Inactive Virus/malware or something else? Keyboard issue

[Goldfissh]

Laptop: Sony Vaio VPCEB2C5E running Windows 7

While visiting websites for a project (investment websites - didn't think there was anything dodgy) my laptop started performing strangely. Several of the keys stopped working - p, shift, odd numbers (1,3,5,7,9), and backspace. If I pressed them, nothing happened. The remaining keys were completely fine.

I did a virus scan with AVG, it found a virus (I did not note the name unfortunately), and cleared it. My laptop went back to normal. I also scanned with Malwarebytes (nothing) and SuperAntiSpyware (found some tracking cookies, but it usually does).

A week later, when I was writing my report and checking my sources (same websites) the keyboard issue occurred again. This time AVG didn't find anything. I changed to Avira which found two files infected with Pidief.ME.3 and 4, but after clearing them I still had the keyboard issue. After lots of attempts to fix it including reinstalling the keyboard drivers and restoring to an earlier restore point, it went mostly back to normal. The issue still occurred sometimes but only for a few seconds before recovering back to normal. The virus scanners continued to be clear. It was like this for about a week.

Yesterday, the issue returned to the point where the keyboard was unusable. The processing is also very slow when the keyboard issue is occurring. I hadn't visited any of the websites I had previously so now I am confused about whether it is a virus, some damage caused by a virus, or something else. Reinstalling the keyboard drivers didn't help. Restoring to an earlier point seemed to have resolved the issue - but today it is back again. The virus scanners are both still clear. It seems to help to turn the wifi adapter off - the virus scanners (as an example of processor-intensive activity) run much more quickly then.

I don't think it's a physical issue with the keyboard e.g. a spill - because I haven't spilled anything, and also because it is random keys (like the odd numbers) whereas a spill would tend to be adjacent keys.

Is this a virus/malware, or something else? How can I accurately diagnose and fix it?

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Goldfissh]

Thanks for the welcome - hopefully I won't be here too long

The download link in the other thread to Farbar doesn't work - it says the link has expired and redirects to Bleeping Computer so I downloaded it from there. The instructions say to start a new topic in Malware Removal, but my original thread was already there so I have continued here. If I should be posting somewhere else please let me know. The logs are below.

Observations that might be useful:
- When I first started using my laptop this morning it was okay - all letters working, but after about an hour the issue occurred again and it has continued since.
- If I use the On-Screen Keyboard to type, all the letters work fine.
- Yesterday I did a hard drive scan and it all came up as OK.

----------------------------------------------
In the logs I have replaced my name with goldfissh and removed some items from the file lists where the filename included a client name which I can't post in a public forum - hope this is okay.

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2017
Ran by goldfissh (administrator) on goldfissh-VAIO (27-02-2017 10:45:36)
Running from C:\Users\goldfissh\Desktop
Loaded Profiles: goldfissh (Available Profiles: goldfissh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\updatescripts\srvany.exe
(The PHP Group) C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\php\php.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apache Software Foundation) C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\bin\Apache.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apache Software Foundation) C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\bin\Apache.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Seagate Technology LLC) C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Scout\Application\scout.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Scout\Application\scout.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Scout\Application\scout.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Scout\Application\scout.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Scout\Application\scout.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Scout\Application\scout.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Scout\Application\scout.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-02-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\SysWOW64\VESWinlogon.dll [2009-12-01] (Sony Corporation)
HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\MountPoints2: {3966f36d-41b6-11e0-8b3f-c44619b2e2e4} - D:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\MountPoints2: {cfdc1e4e-78d4-11e0-aa4f-c44619b2e2e4} - D:\.\Setup.exe AUTORUN=1
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
Startup: C:\Users\goldfissh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2017-01-01]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{927587AB-1894-493E-8E72-6063314BF69A}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{EC19D428-B36F-4D8F-B458-DB4400362D30}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-014-756
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-928801702-3077407482-3869533313-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
HKU\S-1-5-21-928801702-3077407482-3869533313-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk-mg5.mail.yahoo.com/neo/launch?.rand=872fenf2dujii
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> DefaultScope {67B4F6F6-DEA2-42F9-84A7-6785674F4D19} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {1686262A-C27D-4A79-8D82-C55F4D8BB35A} URL = hxxp://uk.shopping.com/?linkin_id=8056359
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {67B4F6F6-DEA2-42F9-84A7-6785674F4D19} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {8FD01E4A-8F30-4C90-8E35-DEF880420C67} URL = hxxp://rover.ebay.com/rover/1/710-42480-16445-5/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {96B8ABCB-AC35-45F0-886C-1C2B912B5FFD} URL = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {B2EC8D7B-5F99-4D85-94B8-E3BF03379046} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {76496E5E-244A-424F-B5A5-B677051BD958} hxxp://www.genavsystems.com/ftu/2096/FLIGHTOFFICE.CAB
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\goldfissh\AppData\Roaming\Prism\Profiles\1nquevq8.default [2015-09-13]
FF Homepage: Prism\Profiles\1nquevq8.default -> hxxp://127.0.0.1:888/
FF ProfilePath: C:\Users\goldfissh\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default [2017-02-26]
FF NewTab: Mozilla\Firefox\Profiles\fcotwa47.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\fcotwa47.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\fcotwa47.default -> hxxps://www.google.com/search?bcutc=sp-014-756
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\fcotwa47.default -> Google
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\fcotwa47.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\fcotwa47.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\fcotwa47.default -> hxxps://www.google.com/?bcutc=sp-014-756
FF Keyword.URL: Mozilla\Firefox\Profiles\fcotwa47.default -> hxxps://www.google.com/search?bcutc=sp-014-756
FF NetworkProxy: Mozilla\Firefox\Profiles\fcotwa47.default -> type", 0
FF Extension: (Avira Browser Safety) - C:\Users\goldfissh\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\Extensions\abs@avira.com [2017-02-20]
FF Extension: (Bing Search Engine) - C:\Users\goldfissh\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\Extensions\bingsearch.full@microsoft.com [2015-03-15] [not signed]
FF Extension: (Firefox Hotfix) - C:\Users\goldfissh\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-02-06]
FF Extension: (Avira SafeSearch Plus) - C:\Users\goldfissh\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\Extensions\safesearchplus2@avira.com [2017-02-21]
FF Extension: (Modify Headers) - C:\Users\goldfissh\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2016-07-08]
FF SearchPlugin: C:\Users\goldfissh\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\searchplugins\google-avast.xml [2017-02-08]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-28] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.9.0.230 => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-12-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.31.7\npScoutUpdate3.dll [2017-02-21] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.31.7\npScoutUpdate3.dll [2017-02-21] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.0.5 -> C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\client\vlc\npvlc.dll [2010-01-30] (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-928801702-3077407482-3869533313-1000: @citrixonline.com/appdetectorplugin -> C:\Users\goldfissh\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-928801702-3077407482-3869533313-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\goldfissh\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com","hxxps://accounts.google.com/ServiceLogin?service=mail&continue=hxxps://mail.google.com/mail/#identifier","hxxps://www.facebook.com/"
CHR Profile: C:\Users\goldfissh\AppData\Local\Google\Chrome\User Data\Default [2017-02-26]
CHR Extension: (Google Slides) - C:\Users\goldfissh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-02]
CHR Extension: (Google Docs) - C:\Users\goldfissh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-02]
CHR Extension: (Google Drive) - C:\Users\goldfissh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-02]
CHR Extension: (YouTube) - C:\Users\goldfissh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-02]
CHR Extension: (Google Search) - C:\Users\goldfissh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-02]
CHR Extension: (Google Sheets) - C:\Users\goldfissh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-02]
CHR Extension: (Avira Browser Safety) - C:\Users\goldfissh\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\goldfissh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\goldfissh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-28]
CHR Extension: (Gmail) - C:\Users\goldfissh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-02]
CHR Extension: (Chrome Media Router) - C:\Users\goldfissh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR Profile: C:\Users\goldfissh\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-10-03]
CHR Profile: C:\Users\goldfissh\AppData\Local\Google\Chrome\User Data\System Profile [2016-10-03]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487424 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487424 2017-02-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519144 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ATPLupd; C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\updatescripts\srvany.exe [8192 2003-04-18] () [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
S2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [308616 2017-02-03] (Avira Operations GmbH & Co. KG)
R2 BGS; C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\bin\Apache.exe [20550 2010-10-18] (Apache Software Foundation) [File not signed]
R2 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-22] (Dropbox, Inc.)
S2 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-22] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.)
R2 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Maxtor Sync Service; C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe [156976 2007-09-28] (Seagate Technology LLC)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S2 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S2 scupdate; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-02-21] (Avira Operations GmbH & Co. KG)
S3 scupdatem; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-02-21] (Avira Operations GmbH & Co. KG)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-27] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [845312 2010-08-11] (Sony Corporation) [File not signed]
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2016-01-14] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe [415232 2016-08-09] (Wondershare) [File not signed]
S2 ADExchange; no ImagePath
S2 HDD & SSD access service; no ImagePath
S3 TBS; %SystemRoot%\System32\tbssvc.dll [X]
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
S2 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]
S3 WsDrvInst; no ImagePath

