MH Lindsey
Posts: 195 +0
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
23-10-2015 08:56:37 Tweaking.com - Windows Repair
23-10-2015 09:05:46 Installed Microsoft Fix it 50123
23-10-2015 10:18:31 Windows Backup
23-10-2015 11:59:57 Windows Backup
24-10-2015 14:51:37 Windows Update
25-10-2015 11:27:41 JRT Pre-Junkware Removal
25-10-2015 11:53:03 Windows Update
25-10-2015 12:16:41 Windows Update
25-10-2015 19:17:16 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2015-10-26 07:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {120C3EEE-D549-4E10-826F-6A4EE7BEACCB} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {1372E1D3-6055-4A0E-8B03-C8EF50BA584B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4AC4A426-2325-4C59-961B-9294393AF981} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {5FEFE352-C7AC-4633-B3C6-CCDBC135C07A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {779CE893-318F-40F6-9C15-F730EBF6B7E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {912A5CE6-5DE9-459D-AF28-68EC4A727B70} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-10-16] (AVAST Software)
Task: {92E09224-2D34-4D2F-A9B5-0EC0D4A7DC8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
Task: {9A800362-9A69-4495-B4C5-444C98C6BC27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
Task: {BC4604B9-547C-46B9-8DA6-E362E591E93E} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {D0FB0777-3B4E-43BD-976A-AC750B3F4308} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-07-06] (Avast Software s.r.o.)
Task: {D572F709-6207-4C94-B2A8-2E57EE0FAE7A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {E4F3D9DD-8603-4A22-A6A9-35493D895C77} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2010-09-01 16:54 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-10-11 11:16 - 2005-06-15 17:04 - 00529920 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\NICServ.exe
2010-10-11 11:16 - 2005-08-26 11:55 - 01992192 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\UMCCfg.exe
2015-10-26 07:17 - 2015-10-26 07:17 - 02997616 _____ () C:\Program Files\Alwil Software\Avast5\defs\15102601\algo.dll
2015-10-26 17:08 - 2015-10-26 17:08 - 02997616 _____ () C:\Program Files\Alwil Software\Avast5\defs\15102602\algo.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2007-09-17 13:54 - 2007-09-17 13:54 - 01122304 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\ACE.dll
2007-12-13 12:26 - 2007-12-13 12:26 - 01400832 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\TAO.dll
2007-12-13 14:45 - 2007-12-13 14:45 - 00524288 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\TAO_PortableServer.dll
2007-12-13 14:42 - 2007-12-13 14:42 - 00540672 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\TAO_AnyTypeCode.dll
2008-03-07 14:11 - 2008-03-07 14:11 - 00056920 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\Transport.dll
2005-07-20 11:48 - 2005-07-20 11:48 - 00059904 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\zlib1.dll
2007-12-13 14:40 - 2007-12-13 14:40 - 00043008 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\TAO_Codeset.dll
2008-03-04 17:33 - 2008-03-04 17:33 - 00197208 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\HBPlugins\DBPlugin.dll
2008-03-04 17:33 - 2008-03-04 17:33 - 00251992 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\HBPlugins\ExchangePlugin.dll
2008-03-04 17:32 - 2008-03-04 17:32 - 00328280 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\HBPlugins\ImagePlugin.dll
2008-03-04 17:32 - 2008-03-04 17:32 - 00233560 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\HBPlugins\MSSQLPlugin.dll
2010-10-11 11:16 - 2005-02-24 12:51 - 00208896 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\dot1x_dll.dll
2010-10-11 11:16 - 2004-03-05 15:00 - 00155648 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\SSLEAY32.dll
2010-10-11 11:16 - 2004-03-05 15:00 - 00827392 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\LIBEAY32.dll
2010-10-11 11:16 - 2005-01-19 14:39 - 00045056 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\ZDWLAN.dll
2010-08-31 16:43 - 2009-06-03 12:34 - 03764224 _____ () C:\Users\Escrow\AppData\Roaming\PictureMover\Bin\Core.dll
2009-07-13 14:03 - 2009-07-13 18:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2010-08-31 16:43 - 2009-06-03 12:43 - 01703936 _____ () C:\Users\Escrow\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2010-10-13 11:46 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-12-11 10:30 - 2014-12-11 10:30 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\caldirectsecuredocs.com -> hxxps://www.caldirectsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\caldirectsecuredocs.com -> hxxp://www.caldirectsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\com -> hxxps://pennwest-edocs.com
IE trusted site: HKU\.DEFAULT\...\com -> hxxp://pennwest-edocs.com
IE trusted site: HKU\.DEFAULT\...\ditechsecuredocs.com -> hxxps://www.ditechsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\ditechsecuredocs.com -> hxxp://www.ditechsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\.DEFAULT\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\.DEFAULT\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\.DEFAULT\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\.DEFAULT\...\gmacmsecuredocs.com -> hxxps://www.gmacmsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\gmacmsecuredocs.com -> hxxp://www.gmacmsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\gmamcsecuredocs.com -> hxxps://www.gmamcsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\gmamcsecuredocs.com -> hxxp://www.gmamcsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\hsbc.com -> hxxps://mortgage-esign.us.hsbc.com
IE trusted site: HKU\.DEFAULT\...\hsbc.com -> hxxp://mortgage-esign.us.hsbc.com
There are 11 more sites.
