May I have a check up please

[tallin]

I have no issues to speak of, but wondered if i could have my computer checked when time allows please.

Here are the three logs requested.

Result of Security Analysis by Rocket Grannie (x86) Updated: 6th July 2016
Running from:C:\Users\user\Desktop (04:59:47 - 07/16/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X64 Service Pack 1
UAC is *Disabled*
Internet Explorer 11
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
***-----------------Anti-Virus - Firewall-------------------***
avast! Antivirus (Enabled - Up to Date)
Windows Firewall is Enabled!
Searching for any other Firewall
*No other Firewall Installed*
***----------------AntiSpyware - Miscellaneous---------------***
Adobe Flash Player Plugin is not installed
Java (version 8.91.14)
CCleaner (version 5.19)
Google Chrome (version 51)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Microsoft Silverlight (version 5)
Spybot - Search & Destroy (version 2.4)
SpywareBlaster (version 5.5)
SUPERAntiSpyware (version 6)
Windows Live Essentials (version 16.4)
WinPatrol (version 33.6)

***----------------Analysis Complete-------------------------***

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2016 02
Ran by user (administrator) on LAPTOP (16-07-2016 04:48:47)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-28] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\igfxcui:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-07-27] (Ruiware)
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-11] (Piriform Ltd)
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-04-21] (Google Inc.)
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-04] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3DFA4C0A-DDE3-4AA0-8577-F92CC6E96077}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B2689B5E-9B37-4FD0-81B4-050F4739F1C5}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F6F9C116-0ABB-46B0-B0D0-52FD082C9CF4}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Do Not Track Me -> {6E45F3E8-2683-4824-A6BE-08108022FB36} -> C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll [2013-11-12] (Abine Inc)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-15] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-11-04] (<TOSHIBA>)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Do Not Track Me -> {6E45F3E8-2683-4824-A6BE-08108022FB36} -> C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll [2013-11-12] (Abine Inc)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-11] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-15] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-11] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-11-04] (<TOSHIBA>)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-2559403254-2449595015-3183726934-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2559403254-2449595015-3183726934-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-04]