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-02-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-02-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-02-15] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [51248 2017-02-15] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [116864 2011-03-01] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [116224 2011-03-01] (Huawei Technologies Co., Ltd.) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7778176 2009-12-16] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [244736 2009-12-16] (Intel(R) Corporation) [File not signed]
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [119680 2009-11-17] (TCT International Mobile Ltd)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-26] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-26] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-26] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 pccsmcfd; no ImagePath
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-01-14] (Western Digital Technologies)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

[Goldfissh]

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-27 10:45 - 2017-02-27 10:49 - 00040744 _____ C:\Users\goldfissh\Desktop\FRST.txt
2017-02-27 10:45 - 2017-02-27 10:45 - 00000000 ____D C:\FRST
2017-02-27 10:40 - 2017-02-27 10:40 - 02423296 _____ (Farbar) C:\Users\goldfissh\Desktop\FRST64.exe
2017-02-26 22:24 - 2017-02-26 22:24 - 00000000 _____ C:\Users\goldfissh\AppData\Local\{C960B433-5DA9-48AB-83A8-605A368C6C7E}
2017-02-26 21:45 - 2017-02-26 21:55 - 00002590 _____ C:\Users\goldfissh\Desktop\Rkill.txt
2017-02-26 21:23 - 2017-02-26 21:23 - 00000043 _____ C:\Users\goldfissh\Desktop\5 scan.txt
2017-02-26 18:30 - 2017-02-26 21:57 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-26 18:30 - 2017-02-26 21:57 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-26 18:30 - 2017-02-26 21:57 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-26 18:30 - 2017-02-26 21:57 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-26 18:30 - 2017-02-26 18:30 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-26 18:30 - 2017-02-26 18:30 - 00001867 _____ C:\Users\Public\Desktop\3 Malwarebytes.lnk
2017-02-26 18:30 - 2017-02-26 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-26 18:30 - 2017-02-26 18:30 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-26 18:30 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-26 18:07 - 2017-02-26 18:07 - 00005064 _____ C:\Users\goldfissh\Downloads\TPM_Base_Services (1).reg
2017-02-26 15:07 - 2017-02-26 15:07 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\goldfissh\Desktop\2 rkill64.exe
2017-02-26 14:48 - 2017-02-26 14:48 - 00427648 _____ (Bleeping Computer, LLC) C:\Users\goldfissh\Desktop\6 unhide.exe
2017-02-26 14:43 - 2017-02-26 21:24 - 00000000 ____D C:\Users\goldfissh\Desktop\laptop issue
2017-02-26 14:31 - 2017-02-26 21:45 - 00000000 ____D C:\AdwCleaner
2017-02-26 14:31 - 2017-02-26 14:31 - 04015056 _____ C:\Users\goldfissh\Desktop\1 AdwCleaner.exe
2017-02-26 14:29 - 2017-02-26 14:30 - 04015056 _____ C:\Users\goldfissh\Downloads\AdwCleaner.exe
2017-02-26 13:03 - 2017-02-26 13:03 - 00000462 _____ C:\Users\goldfissh\Desktop\US sim.txt
2017-02-24 20:59 - 2017-02-24 21:00 - 19919496 _____ C:\Users\goldfissh\Downloads\Attachments_2017224 (1).zip
2017-02-24 20:58 - 2017-02-24 21:07 - 00000022 _____ C:\Users\goldfissh\Downloads\Attachments_2017224.zip
2017-02-24 20:26 - 2017-02-24 20:26 - 00000000 ____D C:\Users\goldfissh\AppData\Local\748A0AB9-F073-4E14-BCD2-A692572E4A9D.aplzod
2017-02-23 13:55 - 2017-02-23 20:09 - 00000884 _____ C:\Users\goldfissh\Desktop\Events.txt
2017-02-22 13:52 - 2017-02-27 08:57 - 00000000 ___RD C:\Users\goldfissh\Dropbox
2017-02-22 13:52 - 2017-02-22 13:52 - 00001226 _____ C:\Users\goldfissh\Desktop\Dropbox.lnk
2017-02-22 13:50 - 2017-02-22 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-22 13:48 - 2017-02-22 13:48 - 00000000 ____D C:\Users\goldfissh\AppData\Roaming\Dropbox
2017-02-22 13:46 - 2017-02-27 09:52 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-22 13:46 - 2017-02-26 22:29 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-22 13:46 - 2017-02-22 13:52 - 00000000 ____D C:\Users\goldfissh\AppData\Local\Dropbox
2017-02-22 13:46 - 2017-02-22 13:50 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-22 13:46 - 2017-02-22 13:46 - 00003910 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-02-22 13:46 - 2017-02-22 13:46 - 00003658 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-02-22 13:46 - 2017-02-22 13:46 - 00000000 ____D C:\ProgramData\Dropbox
2017-02-21 23:38 - 2017-02-21 23:38 - 00000000 ____D C:\Users\goldfissh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-21 23:30 - 2017-02-21 23:30 - 00002148 _____ C:\Users\Public\Desktop\Avira Scout.lnk
2017-02-21 23:29 - 2017-02-27 10:34 - 00001050 _____ C:\Windows\Tasks\AviraScoutUpdateTaskMachineUA.job
2017-02-21 23:29 - 2017-02-26 23:34 - 00001046 _____ C:\Windows\Tasks\AviraScoutUpdateTaskMachineCore.job
2017-02-21 23:29 - 2017-02-21 23:29 - 00004070 _____ C:\Windows\System32\Tasks\AviraScoutUpdateTaskMachineUA
2017-02-21 23:29 - 2017-02-21 23:29 - 00003818 _____ C:\Windows\System32\Tasks\AviraScoutUpdateTaskMachineCore
2017-02-21 23:26 - 2017-02-26 18:31 - 00000000 ____D C:\Users\goldfissh\Desktop\Antivirus EXEs
2017-02-21 23:26 - 2017-02-21 23:38 - 00000000 ____D C:\Users\goldfissh\AppData\Local\Avira
2017-02-21 23:26 - 2017-02-21 23:26 - 00001040 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-02-21 23:26 - 2017-02-21 23:26 - 00000000 ____D C:\Users\goldfissh\AppData\Local\AviraSpeedup
2017-02-21 23:22 - 2017-02-21 23:22 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-02-21 23:21 - 2017-02-15 16:55 - 00176968 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-02-21 23:21 - 2017-02-15 16:55 - 00148104 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-02-21 23:21 - 2017-02-15 16:55 - 00078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-02-21 23:21 - 2017-02-15 16:55 - 00051248 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-02-21 23:21 - 2017-02-15 16:55 - 00035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-02-21 23:15 - 2017-02-21 23:15 - 00001204 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-02-21 09:18 - 2017-02-21 09:18 - 00057600 _____ C:\Users\goldfissh\Downloads\vypis-402360.pdf
2017-02-21 08:32 - 2017-02-21 08:32 - 00770782 _____ C:\Users\goldfissh\Downloads\Sample of Prospective business accounts (2).xlsx
2017-02-20 20:04 - 2017-02-20 20:04 - 00029153 _____ C:\ProgramData\agent.1487621032.bdinstall.bin
2017-02-20 19:43 - 2017-02-20 19:43 - 00000000 ____D C:\Users\goldfissh\AppData\Roaming\Avira
2017-02-20 19:24 - 2017-02-26 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-20 19:24 - 2017-02-26 13:58 - 00000000 ____D C:\Program Files (x86)\Avira
2017-02-20 19:10 - 2017-02-20 19:10 - 00000000 ____D C:\Users\goldfissh\AppData\Roaming\QuickScan
2017-02-20 19:06 - 2017-02-20 19:06 - 00048200 _____ C:\ProgramData\agent.1487617558.bdinstall.bin
2017-02-20 19:06 - 2017-02-20 19:06 - 00000000 ____D C:\ProgramData\BDLogging
2017-02-20 19:05 - 2017-02-26 13:58 - 00000000 ____D C:\ProgramData\Avira
2017-02-20 19:05 - 2017-02-20 19:06 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-02-20 10:33 - 2017-02-20 10:33 - 00770782 _____ C:\Users\goldfissh\Downloads\Sample of Prospective business accounts (1).xlsx
2017-02-18 17:09 - 2017-02-18 17:09 - 00126922 _____ C:\Users\goldfissh\Documents\How to Hand-Wash a Sweater and Remove Pills _ Martha Stewart.pdf
2017-02-18 16:57 - 2017-02-18 16:57 - 00699199 _____ C:\Users\goldfissh\Documents\The GQ Guide to Washing Your Cashmere Sweater _ GQ.pdf
2017-02-16 14:07 - 2017-02-16 14:07 - 00884372 _____ C:\Users\goldfissh\Downloads\IMG_3871 (1).MOV
2017-02-15 09:27 - 2017-02-15 09:27 - 20359768 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2017-02-14 17:33 - 2017-02-14 17:33 - 00000000 ____D C:\Users\goldfissh\AppData\Roaming\SUPERAntiSpyware.com
2017-02-14 17:32 - 2017-02-26 18:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-14 17:32 - 2017-02-14 17:32 - 00001808 _____ C:\Users\Public\Desktop\4 SUPERAntiSpyware Free Edition.lnk
2017-02-14 11:54 - 2017-02-14 11:54 - 00002009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Wickr Me.lnk
2017-02-14 11:54 - 2017-02-14 11:54 - 00002003 _____ C:\Users\Public\Desktop\Wickr Me.lnk
2017-02-14 11:54 - 2017-02-14 11:54 - 00000000 ____D C:\Users\goldfissh\AppData\Local\Wickr, LLC
2017-02-14 11:54 - 2017-02-14 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wickr Me
2017-02-14 11:54 - 2017-02-14 11:54 - 00000000 ____D C:\Program Files (x86)\Wickr Inc
2017-02-14 11:49 - 2017-02-14 11:51 - 83206144 _____ C:\Users\goldfissh\Downloads\WickrMe-2.6.0.msi
2017-02-14 09:30 - 2017-02-14 09:30 - 00002571 _____ C:\Users\goldfissh\Desktop\GoToMeeting Quick Connect.lnk
2017-02-14 09:19 - 2017-02-27 10:18 - 00000586 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-928801702-3077407482-3869533313-1000.job
2017-02-14 09:19 - 2017-02-27 10:15 - 00000682 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-928801702-3077407482-3869533313-1000.job
