Reply to thread

Message: <blockquote data-quote="Kim Fettig" data-source="post: 522561" data-attributes="member: 53923">FRST file: [code]Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-07-2016 01Ran by owner (administrator) on OWNER-PC (12-07-2016 07:01:22)Running from C:\Users\owner\DesktopLoaded Profiles: owner (Available Profiles: owner)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 10 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(RedFox) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe() C:\Program Files (x86)\Legitmix\Legitmix.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\ToolbarUpdater.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe(Oracle Corporation) C:\Program Files (x86)\Legitmix\jre\bin\java.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_22_0_0_192_ActiveX.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2011-05-02] (ActivIdentity)HKLM\...\Run: [] => [X]HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [489512 2011-05-02] (ActivIdentity)HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-04] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXEHKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe /bootHKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [236016 2008-08-26] (Sonic Solutions)HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [124536 2015-06-04] (LeapFrog Enterprises, Inc.)HKLM-x32\...\Run: [BlackBerryAutoUpdate] => C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [615696 2008-09-19] (Research In Motion Limited)HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1874264 2011-08-19] (Intuit Inc. All rights reserved.)HKLM-x32\...\Run: [ApproveItForOfficeSetup] => C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe [155648 2011-01-28] (Silanis Technology Inc.)HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-06-09] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-09-19] (RealNetworks, Inc.)HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2662472 2016-06-15] ()HKLM-x32\...\Run: [AprvRemoveLegacyExcelKeys] => C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe [73728 2011-01-29] (Silanis Technology Inc.)HKLM-x32\...\Run: [AprvRemoveLegacyWordKeys] => C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe [73728 2011-01-29] (Silanis Technology Inc.)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [14688 2015-12-02] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)Winlogon\Notify\ScCertProp: wlnotify.dll [X]HKU\S-1-5-21-4135610809-3517379215-834288334-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [10364448 2016-07-11] (RedFox)HKU\S-1-5-21-4135610809-3517379215-834288334-1000\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\owner\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=382d9fe842c947d08bb8c94a35202b6f-fe20c73f7ad2bc412d90c3c9963fbd40ab2d180b /CMPID=1113aHKU\S-1-5-21-4135610809-3517379215-834288334-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1HKU\S-1-5-21-4135610809-3517379215-834288334-1000\...\MountPoints2: {3b275508-9f1c-11e5-873f-180373c4c29c} - J:\VerizonWirelessUpgradeAssistantSetup.exe -aStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk [2012-03-19]ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ApproveIt StartUp.lnk [2014-03-19]ShortcutTarget: ApproveIt StartUp.lnk -> C:\Windows\Installer\{F39BD95B-5B9E-4E83-96C4-D4667FD061C6}\Icon9557F1BC1.ico ()Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-10-20]ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2012-03-17]ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-06-21]ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2012-03-17]ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2012-03-17]ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-09-19]ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Legitmix.lnk [2016-02-08]ShortcutTarget: Legitmix.lnk -> C:\Program Files (x86)\Legitmix\Legitmix.exe ()==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Hosts: 0.0.0.1 mssplus.mcafee.comTcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76Tcpip\..\Interfaces\{06FCE7B7-DE70-412C-8F12-1A9E42FF031B}: [DhcpNameServer] 75.75.75.75 75.75.76.76Tcpip\..\Interfaces\{417FD7C4-0FA9-4E69-883C-7646C58A3AF3}: [DhcpNameServer] 75.75.75.75 75.75.76.76Internet Explorer:==================HKU\S-1-5-21-4135610809-3517379215-834288334-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={5B036D45-F051-4C70-874E-60F3D83263E2}&mid=382d9fe842c947d08bb8c94a35202b6f-fe20c73f7ad2bc412d90c3c9963fbd40ab2d180b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616tb&pr=fr&d=2014-02-12 16:52:10&v=19.4.0.518&pid=safeguard&sg=0&sap=hpHKU\S-1-5-21-4135610809-3517379215-834288334-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1URLSearchHook: HKU\S-1-5-21-4135610809-3517379215-834288334-1000 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No FileURLSearchHook: HKU\S-1-5-21-4135610809-3517379215-834288334-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://[URL="http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox"]www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox[/URL]SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://[URL="http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox"]www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox[/URL]SearchScopes: