Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Malware Attack
Message
<blockquote data-quote="phtumch" data-source="post: 448289" data-attributes="member: 44823"><p>[Code](Intel Corporation) C:\Windows\System32\igfxCUIService.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfws.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe</p><p>() C:\Windows\SysWOW64\AsHookDevice.exe</p><p>(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe</p><p>(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe</p><p>(McAfee, Inc.) C:\Windows\System32\mfevtps.exe</p><p>() C:\Program Files\CyberLink\Shared files\RichVideo64.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe</p><p>(McAfee, Inc.) C:\Windows\System32\mfevtps.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe</p><p>(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxEM.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxHK.exe</p><p>() C:\Windows\System32\igfxTray.exe</p><p>(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe</p><p>() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe</p><p>() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Farbar) C:\Users\Roy\Downloads\FRST64 (1).exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ===========================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)</p><p>HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)</p><p>HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)</p><p>HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-08-11] ()</p><p>HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)</p><p>HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-11-09] (ASUSTek Computer Inc.)</p><p>HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)</p><p>HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)</p><p>HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1130408 2015-10-16] (AVG Technologies CZ, s.r.o.)</p><p>HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)</p><p>HKLM\...\Policies\Explorer: [NoFolderOptions] 0</p><p>HKLM\...\Policies\Explorer: [NoControlPanel] 0</p><p>HKU\S-1-5-21-914793054-2064063000-490508013-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-27] (Google Inc.)</p><p>HKU\S-1-5-21-914793054-2064063000-490508013-1001\...\Run: [Livedrive] => C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe [3497632 2013-11-29] (DSG Retail Limited)</p><p>HKU\S-1-5-21-914793054-2064063000-490508013-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILGE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)</p><p>HKU\S-1-5-21-914793054-2064063000-490508013-1001\...\Run: [Spotify Web Helper] => C:\Users\Roy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-16] (Spotify Ltd)</p><p>HKU\S-1-5-21-914793054-2064063000-490508013-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)</p><p>HKU\S-1-5-21-914793054-2064063000-490508013-1001\...\Run: [Spotify] => C:\Users\Roy\AppData\Roaming\Spotify\Spotify.exe [7736128 2015-10-16] (Spotify Ltd)</p><p>IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\asusvibelauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\asuswspanel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\itunes.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\knowhowcloud.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\maxxaudiocontrol64.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\mep.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\msouc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\onenotem.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\setlang.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"</p><p>SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)</p><p>SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)</p><p>ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Roy\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation)</p><p>ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Roy\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation)</p><p>ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Roy\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation)</p><p>ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)</p><p>ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)</p><p>ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)</p><p>ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)</p><p>ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-29] (Livedrive Internet Ltd)</p><p>ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-29] (Livedrive Internet Ltd)</p><p>ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-29] (Livedrive Internet Ltd)</p><p>ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-29] (Livedrive Internet Ltd)</p><p>ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Roy\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation)</p><p>ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Roy\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation)</p><p>ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Roy\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation)</p><p>ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)</p><p>Startup: C:\Users\roy_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall SafeKey RunOnce.lnk [2015-08-21]</p><p>ShortcutTarget: Uninstall SafeKey RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)</p><p>GroupPolicy: Restriction - Chrome <======= ATTENTION</p><p>CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.254</p><p>Tcpip\..\Interfaces\{2d1921b9-2f88-4262-921e-915a4b149b6d}: [DhcpNameServer] 192.168.1.254</p><p>Tcpip\..\Interfaces\{d6b11b87-1eb3-4108-a698-a1a950c10011}: [DhcpNameServer] 192.168.1.254</p><p></p><p>Internet Explorer:</p><p>==================</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>HKU\S-1-5-21-914793054-2064063000-490508013-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB</p><p>SearchScopes: HKU\S-1-5-21-914793054-2064063000-490508013-1001 -> DefaultScope {5D97B7C8-E67E-4254-B5E6-7C1459C91D65} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB0D20140428&p={searchTerms}</p><p>SearchScopes: HKU\S-1-5-21-914793054-2064063000-490508013-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-21-914793054-2064063000-490508013-1001 -> {5D97B7C8-E67E-4254-B5E6-7C1459C91D65} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB0D20140428&p={searchTerms}</p><p>BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-04-27] (Microsoft Corporation)</p><p>BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-27] (Google Inc.)</p><p>BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2014-04-27] (Microsoft Corporation)</p><p>BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-04-27] (Microsoft Corporation)</p><p>BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.)</p><p>BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-04-27] (Microsoft Corporation)</p><p>Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-27] (Google Inc.)</p><p>Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.)