2017-02-14 09:19 - 2017-02-21 12:08 - 00003728 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-928801702-3077407482-3869533313-1000
2017-02-14 09:19 - 2017-02-21 12:08 - 00003632 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-928801702-3077407482-3869533313-1000
2017-02-13 18:12 - 2017-02-13 18:12 - 00000000 _____ C:\Users\goldfissh\Downloads\MyMessageViewPage.pdf
2017-02-13 18:12 - 2017-02-13 18:12 - 00000000 _____ C:\Users\goldfissh\Downloads\MyMessageViewPage (1).pdf
2017-02-09 13:44 - 2017-02-09 13:44 - 01157656 _____ (Oracle Corporation) C:\Users\goldfissh\Downloads\JavaUninstallTool.exe
2017-02-08 19:32 - 2017-02-21 11:48 - 00992488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgsnx.sys.148767792642001
2017-02-08 09:26 - 2017-02-08 09:26 - 00036764 _____ C:\Users\goldfissh\Downloads\Statement_Feb 2017.pdf
2017-02-07 04:38 - 2017-02-07 04:38 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-07 04:38 - 2017-02-07 04:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-02-07 04:38 - 2017-02-07 04:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-07 04:38 - 2017-02-07 04:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-02 16:31 - 2017-02-02 16:34 - 01903179 _____ C:\Users\goldfissh\Downloads\file.jpeg
2017-02-01 17:27 - 2017-02-01 17:27 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-01 17:27 - 2017-02-01 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-01 17:25 - 2017-02-01 17:26 - 00000000 ____D C:\Program Files\iTunes
2017-02-01 17:25 - 2017-02-01 17:25 - 00000000 ____D C:\Program Files\iPod
2017-01-29 12:18 - 2017-01-29 12:18 - 00017399 _____ C:\Users\goldfissh\Downloads\170207.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-27 10:27 - 2013-05-20 18:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-27 09:47 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\tracing
2017-02-27 09:02 - 2009-07-14 04:45 - 00022976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-27 09:02 - 2009-07-14 04:45 - 00022976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-27 08:57 - 2010-09-23 18:33 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CF28CAB4-32EB-47CE-A403-C856DB98D941}
2017-02-27 00:10 - 2012-12-07 22:45 - 00740046 _____ C:\test.xml
2017-02-26 22:38 - 2015-12-16 17:10 - 00000000 ____D C:\Users\goldfissh\Desktop\OpenHardwareMonitor
2017-02-26 22:31 - 2011-02-24 20:29 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-02-26 22:30 - 2016-10-29 19:38 - 00000000 ___RD C:\Users\goldfissh\iCloudDrive
2017-02-26 22:29 - 2011-07-26 20:25 - 00000534 _____ C:\Windows\Tasks\ATPL Update maintenance.job
2017-02-26 22:29 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-26 22:12 - 2015-01-24 16:09 - 02945614 _____ C:\Windows\ntbtlog.txt
2017-02-26 20:46 - 2014-12-10 21:45 - 00000000 ____D C:\Windows\system32\appraiser
2017-02-26 20:46 - 2014-05-03 19:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-02-26 18:30 - 2016-03-18 21:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-26 14:37 - 2015-12-28 10:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-26 13:57 - 2009-07-14 05:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-26 13:57 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2017-02-26 12:19 - 2015-12-25 11:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-25 19:41 - 2016-10-29 19:38 - 00000000 ____D C:\Users\goldfissh\AppData\Local\Apple Inc
2017-02-25 19:36 - 2010-09-23 18:29 - 00000000 ____D C:\Users\goldfissh
2017-02-25 19:28 - 2010-05-19 23:01 - 00000000 ____D C:\ProgramData\Sony Corporation
2017-02-25 19:27 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2017-02-25 19:00 - 2011-11-21 22:19 - 00007616 _____ C:\Users\goldfissh\AppData\Local\Resmon.ResmonCfg
2017-02-24 20:29 - 2015-03-08 15:23 - 00000000 ____D C:\Users\goldfissh\Documents\Outlook Files
2017-02-24 20:29 - 2010-09-25 17:01 - 00000000 ____D C:\Users\goldfissh\AppData\Roaming\Apple Computer
2017-02-24 17:31 - 2016-09-25 10:27 - 00000559 _____ C:\Users\goldfissh\Desktop\Websites.txt
2017-02-23 13:51 - 2012-10-27 08:47 - 00000000 ____D C:\Program Files (x86)\Chat Undetected
2017-02-23 13:51 - 2010-05-19 21:44 - 00000000 ____D C:\Windows\Panther
2017-02-22 14:13 - 2016-10-26 11:11 - 00000000 ____D C:\Users\goldfissh\Documents\Tax_AU464_Oct2017
2017-02-22 09:08 - 2016-07-08 21:45 - 00000000 ____D C:\Users\goldfissh\Documents\ZZ old versions
2017-02-21 23:48 - 2010-09-25 16:47 - 00000000 ____D C:\ProgramData\ArcSoft
2017-02-21 23:38 - 2009-07-14 04:45 - 00404232 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-21 23:25 - 2010-09-23 18:29 - 00103048 _____ C:\Users\goldfissh\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-21 23:14 - 2016-10-01 15:57 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-21 23:14 - 2015-10-26 22:44 - 00000000 ____D C:\ProgramData\Avg
2017-02-21 23:13 - 2015-10-26 22:33 - 00000000 ____D C:\Users\goldfissh\AppData\Local\AvgSetupLog
2017-02-21 23:08 - 2012-02-19 11:40 - 00000000 ____D C:\Users\goldfissh\AppData\Roaming\AVG
2017-02-21 11:43 - 2016-03-13 18:49 - 00013084 _____ C:\Users\goldfissh\Desktop\DesktopOK.ini
2017-02-21 11:42 - 2015-05-30 11:41 - 00000000 ____D C:\Users\goldfissh\AppData\Local\Avg
2017-02-21 11:38 - 2015-08-13 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-02-21 11:33 - 2014-03-30 16:49 - 00000000 __RHD C:\MSOCache
2017-02-21 11:22 - 2010-09-26 13:16 - 00000000 ____D C:\Users\goldfissh\AppData\Local\ElevatedDiagnostics
2017-02-16 08:20 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-15 09:27 - 2013-05-20 18:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-15 09:27 - 2012-04-04 22:26 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-15 09:27 - 2012-02-18 18:22 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-15 09:27 - 2011-11-26 20:46 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 09:27 - 2010-09-13 20:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 17:33 - 2016-10-11 13:49 - 00000000 ____D C:\ProgramData\SUPERSetup
2017-02-14 09:19 - 2013-10-29 21:28 - 00000000 ____D C:\Users\goldfissh\AppData\Local\Citrix
2017-02-13 11:58 - 2010-09-25 16:46 - 00000000 ____D C:\Users\goldfissh\AppData\Roaming\Skype
2017-02-12 19:44 - 2010-09-26 15:04 - 00000000 ____D C:\Users\goldfissh\Documents\Backup
2017-02-09 15:04 - 2010-09-26 14:49 - 00000000 ____D C:\Users\goldfissh\Documents\Resume
2017-02-09 15:03 - 2010-09-26 14:48 - 00000000 ____D C:\Users\goldfissh\Documents\_Flying
2017-02-09 14:41 - 2011-07-01 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diamond DA40D G1000 Trainer v6.14
2017-02-09 13:45 - 2016-10-26 23:47 - 00000000 ____D C:\ProgramData\Oracle
2017-02-09 13:41 - 2012-08-17 19:13 - 00000000 ____D C:\Program Files (x86)\7-Zip
2017-02-09 13:40 - 2010-09-25 16:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-09 13:40 - 2010-09-25 16:45 - 00000000 ____D C:\ProgramData\Skype
2017-02-09 13:39 - 2014-08-23 18:03 - 00000000 ____D C:\Users\goldfissh\AppData\Local\Adobe
2017-02-09 13:39 - 2010-09-28 20:33 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-09 13:01 - 2012-05-10 20:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-08 20:25 - 2010-10-17 16:44 - 00000000 ____D C:\Program Files (x86)\FAATP2010
2017-02-08 09:35 - 2010-09-26 14:48 - 00000000 ____D C:\Users\goldfissh\Documents\Amex
2017-02-07 09:27 - 2016-01-02 13:49 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 12:56 - 2010-09-26 14:49 - 00000000 ____D C:\Users\goldfissh\Documents\References inc leadership
2017-02-01 17:25 - 2010-09-25 16:59 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-28 17:23 - 2015-03-08 15:15 - 00000000 ____D C:\regid.1991-06.com.microsoft
2017-01-28 17:21 - 2015-03-08 15:12 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2013-06-27 22:42 - 2014-06-22 13:55 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2010-11-07 15:20 - 2012-03-11 21:09 - 0006808 _____ () C:\Users\goldfissh\AppData\Roaming\.freeciv-client-rc-2.2
2017-01-01 12:04 - 2017-01-01 12:04 - 0012955 _____ () C:\Users\goldfissh\AppData\Roaming\Comma Separated Values.CAL
2012-02-18 19:00 - 2012-02-18 19:19 - 0104787 _____ () C:\Users\goldfissh\AppData\Local\ars.cache
2012-02-18 19:00 - 2012-02-18 19:19 - 0928700 _____ () C:\Users\goldfissh\AppData\Local\census.cache
2010-12-18 13:39 - 2014-10-13 21:57 - 0012800 _____ () C:\Users\goldfissh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-18 18:47 - 2012-02-18 18:47 - 0000036 _____ () C:\Users\goldfissh\AppData\Local\housecall.guid.cache
2011-11-21 22:19 - 2017-02-25 19:00 - 0007616 _____ () C:\Users\goldfissh\AppData\Local\Resmon.ResmonCfg
2017-02-26 22:24 - 2017-02-26 22:24 - 0000000 _____ () C:\Users\goldfissh\AppData\Local\{C960B433-5DA9-48AB-83A8-605A368C6C7E}
2017-02-20 19:06 - 2017-02-20 19:06 - 0048200 _____ () C:\ProgramData\agent.1487617558.bdinstall.bin
2017-02-20 20:04 - 2017-02-20 20:04 - 0029153 _____ () C:\ProgramData\agent.1487621032.bdinstall.bin
2010-09-25 16:46 - 2010-09-25 16:46 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-12-18 19:44 - 2016-04-16 17:08 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2016-03-13 17:15 - 2016-03-13 17:15 - 0006809 _____ () C:\ProgramData\MusicStation.log

