The machine has been running very slow at times and even locks up periodically. I regularly run Spybot, Malwarebytes, and Eset. The requested Farbar and aswMBR logs are below.
Thank you very much for your help.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-12-2015
Ran by Bob (administrator) on XPS8500 (15-12-2015 11:05:11)
Running from C:\Users\Bob\Desktop
Loaded Profiles: Bob (Available Profiles: Bob & Mcx1-XPS8500)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Tanuki Software, Ltd.) C:\Program Files\i2p\I2Psvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_31\bin\java.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Users\Bob\AppData\Local\TVersity\Media Server\MediaServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(FSPro Labs) C:\Program Files\My Lockbox\mylbx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(BonSoft) C:\Program Files (x86)\ClocX\ClocX.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
() C:\Users\Bob\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-04-02] (LogMeIn, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2406152 2014-12-10] (FSPro Labs)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70728 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [1315400 2012-10-30] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ClocX] => C:\Program Files (x86)\ClocX\ClocX.exe [2090496 2013-01-14] (BonSoft)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1540896 2015-07-15] (Seagate Technology LLC)
HKLM-x32\...\Run: [MalwareProtectionLive] => C:\Users\Bob\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe [857632 2015-12-02] ()
HKLM-x32\...\RunOnce: [SpybotDeletingE5894] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe [2710040 2012-11-13] (Safer-Networking Ltd.)
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-472848371-1800496413-3629884572-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-10-01] (SlySoft, Inc.)
HKU\S-1-5-21-472848371-1800496413-3629884572-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-472848371-1800496413-3629884572-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2015-07-15] (Seagate Technology LLC)
HKU\S-1-5-21-472848371-1800496413-3629884572-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Bob\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-472848371-1800496413-3629884572-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-472848371-1800496413-3629884572-1000\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\Bob\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=5ad4700098c147d094cad9a4fffc1f77-2ea2192f08b55d83378acdbfcabd2c8082d55b47 /CMPID=1113a
HKU\S-1-5-21-472848371-1800496413-3629884572-1000\...\Run: [Startup Guard] => C:\Program Files (x86)\AceLogix\StartupGuard\sg.exe
HKU\S-1-5-21-472848371-1800496413-3629884572-1000\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-472848371-1800496413-3629884572-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-472848371-1800496413-3629884572-1000\...\Run: [Browser Extensions] => C:\Users\Bob\AppData\Roaming\BrowserExtensions\BEHelper.exe [553968 2015-11-27] ()
HKU\S-1-5-21-472848371-1800496413-3629884572-1000\...\RunOnce: [SpybotDeletingF6781] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe [2710040 2012-11-13] (Safer-Networking Ltd.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 127.0.0.1 activation.cloud.techsmith.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1624956E-364B-4FF0-B223-63D5B5EC8EB7}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{2302EFEB-46FF-44DA-B395-050DF3CBC43E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{2E77CA47-D0F3-4DBE-9281-32D604AB6FEB}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{2E77CA47-D0F3-4DBE-9281-32D604AB6FEB}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7B72D672-3F7B-4E44-AA6C-CE4D9E4AEBAA}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{C1C7CCE8-4CDD-4ADA-A0A7-EA9E70E0BAF2}: [NameServer] 8.8.8.8,8.8.8.8
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-472848371-1800496413-3629884572-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-472848371-1800496413-3629884572-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?type=994519&fr=spigot-yhp-ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {39181C36-2062-47D0-8E6A-A5AD85BFE5CE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-472848371-1800496413-3629884572-1000 -> {F3F27249-851C-40E8-8F4C-86D4A5A98D72} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\Bob\AppData\Roaming\BrowserExtensions\Coupons64.dll [2015-11-27] ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-26] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-26] (Oracle Corporation)
BHO-x32: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\Bob\AppData\Roaming\BrowserExtensions\Coupons.dll [2015-11-27] ()
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll [2012-11-13] (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-26] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-26] (Oracle Corporation)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll No File
