Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

slow pc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

slow pc

Unread postby thom15 » April 4th, 2016, 10:01 am

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by thom hp extra (administrator) on MAINCOMPUTER1 (04-04-2016 08:41:01)
Running from C:\Users\thom hp extra\Desktop
Loaded Profiles: thom hp extra (Available Profiles: thom hp extra & UpdatusUser)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\SeaMonkey\seamonkey.exe" -requestPending -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(World Community Grid) C:\Program Files\BOINC\boincmgr.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(LogMeIn, Inc) C:\Users\thom hp extra\AppData\Local\join.me.launcher\join.me.launcher.exe
(Second Nature Software, Inc.) C:\Program Files\Second Nature\Snsicon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(World Community Grid) C:\Program Files\BOINC\boinc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Interact Commerce Corporation) C:\Program Files\ACT\act.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(mozilla.org) C:\Program Files\SeaMonkey\seamonkey.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_oet1_vina_7.19_windows_intelx86
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intuit) C:\Program Files\TurboTax\Home & Business 2015\32bit\TurboTax.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\Chess\Chess.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahb_bedam_7.14_windows_intelx86


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [3909264 2014-03-25] (World Community Grid)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [71312 2014-03-25] (Space Sciences Laboratory)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25577864 2016-03-11] (Dropbox, Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [179624 2016-02-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2080768 2014-09-11] (iSkySoft)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3862440 2016-03-02] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-4133590188-1570471198-2000522743-1000\...\Run: [join.me.launcher] => C:\Users\thom hp extra\AppData\Local\join.me.launcher\join.me.launcher.exe [176560 2015-10-27] (LogMeIn, Inc)
HKU\S-1-5-21-4133590188-1570471198-2000522743-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_21_0_0_182_Plugin.exe [1164992 2016-03-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-4133590188-1570471198-2000522743-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SNSVR.scr [135168 2006-01-30] (Second Nature Software)
HKU\S-1-5-18\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /SILENT /FAIL=1
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snsicon.lnk [2015-12-17]
ShortcutTarget: Snsicon.lnk -> C:\Program Files\Second Nature\Snsicon.exe (Second Nature Software, Inc.)
Startup: C:\Users\thom hp extra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-02-26]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{0283995D-71A2-4368-B948-69DB3C45847A}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4133590188-1570471198-2000522743-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-4133590188-1570471198-2000522743-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-19] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4133590188-1570471198-2000522743-1000: @citrixonline.com/appdetectorplugin -> C:\Users\thom hp extra\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-18] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 3569296\extensions\{jid1-eFRcA0eiPxecTQ@jetpack} => not found
FF HKLM\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - 1\extensions\{jid1-vS7biDmom8YxhA@jetpack} => not found