Chrome:
=======
CHR HomePage: Profile 3 -> hxxp://www.dailymail.co.uk/news/article-2382096/Incredible-footage-reveals-French-World-War-Two-prisoners-secretly-filmed-life-POW-camp-tiny-camera-hidden-hollowed-dictionary.html
CHR StartupUrls: Profile 3 -> "hxxps://www.google.com.au/","","hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN02437379718666-1025&toolbarId=base&affiliateId=1025&Lan=en&utid=b46df7100000000000000015af128eec","hxxp://blank/","hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=dc13809e8dc1445a862174a9bdc9df7d&tu=10GXy009z2B0Ca0&sku=&tstsId=&ver=&","hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=en&gu=dc13809e8dc1445a862174a9bdc9df7d&tu=10GXy00Bs2C01g0&sku=&tstsId=&ver=&"
CHR DefaultSearchURL: Profile 3 -> hxxp://www.google.com.au/search?q={searchTerms}&rls=com.microsoft:{language}&rlz=1I7GGIT_en
CHR DefaultSearchKeyword: Profile 3 -> google.com.au__
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\pdf.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 8.0.400.25) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 8 U40) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Translate) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-17]
CHR Extension: (Simple Drag & Drop Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aiifonoffdkfmmiadigmjhoameijkdbb [2015-06-24]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-06-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-01]
CHR Extension: (YoWindow Free Weather) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fanogbnclpilemkifpjeglokomebpnef [2016-03-26]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-09]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-05]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2016-06-17]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-04] (AVAST Software)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2001592 2016-06-03] (Comodo)
S4 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-22] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-22] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-07] (IObit)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1572056 2015-12-01] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [839384 2015-12-01] (Secunia)
S4 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-12-01] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-26] ()
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-16 04:48 - 2016-07-16 04:49 - 00025893 _____ C:\Users\user\Desktop\FRST.txt
2016-07-16 04:48 - 2016-07-16 04:48 - 00000000 ____D C:\FRST
2016-07-16 04:45 - 2016-07-16 04:45 - 00898560 _____ C:\Users\user\Desktop\RGSA.exe
2016-07-16 04:44 - 2016-07-16 04:44 - 02390528 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-07-13 14:35 - 2016-06-11 16:57 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-07-13 14:35 - 2016-06-11 14:48 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-07-13 14:35 - 2016-06-11 07:38 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-07-13 14:35 - 2016-06-11 07:38 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-07-13 14:35 - 2016-06-11 07:20 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-07-13 14:35 - 2016-06-11 07:19 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-07-13 14:35 - 2016-06-11 07:19 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-07-13 14:35 - 2016-06-11 07:18 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-07-13 14:35 - 2016-06-11 07:18 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-07-13 14:35 - 2016-06-11 07:17 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-07-13 14:35 - 2016-06-11 07:10 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-07-13 14:35 - 2016-06-11 07:08 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-07-13 14:35 - 2016-06-11 07:05 - 25814016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-07-13 14:35 - 2016-06-11 07:04 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-07-13 14:35 - 2016-06-11 07:03 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-07-13 14:35 - 2016-06-11 07:03 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-07-13 14:35 - 2016-06-11 07:02 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-07-13 14:35 - 2016-06-11 07:02 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-07-13 14:35 - 2016-06-11 06:53 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-07-13 14:35 - 2016-06-11 06:50 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-07-13 14:35 - 2016-06-11 06:49 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-07-13 14:35 - 2016-06-11 06:40 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-07-13 14:35 - 2016-06-11 06:38 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-07-13 14:35 - 2016-06-11 06:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-07-13 14:35 - 2016-06-11 06:34 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-07-13 14:35 - 2016-06-11 06:31 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-07-13 14:35 - 2016-06-11 06:28 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-07-13 14:35 - 2016-06-11 06:15 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-07-13 14:35 - 2016-06-11 06:13 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-07-13 14:35 - 2016-06-11 06:12 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-07-13 14:35 - 2016-06-11 06:11 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-07-13 14:35 - 2016-06-11 06:10 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-07-13 14:35 - 2016-06-11 05:45 - 15409664 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-07-13 14:35 - 2016-06-11 05:44 - 02869248 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-07-13 14:35 - 2016-06-11 05:30 - 01550848 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-07-13 14:35 - 2016-06-11 05:21 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-07-13 14:35 - 2016-06-11 05:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-07-13 14:35 - 2016-06-11 04:54 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-07-13 14:35 - 2016-06-11 04:53 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-07-13 14:35 - 2016-06-11 04:53 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-07-13 14:35 - 2016-06-11 04:53 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-07-13 14:35 - 2016-06-11 04:52 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-07-13 14:35 - 2016-06-11 04:47 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-07-13 14:35 - 2016-06-11 04:46 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-07-13 14:35 - 2016-06-11 04:45 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-07-13 14:35 - 2016-06-11 04:42 - 20348928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-07-13 14:35 - 2016-06-11 04:42 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-07-13 14:35 - 2016-06-11 04:41 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-07-13 14:35 - 2016-06-11 04:41 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-07-13 14:35 - 2016-06-11 04:41 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-07-13 14:35 - 2016-06-11 04:32 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-07-13 14:35 - 2016-06-11 04:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-13 14:35 - 2016-06-11 04:26 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-07-13 14:35 - 2016-06-11 04:24 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-07-13 14:35 - 2016-06-11 04:23 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-07-13 14:35 - 2016-06-11 04:21 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-07-13 14:35 - 2016-06-11 04:19 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-07-13 14:35 - 2016-06-11 04:14 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-07-13 14:35 - 2016-06-11 04:12 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-07-13 14:35 - 2016-06-11 04:10 - 00692736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-07-13 14:35 - 2016-06-11 04:09 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-07-13 14:35 - 2016-06-11 04:09 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-07-13 14:35 - 2016-06-11 03:58 - 13806080 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-07-13 14:35 - 2016-06-11 03:45 - 02392576 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-07-13 14:35 - 2016-06-11 03:42 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-07-13 14:35 - 2016-06-11 03:41 - 01315840 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00970240 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00344576 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00166400 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\inetppui.dll
2016-07-13 14:33 - 2016-06-26 05:54 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2016-07-13 14:33 - 2016-06-26 05:53 - 00297472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.dll
2016-07-13 14:33 - 2016-06-26 05:53 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\ntprint.exe
2016-07-13 14:33 - 2016-06-26 05:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wpnpinst.exe
2016-07-13 14:33 - 2016-06-26 05:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.exe
2016-07-13 14:33 - 2016-06-15 01:03 - 03217408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-07-08 08:25 - 2016-07-08 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-07-08 08:12 - 2016-07-08 08:12 - 13677800 _____ (Google) C:\Users\user\Downloads\picasa.exe.EXE
2016-07-07 19:01 - 2016-07-07 19:01 - 00000020 _____ C:\windows\üóC
2016-07-07 07:01 - 2016-06-26 10:35 - 00041704 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-07-07 07:01 - 2016-06-26 10:27 - 01208320 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-07-07 07:01 - 2016-06-22 23:06 - 00268800 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 01490432 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00294912 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00219136 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-07-07 03:48 - 2016-07-07 19:17 - 00000000 ____D C:\Users\user\Desktop\Tax 2016
2016-07-02 13:16 - 2016-07-02 13:16 - 00000207 _____ C:\windows\tweaking.com-regbackup-LAPTOP-Windows-7-Home-Premium-(64-bit).dat
2016-06-23 18:50 - 2016-05-17 09:22 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-06-23 18:50 - 2016-05-17 09:19 - 05546216 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-06-23 18:50 - 2016-05-17 09:19 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-06-23 18:50 - 2016-05-17 09:19 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-06-23 18:50 - 2016-05-17 09:19 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-06-23 18:50 - 2016-05-17 09:18 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-06-23 18:50 - 2016-05-17 09:18 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-06-23 18:50 - 2016-05-17 09:17 - 01732888 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-06-23 18:50 - 2016-05-17 09:16 - 01314136 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 07:23 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-06-23 18:50 - 2016-05-17 07:23 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-06-23 18:50 - 2016-05-17 07:23 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-06-23 18:50 - 2016-05-17 07:23 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-06-23 18:50 - 2016-05-17 07:19 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-06-23 18:50 - 2016-05-17 07:19 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-06-23 18:50 - 2016-05-17 07:16 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-06-23 18:50 - 2016-05-17 07:15 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-06-23 18:50 - 2016-05-17 07:15 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-06-23 18:50 - 2016-05-17 07:14 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-06-23 18:50 - 2016-05-17 07:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-06-23 18:50 - 2016-05-17 07:14 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-06-23 18:50 - 2016-05-17 07:10 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-06-23 18:50 - 2016-05-17 07:10 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-06-23 18:50 - 2016-05-17 07:10 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-06-23 18:50 - 2016-05-17 07:10 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-06-23 18:50 - 2016-05-17 07:09 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-06-23 18:50 - 2016-05-17 07:09 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 07:09 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 07:09 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 07:09 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-06-23 18:50 - 2016-05-14 08:09 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-06-23 18:50 - 2016-05-14 08:09 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-06-23 18:50 - 2016-05-14 08:09 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-06-23 18:50 - 2016-05-14 08:07 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-06-23 18:50 - 2016-05-14 07:55 - 02607104 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-06-23 18:50 - 2016-05-14 07:53 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-06-23 18:50 - 2016-05-14 07:53 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-06-23 18:50 - 2016-05-14 07:52 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-06-23 18:50 - 2016-05-14 07:52 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-06-23 18:50 - 2016-05-14 07:52 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-06-23 18:50 - 2016-05-14 07:52 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-06-23 18:50 - 2016-05-14 07:50 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-06-23 18:50 - 2016-05-14 07:38 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-06-23 18:50 - 2016-05-14 07:38 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-06-23 18:50 - 2016-05-14 07:38 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-06-23 18:50 - 2016-05-14 07:38 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-06-23 18:50 - 2016-05-13 03:14 - 00862208 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-06-23 18:50 - 2016-05-13 03:14 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-06-23 18:50 - 2016-05-13 01:18 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-06-23 18:50 - 2016-05-13 01:18 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2016-06-23 18:50 - 2016-05-13 01:18 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-06-23 18:50 - 2016-05-05 03:21 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-06-23 18:50 - 2016-05-05 03:17 - 03244032 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-06-23 18:50 - 2016-05-05 03:16 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-06-23 18:50 - 2016-05-05 03:16 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-06-23 18:50 - 2016-05-05 01:04 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-06-23 18:50 - 2016-05-05 00:55 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2016-06-16 06:54 - 2016-06-16 06:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2016-06-16 05:46 - 2016-06-16 05:46 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-16 04:29 - 2016-01-20 06:18 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-07-16 03:54 - 2009-07-14 14:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-16 03:54 - 2009-07-14 14:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-16 03:53 - 2012-10-11 11:10 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-16 03:52 - 2016-04-21 10:41 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000UA.job
2016-07-15 18:31 - 2014-10-29 14:19 - 01499434 _____ C:\IFRToolLog.txt
2016-07-15 18:28 - 2012-10-11 10:33 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-07-15 09:42 - 2009-07-14 13:20 - 00000000 ____D C:\windows\inf
2016-07-15 08:53 - 2012-10-11 11:10 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-15 08:52 - 2016-04-21 10:41 - 00000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000Core.job
2016-07-15 06:30 - 2016-01-20 06:18 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-07-15 06:29 - 2013-07-25 08:19 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-07-15 06:29 - 2013-07-25 08:19 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-13 16:24 - 2009-07-14 13:20 - 00000000 ____D C:\windows\rescache
2016-07-13 15:47 - 2014-03-25 07:33 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-13 15:43 - 2014-03-11 12:43 - 00000000 ____D C:\Users\user\AppData\Local\DoNotTrackPlus
2016-07-13 15:13 - 2012-10-11 10:33 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-07-13 15:11 - 2009-07-14 15:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-13 15:11 - 2009-07-14 14:45 - 00295232 _____ C:\windows\system32\FNTCACHE.DAT
2016-07-13 14:48 - 2013-07-11 14:55 - 00000000 ____D C:\windows\system32\MRT
2016-07-13 14:38 - 2012-10-10 18:41 - 144749672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-07-13 14:27 - 2012-10-11 08:54 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-07-13 14:22 - 2015-04-17 19:26 - 00000892 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-13 03:30 - 2015-04-17 19:26 - 00003880 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-07-13 03:13 - 2012-04-10 13:56 - 00000000 ____D C:\windows\system32\Macromed
2016-07-13 03:12 - 2012-04-10 13:56 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-07-12 07:56 - 2012-10-11 19:53 - 00000000 ____D C:\ProgramData\TEMP
2016-07-12 07:56 - 2012-10-11 19:53 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-07-11 12:42 - 2015-03-16 20:10 - 00000000 ____D C:\Users\user\Desktop\This and that
2016-07-08 08:25 - 2012-10-11 11:10 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-08 08:05 - 2014-04-07 15:00 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-07-08 04:55 - 2012-11-15 11:43 - 10412544 ___SH C:\Users\user\Desktop\Thumbs.db
2016-07-07 19:01 - 2014-04-19 07:09 - 00001276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-07-07 19:01 - 2012-10-18 09:05 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-07-07 19:01 - 2012-10-11 11:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-07-07 19:01 - 2012-10-11 11:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-07-07 19:00 - 2012-10-11 11:14 - 00001429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-07-07 07:03 - 2014-12-11 10:29 - 00000000 ____D C:\windows\system32\appraiser
2016-07-07 07:03 - 2010-11-21 17:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-02 13:26 - 2012-10-11 16:15 - 00000000 ___RD C:\Users\user\Desktop\Short Cuts
2016-07-02 10:04 - 2012-11-14 07:40 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-06-29 06:03 - 2015-07-21 17:47 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-06-25 05:06 - 2013-03-19 18:28 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

[Corrine]

Hi, Tallin.