HKLM-x32 -> DefaultScope {E8E11F90-650B-4589-96BA-CC3A791A2AEA} URL = SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://[URL="http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox"]www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox[/URL]SearchScopes: HKU\S-1-5-21-4135610809-3517379215-834288334-1000 -> {178190E1-AA37-450C-AD74-83E5CACBC3C3} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}SearchScopes: HKU\S-1-5-21-4135610809-3517379215-834288334-1000 -> {5A0B5F61-198F-4418-ACAE-72F08A54BE5F} URL = hxxps://[URL="http://www.google.com/search?q={searchTerms}"]www.google.com/search?q={searchTerms}[/URL]SearchScopes: HKU\S-1-5-21-4135610809-3517379215-834288334-1000 -> {689A6EA4-4342-4637-A9A7-EF25035F9E3A} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}SearchScopes: HKU\S-1-5-21-4135610809-3517379215-834288334-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={5B036D45-F051-4C70-874E-60F3D83263E2}&mid=382d9fe842c947d08bb8c94a35202b6f-fe20c73f7ad2bc412d90c3c9963fbd40ab2d180b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616tb&pr=fr&d=2014-02-12 16:52:10&v=19.4.0.518&pid=safeguard&sg=0&sap=dsp&q={searchTerms}SearchScopes: HKU\S-1-5-21-4135610809-3517379215-834288334-1000 -> {A18E8EAD-BF57-45AF-8AAD-3313770850DE} URL = hxxp://[URL="http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.24.1.51&apn_uid=5E08A99B-29E6-422E-B614-73E88115946B&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_10.0.9200.17267&doi=2015-03-16&trgb=IE&q={searchTerms}&psv=&pt=tb"]www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.24.1.51&apn_uid=5E08A99B-29E6-422E-B614-73E88115946B&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_10.0.9200.17267&doi=2015-03-16&trgb=IE&q={searchTerms}&psv=&pt=tb[/URL]SearchScopes: HKU\S-1-5-21-4135610809-3517379215-834288334-1000 -> {E8E11F90-650B-4589-96BA-CC3A791A2AEA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298568&CUI=UN15332641841077943&UM=2BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-07-30] (RealDownloader)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28] (Yahoo! Inc.)BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)BHO-x32: IBM Forms Viewer Helper -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files (x86)\IBM\Forms Viewer\4.0\PEhelper.dll [2012-05-25] (IBM Corporation)BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-07-30] (RealDownloader)BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-23] (Oracle Corporation)BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\19.4.0.518\AVG SafeGuard toolbar_toolbar.dll [2016-06-15] (AVG Secure Search)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-23] (Oracle Corporation)BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.4.0.518\AVG SafeGuard toolbar_toolbar.dll [2016-06-15] (AVG Secure Search)Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28] (Yahoo! Inc.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabDPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://ciscolearning.webex.com/client/WBXclient-T29L10NSP13EP71-10003/nbr/ieatgpc1.cabHandler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2012-06-17] (Intuit, Inc.)Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.4.0\ViProtocol.dll [2016-04-23] (AVG Secure Search)Handler-x32: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll [2013-02-03] (Microsoft Corporation)FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-21] ()FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-21] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.4.0\\npsitesafety.dll [No File]FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-23] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-23] (Oracle Corporation)FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2012-09-28] (Logitech Inc.)FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-09-19] (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-07-30] (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-09-19] (RealPlayer Cloud)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\owner\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-11-22] (Cisco WebEx LLC)FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\FirefoxFF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-08-08] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-19] [not signed]FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-12] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-10-20] [not signed]FF HKU\S-1-5-21-4135610809-3517379215-834288334-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3Chrome: =======CHR HomePage: Default -> hxxps://mysearch.avg.com?cid={5B036D45-F051-4C70-874E-60F3D83263E2}&mid=382d9fe842c947d08bb8c94a35202b6f-fe20c73f7ad2bc412d90c3c9963fbd40ab2d180b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-12 16:52:10&v=18.1.9.799&pid=safeguard&sg=0&sap=hpCHR StartupUrls: Default -> "hxxps://mysearch.avg.com?cid={5B036D45-F051-4C70-874E-60F3D83263E2}&mid=382d9fe842c947d08bb8c94a35202b6f-fe20c73f7ad2bc412d90c3c9963fbd40ab2d180b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-12 