IE trusted site: HKU\S-1-5-19\...\caldirectsecuredocs.com -> hxxps://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\caldirectsecuredocs.com -> hxxp://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\com -> hxxps://pennwest-edocs.com
IE trusted site: HKU\S-1-5-19\...\com -> hxxp://pennwest-edocs.com
IE trusted site: HKU\S-1-5-19\...\ditechsecuredocs.com -> hxxps://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\ditechsecuredocs.com -> hxxp://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\S-1-5-19\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\S-1-5-19\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\S-1-5-19\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\S-1-5-19\...\gmacmsecuredocs.com -> hxxps://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\gmacmsecuredocs.com -> hxxp://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\gmamcsecuredocs.com -> hxxps://www.gmamcsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\gmamcsecuredocs.com -> hxxp://www.gmamcsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\hsbc.com -> hxxps://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-19\...\hsbc.com -> hxxp://mortgage-esign.us.hsbc.com
There are 11 more sites.
IE trusted site: HKU\S-1-5-20\...\caldirectsecuredocs.com -> hxxps://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\caldirectsecuredocs.com -> hxxp://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\com -> hxxps://pennwest-edocs.com
IE trusted site: HKU\S-1-5-20\...\com -> hxxp://pennwest-edocs.com
IE trusted site: HKU\S-1-5-20\...\ditechsecuredocs.com -> hxxps://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\ditechsecuredocs.com -> hxxp://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\S-1-5-20\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\S-1-5-20\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\S-1-5-20\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\S-1-5-20\...\gmacmsecuredocs.com -> hxxps://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\gmacmsecuredocs.com -> hxxp://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\gmamcsecuredocs.com -> hxxps://www.gmamcsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\gmamcsecuredocs.com -> hxxp://www.gmamcsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\hsbc.com -> hxxps://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-20\...\hsbc.com -> hxxp://mortgage-esign.us.hsbc.com
There are 11 more sites.
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\caldirectsecuredocs.com -> hxxps://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\caldirectsecuredocs.com -> hxxp://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\com -> hxxps://pennwest-edocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\com -> hxxp://pennwest-edocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\ditechsecuredocs.com -> hxxps://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\ditechsecuredocs.com -> hxxp://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\docmagic.com -> hxxp://www.docmagic.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\docmagic.com -> hxxps://www.docmagic.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmacmsecuredocs.com -> hxxps://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmacmsecuredocs.com -> hxxp://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmamcsecuredocs.com -> hxxps://www.gmamcsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmamcsecuredocs.com -> hxxp://www.gmamcsecuredocs.com
There are 13 more sites.