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://tradestation.webex.com/client/T28L/support/ieatgpc1.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
FireFox:
========
FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\tjg3rdx3.default
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://loadmovie.biz/
FF Keyword.URL: hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 4444
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-472848371-1800496413-3629884572-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Bob\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-05-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-472848371-1800496413-3629884572-1000: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2015-09-28] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-472848371-1800496413-3629884572-1000: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2015-09-28] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\Bob\AppData\Roaming\mozilla\plugins\npatgpc.dll [2012-08-22] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\tjg3rdx3.default\searchplugins\yahoo_ff.xml [2015-12-06]
FF Extension: FoxyProxy Standard - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\tjg3rdx3.default\extensions\foxyproxy@eric.h.jung [2015-05-31]
FF Extension: Antmark extensions - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\tjg3rdx3.default\extensions\antmark@ant.com.xpi [2015-08-02]
FF Extension: ReloadEvery - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\tjg3rdx3.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2015-09-22]
FF Extension: Ant Video Downloader - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\tjg3rdx3.default\extensions\anttoolbar@ant.com [2015-11-22]
FF Extension: NoScript - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\tjg3rdx3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-11-24]
FF Extension: DownThemAll! - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\tjg3rdx3.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-12-06]
FF Extension: Video DownloadHelper - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\tjg3rdx3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30]
FF Extension: Adblock Plus - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\tjg3rdx3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-26]
Chrome:
=======
CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [69192 2012-10-30] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 i2p; C:\Program Files\i2p\I2Psvc.exe [431104 2014-12-11] (Tanuki Software, Ltd.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-21] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417288 2015-12-08] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507400 2015-12-08] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-04-02] (LogMeIn, Inc.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-07-15] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2015-07-15] (Seagate Technology LLC)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 TVersityMediaServer; C:\Users\Bob\AppData\Local\TVersity\Media Server\MediaServer.exe [880640 2010-07-12] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-10-28] (AVG Technologies)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-26] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [58952 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2012-10-19] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (FSPro Labs)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-27] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-12-14] ()
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [123120 2011-12-14] (High Criteria inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-15 11:05 - 2015-12-15 11:05 - 00044053 _____ C:\Users\Bob\Desktop\FRST.txt
2015-12-15 11:04 - 2015-12-15 11:05 - 00000000 ____D C:\FRST
2015-12-15 11:04 - 2015-12-15 11:04 - 02369536 _____ (Farbar) C:\Users\Bob\Desktop\FRST64.exe
2015-12-15 10:59 - 2015-12-15 10:59 - 00002270 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-12-15 10:59 - 2015-12-15 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-12-15 10:57 - 2015-12-15 10:57 - 00000000 ___RD C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-12-13 17:57 - 2015-12-13 17:57 - 00000000 ____D C:\ADE
2015-12-13 17:54 - 2015-12-13 17:55 - 00000000 ____D C:\All-Data_Everywhere
2015-12-09 06:41 - 2015-12-09 06:41 - 00000000 ____D C:\Program Files (x86)\LogMeIn Ignition