Chrome:
=======
CHR Profile: C:\Users\thom hp extra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\thom hp extra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-29]
CHR HKU\S-1-5-21-4133590188-1570471198-2000522743-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-06-04] (Advanced Micro Devices, Inc.) [File not signed]
S4 ASGT; C:\Windows\System32\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [604144 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3934184 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [865704 2016-02-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [561104 2016-03-02] (AVG Technologies CZ, s.r.o.)
S4 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-12] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-12] (Dropbox, Inc.)
S4 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Sage ACT! Scheduler; C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe [81920 2010-12-21] (Sage Software, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [256432 2016-01-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [207792 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [297904 2016-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [205744 2016-03-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [37296 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 Avgunivx; C:\Windows\System32\DRIVERS\avgunivx.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [98600 2007-04-18] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.)
R3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [546048 2007-04-12] (Creative Technology Ltd)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347128 2007-04-10] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [94976 2007-04-12] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.)
R3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [560384 2007-04-12] (Creative Technology Ltd)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [797992 2007-04-10] (Creative Technology Ltd)
R3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [163112 2007-04-10] (Creative Technology Ltd)
S3 hap17v2k; C:\Windows\System32\drivers\hap17v2k.sys [189736 2007-04-10] (Creative Technology Ltd)
R3 hcw18bda; C:\Windows\System32\drivers\hcw18bda.sys [391296 2009-05-28] (Hauppauge Computer Works, Inc)
S3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [750592 2009-08-05] (Ralink Technology Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\Users\THOMHP~1\AppData\Local\Temp\catchme.sys [X]
S1 FNetDevi; \??\C:\Program Files\FNet\OTB\FNetDevi.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-04 08:18 - 2016-04-04 08:26 - 00046986 _____ C:\Users\thom hp extra\Desktop\Addition.txt
2016-04-04 08:11 - 2016-04-04 08:41 - 00016003 _____ C:\Users\thom hp extra\Desktop\FRST.txt
2016-04-04 08:08 - 2016-04-04 08:41 - 00000000 ____D C:\FRST
2016-04-04 08:02 - 2016-04-04 08:01 - 01725440 _____ (Farbar) C:\Users\thom hp extra\Desktop\FRST.exe
2016-03-28 18:39 - 2016-03-28 18:39 - 00000000 ____D C:\Qui8CB2.tmp
2016-03-28 18:39 - 2016-03-28 18:39 - 00000000 ____D C:\Qui8CA2.tmp
2016-03-28 18:39 - 2016-03-28 18:39 - 00000000 ____D C:\Qui8C72.tmp
2016-03-28 10:02 - 2016-03-28 10:02 - 00000000 ____D C:\Qui7DCB.tmp
2016-03-28 10:02 - 2016-03-28 10:02 - 00000000 ____D C:\Qui7DCA.tmp
2016-03-28 10:02 - 2016-03-28 10:02 - 00000000 ____D C:\Qui7D9A.tmp
2016-03-22 09:14 - 2016-03-22 09:14 - 08145683 _____ C:\Users\thom hp extra\Desktop\ACTCOPY.zip
2016-03-21 06:41 - 2016-03-21 06:44 - 00000000 ____D C:\Users\thom hp extra\Downloads\ICHIRTY
2016-03-20 12:37 - 2016-03-20 12:37 - 00114375 _____ C:\Users\thom hp extra\Desktop\MLMRecruitOnDemand-Scripts.pdf
2016-03-19 14:15 - 2016-03-19 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-19 14:12 - 2016-03-19 14:12 - 00000948 _____ C:\Users\thom hp extra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2016-03-15 02:05 - 2016-03-15 20:04 - 00000000 ____D C:\Users\thom hp extra\Downloads\OPTION GIANT
2016-03-12 23:08 - 2016-03-12 23:07 - 02690660 _____ C:\Users\thom hp extra\Downloads\Erectile Dysfunction Protocol.pdf
2016-03-12 17:32 - 2016-03-12 17:32 - 00000891 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-03-11 12:04 - 2016-03-11 12:06 - 00000000 ____D C:\Users\thom hp extra\Downloads\MELVIN
2016-03-09 12:09 - 2016-02-12 13:39 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 12:09 - 2016-02-12 13:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 12:09 - 2016-02-12 13:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-09 12:09 - 2016-02-12 13:07 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 12:09 - 2016-02-12 13:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 12:09 - 2016-02-12 13:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 12:09 - 2016-02-12 13:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 12:09 - 2016-02-12 13:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-09 12:09 - 2016-02-12 13:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 12:09 - 2016-02-12 13:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-09 12:09 - 2016-02-12 13:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-09 12:09 - 2016-02-11 13:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-03-09 12:09 - 2016-02-11 13:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 12:09 - 2016-02-11 13:44 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-09 12:09 - 2016-02-11 13:44 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-09 12:09 - 2016-02-11 13:41 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-09 12:09 - 2016-02-11 13:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-09 12:09 - 2016-02-11 13:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-09 12:09 - 2016-02-11 