==================== Other Areas ============================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
23-10-2015 08:56:37 Tweaking.com - Windows Repair
23-10-2015 09:05:46 Installed Microsoft Fix it 50123
23-10-2015 10:18:31 Windows Backup
23-10-2015 11:59:57 Windows Backup
24-10-2015 14:51:37 Windows Update
25-10-2015 11:27:41 JRT Pre-Junkware Removal
25-10-2015 11:53:03 Windows Update
25-10-2015 12:16:41 Windows Update
25-10-2015 19:17:16 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2015-10-26 07:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {120C3EEE-D549-4E10-826F-6A4EE7BEACCB} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {1372E1D3-6055-4A0E-8B03-C8EF50BA584B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4AC4A426-2325-4C59-961B-9294393AF981} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {5FEFE352-C7AC-4633-B3C6-CCDBC135C07A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {779CE893-318F-40F6-9C15-F730EBF6B7E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {912A5CE6-5DE9-459D-AF28-68EC4A727B70} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-10-16] (AVAST Software)
Task: {92E09224-2D34-4D2F-A9B5-0EC0D4A7DC8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
Task: {9A800362-9A69-4495-B4C5-444C98C6BC27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
Task: {BC4604B9-547C-46B9-8DA6-E362E591E93E} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {D0FB0777-3B4E-43BD-976A-AC750B3F4308} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-07-06] (Avast Software s.r.o.)
Task: {D572F709-6207-4C94-B2A8-2E57EE0FAE7A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {E4F3D9DD-8603-4A22-A6A9-35493D895C77} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2010-09-01 16:54 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-10-11 11:16 - 2005-06-15 17:04 - 00529920 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\NICServ.exe
2010-10-11 11:16 - 2005-08-26 11:55 - 01992192 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\UMCCfg.exe
2015-10-26 07:17 - 2015-10-26 07:17 - 02997616 _____ () C:\Program Files\Alwil Software\Avast5\defs\15102601\algo.dll
2015-10-26 17:08 - 2015-10-26 17:08 - 02997616 _____ () C:\Program Files\Alwil Software\Avast5\defs\15102602\algo.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2007-09-17 13:54 - 2007-09-17 13:54 - 01122304 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\ACE.dll
2007-12-13 12:26 - 2007-12-13 12:26 - 01400832 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\TAO.dll
2007-12-13 14:45 - 2007-12-13 14:45 - 00524288 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\TAO_PortableServer.dll
2007-12-13 14:42 - 2007-12-13 14:42 - 00540672 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\TAO_AnyTypeCode.dll
2008-03-07 14:11 - 2008-03-07 14:11 - 00056920 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\Transport.dll
2005-07-20 11:48 - 2005-07-20 11:48 - 00059904 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\zlib1.dll
2007-12-13 14:40 - 2007-12-13 14:40 - 00043008 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\TAO_Codeset.dll
2008-03-04 17:33 - 2008-03-04 17:33 - 00197208 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\HBPlugins\DBPlugin.dll
2008-03-04 17:33 - 2008-03-04 17:33 - 00251992 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\HBPlugins\ExchangePlugin.dll
2008-03-04 17:32 - 2008-03-04 17:32 - 00328280 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\HBPlugins\ImagePlugin.dll
2008-03-04 17:32 - 2008-03-04 17:32 - 00233560 _____ () C:\Program Files (x86)\Novosoft\Handy Backup\HBPlugins\MSSQLPlugin.dll
2010-10-11 11:16 - 2005-02-24 12:51 - 00208896 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\dot1x_dll.dll
2010-10-11 11:16 - 2004-03-05 15:00 - 00155648 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\SSLEAY32.dll
2010-10-11 11:16 - 2004-03-05 15:00 - 00827392 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\LIBEAY32.dll
2010-10-11 11:16 - 2005-01-19 14:39 - 00045056 _____ () C:\Program Files (x86)\Wireless\802.11ag Wireless Client Utility\ZDWLAN.dll
2010-08-31 16:43 - 2009-06-03 12:34 - 03764224 _____ () C:\Users\Escrow\AppData\Roaming\PictureMover\Bin\Core.dll
2009-07-13 14:03 - 2009-07-13 18:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2010-08-31 16:43 - 2009-06-03 12:43 - 01703936 _____ () C:\Users\Escrow\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2010-10-13 11:46 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-12-11 10:30 - 2014-12-11 10:30 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\caldirectsecuredocs.com -> hxxps://www.caldirectsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\caldirectsecuredocs.com -> hxxp://www.caldirectsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\com -> hxxps://pennwest-edocs.com
IE trusted site: HKU\.DEFAULT\...\com -> hxxp://pennwest-edocs.com
IE trusted site: HKU\.DEFAULT\...\ditechsecuredocs.com -> hxxps://www.ditechsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\ditechsecuredocs.com -> hxxp://www.ditechsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\.DEFAULT\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\.DEFAULT\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\.DEFAULT\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\.DEFAULT\...\gmacmsecuredocs.com -> hxxps://www.gmacmsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\gmacmsecuredocs.com -> hxxp://www.gmacmsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\.DEFAULT\...\gmamcsecuredocs.com -> hxxps://www.gmamcsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\gmamcsecuredocs.com -> hxxp://www.gmamcsecuredocs.com
IE trusted site: HKU\.DEFAULT\...\hsbc.com -> hxxps://mortgage-esign.us.hsbc.com
IE trusted site: HKU\.DEFAULT\...\hsbc.com -> hxxp://mortgage-esign.us.hsbc.com
There are 11 more sites.