Due to the length of the logs, FRST.txt didn't post completely and Addition.txt didn't post at all.  In FRST.txt, please locate the section of the log toward the bottom following the last line that posted, "2016-06-25 05:06 - 2013-03-19 18:28 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk".  Then copy/paste the Addition.txt log.

In addition, please go to
Browse to the following file path in the "Suspicious files to scan" field on the top of the page:

C:\windows\üóC

Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

[tallin]

2016-06-25 05:06 - 2013-03-19 18:28 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-23 19:05 - 2009-07-14 15:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-23 18:57 - 2009-07-14 15:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2016-06-23 18:54 - 2015-08-12 06:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-23 18:54 - 2015-08-12 06:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 18:45 - 2015-08-12 06:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-17 08:08 - 2014-09-28 06:00 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-06-16 06:55 - 2012-11-02 17:21 - 00000000 ____D C:\Users\user\AppData\Roaming\Foxit Software
2016-06-16 06:54 - 2015-12-04 15:34 - 00000000 ____D C:\Users\Public\Foxit Software
2016-06-16 06:53 - 2012-10-11 19:16 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2016-06-16 06:52 - 2016-04-07 15:01 - 00000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2013-01-22 08:26 - 2013-01-23 08:30 - 4096000 _____ () C:\Program Files (x86)\GUT8D45.tmp
2012-10-14 08:43 - 2011-12-22 12:45 - 0076407 _____ () C:\Users\user\AppData\Roaming\Smiley.ico
2012-10-14 17:32 - 2012-11-11 17:44 - 0007597 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2015-03-31 07:08 - 2015-03-31 07:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-10-30 16:01 - 2014-04-05 13:49 - 0000931 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-07 00:23

==================== End of FRST.txt ============================

Firstly thank you for your quick service.

The above content is in reply to your first request.

To adhere to your second request and I quote:

Browse to the following file path in the "Suspicious files to scan" field on the top of the page:

I cannot see "Suspicious files to scan" so am unable to locate C:\windows\üóC.

kind regards,

[Corrine]

How about the Addition.txt?  Note:  If you've used FRST before and the files are still on your computer, you need to check the box in the lower right corner to get a fresh Addition.txt.  If that is the case, please scan with FRST again and just post the Addition.txt log. 

[GR@PH;<'S]

tallin,
Once you get the all clear I recommend you upgrade to Windows 10 .
( A FREE upgrade till the end of July )

GR@PH;<'S,  

[tallin]

How about the Addition.txt?  Note:  If you've used FRST before and the files are still on your computer, you need to check the box in the lower right corner to get a fresh Addition.txt.  If that is the case, please scan with FRST again and just post the Addition.txt log.

Thank you for your reply.  I have never used FRST before.  When I open it from my desktop to scan, the box in the lower righthand corner is checked.  I have scanned again so here is the Addition. tx from the second scan.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2016 02
Ran by user (2016-07-16 17:29:20)
Running from C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-10 07:49:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2559403254-2449595015-3183726934-500 - Administrator - Disabled)
Guest (S-1-5-21-2559403254-2449595015-3183726934-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2559403254-2449595015-3183726934-1003 - Limited - Enabled)
user (S-1-5-21-2559403254-2449595015-3183726934-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 50.14.22.465 - Comodo)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Do Not Track Me Add-on 2.2.9.1112 (HKLM-x32\...\Do Not Track Me Add-on_is1) (Version: 2.2.9.1112 - Abine Inc)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Foxit PhantomPDF Standard (HKLM-x32\...\{86848256-DF08-4F3D-A32D-37151AA16510}) (Version: 7.3.4.311 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
Foxit Reader Packages (HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Foxit Reader Packages) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
jZip (HKLM-x32\...\jZip) (Version:  - Bandoo Media Inc.) <==== ATTENTION
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.161.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.2 (HKLM-x32\...\{4E96CB8B-444E-4EA3-8EF4-26060B0B411F}) (Version: 4.12.9782 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Secunia PSI (3.0.0.11003) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11003 - Secunia)
SIW 2011 Home Edition (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1206 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.2 - Synaptics Incorporated)
System Explorer 4.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 2.1.17.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}) (Version: 8.0.43 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Peak Shift Control (HKLM\...\{73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}) (Version: 3.00.07.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00B81717-4B73-40D8-84CD-BB9C86857B1A} - System32\Tasks\{F3E4F16A-D512-4304-BE19-62E7AA42FE46} => C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
Task: {1310ABB3-FF79-4E9F-A734-E027B77AD2AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {197FBE8E-2345-4ED5-B15E-55E3C99FADDD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-04] (AVAST Software)
Task: {243BC1F2-EB92-457D-982C-13601923A5DD} - System32\Tasks\{2118880F-9654-4B8C-AB4D-21FDB1C5F292} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {2A37F4BA-0FCF-4761-8574-90481ACE2ACF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {30D798D8-348A-448D-B75F-E83444ED9FDD} - System32\Tasks\{AACEF16D-EF56-4E96-B096-36796F4B3375} => pcalua.exe -a C:\Users\user\Desktop\wlsetup-web.exe -d C:\Users\user\Desktop
Task: {389E72CD-9DD9-48A7-A05E-D82F688BA666} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {3A647352-A29C-49B2-8116-B0CBB911DFB5} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {43C8DDA7-9DA6-4D95-9EF0-E279D3E50AAF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {45EB5BF9-A8CB-40B3-A17E-21F503AA4240} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {54F33FC6-C628-4590-8647-7947A34DEFEB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-21] (Google Inc.)
Task: {58E5BF72-48C0-457A-9AFD-FE3BC385AAAE} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {63618FC2-6A49-4233-8883-B5174876840E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7341B2F9-7F63-4705-9239-3F901CFCD18C} - System32\Tasks\Tweaking.com - Registry Backup => C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe [2016-03-25] (Tweaking.com)
Task: {750D3CCE-15F5-46B0-9B92-F0F5BFE685AC} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {8F980367-A9EE-47F1-AABC-C87FD6A6B13E} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-10-25] (TOSHIBA CORPORATION)
Task: {8FDF50BE-BB79-40C0-9715-493CE17D2755} - System32\Tasks\{55A79A95-530B-49BA-A056-FD3986009EE5} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter
Task: {A0F4DB5E-206E-4F85-90A7-64B0E6520141} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-21] (Google Inc.)
Task: {B614A8C7-FF73-4ED0-A207-7EEDE7691EFC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {E19CAA86-61D7-4075-990E-0E560C4B53A1} - System32\Tasks\{ED6C20F3-F753-47C5-B805-60852A68CEF8} => pcalua.exe -a D:\setup.exe -d D:\
Task: {E51B898C-84B7-4192-A43F-5C34821EC09E} - System32\Tasks\SafeZone scheduled Autoupdate 1458718366 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {E633EE81-866A-4282-A95C-D7975F739FF8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-11] (Piriform Ltd)
Task: {E6A088DB-4C9F-45C0-8B9F-D675584552B0} - System32\Tasks\{91939A97-7A8A-4899-B4CA-7D73102E5D3B} => pcalua.exe -a C:\Users\user\AppData\Local\Temp\jre-8u25-windows-au.exe -d "C:\Program Files\Java\jre1.8.0_20\bin" -c /installmethod=jau-m FAMILYUPGRADE=1
Task: {F86E91F9-D73E-41B9-A0D0-B774F1C7ED43} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Web Applications\www.timeanddate.com\http_80\The Personal World Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.timeanddate.com/worldclock/personal.html
ShortcutWithArgument: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Web Applications\www.thefreedictionary.com\http_80\assumption - definition of assumption by the Free Online Dictionary, Thesaurus and Encyclopedia..lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.thefreedictionary.com/assumption
ShortcutWithArgument: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Web Applications\update.filehippo.com\http_80\FileHippo.com - Download Free Software.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://update.filehippo.com/update/check/709de7ab-30df-453d-9cb5-0ec937344e6d
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\The Personal World Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.timeanddate.com/worldclock/personal.html
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) ==============