Files to move or delete:
====================
C:\Users\goldfissh\CTX.DAT


Some files in TEMP:
====================
2017-02-09 13:38 - 2017-02-09 13:39 - 44050400 _____ (Skype Technologies S.A.) C:\Users\goldfissh\AppData\Local\Temp\SkypeSetup.exe
2016-08-16 07:48 - 2016-08-16 07:48 - 0488960 _____ () C:\Users\goldfissh\AppData\Local\Temp\sqlite3.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-24 21:53

==================== End of FRST.txt ============================

 

[Goldfissh]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2017
Ran by goldfissh (27-02-2017 10:51:06)
Running from C:\Users\goldfissh\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-09-23 18:29:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-928801702-3077407482-3869533313-500 - Administrator - Disabled)
goldfissh (S-1-5-21-928801702-3077407482-3869533313-1000 - Administrator - Enabled) => C:\Users\goldfissh
Guest (S-1-5-21-928801702-3077407482-3869533313-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-928801702-3077407482-3869533313-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft Magic-I Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.278 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{5BC83141-83DD-07BE-C940-04B385540F04}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
ATP DIGITAL 6 (HKLM-x32\...\{0C264625-303E-4458-93BB-B95CA9CB0209}) (Version: 6.0.27 - ATP DIGITAL)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.154 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.5.1.27035 - Avira Operations GmbH & Co. KG)
Avira Scout (HKLM-x32\...\Avira Scout) (Version: 17.1.2924.2244 - Avira Operations GmbH & Co. KG)
Aware System Update (HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\b9355229a2e7c67c) (Version: 1.0.0.13 - Airbox Aerospace Ltd)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.2.0.10 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.1.0.4 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
ccc-core-static (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Chinese Traditional Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-2448-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Click to Disc MergeModules x64 (Version: 1.0.14230 - Sony Corporation) Hidden
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.538 - Corel Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DiskCheckup v3.1 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.1.1005 - PassMark Software)
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Family Tree Maker 2006 (HKLM-x32\...\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}) (Version: - )
Free iTunes Backup Extractor version 5.4.0.2 (HKLM-x32\...\{F891E77B-EB1C-4035-BCC4-4DEF91EDD69E}_is1) (Version: 5.4.0.2 - HONGKONG JIHO CO., LIMITED)
Gleim FAA Test Prep 2010 WebDeploy (HKLM-x32\...\FAATPWSUEW49) (Version: 49 - Gleim)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.0.0.6441 (HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\GoToMeeting) (Version: 8.0.0.6441 - CitrixOnline)
HL-1110 series (HKLM-x32\...\{4F2442B7-A89E-42A4-8F0E-6937499855CA}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Maxtor Manager (HKLM-x32\...\InstallShield_{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}) (Version: 4.02.0227 - Seagate Technology)
Maxtor Manager (x32 Version: 4.02.0227 - Seagate Technology) Hidden
mccPILOTLOG (HKLM-x32\...\{BAA273F2-67DC-4D05-8C1C-5DEE893EAF1E}) (Version: 1.4.12 - MCC bvba)
Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.1.1.11200 - Sony Corporation)
Media Gallery (x32 Version: 1.1.1.11200 - Sony Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Flight Simulator X Demo (HKLM-x32\...\InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook 2013 - en-us (HKLM\...\OutlookRetail - en-us) (Version: 15.0.4893.1002 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MusicStation (HKLM-x32\...\{AB259D46-F851-41B0-9AFA-AED8998AD68A}) (Version: 2.0.4.1199 - Omnifone)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.1.00.13280 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.5.00.03020 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.2.00.16060 - Sony Corporation)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.2.00.16060 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.2.00.15250 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.2.00.15250 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.2.00.15250 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.2.00.15250 - Sony Corporation) Hidden
PMDG 737 8900 NGX Base Package FSX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.10.6461 - PMDG Simulations, LLC.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Radio Aids Navigation Tutor XL Release 4 (HKLM-x32\...\Radio Aids Navigation Tutor XL_is1) (Version: - Oddsoft Limited)
RANT XL V 6.13 (HKLM-x32\...\Radio Aids Navigation Tutor XL Release 4_is1) (Version: - Oddsoft Limited)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.1.0.11200 - Sony Corporation)
Setup_msm_VCMS_x64 (Version: 2.6.0.06040 - Sony Corporation) Hidden
Setup_msm_VOFS_x64 (Version: 2.3.0.09270 - Sony Corporation) Hidden
Setup_VEP_x64_Contain_SSDB (Version: 3.9.0.09270 - Sony Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
SOHLib Merge Module (x32 Version: 2.2.0.11240 - Sony Corporation) Hidden
Sony Home Network Library (x32 Version: 2.0.1.10160 - Sony Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}) (Version: 1.5.00.03020 - Sony Corporation)
VAIO BD Menu Data (HKLM-x32\...\{DF0415CC-0563-407F-B560-9B7F277122C5}) (Version: 3.1.00.15010 - Sony Corporation)
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.4.1.05290 - Sony Corporation)
VAIO Care (x32 Version: 6.4.1.05290 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{A1255354-11F3-4D25-95CC-C9B1C2320761}) (Version: 3.9.0.11260 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.6.0.09250 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Network Service Manager (HKLM\...\{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Content Metadata Manager Settings (HKLM\...\{8FE3CF66-4484-4D39-B47D-DEBBA173619D}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Content Metadata XML Interface Library (HKLM\...\{97C58294-36D8-4594-8A49-7AB4AE096504}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Content Monitoring Settings (HKLM-x32\...\{06C05B90-2127-4933-8ABA-61833BDE13FA}) (Version: 2.6.0.11050 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.1.1.07160 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.2.0.09150 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.2.0.09150 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.1.00.15050 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{0489D044-6386-4BDF-9F98-577D60CF79DD}) (Version: 3.9.0.11160 - Sony Corporation)
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.1.0.12010 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.2.1.09131 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 1.0.0.10290 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Marketing Tools (HKLM-x32\...\MarketingTools) (Version: - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.0.1.10160 - Sony Corporation)
VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 1.2.0.09100 - Sony Corporation)
VAIO Movie Story MergeModules x64 (Version: 1.0.14240 - Sony Corporation) Hidden
VAIO Original Function Settings (HKLM-x32\...\{04EAE65A-CDCF-480F-B754-5C3A9364239C}) (Version: 2.3.0.11240 - Sony Corporation)
VAIO Personalization Manager (HKLM\...\{DBB823F3-E8BD-4578-9D16-42AF176FD777}) (Version: 3.0.0.11160 - Sony Corporation)
VAIO Power Management (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.0.0.11300 - Sony Corporation)
VAIO Premium Partners (HKLM-x32\...\VAIO Premium Partners) (Version: 1.0 - Sony Europe)
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.3.1.7 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.3.1.7 - Sony Corporation) Hidden
VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.1.08110 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.2.06030 - Sony Corporation)
VAIO Update (HKLM-x32\...\{5BEE8F1F-BD32-4553-8107-500439E43BD7}) (Version: 5.4.1.04200 - Sony Corporation)
VAIO Update Merge Module x64 (Version: 5.5.19220 - Sony Corporation) Hidden
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.0.0.06010 - Sony Corporation)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD Backup (HKLM-x32\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.)
WD Backup (x32 Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
Wickr Me (HKLM-x32\...\{7668652D-F198-4E7B-8FF4-5E2DC13D9AD7}) (Version: 2.6.0.4 - Wickr Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}) (Version: 2.05.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-928801702-3077407482-3869533313-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\goldfissh\AppData\Local\Citrix\GoToMeeting\6291\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02BEB9D0-7890-4F25-AF0D-BF58A97B79E6} - System32\Tasks\{12FCE0CC-9445-4AA9-8D95-E4F80F6C6440} => C:\Program Files (x86)\B737 CBT\install.exe [2000-03-30] (Macromedia, Inc.)
Task: {06C6A861-269E-4E42-9795-B94F8F690B25} - System32\Tasks\{2E0B2CC6-E47D-46B5-A5D7-B8DBE4924FFE} => pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Task: {0E364092-14AD-4480-B09D-7C5DD704AD73} - System32\Tasks\{5A1F6414-9B70-4221-A069-2C3136C8F3BC} => Chrome.exe hxxps://ui.skype.com/ui/0/7.29.80.102/en/abandoninstall?page=tsProgressBar
Task: {0EA45EDA-39CC-4ADB-A6D9-4BAF33D5FA30} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-10-25] (Sony Corporation)
Task: {1268C5BA-AB72-49DD-8BEE-AA1346A5E26A} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {1ABF9405-23CC-4197-BE3D-1DAF5349D2AD} - System32\Tasks\{2093FCAC-5EB6-4537-A8F9-03FC034783F2} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {1B2E2CB8-15D7-462F-B279-0DB51B6BA9ED} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {1B6F7527-6051-4588-9CC3-26DBBA3F5906} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-10-25] (Sony Corporation)
Task: {1CC67828-EE88-4156-9269-77BDB30F2AAB} - System32\Tasks\G2MUploadTask-S-1-5-21-928801702-3077407482-3869533313-1000 => C:\Users\goldfissh\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe [2017-02-21] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {1DFE7133-E445-4A03-8AC0-F74053E51AD2} - System32\Tasks\TunnelBear => C:\Program Files (x86)\TunnelBear\TBear.Client.exe
Task: {1F8AD4B3-64EA-4C63-9258-02986ECD2B17} - System32\Tasks\AviraScoutUpdateTaskMachineUA => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2017-02-21] (Avira Operations GmbH & Co. KG) <==== ATTENTION
Task: {2B73086E-33A6-44C4-87DA-29D189E2786E} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {36251C2B-C530-4941-AF8D-09CCF2332640} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {411ABCC0-9D14-474C-903F-AF8565D5BC4B} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2011-04-20] (Sony Corporation)
Task: {47B7819F-92DD-43AC-9FF0-5CBB64863D3C} - System32\Tasks\{96C12997-A4BC-4A31-982B-4770E5B9F850} => C:\Program Files (x86)\B737 CBT\install.exe [2000-03-30] (Macromedia, Inc.)
Task: {5221FD53-7E3D-4540-84E1-5FE536E23F55} - System32\Tasks\{E2A5F6B9-C55D-4083-94E2-C7D27EDDC5EE} => pcalua.exe -a "C:\Program Files (x86)\Sony Corporation\VAIO Partners\uninstall.exe" -c -prepareUninstall