2015-12-08 12:57 - 2015-11-20 12:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 12:57 - 2015-11-20 12:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 12:57 - 2015-11-20 12:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 12:57 - 2015-11-20 12:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 12:57 - 2015-11-20 12:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 12:57 - 2015-11-20 12:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 12:57 - 2015-11-20 12:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-08 12:57 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 12:57 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 12:57 - 2015-11-20 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-08 12:57 - 2015-11-20 12:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-08 12:57 - 2015-11-20 12:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 12:57 - 2015-11-20 12:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 12:57 - 2015-11-20 12:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 12:57 - 2015-11-20 12:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-08 12:57 - 2015-11-20 12:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 12:57 - 2015-11-11 12:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 12:57 - 2015-11-11 12:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 12:57 - 2015-11-11 12:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 12:57 - 2015-11-11 12:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 12:57 - 2015-11-10 12:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 12:57 - 2015-11-10 12:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 12:57 - 2015-11-10 12:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 12:57 - 2015-11-10 12:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 12:57 - 2015-11-10 12:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 12:57 - 2015-11-10 11:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 12:57 - 2015-11-05 13:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-08 12:57 - 2015-11-05 13:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-08 12:57 - 2015-11-05 13:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-08 12:57 - 2015-11-05 13:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-08 12:57 - 2015-11-05 03:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 12:57 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-08 12:57 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-08 12:57 - 2015-10-08 17:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-08 12:57 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 12:57 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 12:57 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 12:57 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 12:57 - 2015-10-08 17:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 12:57 - 2015-10-08 17:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 12:57 - 2015-10-08 17:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-08 12:57 - 2015-10-08 13:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 12:57 - 2015-10-08 12:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-08 12:56 - 2015-11-11 15:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 12:56 - 2015-11-11 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 12:56 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 12:56 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 12:56 - 2015-11-11 09:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-08 12:56 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 12:56 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 12:56 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 12:56 - 2015-11-11 08:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-08 12:56 - 2015-11-09 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 12:56 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 12:56 - 2015-11-09 18:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-08 12:56 - 2015-11-09 18:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-08 12:56 - 2015-11-09 18:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-08 12:56 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 12:56 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 12:56 - 2015-11-09 18:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-08 12:56 - 2015-11-09 18:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-08 12:56 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 12:56 - 2015-11-09 18:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-08 12:56 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 12:56 - 2015-11-09 18:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-08 12:56 - 2015-11-09 17:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-08 12:56 - 2015-11-09 17:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-08 12:56 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 12:56 - 2015-11-09 17:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-08 12:56 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 12:56 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 12:56 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 12:56 - 2015-11-09 17:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-08 12:56 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 