13:37 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-09 12:09 - 2016-02-11 13:37 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-09 12:09 - 2016-02-11 13:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-09 12:09 - 2016-02-11 13:37 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-09 12:09 - 2016-02-11 13:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-09 12:09 - 2016-02-11 13:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-09 12:09 - 2016-02-11 13:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 12:09 - 2016-02-11 13:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-09 12:09 - 2016-02-11 13:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-09 12:09 - 2016-02-11 13:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-09 12:09 - 2016-02-11 13:33 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-09 12:09 - 2016-02-11 13:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 12:09 - 2016-02-11 13:31 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-09 12:09 - 2016-02-11 13:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-09 12:09 - 2016-02-11 13:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-09 12:09 - 2016-02-11 13:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-09 12:09 - 2016-02-11 13:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-09 12:09 - 2016-02-11 12:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-09 12:09 - 2016-02-11 12:37 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-09 12:09 - 2016-02-11 12:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-09 12:09 - 2016-02-11 12:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-09 12:09 - 2016-02-11 12:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-09 12:09 - 2016-02-11 12:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-09 12:09 - 2016-02-11 12:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-09 12:09 - 2016-02-11 12:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-09 12:09 - 2016-02-11 12:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-09 12:09 - 2016-02-09 04:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 12:09 - 2016-02-09 01:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 12:09 - 2016-02-08 15:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 12:09 - 2016-02-08 15:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-09 12:09 - 2016-02-08 15:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-09 12:09 - 2016-02-08 15:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-09 12:09 - 2016-02-08 15:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-09 12:09 - 2016-02-08 15:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-09 12:09 - 2016-02-08 15:28 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-09 12:09 - 2016-02-08 15:23 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-09 12:09 - 2016-02-08 15:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-09 12:09 - 2016-02-08 15:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-09 12:09 - 2016-02-08 15:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-09 12:09 - 2016-02-08 15:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-09 12:09 - 2016-02-08 15:02 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 12:09 - 2016-02-08 14:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 12:09 - 2016-02-08 14:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 12:09 - 2016-02-04 13:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 12:09 - 2016-02-04 12:46 - 02387456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 12:09 - 2016-02-03 13:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-09 12:09 - 2016-02-03 13:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-03-09 12:09 - 2016-02-03 13:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 12:09 - 2016-02-03 12:59 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 12:08 - 2016-02-19 13:50 - 00034240 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-09 12:08 - 2016-02-19 13:41 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 12:08 - 2016-02-19 09:07 - 01206784 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-09 12:08 - 2016-02-11 09:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-09 12:08 - 2016-02-08 16:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 12:08 - 2016-02-08 15:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-09 12:08 - 2016-02-08 15:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-09 12:08 - 2016-02-08 15:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-09 12:08 - 2016-02-08 15:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-09 12:08 - 2016-02-08 15:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-09 12:08 - 2016-02-08 15:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 12:08 - 2016-02-08 15:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-09 12:08 - 2016-02-08 15:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 12:08 - 2016-02-08 15:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-09 12:08 - 2016-02-08 15:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 12:08 - 2016-02-08 15:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-09 12:08 - 2016-02-08 15:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 12:08 - 2016-02-08 15:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 12:08 - 2016-02-08 15:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 12:08 - 2016-02-08 15:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 12:08 - 2016-02-08 15:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 12:08 - 2016-02-08 15:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-09 12:08 - 2016-02-08 14:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 12:08 - 2016-02-05 13:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 