</p><p>Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-04-27] (Microsoft Corporation)</p><p>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\oet8azl1.default</p><p>FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [No File]</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-19] (Intel Corporation)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-19] (Intel Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-27] (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)</p><p>FF Extension: Foxstart Default Settings - C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\oet8azl1.default\Extensions\foxstart-cck@extensions.foxstart.com [2015-11-01] [not signed]</p><p>FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor</p><p>FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-08-21] [not signed]</p><p>FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor</p><p></p><p>Chrome: </p><p>=======</p><p>CHR HomePage: Default -> mysearch.avg.com/?rvt=1</p><p>CHR StartupUrls: Default -> "hxxp://[URL="http://www.google.com/"]www.google.com/[/URL]"</p><p>CHR NewTab: Default -> "chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html"</p><p>CHR DefaultSearchKeyword: Default -> google.co.uk</p><p>CHR Profile: C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Google Docs) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]</p><p>CHR Extension: (Google Drive) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]</p><p>CHR Extension: (Learn Spanish) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhkieclemlhmognjggohfpemlgconnjl [2014-11-18]</p><p>CHR Extension: (YouTube) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]</p><p>CHR Extension: (AVG Secure Search) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-11-05]</p><p>CHR Extension: (Google Search) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]</p><p>CHR Extension: (Google Docs Offline) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]</p><p>CHR Extension: ([URL="http://www.bbc.co.uk/cbeebies/"]Games for kids and early years activities - CBeebies - BBC[/URL]) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kclllalmcgjlidbdkbikkjanmfmlldpk [2014-04-30]</p><p>CHR Extension: (Replay Poker - Texas Holdem Poker) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfcdggllbpfgmjiofncgckbjnfenhgo [2015-10-27]</p><p>CHR Extension: (Chrome Web Store Payments) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02]</p><p>CHR Extension: (Gmail) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]</p><p>CHR Extension: (AVG PrivacyFix) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni [2015-11-05]</p><p></p><p>==================== Services (Whitelisted) ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)</p><p>R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-08-28] ()</p><p>S4 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]</p><p>S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.)</p><p>R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfws.exe [1569416 2015-10-30] (AVG Technologies CZ, s.r.o.)</p><p>R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.)</p><p>R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-10-16] (AVG Technologies CZ, s.r.o.)</p><p>R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.)</p><p>R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [207160 2013-08-08] ()</p><p>R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)</p><p>S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)</p><p>R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-08-11] (Intel Corporation)</p><p>R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]</p><p>S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)</p><p>S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)</p><p>S4 LivedriveVSSService; C:\Program Files (x86)\Knowhow Cloud\VSSService.exe [210592 2013-11-29] ()</p><p>S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)</p><p>S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)</p><p>R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-03-01] (McAfee, Inc.)</p><p>R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)</p><p>S4 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)</p><p>S4 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-06] (Microsoft Corporation)</p><p>U2 OneSyncSvc_Session13; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)</p><p>U2 OneSyncSvc_Session13; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)</p><p>U3 PimIndexMaintenanceSvc_Session13; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)</p><p>U3 PimIndexMaintenanceSvc_Session13; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)</p><p>R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()</p><p>R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4368808 2015-10-14] (AVG Technologies CZ, s.r.o.)</p><p>U3 UnistoreSvc_Session13; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)</p><p>U3 UnistoreSvc_Session13; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)</p><p>U3 UserDataSvc_Session13; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)</p><p>U3 UserDataSvc_Session13; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)</p><p>S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)</p><p>S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)</p><p>R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-11-05] ()</p><p></p><p>===================== Drivers (Whitelisted) ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()</p><p>R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()</p><p>S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)</p><p>R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.)</p><p>R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [306608 2015-10-08] (AVG Technologies CZ, s.r.o.)</p><p>R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)</p><p>R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)</p><p>S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)</p><p>R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)</p><p>S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)</p><p>R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)</p><p>R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)</p><p>R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)</p><p>R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)</p><p>S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)</p><p>R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)</p><p>R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)</p><p>R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)</p><p>R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [615728 2015-08-11] (Realtek Semiconductor Corporation)</p><p>R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3453144 2015-07-10] (Realtek Semiconductor Corporation )</p><p>R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-10-14] (TuneUp Software)</p><p>S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()</p><p>S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)</p><p>R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)</p><p>S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)</p><p>S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2015-11-05 18:44 - 2015-11-05 18:45 - 02198016 _____ (Farbar) C:\Users\Roy\Downloads\FRST64 (1).exe</p><p>2015-11-05 18:39 - 2015-11-05 18:39 - 00016148 _____ C:\WINDOWS\system32\HOME_Roy_HistoryPrediction.bin</p><p>2015-11-05 12:37 - 2015-11-05 12:37 - 00040777 _____ C:\Users\Roy\Downloads\Addition.txt</p><p>2015-11-05 12:35 - 2015-11-05 18:45 - 00026758 _____ C:\Users\Roy\Downloads\FRST.txt</p><p>2015-11-05 12:34 - 2015-11-05 18:45 - 00000000 ____D