16:52:10&v=18.1.9.799&pid=safeguard&sg=0&sap=hp"CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?cid={5B036D45-F051-4C70-874E-60F3D83263E2}&mid=382d9fe842c947d08bb8c94a35202b6f-fe20c73f7ad2bc412d90c3c9963fbd40ab2d180b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-12 16:52:10&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}CHR DefaultSearchKeyword: Default -> mysearch.avg.com_CHR DefaultNewTabURL: Default -> hxxps://mysearch.avg.com/chroment?espv=2&cid={5B036D45-F051-4C70-874E-60F3D83263E2}&mid=382d9fe842c947d08bb8c94a35202b6f-fe20c73f7ad2bc412d90c3c9963fbd40ab2d180b&lang=en&ds=AVG&pr=fr&d=2014-02-12 16:52:10&v=18.1.9.799&pid=safeguard&sg=0CHR DefaultSuggestURL: Default -> hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No FileCHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll => No FileCHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll => No FileCHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No FileCHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No FileCHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll => No FileCHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)CHR Plugin: (Windows LiveÂ™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll => No FileCHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => No FileCHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No FileCHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll => No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No FileCHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-21]CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]CHR Extension: (Google Docs Offline) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]CHR Extension: (Freemake Video Converter) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-08-10]CHR Extension: (Cisco WebEx Extension) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-11-22]CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-26]CHR HKU\S-1-5-21-4135610809-3517379215-834288334-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nobnjjknonbflhaiepehfnncjhigejke] - C:\Users\owner\AppData\Local\CRE\nobnjjknonbflhaiepehfnncjhigejke.crx [2013-08-04]CHR HKLM-x32\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx <not found>CHR HKLM-x32\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx <not found>CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-08-08]CHR HKLM-x32\...\Chrome\Extension: [nobnjjknonbflhaiepehfnncjhigejke] - C:\Users\owner\AppData\Local\CRE\nobnjjknonbflhaiepehfnncjhigejke.crx [2013-08-04]CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2014-02-02]==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-06-09] (AVG Technologies CZ, s.r.o.)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5165824 2016-06-09] (AVG Technologies CZ, s.r.o.)R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-06-09] (AVG Technologies CZ, s.r.o.)R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-08-01] (Freemake) [File not signed]R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [293128 2016-05-31] (McAfee, Inc.)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-08-19] (Intuit) [File not signed]S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-08-19] (Intuit Inc.) [File not signed]R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.) [File not signed]R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-19] (RealNetworks, Inc.)R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)R2 vToolbarUpdater19.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\ToolbarUpdater.exe [1888328 2016-04-23] (AVG Secure Search)R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R0 02FAD8CC; C:\Windows\System32\drivers\02FAD8CC.sys [457824 2016-07-11] (Kaspersky Lab ZAO)R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [154448 2016-07-11] (RedFox)R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [154448 2016-07-11] (RedFox)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [279296 2016-05-17] (AVG Technologies CZ, s.r.o.)R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (LeapFrog)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-05-20] (Research In Motion Limited)R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)S3 STCFUx64; C:\Windows\System32\DRIVERS\STCFUx64.SYS [10496 2014-06-18] (Identive)S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2015-12-07] (Western Digital Technologies)S3 mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [X]R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-07-12 07:01 - 2016-07-12 07:01 - 00039665 _____ C:\Users\owner\Desktop\FRST.txt2016-07-12 06:54 - 2016-07-12 07:01 - 02390528 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe2016-07-12 06:33 - 2016-07-12 06:33 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4135610809-3517379215-834288334-10002016-07-12 06:18 - 2016-07-12 06:33 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4135610809-3517379215-834288334-10002016-07-11 22:23 - 2016-07-12 07:01 - 00000000 ____D C:\FRST2016-07-11 21:53 - 2016-07-11 21:54 - 00007684 _____ C:\TDSSKiller.3.1.0.9_11.07.2016_21.53.49_log.txt2016-07-11 21:51 - 2016-07-11 23:28 - 00178084 _____ C:\Windows\ntbtlog.txt2016-07-11 21:32 - 2016-07-11 21:48 - 00003362 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4135610809-3517379215-834288334-10002016-07-11 21:32 - 2016-07-11 21:48 - 00003228 