Task: {5808C129-61EB-44D3-A108-3201CB468201} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {5C46E2A4-DEB2-414F-A340-38C9780099FC} - System32\Tasks\{9C2AC3BE-3FFF-46A1-A323-14AB69C2DAB0} => pcalua.exe -a C:\Users\goldfissh\Desktop\setup.exe -d C:\Users\goldfissh\Desktop
Task: {6512F9BC-6D3C-470B-8BA9-43E008628A6E} - System32\Tasks\{9A2D62CF-9308-4BCD-AE33-79916B90C09B} => pcalua.exe -a F:\setup.exe -d F:\
Task: {70557BF9-78EC-4476-A384-73A5E50B6AF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {768AD431-53A2-4F5A-BC74-932F41B28F00} - System32\Tasks\{93FCEB53-8810-4B44-9077-E63EEC818449} => C:\Program Files (x86)\B737 CBT\install.exe [2000-03-30] (Macromedia, Inc.)
Task: {892149F7-6860-426D-B877-19E8EF0D069B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {8EC55084-E1BF-46F3-BB79-6E6B1CC5E4C2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {91F065EA-BDE3-4099-89D8-B581A51BD4FA} - System32\Tasks\{926AC40F-1299-447B-AEF6-54EFD36B56DA} => C:\Program Files (x86)\B737 CBT\install.exe [2000-03-30] (Macromedia, Inc.)
Task: {9427441D-4E34-45A2-AA20-999D2B2CADB2} - System32\Tasks\G2MUpdateTask-S-1-5-21-928801702-3077407482-3869533313-1000 => C:\Users\goldfissh\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe [2017-02-21] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {99CEADEB-6B81-45FD-B01D-22314C1877DC} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {9DC9BC20-0D4B-4598-9C66-0F592842E6DB} - System32\Tasks\{92A54289-B4FD-4AED-801A-802259F7E495} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-02-08] (Skype Technologies S.A.)
Task: {A324975A-EFC0-454C-8124-7A26F20C9E52} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {A69AFC5B-57F5-4600-A5F6-F777C0CF3DF1} - System32\Tasks\{97EC3147-E1A9-4701-B32D-CE6CD97B78EC} => C:\Program Files (x86)\B737 CBT\install.exe [2000-03-30] (Macromedia, Inc.)
Task: {ADDD53E4-B0B9-4911-8EC6-0B08B9A76710} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {B1DF4585-6B0E-49E9-B6F3-5BE3466BF754} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {B1E5F863-1AEB-49C1-812E-B8527F2CCA92} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {B33446C5-DD85-45C5-ADA6-44C81406E9FC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {C757DC87-5369-494E-AA2C-0437163316D2} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {C956B962-51DE-45C7-A315-B1146AEB98A1} - System32\Tasks\{E1FE020E-4198-444A-883E-2A2DF6C27E01} => pcalua.exe -a "C:\Program Files (x86)\Sony\Marketing Tools\Uninstaller.exe" -c /bootstrap
Task: {CB60D4A6-73F1-4DA8-9A34-05310F59783E} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\Sony\VAIO Update 5\ShellExeProxy.exe
Task: {CDB18762-FFD7-4296-B655-6B005770A66C} - System32\Tasks\ATPL Update maintenance => C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\htdocs\scripts\removelock.bat [2017-02-22] () <==== ATTENTION
Task: {CE928646-2D82-4350-8674-BCB03E35528E} - System32\Tasks\{81432782-934F-47AD-9717-49765EBAB508} => pcalua.exe -a C:\ProgramData\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_eng_web[1].exe
Task: {D5B53B26-59E1-40AD-B4E8-B5583E34295C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-22] (Dropbox, Inc.)
Task: {D7D6F1EF-7E7F-4AE7-8533-2937A6126C0B} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {DCFC64A1-29B0-4A44-AAA4-B2237C97138D} - System32\Tasks\{D35BEE58-0154-4836-AE23-AA6300E98B3B} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.2.0.187.259&amp;LastError=12002
Task: {DDC020A3-0340-45AD-8E21-A677F2C9B4F9} - System32\Tasks\Games\UpdateCheck_S-1-5-21-928801702-3077407482-3869533313-1000
Task: {DE506D78-8716-41A5-A982-BBD96130BB2C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {E10E381B-C0E3-481C-98BA-A7E64260B292} - System32\Tasks\{CE7BA935-73B5-4BD7-9385-01F9719511C3} => C:\Program Files (x86)\B737 CBT\install.exe [2000-03-30] (Macromedia, Inc.)
Task: {EF03C5F6-346C-4E50-AACA-561F88BC01F9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-22] (Dropbox, Inc.)
Task: {EF840724-63CF-4693-A308-CB19C44B02DE} - System32\Tasks\{4B63717F-6C21-438B-B556-4FD5C933CCE5} => Firefox.exe hxxp://ui.skype.com/ui/0/7.16.0.102/en/abandoninstall?page=tsProgressBar
Task: {F3A59D10-47AD-4A35-ACC0-FBDA91E1639C} - System32\Tasks\{7A33B700-5810-48F2-9DEB-84DBBFB81049} => pcalua.exe -a C:\Users\goldfissh\Desktop\freecol-0.9.5-installer.exe -d C:\Users\goldfissh\Desktop
Task: {F64247EC-2515-4E5B-85EC-1809CF0D7BE7} - System32\Tasks\0915wtUpdateInfo => C:\ProgramData\Avg_Update_0915wt\0915wt_{B87CCAC6-8764-480D-A2EC-6EEC605C96A9}.exe
Task: {F6520558-660C-4177-A432-A2F42BB48C00} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {F87E4381-891C-48AC-B7FB-337A3E3EE276} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {F8F1FE2F-26AB-4039-9D72-70640502C946} - System32\Tasks\AviraScoutUpdateTaskMachineCore => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2017-02-21] (Avira Operations GmbH & Co. KG) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ATPL Update maintenance.job => C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\htdocs\scripts\removelock.bat <==== ATTENTION
Task: C:\Windows\Tasks\AviraScoutUpdateTaskMachineCore.job => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\AviraScoutUpdateTaskMachineUA.job => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-928801702-3077407482-3869533313-1000.job => C:\Users\goldfissh\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-928801702-3077407482-3869533313-1000.job => C:\Users\goldfissh\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{8BC9A805-8F1B-4F0A-895D-7D391FD1CB3A}.job => C:\Windows\system32\msfeedssync.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-25 19:46 - 2016-05-24 16:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2003-04-18 18:06 - 2003-04-18 18:06 - 00008192 _____ () C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\updatescripts\srvany.exe
2015-03-08 15:12 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-07-10 09:26 - 2011-02-25 16:14 - 00297472 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
2011-07-10 09:26 - 2011-02-25 16:14 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
2011-07-10 09:26 - 2011-02-25 16:14 - 00070656 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
2011-07-10 09:26 - 2011-02-25 16:14 - 00063488 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
2011-07-10 09:26 - 2011-02-25 16:14 - 00215040 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
2013-07-17 19:32 - 2013-07-17 19:32 - 00043008 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
2011-07-10 09:26 - 2011-02-25 16:14 - 00260608 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll
2011-07-10 09:26 - 2011-02-25 16:14 - 00043520 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
2011-07-10 09:26 - 2011-02-25 16:14 - 00059904 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
2011-07-10 09:26 - 2011-02-25 16:14 - 00157696 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
2011-07-10 09:26 - 2011-02-25 16:14 - 00138752 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
2011-07-10 09:26 - 2011-02-25 16:14 - 00025600 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
2011-07-10 09:26 - 2011-02-14 12:23 - 00057024 _____ () C:\Program Files\Sony\VAIO Care\SSD_Detect.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-01-26 19:15 - 2011-01-26 19:15 - 00573440 _____ () C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\php\ext\ioncube_loader_win_5.3.dll
2014-09-14 16:26 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-02-22 13:49 - 2017-02-07 04:48 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-02-22 13:49 - 2017-01-13 23:53 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-02-22 13:49 - 2017-01-13 23:53 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-02-22 13:49 - 2017-01-13 23:53 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-02-22 13:49 - 2017-01-13 23:53 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-02-22 13:49 - 2017-01-13 23:54 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-02-22 13:49 - 2017-01-13 23:53 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-02-22 13:49 - 2017-01-13 23:54 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-02-22 13:49 - 2017-01-13 23:53 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-02-22 13:49 - 2017-01-13 23:56 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-02-22 13:49 - 2017-01-13 23:53 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-02-22 13:49 - 2017-01-13 23:56 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-02-22 13:49 - 2017-01-13 23:56 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-02-22 13:49 - 2017-01-13 23:57 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-02-22 13:49 - 2017-01-13 23:56 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-02-22 13:49 - 2017-01-13 23:56 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-02-22 13:49 - 2017-01-13 23:56 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-02-22 13:49 - 2017-01-13 23:57 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-02-22 13:49 - 2017-01-13 23:57 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-02-22 13:49 - 2017-01-13 23:57 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-02-22 13:49 - 2017-01-13 23:56 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-02-22 13:49 - 2017-01-13 23:57 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-02-22 13:49 - 2017-01-13 23:55 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-02-22 13:49 - 2017-01-13 23:57 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-02-22 13:49 - 2017-01-13 23:54 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-02-22 13:49 - 2017-01-13 23:57 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-02-22 13:49 - 2017-01-13 23:51 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-02-22 13:49 - 2017-02-07 04:50 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-22 13:49 - 2017-01-14 00:02 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-02-22 13:49 - 2017-01-14 00:02 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-02-22 13:49 - 2017-02-07 04:50 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-02-22 13:49 - 2017-01-13 23:57 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-22 13:49 - 2017-02-07 04:50 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-02-22 13:49 - 2017-01-14 00:04 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2010-03-14 20:52 - 2010-03-14 20:52 - 00077876 _____ () C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\bin\zlib1.dll
2010-09-13 20:38 - 2009-12-01 21:03 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-09-13 20:38 - 2009-12-01 21:03 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2010-05-19 21:42 - 2009-11-20 22:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2016-09-30 23:36 - 2016-09-30 23:36 - 46476472 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2017-02-07 09:26 - 2017-02-01 09:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 09:26 - 2017-02-01 09:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [268]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\google.com -> local.google.com
IE trusted site: HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\paypal.com -> hxxps://www.paypal.com
IE trusted site: HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\skype.com -> hxxps://login.skype.com
IE trusted site: HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\westpac.com.au -> hxxps://online.westpac.com.au