C:\FRST</p><p>2015-11-05 12:33 - 2015-11-05 12:33 - 02198016 _____ (Farbar) C:\Users\Roy\Downloads\FRST64.exe</p><p>2015-11-05 12:32 - 2015-11-05 12:33 - 01701888 _____ (Farbar) C:\Users\Roy\Downloads\FRST.exe</p><p>2015-11-05 12:25 - 2015-11-05 12:25 - 00001048 _____ C:\WINDOWS\PFRO.log</p><p>2015-11-05 12:20 - 2015-11-05 12:20 - 01713664 _____ C:\Users\Roy\Downloads\adwcleaner_5.018 (1).exe</p><p>2015-11-05 12:05 - 2015-11-05 12:23 - 00000000 ____D C:\AdwCleaner</p><p>2015-11-05 12:04 - 2015-11-05 12:05 - 01713664 _____ C:\Users\Roy\Downloads\adwcleaner_5.018.exe</p><p>2015-11-05 11:12 - 2015-11-05 11:14 - 00000000 ____D C:\Users\Roy\AppData\Local\AVG Web TuneUp</p><p>2015-11-05 11:12 - 2015-11-05 11:13 - 00000000 ____D C:\ProgramData\AVG Web TuneUp</p><p>2015-11-05 11:12 - 2015-11-05 11:12 - 00000000 ____D C:\Program Files\AVG Web TuneUp</p><p>2015-11-05 11:12 - 2015-11-05 11:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox</p><p>2015-11-05 11:12 - 2015-11-05 11:12 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp</p><p>2015-11-05 10:30 - 2015-11-05 10:30 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk</p><p>2015-11-05 10:30 - 2015-10-14 11:05 - 00045992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe</p><p>2015-11-05 10:30 - 2015-10-14 10:59 - 00037288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\authuitu.dll</p><p>2015-11-05 10:30 - 2015-10-14 10:59 - 00032680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\authuitu.dll</p><p>2015-11-05 10:22 - 2015-11-05 10:22 - 02924904 _____ (AVG Technologies) C:\Users\Roy\Downloads\AVG_Ultimate_1060.exe</p><p>2015-11-04 12:44 - 2015-11-04 12:44 - 00000645 _____ C:\WINDOWS\setupact.log</p><p>2015-11-04 12:44 - 2015-11-04 12:44 - 00000000 _____ C:\WINDOWS\setuperr.log</p><p>2015-11-03 17:05 - 2015-11-05 18:08 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log</p><p>2015-11-03 15:11 - 2015-11-05 10:30 - 00000000 ____D C:\Users\Roy\AppData\Roaming\AVG</p><p>2015-11-03 15:09 - 2015-11-05 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG</p><p>2015-11-03 15:09 - 2015-11-03 15:09 - 00000000 ___HD C:\$AVG</p><p>2015-11-03 15:09 - 2015-11-03 15:09 - 00000000 ____D C:\Users\Roy\AppData\Roaming\TuneUp Software</p><p>2015-11-03 15:06 - 2015-11-05 17:31 - 00000000 ____D C:\ProgramData\MFAData</p><p>2015-11-03 15:06 - 2015-11-05 10:21 - 00000916 _____ C:\Users\Public\Desktop\AVG.lnk</p><p>2015-11-03 15:06 - 2015-11-05 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen</p><p>2015-11-03 15:06 - 2015-11-03 15:06 - 00000000 ____D C:\Users\Roy\AppData\Local\MFAData</p><p>2015-11-03 15:04 - 2015-11-05 10:30 - 00000000 ____D C:\ProgramData\Avg</p><p>2015-11-03 15:04 - 2015-11-05 10:30 - 00000000 ____D C:\Program Files (x86)\AVG</p><p>2015-11-03 15:03 - 2015-11-05 10:30 - 00000000 ____D C:\Users\Roy\AppData\Local\AvgSetupLog</p><p>2015-11-03 15:03 - 2015-11-05 10:30 - 00000000 ____D C:\Users\Roy\AppData\Local\Avg</p><p>2015-11-03 15:02 - 2015-11-03 15:03 - 02895648 _____ (AVG Technologies) C:\Users\Roy\Downloads\AVG_Protection_1030.exe</p><p>2015-11-02 22:23 - 2015-11-02 22:24 - 22908888 _____ (Malwarebytes ) C:\Users\Roy\Downloads\mbam-setup-2.2.0.1024.exe</p><p>2015-11-02 17:33 - 2015-11-02 17:33 - 00000258 __RSH C:\ProgramData\ntuser.pol</p><p>2015-11-02 10:04 - 2015-11-02 10:04 - 00772016 _____ (Reimage®) C:\Users\Roy\Downloads\ReimageRepair.exe</p><p>2015-11-01 23:03 - 2015-11-01 23:03 - 00000000 ____D C:\Users\Roy\AppData\Roaming\Mozilla</p><p>2015-11-01 23:03 - 2015-11-01 23:03 - 00000000 ____D C:\Users\Roy\AppData\Local\Mozilla</p><p>2015-10-30 12:01 - 2015-10-27 23:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll</p><p>2015-10-30 12:01 - 2015-10-27 23:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll</p><p>2015-10-30 12:01 - 2015-10-21 12:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll</p><p>2015-10-30 12:01 - 2015-10-21 12:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys</p><p>2015-10-30 12:01 - 2015-10-21 12:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll</p><p>2015-10-30 12:01 - 2015-10-21 12:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll</p><p>2015-10-30 12:01 - 2015-10-21 12:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll</p><p>2015-10-30 12:01 - 2015-10-21 12:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll</p><p>2015-10-30 12:01 - 2015-10-21 11:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll</p><p>2015-10-30 12:01 - 2015-10-21 11:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll</p><p>2015-10-30 12:01 - 2015-10-21 11:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll</p><p>2015-10-30 12:01 - 2015-10-21 11:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll</p><p>2015-10-30 12:01 - 2015-10-21 11:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll</p><p>2015-10-30 12:01 - 2015-10-21 11:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll</p><p>2015-10-30 12:01 - 2015-10-21 11:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll</p><p>2015-10-30 12:01 - 2015-10-21 11:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll</p><p>2015-10-30 12:01 - 2015-10-21 11:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll</p><p>2015-10-30 12:01 - 2015-10-21 11:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe</p><p>2015-10-30 12:01 - 2015-10-21 11:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll</p><p>2015-10-30 12:01 - 2015-10-21 11:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll</p><p>2015-10-30 12:01 - 2015-10-21 11:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll</p><p>2015-10-30 12:01 - 2015-10-21 11:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll</p><p>2015-10-30 12:01 - 2015-10-21 11:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll</p><p>2015-10-30 12:01 - 2015-10-21 05:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll</p><p>2015-10-30 12:01 - 2015-10-21 05:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll</p><p>2015-10-30 12:01 - 2015-10-21 05:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll</p><p>2015-10-30 12:01 - 2015-10-21 05:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll</p><p>2015-10-30 12:01 - 2015-10-21 05:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll</p><p>2015-10-30 12:01 - 2015-10-21 05:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll</p><p>2015-10-30 12:01 - 2015-10-21 05:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll</p><p>2015-10-30 12:01 - 2015-10-21 05:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll</p><p>2015-10-30 12:01 - 2015-10-21 04:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll</p><p>2015-10-30 12:01 - 2015-10-21 04:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll</p><p>2015-10-30 12:01 - 2015-10-21 04:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll</p><p>2015-10-27 16:11 - 2015-10-27 16:11 - 00929872 _____ (Google Inc.) C:\Users\Roy\Downloads\ChromeSetup.exe</p><p>2015-10-21 16:16 - 2015-10-21 16:16 - 00284080 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx64.sys</p><p>2015-10-21 16:15 - 2015-10-21 16:15 - 00255408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys</p><p>2015-10-19 08:03 - 2015-10-19 08:03 - 00313776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys</p><p>2015-10-14 17:10 - 2015-10-10 07:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll</p><p>2015-10-14 