2010-07-15 14:44 - 2010-07-15 14:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-05-04 16:22 - 2016-05-04 16:22 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-04 16:22 - 2016-05-04 16:22 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-13 04:28 - 2016-07-13 04:28 - 03000320 _____ () C:\Program Files\AVAST Software\Avast\defs\16071202\algo.dll
2016-05-04 16:22 - 2016-05-04 16:22 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-04 16:22 - 2016-05-04 16:22 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-16 03:20 - 2016-07-16 03:20 - 03000832 _____ () C:\Program Files\AVAST Software\Avast\defs\16071501\algo.dll
2015-12-05 18:30 - 2015-12-05 18:30 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-31 21:35 - 2014-03-31 21:35 - 00033472 _____ () C:\Program Files (x86)\Windows Live\Shared\en\uxctlloc.dll.mui
2014-03-31 21:35 - 2014-03-31 21:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE trusted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\softpedia.com -> hxxp://www.softpedia.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12684 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2015-10-30 12:54 - 00451995 ____R C:\windows\system32\Drivers\etc\hosts

127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   www.10sek.com
127.0.0.1   10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   www.123fporn.info
127.0.0.1   123fporn.info
127.0.0.1   123haustiereundmehr.com
127.0.0.1   www.123haustiereundmehr.com
127.0.0.1   123moviedownload.com
127.0.0.1   www.123moviedownload.com

There are 15496 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GFNEXSrv => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: RelevantKnowledge => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: Secunia PSI Agent => 3
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SystemExplorerHelpService => 3
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: Unchecky => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
MSCONFIG\startupreg: IntelliType Pro => "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaServiceStation => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPSCMain => %ProgramFiles%\TOSHIBA\PeakShift\TPSCMain.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
MSCONFIG\startupreg: WinPatrol [FREE Edition] => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2BA18A62-CEFF-4BE0-90E8-0AADF096D109}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{3CC15EAE-67BA-4543-B642-30435F713B23}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{0AECBFC6-EAC3-4255-9019-3DC633CAE867}] => (Allow) C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{8C874EF3-1F5C-41FD-9218-EB5E6463C60D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{107D03F2-739E-4E4B-9A4E-DFE0359F2B89}C:\program files (x86)\rarmaradio\rarmaradio.exe] => (Allow) C:\program files (x86)\rarmaradio\rarmaradio.exe
FirewallRules: [UDP Query User{221E8199-7ABE-4289-AF6A-5C0D0B6E825A}C:\program files (x86)\rarmaradio\rarmaradio.exe] => (Allow) C:\program files (x86)\rarmaradio\rarmaradio.exe
FirewallRules: [TCP Query User{AD82F37F-0101-4510-92AF-F3FC95107A5A}C:\users\user\appdata\roaming\raimaradiopro\raimatv.exe] => (Allow) C:\users\user\appdata\roaming\raimaradiopro\raimatv.exe
FirewallRules: [UDP Query User{D7CADF78-4BFB-4E43-9348-C698FF694C2C}C:\users\user\appdata\roaming\raimaradiopro\raimatv.exe] => (Allow) C:\users\user\appdata\roaming\raimaradiopro\raimatv.exe
FirewallRules: [{43B05A9C-E171-4573-BD27-A8CD11BFB8A1}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{A480D89A-6C6B-48D2-97F6-F140EC0F739D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{469139F9-AA94-4F3C-816A-97E8F331E293}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{3319ADFA-30F8-440C-B6CF-D8C660ABA862}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E82DC193-6164-4E45-8223-2675E7313A46}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{72E843B5-F6DB-4461-9183-8590548C52E3}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{50211898-132A-41CA-BF7E-4DB2F612D057}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{9EE54DD1-71DE-4BA0-B65D-6E2249EF8342}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{5ABDFAB2-FDC0-4F6E-AF92-25AED5C3AB8F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A0498104-90FE-42C8-AD08-698A7781CF17}] => (Allow) LPort=2869
FirewallRules: [{C309F082-44A7-4487-B2F2-593A3730161A}] => (Allow) LPort=1900
FirewallRules: [{A9F632C1-E4C6-46F8-90F7-346D74D1D56E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7A2A78EE-3640-4EE0-AF4A-60EB54C26274}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{292F8B50-70F7-4315-B89E-90F9063C4CCA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8BE303B5-7A8B-44B9-BF11-3195601039B8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4EE6634C-AD85-4970-A3E4-558B8937EC12}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Users\user\AppData\Local\Temp\KB141735488.exe] => Enabled:Microsoft Office

==================== Restore Points =========================

03-07-2016 19:00:00 Windows Backup
07-07-2016 07:01:13 Windows Update
07-07-2016 18:57:02 Installed DirectX
07-07-2016 18:57:19 Installed DirectX
07-07-2016 18:58:09 Installed DirectX
10-07-2016 19:00:00 Windows Backup
13-07-2016 14:35:46 Windows Update
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2016 03:11:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/13/2016 02:23:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2016 07:17:59 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/07/2016 07:17:58 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/07/2016 07:17:58 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/07/2016 07:17:58 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (07/07/2016 07:17:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/07/2016 07:17:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/07/2016 07:17:54 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/07/2016 07:17:54 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
   The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (07/13/2016 03:20:53 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/13/2016 03:20:53 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/13/2016 03:13:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143 = There are no more endpoints available from the endpoint mapper.
.

Error: (07/13/2016 02:31:38 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/13/2016 02:31:38 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/13/2016 02:24:57 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143 = There are no more endpoints available from the endpoint mapper.
.

Error: (07/13/2016 02:24:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.

Error: (07/13/2016 02:23:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (07/13/2016 02:23:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (07/08/2016 08:12:30 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU B820 @ 1.70GHz
Percentage of memory in use: 27%
Total physical RAM: 10129.8 MB
Available physical RAM: 7312.04 MB
Total Virtual: 20257.79 MB
Available Virtual: 17249.14 MB

==================== Drives ================================

Drive c: (S3A9565D003) (Fixed) (Total:283.99 GB) (Free:212.26 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (KINGSTON) (Removable) (Total:59.4 GB) (Free:49.8 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 60A7FE5A)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.6 GB) - (Type=17)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 59.4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=59.4 GB) - (Type=0C)

==================== End of Addition.txt ============================

[tallin]

tallin,
Once you get the all clear I recommend you upgrade to Windows 10 .
( A FREE upgrade till the end of July )

GR@PH;<'S, 

Thank you GR@PHS, but I am very fond of Windows 7.

kind regards,

[Corrine]

Thank you for the addition.txt log.

1.  Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Open Notepad (Start =>All Programs => Accessories => Notepad).
  