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

[Goldfissh]

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-928801702-3077407482-3869533313-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\goldfissh\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^goldfissh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\goldfissh\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{BCBA55BB-889E-4687-828D-B2D8FEC46902}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{45554EF2-075A-43DD-9DF7-94436AAB9259}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{38CD58FC-59C9-41C2-8F98-76F8FDD08F2C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{914FCB6A-19CB-43CC-AC77-BCE91CFA8E4A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{723BBC2F-1667-4B29-ABEC-E2904AFCC1A0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0C2CF4FF-5521-4A13-B9B3-94148CA4D077}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3A93190C-95F5-48E9-9D67-190C71F75A1D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D4707F33-EC92-462D-A3C6-1489890B6283}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D674215E-D2B3-4282-8AC0-1650698FB85D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2FA98034-6992-4F75-A6BB-262463198255}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{140BCE47-3F10-457A-BD16-F7E8601E72B0}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{08F09C36-11B2-40F6-9BE8-AD9F710CEB92}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{8EC6FD59-22EC-4F04-8A0F-41C7864AF06D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{718514A5-FF50-4F30-8649-08BCABCAF206}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{29107B16-8AAF-4A24-B95B-4ACAAFA54044}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{64D8E86E-2134-4E1E-90BA-D76466D71513}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D5449F8D-35D8-4682-BF98-8B05F6968DDA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D543C293-1C09-48F1-B33E-620D39662ABE}] => (Allow) LPort=2869
FirewallRules: [{5C84FC5B-740E-4C0C-81F8-7755ECBB29C8}] => (Allow) LPort=1900
FirewallRules: [{B140CF95-AB69-4829-9D32-56780EFA3086}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D5A811FF-FEA4-4566-9DD2-21A46846E8AF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D1F2F5E5-6D2A-473C-BD9F-047CE068ECB2}] => (Allow) C:\Program Files (x86)\Avira\Scout\Application\scout.exe
FirewallRules: [{FEC46B01-B89A-49C4-A959-A9A2DF2B5275}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

25-02-2017 17:40:16 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
25-02-2017 18:09:18 Avira System Speedup Optimization
25-02-2017 18:39:23 Avira System Speedup Optimization
26-02-2017 22:40:47 VAIO Care Automatic Restore Point


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2017 10:34:05 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (02/27/2017 09:34:02 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (02/27/2017 08:34:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (02/27/2017 07:34:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (02/27/2017 06:34:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (02/27/2017 05:34:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (02/27/2017 04:34:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (02/27/2017 03:34:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (02/27/2017 02:34:07 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (02/27/2017 01:34:03 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.


System errors:
=============
Error: (02/26/2017 10:40:45 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy9.

Error: (02/26/2017 10:35:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WMPNetworkSvc service failed to start due to the following error:
The system cannot find the file specified.

Error: (02/26/2017 10:31:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.

Error: (02/26/2017 10:31:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio UPnP Renderer 10 service to connect.

Error: (02/26/2017 10:31:25 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.

Error: (02/26/2017 10:31:25 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (02/26/2017 10:31:25 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (02/26/2017 10:31:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HDD & SSD access service service failed to start due to the following error:
The system cannot find the path specified.

Error: (02/26/2017 10:30:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Phantom VPN service to connect.

Error: (02/26/2017 10:27:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Flash Player Update Service service failed to start due to the following error:
The system cannot find the path specified.


CodeIntegrity:
===================================
Date: 2016-04-16 18:09:38.880
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 18:09:38.783
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 18:09:38.688
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 18:09:38.603
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 18:09:38.417
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 18:09:38.338
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 18:09:38.250
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 18:09:38.173
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 17:58:40.591
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 17:58:40.481
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 57%
Total physical RAM: 5998.1 MB
Available physical RAM: 2542.34 MB
Total Virtual: 11994.38 MB
Available Virtual: 7995.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:454 GB) (Free:148.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A49F79C6)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

You're running two AV programs, Avira and MSE.
You must uninstall one of them.

Then...

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[Goldfissh]

Thanks - I will come back to you when I have tried the above.

 

[Broni]

OK.

 

[Goldfissh]

I've tried twice to run RogueKiller. It detects some issues:



However, the laptop blue-screens before the scan completes. The bluescreen the second time looks like this (I didn't see it first time around, it just restarted).



When it restarts I get the following error details:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 2057

Additional information about the problem:
BCCode: 50
BCP1: FFFFFA8018556F40
BCP2: 0000000000000001
BCP3: FFFFF880053C3CE0
BCP4: 0000000000000002
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\030317-22120-01.dmp
C:\Users\goldfissh\AppData\Local\Temp\WER-192957-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt​

I've looked for the two files that are supposed to describe the problem but the .dmp file won't open and the other one doesn't appear to exist.

Should I run the other scans anyway (Malwarebytes, AdwCleaner, Junkware Removal)?

 

[Broni]

Go ahead with other scans.

 

[Goldfissh]

Okay, I've run the other scans and the logs are below. I've pasted them in the order I ran them (since I did JRT first, I re-ran it again at the end). I wasn't sure how to turn off Avira but it didn't generate conflicts so I assume that it worked okay - if I need to run it again with Avira deactivated, let me know and I will find out how to do it. What should I do next?