17:10 - 2015-10-06 03:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll</p><p>2015-10-14 17:10 - 2015-10-06 02:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll</p><p>2015-10-14 17:10 - 2015-10-01 04:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi</p><p>2015-10-14 17:10 - 2015-10-01 04:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe</p><p>2015-10-14 17:10 - 2015-10-01 04:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi</p><p>2015-10-14 17:10 - 2015-10-01 04:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe</p><p>2015-10-14 17:10 - 2015-10-01 04:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe</p><p>2015-10-14 17:10 - 2015-10-01 03:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll</p><p>2015-10-14 17:10 - 2015-09-25 04:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll</p><p>2015-10-14 17:10 - 2015-09-25 04:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys</p><p>2015-10-14 17:10 - 2015-09-25 03:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll</p><p>2015-10-14 17:10 - 2015-09-25 03:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi</p><p>2015-10-14 17:10 - 2015-09-25 03:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll</p><p>2015-10-14 17:10 - 2015-09-25 03:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll</p><p>2015-10-14 17:10 - 2015-09-25 03:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll</p><p>2015-10-14 17:10 - 2015-09-25 03:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll</p><p>2015-10-14 17:10 - 2015-09-25 03:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll</p><p>2015-10-14 17:10 - 2015-09-25 03:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll</p><p>2015-10-14 17:10 - 2015-09-25 03:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll</p><p>2015-10-14 17:10 - 2015-09-25 03:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll</p><p>2015-10-14 17:10 - 2015-09-25 03:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll</p><p>2015-10-14 17:10 - 2015-09-25 03:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll</p><p>2015-10-14 17:10 - 2015-09-25 03:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll</p><p>2015-10-14 17:10 - 2015-09-25 03:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll</p><p>2015-10-14 17:10 - 2015-09-25 03:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll</p><p>2015-10-14 17:10 - 2015-09-25 03:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll</p><p>2015-10-14 17:10 - 2015-09-25 03:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys</p><p>2015-10-14 17:10 - 2015-09-25 03:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll</p><p>2015-10-14 17:10 - 2015-09-25 03:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys</p><p>2015-10-14 17:10 - 2015-09-25 03:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll</p><p>2015-10-14 17:10 - 2015-09-25 03:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll</p><p>2015-10-14 17:10 - 2015-09-25 02:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll</p><p>2015-10-13 11:14 - 2015-10-16 03:10 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe</p><p>2015-10-13 11:14 - 2015-10-16 03:10 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2015-10-08 07:46 - 2015-10-08 07:46 - 00306608 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgwfpa.sys</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2015-11-05 18:27 - 2015-03-13 13:27 - 00000929 _____ C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {27C87D01-CD08-4969-A99F-58E1151C838B}.job</p><p>2015-11-05 18:27 - 2015-03-13 13:27 - 00000743 _____ C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {27C87D01-CD08-4969-A99F-58E1151C838B}.job</p><p>2015-11-05 18:27 - 2014-04-27 18:29 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2015-11-05 17:57 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\sru</p><p>2015-11-05 16:26 - 2014-04-27 22:54 - 00004138 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{973E3E08-E664-4653-852E-A31363ED95B5}</p><p>2015-11-05 13:57 - 2015-08-11 13:21 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2015-11-05 13:53 - 2015-08-11 14:01 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat</p><p>2015-11-05 13:53 - 2015-07-10 12:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT</p><p>2015-11-05 13:53 - 2014-04-27 18:29 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2015-11-05 13:53 - 2014-01-14 08:55 - 00000025 ___SH C:\WINDOWS\SysWOW64\ReadTag.ini</p><p>2015-11-05 13:36 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\NDF</p><p>2015-11-05 13:10 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\AppReadiness</p><p>2015-11-05 12:24 - 2015-07-10 09:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI</p><p>2015-11-05 12:19 - 2015-04-19 12:26 - 00000000 ____D C:\Program Files (x86)\Adobe</p><p>2015-11-05 12:11 - 2015-07-10 12:20 - 00321096 _____ C:\WINDOWS\system32\FNTCACHE.DAT</p><p>2015-11-05 10:47 - 2015-05-29 06:08 - 00002292 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC</p><p>2015-11-05 10:47 - 2015-05-01 08:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOME-Roy Home</p><p>2015-11-05 10:47 - 2015-04-19 12:26 - 00003014 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task</p><p>2015-11-05 10:46 - 2013-11-09 07:53 - 00002426 _____ C:\WINDOWS\System32\Tasks\AsusVibeSchedule</p><p>2015-11-05 10:44 - 2015-07-10 09:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep</p><p>2015-11-05 10:44 - 2014-05-01 09:23 - 00000000 ____D C:\Users\Roy\AppData\Roaming\Skype</p><p>2015-11-05 10:44 - 2013-11-09 07:58 - 00000000 ____D C:\ProgramData\Temp</p><p>2015-11-05 10:30 - 2014-04-26 23:47 - 00000000 ____D C:\Users\Roy\AppData\Local\VirtualStore</p><p>2015-11-04 16:41 - 2015-04-01 11:18 - 00000000 ____D C:\Users\Roy\AppData\Local\Spotify</p><p>2015-11-04 16:38 - 2015-03-19 13:42 - 00000000 ____D C:\Users\Roy\AppData\Roaming\Spotify</p><p>2015-11-03 16:45 - 2014-08-08 08:47 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys</p><p>2015-11-03 15:15 - 2015-07-10 09:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM</p><p>2015-11-03 15:09 - 2015-07-10 11:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP</p><p>2015-11-02 22:26 - 2014-08-08 08:47 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2015-11-02 22:26 - 2014-08-08 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2015-11-02 22:26 - 2014-08-08 08:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2015-11-02 18:08 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\System</p><p>2015-11-02 18:07 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\rescache</p><p>2015-11-02 17:32 - 2015-08-11 13:04 - 00000000 ____D C:\Users\Roy</p><p>2015-11-02 17:29 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB</p><p>2015-11-02 17:29 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\en-GB</p><p>2015-11-02 17:29 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser</p><p>2015-11-02 17:25 - 2015-08-11 13:04 - 00000000 ____D C:\Users\roy_2</p><p>2015-11-02 17:25 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\SystemResources</p><p>2015-11-02 17:25 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\Globalization</p><p>2015-11-02 17:24 - 2014-01-14 08:40 - 00000000 ____D C:\ProgramData\AmUStor</p><p>2015-11-02 17:24 - 2014-01-14 08:40 - 00000000 ____D C:\Program