12:56 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 12:56 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 12:56 - 2015-11-08 16:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 12:56 - 2015-11-08 16:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-08 12:56 - 2015-11-08 16:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-08 12:56 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 12:56 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 12:56 - 2015-11-08 16:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-08 12:56 - 2015-11-08 16:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-08 12:56 - 2015-11-08 16:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-08 12:56 - 2015-11-08 16:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-08 12:56 - 2015-11-08 16:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-08 12:56 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 12:56 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 12:56 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 12:56 - 2015-11-08 16:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-08 12:56 - 2015-11-08 16:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-08 12:56 - 2015-11-08 16:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-08 12:56 - 2015-11-08 15:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-08 12:56 - 2015-11-08 15:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-08 12:56 - 2015-11-08 15:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-08 12:56 - 2015-11-08 15:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-08 12:56 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 12:56 - 2015-11-08 15:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-08 12:56 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 12:56 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 12:56 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 12:56 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 12:56 - 2015-11-08 15:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-08 12:56 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 12:56 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 12:56 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 12:56 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 12:56 - 2015-11-03 13:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-08 12:56 - 2015-11-03 12:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-06 06:17 - 2015-12-06 07:22 - 00000000 ____D C:\Users\Bob\AppData\Local\MalwareProtectionLive
2015-12-06 06:17 - 2015-12-06 06:17 - 00001223 _____ C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Protection Live.lnk
2015-12-06 06:17 - 2015-12-06 06:17 - 00000000 ____D C:\Users\Bob\AppData\Roaming\BrowserExtensions
2015-12-01 07:06 - 2015-12-01 07:06 - 00007605 _____ C:\Users\Bob\AppData\Local\Resmon.ResmonCfg
2015-11-23 04:50 - 2015-11-23 04:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2015-11-23 04:50 - 2015-11-23 04:50 - 00000000 ____D C:\Program Files (x86)\Xvid
2015-11-23 04:50 - 2015-06-21 09:09 - 00713216 _____ C:\Windows\system32\xvidcore.dll
2015-11-23 04:50 - 2015-06-21 09:09 - 00251392 _____ C:\Windows\system32\xvidvfw.dll
2015-11-23 04:50 - 2015-06-21 09:09 - 00171520 _____ C:\Windows\system32\xvid.ax
2015-11-23 04:50 - 2015-06-21 09:09 - 00147968 _____ C:\Windows\SysWOW64\xvid.ax
2015-11-23 04:50 - 2015-06-21 09:08 - 00638976 _____ C:\Windows\SysWOW64\xvidcore.dll
2015-11-23 04:50 - 2015-06-21 09:08 - 00235520 _____ C:\Windows\SysWOW64\xvidvfw.dll
2015-11-23 04:48 - 2015-11-23 04:49 - 11854272 _____ (Xvid Team) C:\Users\Bob\Desktop\Xvid-1.3.4-20150621.exe
2015-11-15 14:16 - 2015-11-15 14:16 - 00004014 _____ C:\Windows\System32\Tasks\Bob
2015-11-15 14:16 - 2015-11-15 14:16 - 00003700 _____ C:\Windows\System32\Tasks\Bob Merge
2015-11-15 13:45 - 2015-11-15 13:45 - 00000000 ____D C:\WizTree
2015-11-15 13:43 - 2015-11-15 13:48 - 00000000 ____D C:\Program Files (x86)\WizTree
2015-11-15 13:43 - 2015-11-15 13:43 - 00001026 _____ C:\Users\Bob\Desktop\WizTree.lnk
2015-11-15 13:43 - 2015-11-15 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WizTree
2015-11-15 13:40 - 2015-11-15 14:05 - 00000000 ____D C:\PrgrmFiles
2015-11-15 11:04 - 2015-11-15 11:04 - 00003480 _____ C:\Windows\System32\Tasks\Bob DBAgent 2 0
2015-11-15 11:02 - 2015-11-15 11:02 - 00003492 _____ C:\Windows\System32\Tasks\Seagate_Install_Launch
2015-11-15 11:00 - 2015-11-15 11:00 - 00002140 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
2015-11-15 11:00 - 2015-11-15 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-11-15 11:00 - 2015-11-15 11:00 - 00000000 ____D C:\Program Files (x86)\Seagate
2015-11-15 06:32 - 2015-11-15 06:32 - 00002946 _____ C:\Windows\System32\Tasks\{5DE17CD2-6800-4D70-A3A6-4149EA69FD8E}
2015-11-15 06:31 - 2015-12-15 10:28 - 00000000 ____D C:\Users\Bob\AppData\Roaming\vlc