• Copy/Paste the entire contents of the code box below into Notepad.
  

Code Select Expand


start
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.400.25) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 8 U40) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
2016-07-07 19:01 - 2016-07-07 19:01 - 00000020 _____ C:\windows\üóC
Foxit Reader Packages (HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Foxit Reader Packages) (Version:  - ) <==== ATTENTION
jZip (HKLM-x32\...\jZip) (Version:  - Bandoo Media Inc.) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
C:\ProgramData\TEMP:5C321E34 [125]
EmptyTemp:
end


• Click Format and ensure Wordwrap is unchecked.
  
• Important:  Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  
• Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  
  
  
  • Press the Fix button once and wait.
    
  • FRST will process fixlist.txt
    
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    
  • Please post the log in your next reply.
    

2.  You have WinPatrol installed, yet you've used msconfig to disable startup programs, including WinPatrol.  As explained below, when a startup program or service is disabled via msconfig, when the program is uninstalled, that disabled portion gets left over in the registry.

From Using System Configuration (msconfig) - Windows Help:

System Configuration is a tool that can help identify problems that might prevent Windows from starting correctly. You can start Windows with common services and startup programs turned off and then turn them back on, one at a time. If a problem doesn't occur when a service is turned off, but does occur when that service is turned on, then the service could be the cause of the problem.

System Configuration is intended to find and isolate problems, but it's not meant as a startup management program. {Bold added}

In other words, MSConfig is useful for troubleshooting but not for managing startup programs.  Using MSConfig can lock malware in the registry, only to become apparent should it be restored to normal start up. In addition, there is no automated way of changing the setting.  Each has to be done manually, which is what I suggest that you do.  Otherwise, programs you uninstall will leave leftovers behind.

---> Click start, type msconfig in the search box, open msconfig, click on the start up tab. Put a check mark in each entry, reboot the computer.

To use WinPatrol to manage startup programs, see Start Up Programs: Remove, Add, Disable.

3.  Please download AdwCleaner by Xplode and save to your Desktop.

• Right-click on AdwCleaner.exe and select Run As Administrator
  
• The tool will start to update the database, please wait a bit.
  
• Click on the Scan button.
  
• AdwCleaner will begin.  Please be patient as the scan may take some time to complete.
  
• After the scan has finished, click on the Clean button.
  
• Press OK when asked to close all programs and follow the onscreen prompts.
  
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  
• After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  
• Copy and paste the contents of that logfile in your next reply.
  
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  

4.  Please download Junkware Removal Tool to your desktop.

• Disable your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it.  If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

[tallin]

Once again, my thanks to you for your knowledge.

Regarding using msconfig to put a check in all programs showing, I have attached a snap of the only ones I thought needed.

kind regards,


Fix result of Farbar Recovery Scan Tool (x64) Version: 17-07-2016
Ran by user (2016-07-17 03:57:20) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.400.25) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 8 U40) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
2016-07-07 19:01 - 2016-07-07 19:01 - 00000020 _____ C:\windows\üóC
Foxit Reader Packages (HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Foxit Reader Packages) (Version:  - ) <==== ATTENTION
jZip (HKLM-x32\...\jZip) (Version:  - Bandoo Media Inc.) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
C:\ProgramData\TEMP:5C321E34 [125]
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
"HKCR\PROTOCOLS\Handler\skype4com" => key removed successfully
HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found.
C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll => not found.
C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => not found.
AvastVBoxSvc => service could not remove
ew_usbenumfilter => service removed successfully
huawei_cdcacm => service removed successfully
huawei_enumerator => service removed successfully
huawei_ext_ctrl => service removed successfully
huawei_wwanecm => service removed successfully
VBoxAswDrv => service could not remove
C:\windows\üóC => moved successfully
Foxit Reader Packages (HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Foxit Reader Packages) (Version:  - ) <==== ATTENTION => Error: No automatic fix found for this entry.
jZip (HKLM-x32\...\jZip) (Version:  - Bandoo Media Inc.) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File" => not found.
"C:\ProgramData\TEMP:5C321E34 [125]" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8331417 B
Java, Flash, Steam htmlcache => 595 B
Windows/system/drivers => 16696 B
Edge => 0 B
Chrome => 286006892 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 66049 B
LocalService => 0 B
NetworkService => 1562546 B
user => 38448608 B

RecycleBin => 2884 B
EmptyTemp: => 327 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 03:57:49 ====

# AdwCleaner v5.201 - Logfile created 17/07/2016 at 04:38:16
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-16.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : user - LAPTOP
# Running from : C:\Users\user\Desktop\adwcleaner_5.201.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Kromtech

• Folder Deleted : C:\ProgramData\Application Data\Kromtech
  [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
  [-] Folder Deleted : C:\Program Files (x86)\jZip
  [-] Folder Deleted : C:\users\user\AppData\Local\jZip
  [-] Folder Deleted : C:\users\user\AppData\Local\PutLockerDownloader
  [-] Folder Deleted : C:\users\user\AppData\Roaming\Systweak
  [-] Folder Deleted : C:\users\user\Documents\PC Speed Maximizer
  [-] Folder Deleted : C:\Program Files\Hola
  [-] Folder Deleted : C:\Users\user\AppData\Local\Geckofx
  
  ***** [ Files ] *****
  
  [-] File Deleted : C:\windows\SysNative\roboot64.exe
  
  ***** [ DLLs ] *****
  
  
  ***** [ WMI ] *****
  
  
  ***** [ Shortcuts ] *****
  
  
  ***** [ Scheduled tasks ] *****
  
  
  ***** [ Registry ] *****
  
  [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
  [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
  [-] Value Deleted : HKLM\SOFTWARE\RegisteredApplications [jZip]
  [-] Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
  [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
  [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
  [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
  [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
  [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
  [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
  [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
  [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
  [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
  [-] Key Deleted : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
  [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
  [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
  [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
  [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
  [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
  [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
  [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
  [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
  [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
  [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
  [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
  [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
  [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
  [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
  [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
  [-] Key Deleted : HKCU\Software\APN PIP
  [-] Key Deleted : HKCU\Software\Hola
  [-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
  [-] Key Deleted : HKCU\Software\Reg\Clean
  [-] Key Deleted : HKCU\Software\systweak
  [-] Key Deleted : HKCU\Software\csastats
  [-] Key Deleted : HKLM\SOFTWARE\jZip
  [-] Key Deleted : HKLM\SOFTWARE\PIP
  [-] Key Deleted : HKLM\SOFTWARE\Reg\Clean
  [-] Key Deleted : HKLM\SOFTWARE\systweak
  [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
  [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
  [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip
  [-] Key Deleted : [x64] HKLM\SOFTWARE\Hola
  [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
  [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
  [-] Key Deleted : HKU\.DEFAULT\Software\Hola
  [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2559403254-2449595015-3183726934-1000\Software\Complitly
  [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2559403254-2449595015-3183726934-1000\Software\SweetIM
  [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
  [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
  [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
  [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
  [-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
  [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\SweetIM
  [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Sweetpacks Communicator
  [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\RelevantKnowledge
  
  ***** [ Web browsers ] *****
  
  [-] [C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN02437379718666-1025&toolbarId=base&affiliateId=1025&Lan=en&utid=b46df7100000000000000015af128eec
  [-] [C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=dc13809e8dc1445a862174a9bdc9df7d&tu=10GXy009z2B0Ca0&sku=&tstsId=&ver=&
  [-] [C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=en&gu=dc13809e8dc1445a862174a9bdc9df7d&tu=10GXy00Bs2C01g0&sku=&tstsId=&ver=&
  