Files (x86)\AmUStor</p><p>2015-11-02 17:12 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\registration</p><p>2015-11-02 10:17 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy</p><p>2015-11-01 23:24 - 2014-04-30 17:08 - 00000000 ____D C:\Users\Roy\AppData\Local\LogMeIn Rescue Calling Card</p><p>2015-10-30 12:04 - 2015-07-10 10:55 - 00000000 ____D C:\WINDOWS\CbsTemp</p><p>2015-10-26 21:28 - 2014-04-27 18:30 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2015-10-16 10:26 - 2014-04-29 15:32 - 00000000 ____D C:\WINDOWS\system32\MRT</p><p>2015-10-16 10:21 - 2014-04-29 15:32 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe</p><p>2015-10-13 11:09 - 2015-07-10 11:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12</p><p>2015-10-13 11:09 - 2015-07-10 11:04 - 00000000 ___SD C:\WINDOWS\system32\F12</p><p>2015-10-13 11:09 - 2015-07-10 11:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog</p><p>2015-10-13 11:09 - 2015-07-10 11:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility</p><p>2015-10-13 11:09 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns</p><p>2015-10-13 11:09 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform</p><p>2015-10-13 11:09 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\Provisioning</p><p>2015-10-13 11:09 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\L2Schemas</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2014-04-28 17:24 - 2015-08-21 12:26 - 27093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe</p><p>2014-04-26 23:47 - 2015-08-11 12:29 - 0092827 _____ () C:\Users\Roy\AppData\Local\BTServer.log</p><p>2015-08-11 13:01 - 2015-08-11 13:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl</p><p>2014-04-27 18:21 - 2014-04-27 18:21 - 0000046 _____ () C:\ProgramData\Temp.cmd</p><p></p><p>Files to move or delete:</p><p>====================</p><p>C:\ProgramData\Temp.cmd</p><p></p><p></p><p>Some files in TEMP:</p><p>====================</p><p>C:\Users\Roy\AppData\Local\Temp\sqlite3.dll</p><p></p><p></p><p>==================== Bamital & volsnap =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\WINDOWS\system32\winlogon.exe => File is digitally signed</p><p>C:\WINDOWS\system32\wininit.exe => File is digitally signed</p><p>C:\WINDOWS\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\system32\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\system32\services.exe => File is digitally signed</p><p>C:\WINDOWS\system32\User32.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed</p><p>C:\WINDOWS\system32\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\system32\rpcss.dll => File is digitally signed</p><p>C:\WINDOWS\system32\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2015-11-05 18:34</p><p></p><p>==================== End of FRST.txt ============================[/code]</p></blockquote><p></p>
[QUOTE="phtumch, post: 448289, member: 44823"] [Code](Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe () C:\Windows\SysWOW64\AsHookDevice.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Farbar) C:\Users\Roy\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-08-11] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-11-09] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1130408 2015-10-16] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-914793054-2064063000-490508013-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-27] (Google Inc.) HKU\S-1-5-21-914793054-2064063000-490508013-1001\...\Run: [Livedrive] => C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe [3497632 2013-11-29] (DSG Retail Limited) HKU\S-1-5-21-914793054-2064063000-490508013-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILGE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-914793054-2064063000-490508013-1001\...\Run: [Spotify Web Helper] => C:\Users\Roy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-16] (Spotify Ltd) HKU\S-1-5-21-914793054-2064063000-490508013-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd) HKU\S-1-5-21-914793054-2064063000-490508013-1001\...\Run: [Spotify] => C:\Users\Roy\AppData\Roaming\Spotify\Spotify.exe [7736128 2015-10-16] (Spotify Ltd) IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\asusvibelauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\asuswspanel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\itunes.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\knowhowcloud.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\maxxaudiocontrol64.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\mep.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\msouc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\onenotem.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\setlang.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Roy\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Roy\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Roy\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation) ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-29] (Livedrive Internet Ltd) ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-29] (Livedrive Internet Ltd) ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-29] (Livedrive Internet Ltd) ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Knowhow Cloud\Extensions.dll [2013-11-29] (Livedrive Internet Ltd) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Roy\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Roy\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Roy\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation) Startup: C:\Users\roy_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall SafeKey RunOnce.lnk [2015-08-21] ShortcutTarget: Uninstall SafeKey RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee) GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{2d1921b9-2f88-4262-921e-915a4b149b6d}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{d6b11b87-1eb3-4108-a698-a1a950c10011}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-914793054-2064063000-490508013-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB SearchScopes: HKU\S-1-5-21-914793054-2064063000-490508013-1001 -> DefaultScope {5D97B7C8-E67E-4254-B5E6-7C1459C91D65} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB0D20140428&p={searchTerms} SearchScopes: HKU\S-1-5-21-914793054-2064063000-490508013-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-914793054-2064063000-490508013-1001 -> {5D97B7C8-E67E-4254-B5E6-7C1459C91D65} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB0D20140428&p={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-04-27] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-27] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2014-04-27] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-04-27] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-04-27] (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-27] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-27] (Google Inc.