2015-11-15 06:19 - 2015-11-15 06:20 - 28849904 _____ C:\Users\Bob\Desktop\vlc-2.2.1-win32.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-15 11:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2015-12-15 11:02 - 2009-07-13 22:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-15 11:02 - 2009-07-13 22:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-15 11:00 - 2015-02-26 15:43 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-12-15 11:00 - 2015-02-19 08:25 - 00045202 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2015-12-15 10:59 - 2013-08-05 15:51 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-12-15 10:57 - 2014-12-11 18:25 - 00000000 ____D C:\ProgramData\i2p
2015-12-15 10:57 - 2014-01-23 07:46 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-12-15 10:56 - 2013-01-18 16:35 - 00000460 _____ C:\Windows\SysWOW64\tversity.cookies
2015-12-15 10:55 - 2012-05-28 09:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-15 10:55 - 2012-05-09 15:53 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-12-15 10:55 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-15 10:52 - 2012-07-13 17:04 - 00000000 ____D C:\Omega
2015-12-15 10:51 - 2014-06-08 08:48 - 00000000 ____D C:\Users\Bob\AppData\Roaming\Azureus
2015-12-15 10:49 - 2012-10-23 18:32 - 00000000 ____D C:\SiteVaultPro
2015-12-15 10:47 - 2012-05-26 11:09 - 00000000 ____D C:\Users\Bob\AppData\Roaming\TS Support
2015-12-15 10:38 - 2015-02-19 08:25 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-12-15 10:32 - 2015-02-19 08:24 - 04777232 _____ (Tweaking.com) C:\Users\Bob\Desktop\tweaking.com_registry_backup_setup.exe
2015-12-15 10:29 - 2015-03-16 10:12 - 00000000 ____D C:\wkep
2015-12-15 10:24 - 2012-05-09 15:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-15 10:23 - 2012-05-25 06:21 - 00000000 ____D C:\Movies
2015-12-15 10:13 - 2012-05-28 09:05 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-15 10:12 - 2015-05-30 05:19 - 00000646 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-472848371-1800496413-3629884572-1000.job
2015-12-15 10:08 - 2015-03-19 08:57 - 00000550 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-472848371-1800496413-3629884572-1000.job
2015-12-15 08:37 - 2013-01-24 14:15 - 00000000 ____D C:\Users\Bob\AppData\Roaming\HandBrake
2015-12-15 08:12 - 2012-05-30 14:11 - 00000000 ____D C:\Users\Bob\AppData\Local\CrashDumps
2015-12-15 05:52 - 2012-05-25 17:52 - 00000000 ____D C:\ProgramData\MFAData
2015-12-15 04:54 - 2012-05-30 09:46 - 00000000 ____D C:\ProgramData\LogMeIn
2015-12-14 21:49 - 2012-06-13 08:04 - 00000000 ____D C:\Users\Bob\AppData\Roaming\TeamViewer
2015-12-14 18:01 - 2015-06-03 16:54 - 00000600 _____ C:\Users\Bob\AppData\Local\PUTTY.RND
2015-12-14 18:01 - 2012-05-25 14:00 - 00000000 ____D C:\Users\Bob\AppData\Roaming\FileZilla
2015-12-14 17:17 - 2012-05-09 15:53 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-12-14 15:37 - 2015-11-12 11:35 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-12-14 15:26 - 2015-03-18 12:29 - 00000596 _____ C:\Windows\Tasks\TradeStation Backup - Daily.job
2015-12-14 15:25 - 2009-07-13 23:13 - 00784326 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-14 15:25 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2015-12-14 08:07 - 2012-08-22 06:03 - 00000000 ____D C:\Jts
2015-12-14 05:38 - 2012-05-24 20:30 - 00000000 ___RD C:\Junk
2015-12-13 10:23 - 2012-05-29 11:05 - 00000000 ____D C:\ADE_old
2015-12-09 16:22 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-12-09 06:41 - 2014-01-23 07:46 - 00001987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-12-09 06:41 - 2012-05-30 09:46 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2015-12-09 06:24 - 2012-05-09 15:40 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 06:24 - 2012-05-09 15:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 06:24 - 2012-05-09 15:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-09 04:39 - 2009-07-13 22:45 - 00292464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-08 21:46 - 2013-09-28 10:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-08 21:45 - 2013-03-13 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-08 21:44 - 2013-03-13 21:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-08 21:44 - 2013-03-13 21:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-08 21:42 - 2013-07-16 20:27 - 00000000 ____D C:\Windows\system32\MRT
2015-12-08 21:37 - 2012-05-24 16:46 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 06:41 - 2012-05-30 09:46 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-12-08 06:41 - 2012-05-30 09:46 - 00107008 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-12-08 06:41 - 2012-05-30 09:46 - 00035328 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-12-07 20:18 - 2015-05-30 05:19 - 00003666 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-472848371-1800496413-3629884572-1000
2015-12-07 20:18 - 2015-03-19 08:57 - 00003570 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-472848371-1800496413-3629884572-1000