IE trusted site: HKU\S-1-5-19\...\caldirectsecuredocs.com -> hxxps://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\caldirectsecuredocs.com -> hxxp://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\com -> hxxps://pennwest-edocs.com
IE trusted site: HKU\S-1-5-19\...\com -> hxxp://pennwest-edocs.com
IE trusted site: HKU\S-1-5-19\...\ditechsecuredocs.com -> hxxps://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\ditechsecuredocs.com -> hxxp://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\S-1-5-19\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\S-1-5-19\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\S-1-5-19\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\S-1-5-19\...\gmacmsecuredocs.com -> hxxps://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\gmacmsecuredocs.com -> hxxp://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-19\...\gmamcsecuredocs.com -> hxxps://www.gmamcsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\gmamcsecuredocs.com -> hxxp://www.gmamcsecuredocs.com
IE trusted site: HKU\S-1-5-19\...\hsbc.com -> hxxps://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-19\...\hsbc.com -> hxxp://mortgage-esign.us.hsbc.com
There are 11 more sites.
IE trusted site: HKU\S-1-5-20\...\caldirectsecuredocs.com -> hxxps://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\caldirectsecuredocs.com -> hxxp://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\com -> hxxps://pennwest-edocs.com
IE trusted site: HKU\S-1-5-20\...\com -> hxxp://pennwest-edocs.com
IE trusted site: HKU\S-1-5-20\...\ditechsecuredocs.com -> hxxps://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\ditechsecuredocs.com -> hxxp://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\S-1-5-20\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\S-1-5-20\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\S-1-5-20\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\S-1-5-20\...\gmacmsecuredocs.com -> hxxps://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\gmacmsecuredocs.com -> hxxp://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-20\...\gmamcsecuredocs.com -> hxxps://www.gmamcsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\gmamcsecuredocs.com -> hxxp://www.gmamcsecuredocs.com
IE trusted site: HKU\S-1-5-20\...\hsbc.com -> hxxps://mortgage-esign.us.hsbc.com
IE trusted site: HKU\S-1-5-20\...\hsbc.com -> hxxp://mortgage-esign.us.hsbc.com
There are 11 more sites.
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\caldirectsecuredocs.com -> hxxps://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\caldirectsecuredocs.com -> hxxp://www.caldirectsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\com -> hxxps://pennwest-edocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\com -> hxxp://pennwest-edocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\ditechsecuredocs.com -> hxxps://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\ditechsecuredocs.com -> hxxp://www.ditechsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\ditechsecuredocs.net -> hxxps://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\ditechsecuredocs.net -> hxxp://www.ditechsecuredocs.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\docmagic.com -> hxxp://www.docmagic.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\docmagic.com -> hxxps://www.docmagic.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\elynx.com -> hxxps://gateway.elynx.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\elynx.com -> hxxp://gateway.elynx.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\elynx.net -> hxxps://aegis.elynx.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\elynx.net -> hxxp://aegis.elynx.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmacmsecuredocs.com -> hxxps://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmacmsecuredocs.com -> hxxp://www.gmacmsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmacmsecuredocs.net -> hxxps://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmacmsecuredocs.net -> hxxp://www.gmacmsecuredocs.net
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmamcsecuredocs.com -> hxxps://www.gmamcsecuredocs.com
IE trusted site: HKU\S-1-5-21-729058967-3014044393-3231255247-1000\...\gmamcsecuredocs.com -> hxxp://www.gmamcsecuredocs.com
There are 13 more sites.
==================== Other Areas ============================