===========================================================================================

RogueKiller: couldn't complete - see previous post


===========================================================================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 7 Home Premium x64
Ran by Goldfish (Administrator) on 03/03/2017 at 22:42:25.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 225

Successfully deleted: C:\Users\goldfish\AppData\Local\{00A7F75D-4BDF-4EAA-8707-F0E2E76552B7} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{013D19A5-1BAD-4438-AA63-5757970B4DE5} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{014DCE96-A84F-43CE-AA61-94346673BB3F} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{047013D6-44D7-4417-B572-FE9DDF610E3A} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{05F29D6E-156A-4375-AE2F-3533F9E8E48D} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{069E4857-C21F-455F-8C7D-5A9D0F7AB838} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{0877839C-7CF4-4A1D-AF5A-8518C97BF560} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{0A173114-B1CA-4861-8954-3058E05DA060} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{0E2DFFC5-2528-4D4E-9DC1-DC5C5B8DCBF9} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{0E6D33DF-0C7E-4703-809C-28A6B1FA3F0C} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{10AE890D-79CF-439A-8B71-147FEDE308B7} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{15840582-794F-4FC2-8212-8A9FA2AFF8E3} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{1625250D-63E6-482F-AE25-70AA026B8D8B} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{18F0C84D-1311-4EE1-9D98-D62156DBC898} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{19A16ED4-DCD0-4E30-8541-930B40DBE0BC} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{1AC763EB-4BC4-4DC7-9E32-5D16B703B69F} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{1DC1FDEA-452A-4CCF-BA6A-633A528F55F5} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{252F1DDA-F3E4-4FFF-BA42-74D9F2412D1E} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{254FC956-80DB-499D-AE5D-3209028D9B74} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{25BC900E-B4FA-41AB-8A2E-5C4A7D564012} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{2792E265-C44F-4D18-AB07-BF0C7C57115C} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{2910DC1A-318B-4F81-A019-B775136A0F43} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{30EF38FE-3BE6-4143-BC27-10E66CBDF433} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{30EFE4A7-2AFE-4943-9FB6-E9A11B3086B7} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{3232A151-ED45-4CCC-8A1B-BC3618ECD1C9} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{335A1414-70D3-4A88-BC1D-1085B7D17FB1} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{37B86DD7-ABB8-4BE9-963F-A9654CEDBB44} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{388091B9-471C-48A0-81B3-714EB7BCCBB0} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{388E086A-96B0-47F4-B9C1-6B56D2DBA010} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{3951F0D0-E422-430E-A328-055528F9C59C} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{3B9CDFD4-75EB-43BB-A529-B2FCFB6D6A8E} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{3BE005F4-DBBB-43DC-83B0-95E4304E77C6} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{3CF408E2-45BD-4D17-8532-228466FC2FC9} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{3E256F55-A8D1-4E3C-B960-2C7CB0E8BF3B} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{3F463A01-2F19-4202-8AA6-02281237873E} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{411CA828-AE48-4642-8A18-1E7B1DEB7E0F} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{41608145-01DD-462C-A61B-475A9D02FFD9} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{420C24C5-01D3-4155-BBDB-DDB1236F42E2} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{443C0556-6B64-4F10-83C9-ED6A3DC87194} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{45AE17A2-36AC-4771-BEE5-98A849D56BE9} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{482DCE77-7197-42AC-81DB-62A1968F83CF} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{49227022-3B26-4F0D-AD45-EB760F590E67} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{493CB09A-6443-460F-AF9D-2AC21E1D59D9} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{495F5791-D1BC-4E20-AD94-55BF838B4B4E} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{4A65DFC6-16EC-435F-9531-FA4D23500EF4} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{4AD071A4-834F-4857-881B-274A296B33E8} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{4B084CD6-440D-4C61-9DDB-7F6815E402A9} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{4B6612DB-BCD3-4D93-A1D8-9C15D4D758D4} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{4C379F43-E865-424D-BAAD-86D20450F262} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{4DD8F790-B641-4769-8648-6E7033115C94} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{4EB12C92-DE12-4747-BA4F-57A7A1350CFB} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{4FD7D521-6A1D-4BBF-8D13-954570CA78C7} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{50354572-E6C5-4344-BC63-FC1B1AF65B12} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{51D917A9-FD97-4FB4-B160-D6F76799CF31} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{5286CDB1-6D51-4CC1-AAF7-4AF955974194} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{534F8A1B-5BD9-421B-A467-439A39EACD6D} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{53C2DC89-9C33-467B-91C5-87B55CBDDA6D} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{54E349F6-C493-4E67-9399-E775B323DCBA} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{54E5D936-85B5-4078-80DB-63E653B20790} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{57510613-5DBF-42CB-8AEE-76BC20603A1A} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{5E1BA7E3-AA3E-48C5-96E9-156457D14CAB} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{5E62FF78-8C1E-4071-AA9E-988E85B69FD8} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{60E35F0C-A31B-4715-B0FA-6E97237E8AEF} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{61691ADF-5390-4020-A599-BB1EF6DE646C} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{627B7EC0-62E1-4381-99B9-D945D038C9D4} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{628439FB-7F2A-40A8-8FE3-96F87A24E5F9} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{637DA934-38DB-4D00-801B-76EF6B943F3A} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{63A768A9-0DB9-400F-8350-10BA15CCA68B} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{64EC744D-A472-4D31-A525-2E122872589E} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{67296A2B-28B5-44F8-87D7-673DB5970EBD} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{6745E9FD-8FA8-4ABA-A066-1A39EE65A044} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{6BE20730-BE37-46A8-B0C3-223815D20C61} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{6CEE3C69-6038-42ED-9445-DC6D328D1EDD} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{6E66ED60-5C0F-4763-9598-451E978F86D3} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{6F684254-C7B6-458C-8F46-A34A6DA5E9BB} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{72C8F0A6-0821-48BD-8894-3A51D7E2D28D} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{737569B8-2C77-428A-96FB-1C6A5CC6FF51} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{75F74C56-7543-4E34-859A-9F3BF410598A} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{76B72B18-1045-4FA1-B900-17D72123E125} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{772400E2-2593-4CF1-B9FE-60513150D50A} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{777827B7-C539-468B-98AD-DAAE23E9213D} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{786A206F-02EC-49A3-A21B-6DB021B33420} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{788EFC52-F6BC-4A91-943D-A1427A75AD06} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{7B1A3FBA-67CD-4C1E-B25E-E07BE1254FD9} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{7B5BB144-24C2-4520-B0E8-F1DED3E204BE} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{7B6CF71B-6E31-48A1-8D13-3A4E4135769D} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{7D95199B-A304-4B2D-AF3B-8539BE4DF3F9} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{7E90EA8A-54A6-4B93-8B05-E83AB5BBDA3F} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{7EFF80DF-F7C3-42C1-83FF-748A7CA2048B} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{804E53CF-64FD-4DAF-94CB-D5A2383A162D} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{80BAF18A-C187-415D-98CD-FDABD596F573} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{812030BD-A3DA-4E4D-906B-DF0FC60CD706} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{81C05C40-608F-4FD1-81DF-FEAD235FAFEE} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{830FF512-0423-4CED-B9F9-D10AAE3931FB} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{8883FDC6-8D84-44AE-A4A7-125377408416} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{89FAB927-BDAF-4B30-9CF8-30F241EE61EA} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{8ADD133E-F018-4BFE-B002-2C77EF75A13C} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{8D84252C-61A8-4AEA-B001-A108A8385421} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{902D7709-D93A-4CB6-89F4-A423AD654882} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{91F3B8BE-2D12-44F8-9398-0C3C6D26F337} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{92C7081B-7993-44C9-BB44-BEE79EDF3119} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{93B3DFD0-DE90-4CAB-968F-A316A83F5A30} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{93C211F2-D102-4D90-B842-A361D07B3651} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{962E8CBD-04DA-4B8C-B3AE-5747A0404A9A} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{96969F34-3B54-4233-A622-F4802E413F0D} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{995127DC-EE35-4132-8ED6-56778440CE2D} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{9A45086B-D7E9-45D9-AF4D-65C5B764C407} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{9A9600E7-5E3A-4B54-AAA2-144042FA7CA5} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{9B264124-845E-4B14-A6F1-9E12983019C6} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{9CE915FE-1ACE-426B-8E27-2BADDBE94A8F} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{9D5277E8-F954-4675-B32D-E8E457CEECE4} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{9EE45EDB-FD64-4194-8D35-D799A7F0FA2B} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{9F6AC4AF-F9F1-4F21-BCC8-1E9E70C27561} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{9FC51799-E77D-4CCD-85B5-3CE6097F2390} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{A14D72E8-9347-45BC-8312-2C2A2E2F29EF} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{A1F3AB35-FFF1-433F-9ACE-847D61AF60FA} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{A3BF42E1-25C9-48B0-B519-67B83D56B92E} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{A7EC8066-BFD2-4CC0-96ED-D9DE3C49B4DE} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{A9752D51-184C-4127-8E0A-7C6851EA4F1B} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{AAC24C24-74A2-40DA-B294-E202DF56F11C} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{AB775E29-BF31-4310-97EF-C2BCBDD68865} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{ACAED3AD-76F9-416B-835C-93EA2B19D26C} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{ACCA074D-7C46-4BD5-98F2-31EB90686986} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{AF4BCDF6-7490-41FC-A4AF-9E3DD52D56FA} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{B0117C6B-3790-4ECB-964C-EC3605DC0607} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{B06C6FE4-710C-40C4-A327-4C55A13A9E95} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{B0C9C22A-0AA1-497C-B666-AF9D1EA2679B} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{B0FE7A8F-527D-4E7C-AF48-BDB6F4478D9F} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{B526F823-CACA-49AB-99E7-02E64F6F747D} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{B9D48BAB-360A-4289-B853-ABC6881EFF1B} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{BAB259DA-020B-404D-8090-DE436EA9BB81} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{BB662655-7FF1-4207-96E8-41420E933039} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{BB8EB463-0E30-4D0B-BDCE-8CA5E2D8706F} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{BBC8363C-E27E-46BE-8741-B8433650A4C6} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{BC05181C-5C45-4970-94EF-A32115F079D9} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{BD5F3C66-5EB2-44D6-8B98-7716379252BA} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{BEBCFFB5-BC9D-4783-A7CA-8D7DA9EA533D} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{BED10D7D-044B-4CD7-B2EF-0B517CC4B4E6} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{C0133167-48A2-4587-A0EF-54C75EB050A2} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{C2E515ED-992A-4C87-B306-429D7304A544} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{C39D0866-138F-478A-952D-B053E1E4F81C} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{C61A52C6-4143-4511-87E8-93CA9A8391D4} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{C7E0E881-2A24-4EE3-A72D-108386A3BB46} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{C88631A6-E37C-4759-890F-11103A6DD8C2} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{C9384B04-63E2-4C64-8575-B06F14CF4FEC} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{C9B9BE86-B53C-4347-BE47-F3B217FDCAF5} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{CBAFF452-5449-4EBE-874F-C0AC3F297A98} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{CBC58AB5-008D-44BC-9D38-8661E6DD19A6} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{D01C16DD-C4F8-4F7C-B596-24F10DA2987B} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{D051CBB4-98B7-4FFD-AAFC-CCC4490EE2B5} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{D07F2C74-BC4B-45FC-BB5D-8354F992B03D} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{D0E3ECF5-903B-453E-9086-A94256C5636C} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{D357854D-D0DF-4619-83BA-CA3751400063} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{D556DA58-5536-49D0-BDE9-CB5A20234E27} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{D5DE0C49-2F79-49DF-A2BF-E3511511E31D} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{D86267FD-145D-42FA-BE4D-1FC53CEEDF41} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{D8FB57F9-3A2E-4BE0-BE16-C6F21AE85195} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{DA2D1B4A-9C53-4E70-8E8C-B48503AD5484} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{DAA17C5F-7A09-4867-BBC3-9E8995EEE23E} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{DCB6DA42-3458-4F9E-929A-92D3148CEB46} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{DE851681-C412-42E0-86C9-63021968FFED} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{DF2767DF-16A1-4A3A-8038-AD456FC36F8F} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{E162434D-1766-4266-800C-219EFBDFA6EF} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{E1A43DBA-B7D7-4180-916A-B3F5A8284EDC} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{E1F4446E-9C75-4FBA-BA96-F157FFEDD86D} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{E25F0315-21BB-4658-AFB0-DACCFC49A626} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{E2DFE15B-C4FE-44D6-8433-9B77CD3C1C8E} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{E4BB777D-9ED6-4C20-94DF-2CACF088C956} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{E682D703-A1A4-423C-802A-182AA2404D2B} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{EA2C7405-5BC0-4A03-9274-748B279C4A53} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{EC304910-4C04-4C2A-AD26-802F7AAD5506} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{EC5ECF04-268A-40AB-AA37-05A6237B797A} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{EE32E9DD-6C54-4281-B10F-5838609CDA0B} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{EE973A69-2DD5-4EBA-9514-BB91E1A282A7} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{EEDDBD28-C604-4424-9AA2-6A882DD694D4} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{EF5707B6-A91B-4833-A8BF-61CC9D529810} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{EF754C85-10FE-4F32-BC28-DAFFB3A9E579} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{EF91B820-606D-4C01-840B-B66F251B49B9} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{F253C38D-4850-4A10-A114-C73EEB6A55D8} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{F2562BDE-4F5A-40E1-B9BF-CC08F14093F0} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{F3C6A575-5DA7-46DD-9C5A-9E965D1F5612} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{F3E648AB-07F1-4C72-97D3-C4B9523FD5C6} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{F5FCC58A-E43A-4516-BE84-8BE78E1542BC} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{F64FC4AB-2E50-4A75-A603-06E2AFA03728} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{F6C96E7B-8541-4CC1-B6F4-D73C1EA28E3B} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{F7328FEF-1619-48B9-9C4C-1EB833FEA1D5} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{F807E0BD-6E37-4004-9F42-3A06C1F10545} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{F8E51C49-A918-4E1B-A37C-E98477E666E1} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{FA489DDC-D1E4-4805-A12F-341C545BB145} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{FC005DDC-7AD2-499F-912E-F91A18CD21FC} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{FC16C3CA-233F-462E-9F7A-E9602A8E7FFA} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{FCF540CD-88D7-483F-9C04-B66F91C1577D} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{FD05C565-C488-4515-8AF3-8B689B1D18F0} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{FD2BF408-C4DD-42FB-A6A8-110CCD079F9C} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{FD4AF381-94BC-414B-AF54-B1F2D006DACD} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{FD69344B-4691-4141-BE4A-380ADA847BE6} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\{FE143F6D-0239-4A9A-AB36-BEDF20E284EE} (Empty Folder)
Successfully deleted: C:\Users\goldfish\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\extensions\bingsearch.full@microsoft.com\search.xml (File)
Successfully deleted: C:\Users\goldfish\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\extensions\safesearchplus2@avira.com\data\search.xml (File)
Successfully deleted: C:\Users\goldfish\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11SCD3S8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39PEAPQ6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50B42KPF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77BFGH9Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9K7KZOFA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ANDA9RDY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLNGD0WX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DN6WP3KU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8QS0OTD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ICJURO6Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXET3GHH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4AQU463 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11SCD3S8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39PEAPQ6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50B42KPF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77BFGH9Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9K7KZOFA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ANDA9RDY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLNGD0WX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DN6WP3KU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8QS0OTD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ICJURO6Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXET3GHH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4AQU463 (Temporary Internet Files Folder)