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-04-27] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\oet8azl1.default FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [No File] FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-19] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-19] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-27] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Extension: Foxstart Default Settings - C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\oet8azl1.default\Extensions\foxstart-cck@extensions.foxstart.com [2015-11-01] [not signed] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-08-21] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor Chrome: ======= CHR HomePage: Default -> mysearch.avg.com/?rvt=1 CHR StartupUrls: Default -> "hxxp://[URL="http://www.google.com/"]www.google.com/[/URL]" CHR NewTab: Default -> "chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html" CHR DefaultSearchKeyword: Default -> google.co.uk CHR Profile: C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05] CHR Extension: (Google Drive) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (Learn Spanish) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhkieclemlhmognjggohfpemlgconnjl [2014-11-18] CHR Extension: (YouTube) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (AVG Secure Search) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-11-05] CHR Extension: (Google Search) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Docs Offline) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06] CHR Extension: ([URL="http://www.bbc.co.uk/cbeebies/"]Games for kids and early years activities - CBeebies - BBC[/URL]) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kclllalmcgjlidbdkbikkjanmfmlldpk [2014-04-30] CHR Extension: (Replay Poker - Texas Holdem Poker) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfcdggllbpfgmjiofncgckbjnfenhgo [2015-10-27] CHR Extension: (Chrome Web Store Payments) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02] CHR Extension: (Gmail) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30] CHR Extension: (AVG PrivacyFix) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni [2015-11-05] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-08-28] () S4 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed] S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfws.exe [1569416 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-10-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [207160 2013-08-08] () R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-08-11] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation) S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation) S4 LivedriveVSSService; C:\Program Files (x86)\Knowhow Cloud\VSSService.exe [210592 2013-11-29] () S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-03-01] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.) S4 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION) S4 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-06] (Microsoft Corporation) U2 OneSyncSvc_Session13; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation) U2 OneSyncSvc_Session13; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation) U3 PimIndexMaintenanceSvc_Session13; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation) U3 PimIndexMaintenanceSvc_Session13; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4368808 2015-10-14] (AVG Technologies CZ, s.r.o.) U3 UnistoreSvc_Session13; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation) U3 UnistoreSvc_Session13; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation) U3 UserDataSvc_Session13; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation) U3 UserDataSvc_Session13; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-11-05] () ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] () S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [306608 2015-10-08] (AVG Technologies CZ, s.r.o.) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation) R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.) R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [615728 2015-08-11] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3453144 2015-07-10] (Realtek Semiconductor Corporation ) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-10-14] (TuneUp Software) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-05 18:44 - 2015-11-05 18:45 - 02198016 _____ (Farbar) C:\Users\Roy\Downloads\FRST64 (1).exe 2015-11-05 18:39 - 2015-11-05 18:39 - 00016148 _____ C:\WINDOWS\system32\HOME_Roy_HistoryPrediction.bin 2015-11-05 12:37 - 2015-11-05 12:37 - 00040777 _____ C:\Users\Roy\Downloads\Addition.txt 2015-11-05 12:35 - 2015-11-05 18:45 - 00026758 _____ C:\Users\Roy\Downloads\FRST.txt 2015-11-05 12:34 - 2015-11-05 18:45 - 00000000 ____D C:\FRST 2015-11-05 12:33 - 2015-11-05 12:33 - 02198016 _____ (Farbar) C:\Users\Roy\Downloads\FRST64.exe 2015-11-05 12:32 - 2015-11-05 12:33 - 01701888 _____ (Farbar) C:\Users\Roy\Downloads\FRST.exe 2015-11-05 12:25 - 2015-11-05 12:25 - 00001048 _____ C:\WINDOWS\PFRO.log 2015-11-05 12:20 - 2015-11-05 12:20 - 01713664 _____ C:\Users\Roy\Downloads\adwcleaner_5.018 (1).exe 2015-11-05 12:05 - 2015-11-05 12:23 - 00000000 ____D C:\AdwCleaner 2015-11-05 12:04 - 2015-11-05 12:05 - 01713664 _____ C:\Users\Roy\Downloads\adwcleaner_5.018.exe 2015-11-05 11:12 - 2015-11-05 11:14 - 00000000 ____D C:\Users\Roy\AppData\Local\AVG Web TuneUp 2015-11-05 11:12 - 2015-11-05 11:13 - 00000000 ____D C:\ProgramData\AVG Web TuneUp 2015-11-05 11:12 - 2015-11-05 11:12 - 00000000 ____D C:\Program Files\AVG Web TuneUp 2015-11-05 11:12 - 2015-11-05 11:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-05 11:12 - 2015-11-05 11:12 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp 2015-11-05 10:30 - 2015-11-05 10:30 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk 2015-11-05 10:30 - 2015-10-14 11:05 - 00045992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe 2015-11-05 10:30 - 2015-10-14 10:59 - 00037288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\authuitu.dll 2015-11-05 10:30 - 2015-10-14 10:59 - 00032680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\authuitu.dll 2015-11-05 10:22 - 2015-11-05 10:22 - 02924904 _____ (AVG Technologies) C:\Users\Roy\Downloads\AVG_Ultimate_1060.exe 2015-11-04 12:44 - 2015-11-04 12:44 - 00000645 _____ C:\WINDOWS\setupact.log 2015-11-04 12:44 - 2015-11-04 12:44 - 00000000 _____ C:\WINDOWS\setuperr.log 2015-11-03 17:05 - 2015-11-05 18:08 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log 2015-11-03 15:11 - 2015-11-05 10:30 - 00000000 ____D C:\Users\Roy\AppData\Roaming\AVG 2015-11-03 15:09 - 2015-11-05 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-11-03 15:09 - 2015-11-03 15:09 - 00000000 ___HD C:\$AVG 2015-11-03 15:09 - 2015-11-03 15:09 - 00000000 ____D C:\Users\Roy\AppData\Roaming\TuneUp Software 2015-11-03 15:06 - 2015-11-05 17:31 - 00000000 ____D C:\ProgramData\MFAData 2015-11-03 15:06 - 2015-11-05 10:21 - 00000916 _____ C:\Users\Public\Desktop\AVG.lnk 2015-11-03 15:06 - 2015-11-05 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2015-11-03 15:06 - 2015-11-03 15:06 - 00000000 ____D C:\Users\Roy\AppData\Local\MFAData 2015-11-03 15:04 - 2015-11-05 10:30 - 00000000 ____D C:\ProgramData\Avg 2015-11-03 15:04 - 2015-11-05 10:30 - 00000000 ____D C:\Program Files (x86)\AVG 2015-11-03 15:03 - 2015-11-05 10:30 - 00000000 ____D C:\Users\Roy\AppData\Local\AvgSetupLog 2015-11-03 15:03 - 2015-11-05 10:30 - 00000000 ____D C:\Users\Roy\AppData\Local\Avg 2015-11-03 15:02 - 2015-11-03 15:03 - 02895648 _____ (AVG Technologies) C:\Users\Roy\Downloads\AVG_Protection_1030.exe 