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4135610809-3517379215-834288334-10002016-07-11 21:06 - 2016-07-11 21:06 - 02622304 _____ (Kaspersky Lab) C:\Users\owner\Downloads\kss16.0.0.1344en_9702.exe2016-07-11 20:00 - 2016-07-11 21:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files2016-07-11 19:39 - 2016-07-11 19:39 - 00457824 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\02FAD8CC.sys2016-07-11 19:39 - 2016-07-11 19:39 - 00000000 ____D C:\KVRT_Data2016-07-11 16:47 - 2016-07-12 06:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2016-07-11 12:58 - 2016-07-11 12:58 - 00154448 _____ (RedFox) C:\Windows\SysWOW64\Drivers\AnyDVD.sys2016-07-11 12:58 - 2016-07-11 12:58 - 00154448 _____ (RedFox) C:\Windows\system32\Drivers\AnyDVD.sys2016-07-06 07:48 - 2016-07-09 12:31 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForowner.job2016-07-06 07:48 - 2016-07-09 12:08 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForowner2016-06-29 21:46 - 2016-06-29 23:09 - 00000000 ____D C:\Users\owner\Documents\25B40 002-16 1059 PH22016-06-21 12:04 - 2016-06-21 12:05 - 00517928 _____ C:\Users\owner\Desktop\Fettig Self Assessment.pdf2016-06-21 12:02 - 2016-06-21 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus2016-06-21 12:00 - 2016-06-21 12:00 - 00490355 _____ C:\Users\owner\Downloads\Fettig Self Assessment (1).pdf2016-06-21 11:59 - 2016-06-21 11:59 - 00490355 _____ C:\Users\owner\Downloads\Fettig Self Assessment.pdf2016-06-15 23:24 - 2016-06-15 23:24 - 00664994 _____ C:\Users\owner\Desktop\ALARACT_001_2012_LIST OF EFFECTIVE ALARACT MESSAGES.pdf2016-06-15 23:21 - 2016-06-15 23:21 - 00393436 _____ C:\Users\owner\Desktop\ALARACT_001_2013_LIST OF EFFECTIVE ALARACT MESSAGES.pdf2016-06-15 21:53 - 2016-05-12 13:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2016-06-15 21:53 - 2016-05-12 13:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2016-06-15 21:53 - 2016-05-12 13:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2016-06-15 21:53 - 2016-05-12 13:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2016-06-15 21:53 - 2016-05-12 13:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2016-06-15 21:53 - 2016-05-12 13:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2016-06-15 21:53 - 2016-05-12 13:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2016-06-15 21:53 - 2016-05-12 13:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2016-06-15 21:53 - 2016-05-12 13:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2016-06-15 21:53 - 2016-05-12 13:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2016-06-15 21:53 - 2016-05-12 13:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2016-06-15 21:53 - 2016-05-12 13:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll2016-06-15 21:53 - 2016-05-12 13:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2016-06-15 21:53 - 2016-05-12 13:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2016-06-15 21:53 - 2016-05-12 13:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2016-06-15 21:53 - 2016-05-12 13:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll2016-06-15 21:53 - 2016-05-12 13:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2016-06-15 21:53 - 2016-05-12 13:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll2016-06-15 21:53 - 2016-05-12 13:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll2016-06-15 21:53 - 2016-05-12 13:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2016-06-15 21:53 - 2016-05-12 13:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2016-06-15 21:53 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2016-06-15 21:53 - 2016-05-12 11:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2016-06-15 21:53 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2016-06-15 21:53 - 2016-05-12 11:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll2016-06-15 21:53 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2016-06-15 21:53 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2016-06-15 21:53 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2016-06-15 21:53 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2016-06-15 21:53 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2016-06-15 21:53 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll2016-06-15 21:53 - 2016-05-12 11:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2016-06-15 21:53 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2016-06-15 21:53 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2016-06-15 21:53 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2016-06-15 21:53 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2016-06-15 21:53 - 2016-05-12 11:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2016-06-15 21:53 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe2016-06-15 21:53 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys2016-06-15 21:53 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys2016-06-15 21:53 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys2016-06-15 21:53 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys2016-06-15 21:53 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys2016-06-15 21:53 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys2016-06-15 21:53 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2016-06-15 