  *************************
  
  :: "Tracing" keys deleted
  :: Winsock settings cleared
  
  *************************
  
  C:\AdwCleaner\AdwCleaner[C1].txt - [6749 bytes] - [17/07/2016 04:38:16]
  C:\AdwCleaner\AdwCleaner[R0].txt - [4893 bytes] - [11/12/2013 16:54:54]
  C:\AdwCleaner\AdwCleaner[S1].txt - [7077 bytes] - [17/07/2016 04:31:25]
  
  ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6968 bytes] ##########
  
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Junkware Removal Tool (JRT) by Malwarebytes
  Version: 8.0.7 (07.03.2016)
  Operating System: Windows 7 Home Premium x64
  Ran by user (Administrator) on Sun 17/07/2016 at  4:54:04.67
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  
  
  
  File System: 17
  
  Successfully deleted: C:\ProgramData\productdata (Folder)
  Successfully deleted: C:\Users\user\AppData\Local\{DF73E352-8EE8-4A10-826B-2D87F731C61C} (Empty Folder)
  Successfully deleted: C:\Users\user\AppData\Roaming\0F1L1I1P0H1L1E1E1F (Folder)
  Successfully deleted: C:\windows\wininit.ini (File)
  Successfully deleted: C:\Program Files (x86)\GUT8D45.tmp (File)
  Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3KKSD7MH (Temporary Internet Files Folder)
  Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRA888IR (Temporary Internet Files Folder)
  Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JALBIAWZ (Temporary Internet Files Folder)
  Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SEQNFKRZ (Temporary Internet Files Folder)
  Successfully deleted: C:\windows\prefetch\GOOGLETOOLBARMANAGER_F3B2E431-434BCC1B.pf (File)
  Successfully deleted: C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf (File)
  Successfully deleted: C:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf (File)
  Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3KKSD7MH (Temporary Internet Files Folder)
  Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRA888IR (Temporary Internet Files Folder)
  Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JALBIAWZ (Temporary Internet Files Folder)
  Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SEQNFKRZ (Temporary Internet Files Folder)
  Successfully deleted: C:\windows\SysWOW64\REN2C3E.tmp (File)
  
  
  
  Registry: 1
  
  Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
  
  
  
  
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Scan was completed on Sun 17/07/2016 at  4:56:16.23
  End of JRT log
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  

[Corrine]

As one example, it appears you uninstalled Adobe Reader.  However, you have this leftover because it is locked in msconfig: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe".  Another is Adobe ARM, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe".

It is your computer, your choice.  However, managing startup is one of the best features of WinPatrol.

[tallin]

Thank you for your reply.

Unfortunately, due to lack of understanding on my part I don't understand what you want me to do here.  I asked for advice, and will certainly take it so could you set out step by step what you require of me please.

I appreciate the time you have given me, but am not privy to what issues I did have - again due to lack of my understanding.

kind regards,  :)

[Corrine]

Hi, Tallin.

Take another look at what I posted as "2." above about msconfig.  It is only intended to be used in troubleshooting, not for permanently disabling programs at startup, updates, services, etc. 

Perhaps it would help if you explained why you've used msconfig.  Was it to remove from startup?  If so, as shown in the WinPatrol post I linked to, you can safely disable or completely remove from startup with WinPatrol.  That is what I recommend.  However, the only way to make that change is by doing the following:  Click start, type msconfig in the search box, open msconfig, click on the start up tab. Put a check mark in each entry, reboot the computer.

If you choose to do that, I'd be happy to take a look at a set fresh FRST logs (remember to check the box for Addition.txt).

[tallin]

Thank you Corrine for your informative post.

I am glad my signature has always been "Learning Each day".

I see I was using msconfig thinking unchecking all the items in the 'Startup' tab except the ones I thought I needed was the correct way of stopping them starting at boot....not true you tell me, so I have done as you requested putting a check mark in each box in msconfig, rebooting and find the computer desktop covered in all sorts of icons I do not want on it.  I have now customized quick launch to get rid of these.  I have also gone into Winpatrol and manually removed the ones I think I do not want and put some of them in 'delayed start'.  Phew, what a slow process that was.

As I type this to you, the text is slow to appear all of a sudden...why would that be I am wondering?

kind regards,

Thank you for looking at a new FRST file, much appreciated.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-07-2016
Ran by user (administrator) on LAPTOP (17-07-2016 09:15:29)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-28] (AVAST Software)
HKLM-x32\...\Run: [WinPatrol [FREE Edition]] => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
Winlogon\Notify\igfxcui:
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-11] (Piriform Ltd)
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-04-21] (Google Inc.)
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-04] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3DFA4C0A-DDE3-4AA0-8577-F92CC6E96077}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B2689B5E-9B37-4FD0-81B4-050F4739F1C5}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F6F9C116-0ABB-46B0-B0D0-52FD082C9CF4}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Do Not Track Me -> {6E45F3E8-2683-4824-A6BE-08108022FB36} -> C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll [2013-11-12] (Abine Inc)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-15] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-11-04] (<TOSHIBA>)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-11] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-15] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-11] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-11-04] (<TOSHIBA>)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-2559403254-2449595015-3183726934-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2559403254-2449595015-3183726934-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-04]