2015-11-02 22:23 - 2015-11-02 22:24 - 22908888 _____ (Malwarebytes ) C:\Users\Roy\Downloads\mbam-setup-2.2.0.1024.exe 2015-11-02 17:33 - 2015-11-02 17:33 - 00000258 __RSH C:\ProgramData\ntuser.pol 2015-11-02 10:04 - 2015-11-02 10:04 - 00772016 _____ (Reimage®) C:\Users\Roy\Downloads\ReimageRepair.exe 2015-11-01 23:03 - 2015-11-01 23:03 - 00000000 ____D C:\Users\Roy\AppData\Roaming\Mozilla 2015-11-01 23:03 - 2015-11-01 23:03 - 00000000 ____D C:\Users\Roy\AppData\Local\Mozilla 2015-10-30 12:01 - 2015-10-27 23:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-10-30 12:01 - 2015-10-27 23:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-10-30 12:01 - 2015-10-21 12:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2015-10-30 12:01 - 2015-10-21 12:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2015-10-30 12:01 - 2015-10-21 12:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-10-30 12:01 - 2015-10-21 12:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-10-30 12:01 - 2015-10-21 12:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-10-30 12:01 - 2015-10-21 12:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2015-10-30 12:01 - 2015-10-21 11:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2015-10-30 12:01 - 2015-10-21 11:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-10-30 12:01 - 2015-10-21 11:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2015-10-30 12:01 - 2015-10-21 11:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2015-10-30 12:01 - 2015-10-21 11:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-10-30 12:01 - 2015-10-21 11:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll 2015-10-30 12:01 - 2015-10-21 11:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-10-30 12:01 - 2015-10-21 11:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-10-30 12:01 - 2015-10-21 11:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2015-10-30 12:01 - 2015-10-21 11:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-10-30 12:01 - 2015-10-21 11:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2015-10-30 12:01 - 2015-10-21 11:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-10-30 12:01 - 2015-10-21 11:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-10-30 12:01 - 2015-10-21 11:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2015-10-30 12:01 - 2015-10-21 11:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2015-10-30 12:01 - 2015-10-21 05:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-10-30 12:01 - 2015-10-21 05:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-10-30 12:01 - 2015-10-21 05:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-10-30 12:01 - 2015-10-21 05:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2015-10-30 12:01 - 2015-10-21 05:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-10-30 12:01 - 2015-10-21 05:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2015-10-30 12:01 - 2015-10-21 05:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-10-30 12:01 - 2015-10-21 05:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll 2015-10-30 12:01 - 2015-10-21 04:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2015-10-30 12:01 - 2015-10-21 04:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-10-30 12:01 - 2015-10-21 04:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2015-10-27 16:11 - 2015-10-27 16:11 - 00929872 _____ (Google Inc.) C:\Users\Roy\Downloads\ChromeSetup.exe 2015-10-21 16:16 - 2015-10-21 16:16 - 00284080 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx64.sys 2015-10-21 16:15 - 2015-10-21 16:15 - 00255408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys 2015-10-19 08:03 - 2015-10-19 08:03 - 00313776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys 2015-10-14 17:10 - 2015-10-10 07:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-10-14 17:10 - 2015-10-06 03:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-10-14 17:10 - 2015-10-06 02:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-10-14 17:10 - 2015-10-01 04:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2015-10-14 17:10 - 2015-10-01 04:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2015-10-14 17:10 - 2015-10-01 04:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2015-10-14 17:10 - 2015-10-01 04:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2015-10-14 17:10 - 2015-10-01 04:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-10-14 17:10 - 2015-10-01 03:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2015-10-14 17:10 - 2015-09-25 04:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2015-10-14 17:10 - 2015-09-25 04:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2015-10-14 17:10 - 2015-09-25 03:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-10-14 17:10 - 2015-09-25 03:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2015-10-14 17:10 - 2015-09-25 03:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2015-10-14 17:10 - 2015-09-25 03:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-10-14 17:10 - 2015-09-25 03:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll 2015-10-14 17:10 - 2015-09-25 03:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll 2015-10-14 17:10 - 2015-09-25 03:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-10-14 17:10 - 2015-09-25 03:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2015-10-14 17:10 - 2015-09-25 03:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-10-14 17:10 - 2015-09-25 03:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2015-10-14 17:10 - 2015-09-25 03:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2015-10-14 17:10 - 2015-09-25 03:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-10-14 17:10 - 2015-09-25 03:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-10-14 17:10 - 2015-09-25 03:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-10-14 17:10 - 2015-09-25 03:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2015-10-14 17:10 - 2015-09-25 03:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-10-14 17:10 - 2015-09-25 03:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-10-14 17:10 - 2015-09-25 03:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll 2015-10-14 17:10 - 2015-09-25 03:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-10-14 17:10 - 2015-09-25 03:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll 2015-10-14 17:10 - 2015-09-25 03:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll 2015-10-14 17:10 - 2015-09-25 02:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2015-10-14 17:10 - 2015-09-25 02:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll 2015-10-14 17:10 - 2015-09-25 02:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll 2015-10-14 17:10 - 2015-09-25 02:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll 2015-10-14 17:10 - 2015-09-25 02:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll 2015-10-14 17:10 - 2015-09-25 02:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll 2015-10-14 17:10 - 2015-09-25 02:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2015-10-14 17:10 - 2015-09-25 02:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll 2015-10-14 17:10 - 2015-09-25 02:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll 2015-10-14 17:10 - 2015-09-25 02:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-10-14 