21:53 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2016-06-15 21:53 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll2016-06-15 21:53 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys2016-06-15 21:53 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll2016-06-15 21:53 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll2016-06-15 21:53 - 2016-04-14 12:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe2016-06-15 21:53 - 2016-04-14 12:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2016-06-15 21:53 - 2016-04-14 12:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2016-06-15 21:53 - 2016-04-14 12:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll2016-06-15 21:53 - 2016-04-14 12:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll2016-06-15 21:53 - 2016-04-14 12:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll2016-06-15 21:53 - 2016-04-14 11:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2016-06-15 21:53 - 2016-04-14 11:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2016-06-15 21:53 - 2016-04-14 11:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll2016-06-15 21:53 - 2016-04-14 11:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll2016-06-15 21:53 - 2016-04-14 11:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe2016-06-15 21:53 - 2016-04-14 11:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe2016-06-15 21:52 - 2016-06-06 12:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe2016-06-15 21:52 - 2016-06-06 12:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2016-06-15 21:52 - 2016-06-03 09:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2016-06-15 21:52 - 2016-05-27 09:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2016-06-15 21:52 - 2016-05-27 09:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2016-06-15 21:52 - 2016-05-27 09:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2016-06-15 21:52 - 2016-05-27 09:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll2016-06-15 21:52 - 2016-05-22 09:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2016-06-15 21:52 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2016-06-15 21:52 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2016-06-15 21:52 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2016-06-15 21:52 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll2016-06-15 21:52 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2016-06-15 21:52 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll2016-06-15 21:52 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll2016-06-15 21:52 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll2016-06-15 21:52 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll2016-06-15 21:52 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll2016-06-15 21:52 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll2016-06-15 21:52 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll2016-06-15 21:52 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll2016-06-15 21:52 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll2016-06-15 21:52 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL2016-06-15 21:52 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll2016-06-15 21:52 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll2016-06-15 21:52 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll2016-06-15 21:52 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll2016-06-15 21:52 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll2016-06-15 21:52 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll2016-06-15 21:52 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll2016-06-15 21:52 - 2016-05-12 11:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2016-06-15 21:52 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll2016-06-15 21:52 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll2016-06-15 21:52 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll2016-06-15 21:52 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll2016-06-15 21:52 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll2016-06-15 21:52 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll2016-06-15 21:52 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll2016-06-15 21:52 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll2016-06-15 21:52 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe2016-06-15 21:52 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe2016-06-15 21:52 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys2016-06-15 21:52 - 2016-04-09 02:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2016-06-15 21:52 - 2016-04-09 02:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll2016-06-15 21:52 - 2016-04-09 02:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2016-06-15 21:52 - 2016-04-09 02:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll2016-06-15 21:52 - 2016-04-09 01:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe2016-06-15 21:52 - 2016-04-09 01:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe2016-06-15 21:52 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll2016-06-15 21:52 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll2016-06-15 21:44 - 2016-06-15 22:02 - 00000000 ____D C:\Users\owner\Desktop\New folder2016-06-15 21:30 - 2016-06-15 21:31 - 00000000 ____D C:\Users\owner\AppData\Local\DoD-PKE2016-06-15 21:30 - 2016-06-15 21:30 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DoD-PKE2016-06-15 21:30 - 2016-06-15 21:30 - 00000000 ____D C:\Users\owner\AppData\Roaming\DoD-PKE2016-06-15 19:59 - 2016-06-15 19:59 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar2016-06-15 19:49 - 2016-06-15 19:50 - 00000312 _____ C:\Users\owner\Desktop\AnyDVDHD_Key_LC9-XCP.AnyDVDHD==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-07-12 06:50 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02016-07-12 06:50 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02016-07-12 06:33 - 2011-12-23 16:46 - 00000000 ____D C:\Users\owner\AppData\Local\SoftThinks2016-07-12 06:33 - 2011-09-22 12:23 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup2016-07-12 06:31 - 2013-07-03 22:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2016-07-12 06:30 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2016-07-12 06:23 - 2013-03-18 11:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2016-07-12 06:21 - 2012-12-23 00:40 - 00000000 ____D C:\ProgramData\MFAData2016-07-11 22:17 - 2012-12-02 23:22 - 00000000 ____D C:\Users\owner\AppData\Roaming\Real2016-07-11 22:05 - 2013-03-19 12:35 - 00000000 ____D C:\Program Files\Vuze2016-07-11 21:51 - 2011-12-23 16:46 - 00000000 ____D C:\Users\owner2016-07-11 21:14 - 2013-07-03 22:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2016-07-11 20:50 - 2012-01-05 13:10 - 00001103 _____ C:\Users\Public\Desktop\AnyDVD.lnk2016-07-11 16:27 - 2016-01-15 15:02 - 00000000 ____D C:\Users\owner\AppData\Local\AvgSetupLog2016-07-11 16:12 - 2012-01-06 19:04 - 00000043 ___SH C:\ProgramData\.zreglib2016-07-09 12:34 - 2011-09-22 12:37 - 00000000 ____D C:\ProgramData\Sonic2016-07-09 12:31 - 2012-05-15 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight2016-07-09 12:31 - 2012-05-15 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2016-07-06 07:56 - 2016-03-25 21:45 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask2016-06-26 03:02 - 2012-05-15 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2016-06-25 12:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache2016-06-21 12:23 - 2013-03-18 11:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2016-06-21 12:23 - 2012-04-08 19:41 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2016-06-21 12:23 - 2011-09-22 12:13 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2016-06-21 12:15 - 2013-07-03 22:25 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2016-06-21 12:15 - 2013-07-03 22:25 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk2016-06-21 12:02 - 2016-02-11 21:07 - 00001966 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk2016-06-21 12:02 - 2015-11-10 21:50 - 00000000 ____D C:\Program Files\McAfee Security Scan2016-06-16 03:31 - 2014-04-26 23:06 - 00480680 _____ C:\Windows\system32\FNTCACHE.DAT2016-06-16 03:27 - 2014-12-10 04:25 - 00000000 ____D C:\Windows\system32\appraiser2016-06-16 03:10 - 2013-08-15 03:03 - 00000000 ____D C:\Windows\system32\MRT2016-06-16 03:05 - 2011-12-23 20:09 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2016-06-15 19:48 - 2014-04-02 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2016-06-15 19:48 - 2013-10-09 18:48 - 00000000 ____D C:\ProgramData\AVG20142016-06-15 19:48 - 2012-12-23 00:50 - 00000000 ____D C:\Program Files (x86)\AVG2016-06-15 19:47 - 2016-01-15 15:07 - 00000938 _____ C:\Users\Public\Desktop\AVG Protection.lnk==================== Files in the root of some directories =======2014-12-02 21:07 - 2014-12-04 00:47 - 0003584 _____ () C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-09-19 20:27 - 2014-09-19 20:27 - 0000017 _____ () C:\Users\owner\AppData\Local\resmon.resmoncfg2011-12-23 19:50 - 2011-12-23 19:50 - 0017408 _____ () C:\Users\owner\AppData\Local\WebpageIcons.db2012-01-06 19:04 - 2016-07-11 16:12 - 0000043 ___SH () C:\ProgramData\.zreglib2012-02-20 15:16 - 2015-10-20 12:35 - 0015535 _____ () C:\ProgramData\hpzinstall.logSome files in TEMP:====================C:\Users\owner\AppData\Local\Temp\APNSetup.exeC:\Users\owner\AppData\Local\Temp\avg-9281d802-b7a9-401b-8756-6e27c9c5ba18.exeC:\Users\owner\AppData\Local\Temp\avguirn_081419757800.exeC:\Users\owner\AppData\Local\Temp\avguirn_081484521250.exeC:\Users\owner\AppData\Local\Temp\avguirn_081560229335.exeC:\Users\owner\AppData\Local\Temp\avguirn_081718825144.exeC:\Users\owner\AppData\Local\Temp\avguirn_08604659966.exeC:\Users\owner\AppData\Local\Temp\avguirn_08808656195.exeC:\Users\owner\AppData\Local\Temp\install_flashplayer13x32axau_gtba_chra_dy_aaa_aih.exeC:\Users\owner\AppData\Local\Temp\jre-8u91-windows-au.exeC:\Users\owner\AppData\Local\Temp\lowproc.exeC:\Users\owner\AppData\Local\Temp\photostage_1.0.0.50_1.5.0.130_update_all.exeC:\Users\owner\AppData\Local\Temp\PPCC_Stub.exeC:\Users\owner\AppData\Local\Temp\rnsetup0.exeC:\Users\owner\AppData\Local\Temp\stubhelper.dllC:\Users\owner\AppData\Local\Temp\System.Data.SQLite.dll==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2016-07-07 00:07==================== End of FRST.txt ============================[/code]</blockquote>

Verification

Top