2015-12-07 17:15 - 2015-03-18 12:29 - 00003326 _____ C:\Windows\System32\Tasks\TradeStation Backup - Daily
2015-12-06 06:17 - 2014-06-08 08:49 - 00001829 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-12-06 06:17 - 2014-06-08 08:49 - 00001829 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-12-06 06:17 - 2014-06-08 08:48 - 00000000 ____D C:\Program Files\Vuze
2015-12-06 05:00 - 2015-02-26 15:46 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-12-05 04:59 - 2015-10-28 05:22 - 00000971 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2015-12-05 04:59 - 2014-03-31 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-12-01 21:08 - 2012-05-28 09:05 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-01 21:08 - 2012-05-28 09:05 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 08:48 - 2015-05-09 08:08 - 00027136 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-12-01 08:48 - 2015-05-09 08:08 - 00003152 _____ C:\Windows\System32\Tasks\Private Internet Access Startup
2015-12-01 08:48 - 2015-05-09 08:08 - 00000000 ____D C:\Program Files\pia_manager
2015-11-30 20:37 - 2014-07-23 15:55 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-30 20:36 - 2014-07-23 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-30 20:36 - 2014-07-23 15:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-30 20:36 - 2012-05-27 05:34 - 00001137 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-29 15:09 - 2012-05-27 05:33 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-11-28 12:32 - 2012-11-15 15:55 - 00000000 ____D C:\Users\Bob\Downloads\Ant Videos
2015-11-23 16:00 - 2015-02-26 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-11-23 15:59 - 2015-02-26 15:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-11-21 05:01 - 2014-12-11 18:25 - 00000000 ____D C:\Program Files\i2p
2015-11-17 15:34 - 2015-05-09 09:32 - 00000000 ____D C:\! Kaufman Pairs Trading
2015-11-15 13:58 - 2012-05-24 20:13 - 00000000 ____D C:\Program Files (x86)\Tradestation Archives
2015-11-15 13:54 - 2012-08-29 08:25 - 00000000 ____D C:\FileGenerator.Release
2015-11-15 13:32 - 2012-05-09 15:50 - 00000000 ____D C:\Intel
2015-11-15 10:56 - 2012-12-04 09:44 - 00000000 ____D C:\Users\Bob\AppData\Roaming\Seagate
2015-11-15 10:56 - 2012-12-04 09:44 - 00000000 ____D C:\ProgramData\Seagate
2015-11-15 08:13 - 2014-03-11 14:48 - 00000000 ____D C:\! Weekly Iron Condors For Income
2015-11-15 06:29 - 2012-06-02 18:08 - 00000000 ____D C:\Users\Bob\AppData\Roaming\vlc_old
2015-11-15 06:21 - 2012-06-02 18:08 - 00001101 _____ C:\Users\Public\Desktop\VLC media player.lnk
==================== Files in the root of some directories =======
2013-06-26 15:09 - 2013-07-30 05:10 - 0003715 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2012-11-14 13:52 - 2012-11-14 13:52 - 0000124 _____ () C:\Users\Bob\AppData\Roaming\-941824844
2015-08-27 07:12 - 2015-08-28 05:09 - 0000829 _____ () C:\Users\Bob\AppData\Roaming\Safer-Networking.log
2012-05-24 20:23 - 2015-06-13 04:52 - 0000320 _____ () C:\Users\Bob\AppData\Roaming\SEC410057.trad
2013-02-24 10:05 - 2013-05-09 15:55 - 0009216 _____ () C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-03 16:54 - 2015-12-14 18:01 - 0000600 _____ () C:\Users\Bob\AppData\Local\PUTTY.RND
2015-12-01 07:06 - 2015-12-01 07:06 - 0007605 _____ () C:\Users\Bob\AppData\Local\Resmon.ResmonCfg
2012-05-26 10:02 - 2014-02-17 18:30 - 0000083 ___SH () C:\ProgramData\.zreglib
2012-05-25 17:18 - 2012-05-25 17:18 - 0000113 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-05-25 13:38 - 2012-05-25 13:38 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
Some files in TEMP:
====================
C:\Users\Bob\AppData\Local\Temp\avg-6bda2251-2833-4556-b5b3-84226e2a5d12.exe
C:\Users\Bob\AppData\Local\Temp\avguirn_081894520115.exe
C:\Users\Bob\AppData\Local\Temp\clean20.dll
C:\Users\Bob\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\Bob\AppData\Local\Temp\GACInstaller.dll
C:\Users\Bob\AppData\Local\Temp\i4jdel0.exe
C:\Users\Bob\AppData\Local\Temp\instutil.dll
C:\Users\Bob\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Bob\AppData\Local\Temp\RegistASM.exe
C:\Users\Bob\AppData\Local\Temp\TSInst10.exe
C:\Users\Bob\AppData\Local\Temp\TSInstallCAUtils.dll
C:\Users\Bob\AppData\Local\Temp\vlc-2.2.1-win32.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-10 07:22
==================== End of FRST.txt ============================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-12-15 11:10:25
-----------------------------
11:10:25.530 OS Version: Windows x64 6.1.7601 Service Pack 1
11:10:25.530 Number of processors: 4 586 0x3A09
11:10:25.531 ComputerName: XPS8500 UserName: Bob
11:10:28.064 Initialize success
11:10:28.176 VM: initialized successfully
11:10:28.176 VM: Intel CPU supported
11:10:32.365 VM: disk I/O iaStorA.sys
11:20:00.906 AVAST engine defs: 15121500
11:24:54.570 The log file has been saved successfully to "C:\Users\Bob\Desktop\aswMBR.txt"