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/03/2017 at 22:49:42.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

===========================================================================================
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/3/17
Scan Time: 10:56 PM
Logfile: Malwarebytes.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1421
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: goldfish-VAIO\goldfish

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 436109
Time Elapsed: 32 min, 6 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

===========================================================================================
# AdwCleaner v6.043 - Logfile created 03/03/2017 at 23:45:57
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-24.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Goldfissh - GOLDFISSH-VAIO
# Running from : C:\Users\Goldfish\Desktop\1 AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6632 Bytes] - [26/02/2017 14:38:11]
C:\AdwCleaner\AdwCleaner[C2].txt - [1340 Bytes] - [26/02/2017 14:57:15]
C:\AdwCleaner\AdwCleaner[C3].txt - [1560 Bytes] - [26/02/2017 15:35:07]
C:\AdwCleaner\AdwCleaner[C4].txt - [4343 Bytes] - [26/02/2017 17:51:05]
C:\AdwCleaner\AdwCleaner[S0].txt - [6128 Bytes] - [26/02/2017 14:35:43]
C:\AdwCleaner\AdwCleaner[S10].txt - [2196 Bytes] - [26/02/2017 21:45:48]
C:\AdwCleaner\AdwCleaner[S11].txt - [1459 Bytes] - [03/03/2017 23:45:57]
C:\AdwCleaner\AdwCleaner[S1].txt - [1316 Bytes] - [26/02/2017 14:49:55]
C:\AdwCleaner\AdwCleaner[S2].txt - [1449 Bytes] - [26/02/2017 14:56:40]
C:\AdwCleaner\AdwCleaner[S3].txt - [1535 Bytes] - [26/02/2017 15:07:28]
C:\AdwCleaner\AdwCleaner[S4].txt - [1668 Bytes] - [26/02/2017 15:34:30]
C:\AdwCleaner\AdwCleaner[S5].txt - [1754 Bytes] - [26/02/2017 15:45:34]
C:\AdwCleaner\AdwCleaner[S6].txt - [4036 Bytes] - [26/02/2017 17:50:32]
C:\AdwCleaner\AdwCleaner[S7].txt - [1973 Bytes] - [26/02/2017 18:07:59]
C:\AdwCleaner\AdwCleaner[S8].txt - [2046 Bytes] - [26/02/2017 18:18:51]
C:\AdwCleaner\AdwCleaner[S9].txt - [2119 Bytes] - [26/02/2017 18:35:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt - [2190 Bytes] ##########

===========================================================================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 7 Home Premium x64
Ran by GOldfissh (Administrator) on 03/03/2017 at 23:50:00.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/03/2017 at 23:57:24.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

Nothing there.
All clean.
Your keyboard issue must be caused by something else.

 

[Goldfissh]

Thanks so much for your help - maybe that my laptop is getting a bit ancient...

RogueKiller was coming up with some detections before the bluescreen, though. Does that mean it's possible there were some infections that the other scans weren't findings?

Just want to be completely sure it's clear before I do anything like attach my external hard drive to backup my files (don't want it to get infected).

Thanks so much for your help.

 

[Broni]

You're very welcome
There is no infection present.