Chrome:
=======
CHR HomePage: Profile 3 -> hxxp://www.dailymail.co.uk/news/article-2382096/Incredible-footage-reveals-French-World-War-Two-prisoners-secretly-filmed-life-POW-camp-tiny-camera-hidden-hollowed-dictionary.html
CHR StartupUrls: Profile 3 -> "hxxps://www.google.com.au/","","hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN02437379718666-1025&toolbarId=base&affiliateId=1025&Lan=en&utid=b46df7100000000000000015af128eec","hxxp://blank/","hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=dc13809e8dc1445a862174a9bdc9df7d&tu=10GXy009z2B0Ca0&sku=&tstsId=&ver=&","hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=en&gu=dc13809e8dc1445a862174a9bdc9df7d&tu=10GXy00Bs2C01g0&sku=&tstsId=&ver=&"
CHR DefaultSearchURL: Profile 3 -> hxxp://www.google.com.au/search?q={searchTerms}&rls=com.microsoft:{language}&rlz=1I7GGIT_en
CHR DefaultSearchKeyword: Profile 3 -> google.com.au__
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\pdf.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 8.0.400.25) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 8 U40) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Translate) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-17]
CHR Extension: (Simple Drag & Drop Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aiifonoffdkfmmiadigmjhoameijkdbb [2015-06-24]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-06-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-01]
CHR Extension: (YoWindow Free Weather) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fanogbnclpilemkifpjeglokomebpnef [2016-03-26]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-09]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-05]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2016-06-17]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-04] (AVAST Software)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2001592 2016-06-03] (Comodo)
S4 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-22] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-22] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-07] (IObit)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1572056 2015-12-01] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [839384 2015-12-01] (Secunia)
S4 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-12-01] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-26] ()
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-17 09:15 - 2016-07-17 09:15 - 00025132 _____ C:\Users\user\Desktop\FRST.txt
2016-07-16 04:48 - 2016-07-17 09:15 - 00000000 ____D C:\FRST
2016-07-16 04:44 - 2016-07-17 03:57 - 02391040 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-07-13 14:35 - 2016-06-11 16:57 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-07-13 14:35 - 2016-06-11 14:48 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-07-13 14:35 - 2016-06-11 07:38 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-07-13 14:35 - 2016-06-11 07:38 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-07-13 14:35 - 2016-06-11 07:20 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-07-13 14:35 - 2016-06-11 07:19 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-07-13 14:35 - 2016-06-11 07:19 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-07-13 14:35 - 2016-06-11 07:18 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-07-13 14:35 - 2016-06-11 07:18 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-07-13 14:35 - 2016-06-11 07:17 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-07-13 14:35 - 2016-06-11 07:10 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-07-13 14:35 - 2016-06-11 07:08 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-07-13 14:35 - 2016-06-11 07:05 - 25814016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-07-13 14:35 - 2016-06-11 07:04 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-07-13 14:35 - 2016-06-11 07:03 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-07-13 14:35 - 2016-06-11 07:03 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-07-13 14:35 - 2016-06-11 07:02 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-07-13 14:35 - 2016-06-11 07:02 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-07-13 14:35 - 2016-06-11 06:53 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-07-13 14:35 - 2016-06-11 06:50 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-07-13 14:35 - 2016-06-11 06:49 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-07-13 14:35 - 2016-06-11 06:40 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-07-13 14:35 - 2016-06-11 06:38 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-07-13 14:35 - 2016-06-11 06:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-07-13 14:35 - 2016-06-11 06:34 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-07-13 14:35 - 2016-06-11 06:31 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-07-13 14:35 - 2016-06-11 06:28 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-07-13 14:35 - 2016-06-11 06:15 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-07-13 14:35 - 2016-06-11 06:13 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-07-13 14:35 - 2016-06-11 06:12 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-07-13 14:35 - 2016-06-11 06:11 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-07-13 14:35 - 2016-06-11 06:10 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-07-13 14:35 - 2016-06-11 05:45 - 15409664 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-07-13 14:35 - 2016-06-11 05:44 - 02869248 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-07-13 14:35 - 2016-06-11 05:30 - 01550848 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-07-13 14:35 - 2016-06-11 05:21 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-07-13 14:35 - 2016-06-11 05:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-07-13 14:35 - 2016-06-11 04:54 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-07-13 14:35 - 2016-06-11 04:53 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-07-13 14:35 - 2016-06-11 04:53 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-07-13 14:35 - 2016-06-11 04:53 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-07-13 14:35 - 2016-06-11 04:52 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-07-13 14:35 - 2016-06-11 04:47 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-07-13 14:35 - 2016-06-11 04:46 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-07-13 14:35 - 2016-06-11 04:45 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-07-13 14:35 - 2016-06-11 04:42 - 20348928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-07-13 14:35 - 2016-06-11 04:42 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-07-13 14:35 - 2016-06-11 04:41 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-07-13 14:35 - 2016-06-11 04:41 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-07-13 14:35 - 2016-06-11 04:41 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-07-13 14:35 - 2016-06-11 04:32 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-07-13 14:35 - 2016-06-11 04:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-13 14:35 - 2016-06-11 04:26 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-07-13 14:35 - 2016-06-11 04:24 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-07-13 14:35 - 2016-06-11 04:23 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-07-13 14:35 - 2016-06-11 04:21 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-07-13 14:35 - 2016-06-11 04:19 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-07-13 14:35 - 2016-06-11 04:14 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-07-13 14:35 - 2016-06-11 04:12 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-07-13 14:35 - 2016-06-11 04:10 - 00692736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-07-13 14:35 - 2016-06-11 04:09 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-07-13 14:35 - 2016-06-11 04:09 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-07-13 14:35 - 2016-06-11 03:58 - 13806080 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-07-13 14:35 - 2016-06-11 03:45 - 02392576 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-07-13 14:35 - 2016-06-11 03:42 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-07-13 14:35 - 2016-06-11 03:41 - 01315840 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00970240 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00344576 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00166400 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\inetppui.dll
2016-07-13 14:33 - 2016-06-26 05:54 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2016-07-13 14:33 - 2016-06-26 05:53 - 00297472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.dll
2016-07-13 14:33 - 2016-06-26 05:53 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\ntprint.exe
2016-07-13 14:33 - 2016-06-26 05:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wpnpinst.exe
2016-07-13 14:33 - 2016-06-26 05:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.exe
2016-07-13 14:33 - 2016-06-15 01:03 - 03217408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-07-08 08:25 - 2016-07-08 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-07-08 08:12 - 2016-07-08 08:12 - 13677800 _____ (Google) C:\Users\user\Downloads\picasa.exe.EXE
2016-07-07 07:01 - 2016-06-26 10:35 - 00041704 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-07-07 07:01 - 2016-06-26 10:27 - 01208320 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-07-07 07:01 - 2016-06-22 23:06 - 00268800 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 01490432 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00294912 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00219136 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-07-07 03:48 - 2016-07-07 19:17 - 00000000 ____D C:\Users\user\Desktop\Tax 2016
2016-07-02 13:16 - 2016-07-02 13:16 - 00000207 _____ C:\windows\tweaking.com-regbackup-LAPTOP-Windows-7-Home-Premium-(64-bit).dat
2016-06-23 18:50 - 2016-05-17 09:22 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-06-23 18:50 - 2016-05-17 09:19 - 05546216 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-06-23 18:50 - 2016-05-17 09:19 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-06-23 18:50 - 2016-05-17 09:19 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-06-23 18:50 - 2016-05-17 09:19 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-06-23 18:50 - 2016-05-17 09:18 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-06-23 18:50 - 2016-05-17 09:18 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-06-23 18:50 - 2016-05-17 09:17 - 01732888 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-06-23 18:50 - 2016-05-17 09:16 - 01314136 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 07:23 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-06-23 18:50 - 2016-05-17 07:23 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-06-23 18:50 - 2016-05-17 07:23 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-06-23 18:50 - 2016-05-17 07:23 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-06-23 18:50 - 2016-05-17 07:19 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-06-23 18:50 - 2016-05-17 07:19 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-06-23 18:50 - 2016-05-17 07:16 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-06-23 18:50 - 2016-05-17 07:15 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-06-23 18:50 - 2016-05-17 07:15 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-06-23 18:50 - 2016-05-17 07:14 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-06-23 18:50 - 2016-05-17 07:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-06-23 18:50 - 2016-05-17 07:14 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-06-23 18:50 - 2016-05-17 07:10 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-06-23 18:50 - 2016-05-17 07:10 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-06-23 18:50 - 2016-05-17 07:10 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-06-23 18:50 - 2016-05-17 07:10 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-06-23 18:50 - 2016-05-17 07:09 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-06-23 18:50 - 2016-05-17 07:09 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 07:09 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 07:09 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 07:09 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-06-23 18:50 - 2016-05-14 08:09 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-06-23 18:50 - 2016-05-14 08:09 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-06-23 18:50 - 2016-05-14 08:09 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-06-23 18:50 - 2016-05-14 08:07 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-06-23 18:50 - 2016-05-14 07:55 - 02607104 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-06-23 18:50 - 2016-05-14 07:53 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-06-23 18:50 - 2016-05-14 07:53 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-06-23 18:50 - 2016-05-14 07:52 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-06-23 18:50 - 2016-05-14 07:52 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-06-23 18:50 - 2016-05-14 07:52 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-06-23 18:50 - 2016-05-14 07:52 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-06-23 18:50 - 2016-05-14 07:50 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-06-23 18:50 - 2016-05-14 07:38 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-06-23 18:50 - 2016-05-14 07:38 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-06-23 18:50 - 2016-05-14 07:38 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-06-23 18:50 - 2016-05-14 07:38 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-06-23 18:50 - 2016-05-13 03:14 - 00862208 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-06-23 18:50 - 2016-05-13 03:14 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-06-23 18:50 - 2016-05-13 01:18 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-06-23 18:50 - 2016-05-13 01:18 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2016-06-23 18:50 - 2016-05-13 01:18 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-06-23 18:50 - 2016-05-05 03:21 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-06-23 18:50 - 2016-05-05 03:17 - 03244032 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-06-23 18:50 - 2016-05-05 03:16 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-06-23 18:50 - 2016-05-05 03:16 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-06-23 18:50 - 2016-05-05 01:04 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-06-23 18:50 - 2016-05-05 00:55 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-17 09:01 - 2015-04-17 19:26 - 00000892 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-17 08:53 - 2012-10-11 11:10 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-17 08:53 - 2012-10-11 11:10 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-17 08:52 - 2016-04-21 10:41 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000UA.job
2016-07-17 08:52 - 2016-04-21 10:41 - 00000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000Core.job
2016-07-17 08:52 - 2009-07-14 14:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-17 08:52 - 2009-07-14 14:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-17 08:43 - 2014-10-29 14:19 - 01509634 _____ C:\IFRToolLog.txt
2016-07-17 08:41 - 2015-01-05 17:49 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-07-17 08:39 - 2009-07-14 13:20 - 00000000 ____D C:\windows\inf
2016-07-17 08:37 - 2012-10-11 10:33 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-07-17 08:37 - 2009-07-14 15:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-17 08:36 - 2012-11-21 03:51 - 00000000 ____D C:\windows\pss
2016-07-17 08:29 - 2016-01-20 06:18 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-07-17 07:34 - 2015-07-21 17:47 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-07-17 07:34 - 2012-10-11 19:53 - 00000000 ____D C:\ProgramData\TEMP
2016-07-17 07:34 - 2012-10-11 19:53 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-07-17 07:34 - 2009-07-14 13:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2016-07-17 07:33 - 2009-07-14 13:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2016-07-17 07:11 - 2014-03-25 07:33 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-17 04:38 - 2013-12-11 16:54 - 00000000 ____D C:\AdwCleaner
2016-07-17 04:19 - 2012-11-15 11:43 - 10444800 ___SH C:\Users\user\Desktop\Thumbs.db
2016-07-17 03:57 - 2013-11-25 13:19 - 00000000 ____D C:\Users\user\AppData\LocalLow\Temp
2016-07-16 18:28 - 2012-10-11 10:33 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-07-16 09:02 - 2014-03-11 12:43 - 00000000 ____D C:\Users\user\AppData\Local\DoNotTrackPlus
2016-07-15 06:30 - 2016-01-20 06:18 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-07-15 06:29 - 2013-07-25 08:19 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-07-15 06:29 - 2013-07-25 08:19 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-13 16:24 - 2009-07-14 13:20 - 00000000 ____D C:\windows\rescache
2016-07-13 15:11 - 2009-07-14 14:45 - 00295232 _____ C:\windows\system32\FNTCACHE.DAT
2016-07-13 14:48 - 2013-07-11 14:55 - 00000000 ____D C:\windows\system32\MRT
2016-07-13 14:38 - 2012-10-10 18:41 - 144749672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-07-13 14:27 - 2012-10-11 08:54 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-07-13 03:30 - 2015-04-17 19:26 - 00003880 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-07-13 03:13 - 2012-04-10 13:56 - 00000000 ____D C:\windows\system32\Macromed
2016-07-13 03:12 - 2012-04-10 13:56 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-07-11 12:42 - 2015-03-16 20:10 - 00000000 ____D C:\Users\user\Desktop\This and that
2016-07-08 08:25 - 2012-10-11 11:10 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-08 08:05 - 2014-04-07 15:00 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-07-07 19:01 - 2014-04-19 07:09 - 00001276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-07-07 19:01 - 2012-10-18 09:05 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-07-07 19:01 - 2012-10-11 11:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-07-07 19:01 - 2012-10-11 11:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-07-07 19:00 - 2012-10-11 11:14 - 00001429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-07-07 07:03 - 2014-12-11 10:29 - 00000000 ____D C:\windows\system32\appraiser
2016-07-07 07:03 - 2010-11-21 17:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-02 13:26 - 2012-10-11 16:15 - 00000000 ___RD C:\Users\user\Desktop\Short Cuts
2016-07-02 10:04 - 2012-11-14 07:40 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-06-25 05:06 - 2013-03-19 18:28 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-23 19:05 - 2009-07-14 15:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-23 18:57 - 2009-07-14 15:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2016-06-23 18:54 - 2015-08-12 06:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-23 18:54 - 2015-08-12 06:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 18:45 - 2015-08-12 06:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-17 08:08 - 2014-09-28 06:00 - 00000000 ____D C:\Users\user\AppData\Local\Adobe

