () C:\WINDOWS\SysWOW64\WinMsgBalloonServer.exe
2015-12-18 05:27 - 2015-12-06 20:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 05:27 - 2015-12-06 20:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-18 05:28 - 2015-12-06 19:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-18 05:27 - 2015-12-06 19:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-18 05:27 - 2015-12-06 19:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-18 05:27 - 2015-12-06 19:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-04 09:00 - 2015-12-04 09:00 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-04 08:59 - 2015-12-04 08:59 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-09 10:45 - 2016-01-09 10:45 - 02821120 _____ () C:\Program Files\AVAST Software\Avast\defs\16010901\algo.dll
2015-12-04 08:59 - 2015-12-04 08:59 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2009-09-07 13:54 - 2009-09-07 13:54 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 00073512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-16 17:12 - 2015-12-16 17:13 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-16 17:12 - 2015-12-16 17:13 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-04 09:00 - 2015-12-04 09:00 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\google.com -> hxxps://www.google.com
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-555829191-1849574639-2068614983-1001\...\1-2005-search.com -> www.1-2005-search.com

There are 12684 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2015-01-13 16:52 - 00449968 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15463 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-555829191-1849574639-2068614983-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Thomas Paine\Pictures\CYBERS PICTURES\HAWKS\HAWKS AWAKEN.jpg
DNS Servers: 192.168.1.1 - 74.40.74.40
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

Broni · Jan 9, 2016

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

learninmypc · Jan 9, 2016

Hope I did it correctly
Fix result of Farbar Recovery Scan Tool (x64) Version:09-01-2015
Ran by ciber surfer (2016-01-09 18:25:30) Run:1
Running from C:\Users\Thomas Paine\Pictures\OTHER FOLDERS\Desktop
Loaded Profiles: ciber surfer (Available Profiles: ciber surfer & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
U3 idsvc; no ImagePath
2015-01-10 18:23 - 2015-01-10 18:23 - 0002395 _____ () C:\Users\Thomas Paine\AppData\Roaming\FSS.txt
2011-08-01 12:10 - 2011-09-01 12:10 - 0001854 _____ () C:\Users\Thomas Paine\AppData\Roaming\GhostObjGAFix.xml
2012-12-31 22:27 - 2012-12-31 22:27 - 0029434 _____ () C:\Users\Thomas Paine\AppData\Roaming\UserTile.png
2010-07-26 17:15 - 2015-10-10 13:45 - 0067584 _____ () C:\Users\Thomas Paine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-08-07 19:42 - 2010-12-01 18:32 - 0000000 _____ () C:\Users\Thomas Paine\AppData\Local\prvlcl.dat
2015-01-17 13:46 - 2015-01-17 13:46 - 0000915 _____ () C:\Users\Thomas Paine\AppData\Local\recently-used.xbel
C:\Users\Thomas Paine\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Thomas Paine\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Thomas Paine\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {2BAB05F5-A873-46FB-9645-C0B4A0AA6777} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {42D1A755-CDA7-4097-A5D4-7AB8814C1D86} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {48BDE76F-33E8-4D9E-A3FA-7B17C8FB08A2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {529C6C24-A2B3-4FA7-B501-4B06B701C3C1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7530F4D1-C197-4C6B-9784-C4DA954FF0E5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {91002F39-5C52-465C-A59A-8D4DFC299DB9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9B58AA67-EEBD-44C6-8E92-5738408C18AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A079D799-B781-48B6-A48E-E8980807804E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B3F4B099-BC92-419E-82E6-54D46862878E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BF2F39F2-98EA-4906-8D84-D3EA4C6B2DAA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FD01D2CE-B260-4661-AE32-452075AEBEB5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34

*****************

"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.1" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.0" => key removed successfully
idsvc => service removed successfully
C:\Users\Thomas Paine\AppData\Roaming\FSS.txt => moved successfully
C:\Users\Thomas Paine\AppData\Roaming\GhostObjGAFix.xml => moved successfully
C:\Users\Thomas Paine\AppData\Roaming\UserTile.png => moved successfully
C:\Users\Thomas Paine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Thomas Paine\AppData\Local\prvlcl.dat => moved successfully
C:\Users\Thomas Paine\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Thomas Paine\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Thomas Paine\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-555829191-1849574639-2068614983-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BAB05F5-A873-46FB-9645-C0B4A0AA6777}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BAB05F5-A873-46FB-9645-C0B4A0AA6777}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42D1A755-CDA7-4097-A5D4-7AB8814C1D86}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42D1A755-CDA7-4097-A5D4-7AB8814C1D86}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48BDE76F-33E8-4D9E-A3FA-7B17C8FB08A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48BDE76F-33E8-4D9E-A3FA-7B17C8FB08A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{529C6C24-A2B3-4FA7-B501-4B06B701C3C1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{529C6C24-A2B3-4FA7-B501-4B06B701C3C1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7530F4D1-C197-4C6B-9784-C4DA954FF0E5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7530F4D1-C197-4C6B-9784-C4DA954FF0E5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{91002F39-5C52-465C-A59A-8D4DFC299DB9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91002F39-5C52-465C-A59A-8D4DFC299DB9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B58AA67-EEBD-44C6-8E92-5738408C18AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B58AA67-EEBD-44C6-8E92-5738408C18AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A079D799-B781-48B6-A48E-E8980807804E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A079D799-B781-48B6-A48E-E8980807804E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3F4B099-BC92-419E-82E6-54D46862878E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3F4B099-BC92-419E-82E6-54D46862878E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF2F39F2-98EA-4906-8D84-D3EA4C6B2DAA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF2F39F2-98EA-4906-8D84-D3EA4C6B2DAA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD01D2CE-B260-4661-AE32-452075AEBEB5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD01D2CE-B260-4661-AE32-452075AEBEB5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.

==== End of Fixlog 18:25:31 ====

Broni · Jan 9, 2016

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

learninmypc · Jan 9, 2016

Results of screen317's Security Check version 1.009
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
SpywareBlaster 5.4
HostsMan 3.2.73
Adobe Flash Player 20.0.0.267
Google Chrome (47.0.2526.106)
Google Chrome (47.0.2526.80)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

learninmypc · Jan 9, 2016

Farbar Service Scanner Version: 03-01-2016
Ran by ciber surfer (administrator) on 09-01-2016 at 18:33:35
Running from "C:\Users\Thomas Paine\Pictures\OTHER FOLDERS\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

learninmypc · Jan 10, 2016

Broni · Jan 10, 2016

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

learninmypc · Jan 10, 2016

Thank you very kindly, it is running better.

Broni · Jan 10, 2016

Way to go!!
Good luck and stay safe

Solved Strange behavior

Posts: 9,676 +724

Posts: 9,676 +724

Posts: 9,676 +724

Posts: 9,676 +724

Posts: 9,676 +724

Posts: 56,041 +516

Posts: 9,676 +724

Posts: 9,676 +724

Posts: 9,676 +724

Posts: 9,676 +724

Posts: 56,041 +516

Posts: 9,676 +724

Posts: 9,676 +724

Posts: 9,676 +724

Posts: 9,676 +724

Posts: 56,041 +516

Attachments

Posts: 9,676 +724

Posts: 56,041 +516

Posts: 9,676 +724

Posts: 9,676 +724

Posts: 9,676 +724

Posts: 56,041 +516

Posts: 9,676 +724

Posts: 56,041 +516

Similar threads