17:10 - 2015-09-25 02:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-10-14 17:10 - 2015-09-25 02:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2015-10-14 17:10 - 2015-09-25 02:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-10-14 17:10 - 2015-09-25 02:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-10-14 17:10 - 2015-09-25 02:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2015-10-14 17:10 - 2015-09-25 02:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2015-10-14 17:10 - 2015-09-25 02:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-10-14 17:10 - 2015-09-25 02:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2015-10-14 17:10 - 2015-09-25 02:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2015-10-14 17:10 - 2015-09-25 02:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll 2015-10-14 17:10 - 2015-09-25 02:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll 2015-10-14 17:10 - 2015-09-25 02:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll 2015-10-14 17:10 - 2015-09-25 02:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll 2015-10-14 17:10 - 2015-09-25 02:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll 2015-10-14 17:10 - 2015-09-25 02:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2015-10-14 17:10 - 2015-09-25 02:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2015-10-13 11:14 - 2015-10-16 03:10 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-10-13 11:14 - 2015-10-16 03:10 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-10-08 07:46 - 2015-10-08 07:46 - 00306608 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgwfpa.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-05 18:27 - 2015-03-13 13:27 - 00000929 _____ C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {27C87D01-CD08-4969-A99F-58E1151C838B}.job 2015-11-05 18:27 - 2015-03-13 13:27 - 00000743 _____ C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {27C87D01-CD08-4969-A99F-58E1151C838B}.job 2015-11-05 18:27 - 2014-04-27 18:29 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-05 17:57 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\sru 2015-11-05 16:26 - 2014-04-27 22:54 - 00004138 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{973E3E08-E664-4653-852E-A31363ED95B5} 2015-11-05 13:57 - 2015-08-11 13:21 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-11-05 13:53 - 2015-08-11 14:01 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-11-05 13:53 - 2015-07-10 12:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-11-05 13:53 - 2014-04-27 18:29 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-05 13:53 - 2014-01-14 08:55 - 00000025 ___SH C:\WINDOWS\SysWOW64\ReadTag.ini 2015-11-05 13:36 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-11-05 13:10 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-11-05 12:24 - 2015-07-10 09:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2015-11-05 12:19 - 2015-04-19 12:26 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-11-05 12:11 - 2015-07-10 12:20 - 00321096 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-11-05 10:47 - 2015-05-29 06:08 - 00002292 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2015-11-05 10:47 - 2015-05-01 08:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOME-Roy Home 2015-11-05 10:47 - 2015-04-19 12:26 - 00003014 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2015-11-05 10:46 - 2013-11-09 07:53 - 00002426 _____ C:\WINDOWS\System32\Tasks\AsusVibeSchedule 2015-11-05 10:44 - 2015-07-10 09:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2015-11-05 10:44 - 2014-05-01 09:23 - 00000000 ____D C:\Users\Roy\AppData\Roaming\Skype 2015-11-05 10:44 - 2013-11-09 07:58 - 00000000 ____D C:\ProgramData\Temp 2015-11-05 10:30 - 2014-04-26 23:47 - 00000000 ____D C:\Users\Roy\AppData\Local\VirtualStore 2015-11-04 16:41 - 2015-04-01 11:18 - 00000000 ____D C:\Users\Roy\AppData\Local\Spotify 2015-11-04 16:38 - 2015-03-19 13:42 - 00000000 ____D C:\Users\Roy\AppData\Roaming\Spotify 2015-11-03 16:45 - 2014-08-08 08:47 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-11-03 15:15 - 2015-07-10 09:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2015-11-03 15:09 - 2015-07-10 11:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2015-11-02 22:26 - 2014-08-08 08:47 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-11-02 22:26 - 2014-08-08 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-11-02 22:26 - 2014-08-08 08:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-11-02 18:08 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\System 2015-11-02 18:07 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\rescache 2015-11-02 17:32 - 2015-08-11 13:04 - 00000000 ____D C:\Users\Roy 2015-11-02 17:29 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB 2015-11-02 17:29 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\en-GB 2015-11-02 17:29 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-11-02 17:25 - 2015-08-11 13:04 - 00000000 ____D C:\Users\roy_2 2015-11-02 17:25 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\SystemResources 2015-11-02 17:25 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\Globalization 2015-11-02 17:24 - 2014-01-14 08:40 - 00000000 ____D C:\ProgramData\AmUStor 2015-11-02 17:24 - 2014-01-14 08:40 - 00000000 ____D C:\Program Files (x86)\AmUStor 2015-11-02 17:12 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\registration 2015-11-02 10:17 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy 2015-11-01 23:24 - 2014-04-30 17:08 - 00000000 ____D C:\Users\Roy\AppData\Local\LogMeIn Rescue Calling Card 2015-10-30 12:04 - 2015-07-10 10:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-10-26 21:28 - 2014-04-27 18:30 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-10-16 10:26 - 2014-04-29 15:32 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-10-16 10:21 - 2014-04-29 15:32 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-10-13 11:09 - 2015-07-10 11:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12 2015-10-13 11:09 - 2015-07-10 11:04 - 00000000 ___SD C:\WINDOWS\system32\F12 2015-10-13 11:09 - 2015-07-10 11:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2015-10-13 11:09 - 2015-07-10 11:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-10-13 11:09 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2015-10-13 11:09 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2015-10-13 11:09 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\Provisioning 2015-10-13 11:09 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\L2Schemas ==================== Files in the root of some directories ======= 2014-04-28 17:24 - 2015-08-21 12:26 - 27093992 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe 2014-04-26 23:47 - 2015-08-11 12:29 - 0092827 _____ () C:\Users\Roy\AppData\Local\BTServer.log 2015-08-11 13:01 - 2015-08-11 13:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-04-27 18:21 - 2014-04-27 18:21 - 0000046 _____ () C:\ProgramData\Temp.cmd Files to move or delete: ==================== C:\ProgramData\Temp.cmd Some files in TEMP: ==================== C:\Users\Roy\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-05 18:34 ==================== End of FRST.txt ============================[/code] [/QUOTE]
Insert quotes…
Verification
Post reply
Top