==================== Files in the root of some directories =======

2012-10-14 08:43 - 2011-12-22 12:45 - 0076407 _____ () C:\Users\user\AppData\Roaming\Smiley.ico
2012-10-14 17:32 - 2012-11-11 17:44 - 0007597 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2015-03-31 07:08 - 2015-03-31 07:08 - 0000000 ____H () C:\

[Corrine]

We'll do some additional cleanup but, once again, due to the length of the logs, FRST.txt didn't post completely and Addition.txt didn't post at all.  Please reopen FRST.txt (time and date as (17-07-2016 09:15:29)) and copy/paste from the line below to the end:

2012-10-14 17:32 - 2012-11-11 17:44 - 0007597 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg

Next, reopen Addition.txt and copy/paste that log.

Thanks!

[tallin]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-07-2016
Ran by user (administrator) on LAPTOP (17-07-2016 15:52:23)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-28] (AVAST Software)
HKLM-x32\...\Run: [WinPatrol [FREE Edition]] => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
Winlogon\Notify\igfxcui:
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-11] (Piriform Ltd)
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-04-21] (Google Inc.)
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-04] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3DFA4C0A-DDE3-4AA0-8577-F92CC6E96077}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B2689B5E-9B37-4FD0-81B4-050F4739F1C5}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F6F9C116-0ABB-46B0-B0D0-52FD082C9CF4}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Do Not Track Me -> {6E45F3E8-2683-4824-A6BE-08108022FB36} -> C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll [2013-11-12] (Abine Inc)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-15] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-11-04] (<TOSHIBA>)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-11] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-15] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-11] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-11-04] (<TOSHIBA>)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-2559403254-2449595015-3183726934-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2559403254-2449595015-3183726934-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-04]

Chrome:
=======
CHR HomePage: Profile 3 -> hxxp://www.dailymail.co.uk/news/article-2382096/Incredible-footage-reveals-French-World-War-Two-prisoners-secretly-filmed-life-POW-camp-tiny-camera-hidden-hollowed-dictionary.html
CHR StartupUrls: Profile 3 -> "hxxps://www.google.com.au/","","hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN02437379718666-1025&toolbarId=base&affiliateId=1025&Lan=en&utid=b46df7100000000000000015af128eec","hxxp://blank/","hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=dc13809e8dc1445a862174a9bdc9df7d&tu=10GXy009z2B0Ca0&sku=&tstsId=&ver=&","hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=en&gu=dc13809e8dc1445a862174a9bdc9df7d&tu=10GXy00Bs2C01g0&sku=&tstsId=&ver=&"
CHR DefaultSearchURL: Profile 3 -> hxxp://www.google.com.au/search?q={searchTerms}&rls=com.microsoft:{language}&rlz=1I7GGIT_en
CHR DefaultSearchKeyword: Profile 3 -> google.com.au__
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\pdf.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 8.0.400.25) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 8 U40) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Translate) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-17]
CHR Extension: (Simple Drag & Drop Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aiifonoffdkfmmiadigmjhoameijkdbb [2015-06-24]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-06-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-01]
CHR Extension: (YoWindow Free Weather) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fanogbnclpilemkifpjeglokomebpnef [2016-03-26]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-09]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-05]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2016-06-17]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-04] (AVAST Software)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2001592 2016-06-03] (Comodo)
S4 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-22] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-22] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-07] (IObit)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1572056 2015-12-01] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [839384 2015-12-01] (Secunia)
S4 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-12-01] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-26] ()
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)