12:08 - 2016-02-05 13:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-09 12:08 - 2016-02-05 13:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-09 12:08 - 2016-02-05 12:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 12:08 - 2016-02-05 12:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 12:08 - 2016-02-05 09:07 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 12:08 - 2016-02-05 09:07 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 12:08 - 2016-02-05 09:07 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-09 12:08 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-09 12:07 - 2016-02-09 04:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-09 12:07 - 2016-02-09 04:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 12:07 - 2016-02-09 04:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-09 12:07 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-09 12:07 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-09 12:07 - 2016-01-11 13:54 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-09 11:21 - 2016-03-09 11:21 - 01154672 _____ (SlimWare Utilities, Inc.) C:\Users\thom hp extra\Downloads\AVG_Driver_Updater_Setup_15_1.exe
2016-03-07 15:53 - 2016-03-07 15:53 - 00000000 ____D C:\QuiE050.tmp
2016-03-07 15:53 - 2016-03-07 15:53 - 00000000 ____D C:\QuiE02F.tmp
2016-03-07 15:53 - 2016-03-07 15:53 - 00000000 ____D C:\QuiDF92.tmp
2016-03-07 11:14 - 2016-03-07 11:14 - 00000000 ____D C:\Qui6800.tmp
2016-03-07 11:14 - 2016-03-07 11:14 - 00000000 ____D C:\Qui67FF.tmp
2016-03-07 11:14 - 2016-03-07 11:14 - 00000000 ____D C:\Qui6714.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-04 08:38 - 2015-07-17 11:11 - 00000000 ____D C:\ProgramData\BOINC
2016-04-04 08:38 - 2015-02-13 16:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-04 08:19 - 2016-01-25 12:04 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-04 08:16 - 2015-05-30 23:43 - 00000706 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4133590188-1570471198-2000522743-1000.job
2016-04-04 08:14 - 2015-03-18 20:21 - 00000610 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4133590188-1570471198-2000522743-1000.job
2016-04-04 08:07 - 2015-07-12 13:55 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-04 07:47 - 2009-07-13 23:34 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-04 07:47 - 2009-07-13 23:34 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-04 06:20 - 2016-01-25 12:04 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-04 04:07 - 2015-07-12 13:55 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-04 01:20 - 2014-03-07 14:21 - 00000000 ____D C:\ProgramData\MFAData
2016-03-30 15:27 - 2015-02-19 14:16 - 00002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-28 09:57 - 2016-01-13 12:07 - 00002109 _____ C:\Users\thom hp extra\Downloads\download.qfx
2016-03-25 08:56 - 2015-07-12 14:02 - 00000000 ___RD C:\Users\thom hp extra\Dropbox
2016-03-25 08:56 - 2015-07-12 13:55 - 00000000 ____D C:\Users\thom hp extra\AppData\Local\Dropbox
2016-03-25 08:55 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-25 08:55 - 2009-07-13 23:33 - 00426728 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-25 08:53 - 2015-02-05 23:06 - 00030912 _____ C:\Windows\system32\BMXStateBkp-{00000001-00000000-00000009-00001102-00000004-10031102}.rfx
2016-03-25 08:53 - 2015-02-05 23:06 - 00030912 _____ C:\Windows\system32\BMXState-{00000001-00000000-00000009-00001102-00000004-10031102}.rfx
2016-03-25 08:53 - 2015-02-05 23:06 - 00030120 _____ C:\Windows\system32\BMXCtrlState-{00000001-00000000-00000009-00001102-00000004-10031102}.rfx
2016-03-25 08:53 - 2015-02-05 23:06 - 00030120 _____ C:\Windows\system32\BMXBkpCtrlState-{00000001-00000000-00000009-00001102-00000004-10031102}.rfx
2016-03-25 08:53 - 2015-02-05 23:06 - 00011564 _____ C:\Windows\system32\DVCState-{00000001-00000000-00000009-00001102-00000004-10031102}.rfx
2016-03-24 10:40 - 2015-03-01 18:57 - 00000000 ____D C:\Program Files\TeamViewer
2016-03-24 03:02 - 2015-08-27 03:21 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-20 18:52 - 2010-11-20 16:01 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-20 18:52 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2016-03-20 12:41 - 2015-02-03 13:43 - 00000000 ____D C:\Users\thom hp extra\Desktop\MISC
2016-03-19 17:47 - 2015-02-13 16:01 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-03-19 17:47 - 2015-02-13 16:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-19 14:15 - 2015-07-12 13:55 - 00000000 ____D C:\Program Files\Dropbox
2016-03-19 14:12 - 2015-08-11 21:39 - 00000000 ____D C:\Users\thom hp extra\AppData\Local\join.me
2016-03-18 12:08 - 2015-12-17 18:51 - 00307200 _____ (Secure By Design Inc.) C:\Users\thom hp extra\Downloads\Ninite TeamViewer 11 Installer.exe
2016-03-13 09:31 - 2015-12-25 17:17 - 02625627 ____H C:\Users\thom hp extra\AppData\Local\IconCache.db.backup
2016-03-12 23:51 - 2014-03-24 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-03-10 22:38 - 2015-11-22 14:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-10 11:24 - 2015-11-19 12:52 - 00000000 ____D C:\Users\thom hp extra\Downloads\WITHDRAWAL FORMS
2016-03-10 05:54 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2016-03-10 04:48 - 2015-08-27 03:21 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-10 04:19 - 2014-03-06 19:33 - 00000000 ____D C:\Windows\system32\MRT
2016-03-10 04:05 - 2014-03-06 19:33 - 141270216 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-06 19:26 - 2015-02-02 21:05 - 00000000 ____D C:\Users\thom hp extra\AppData\Roaming\Intuit

==================== Files in the root of some directories =======

2015-01-31 18:43 - 2015-01-31 18:43 - 0000000 ____H () C:\Users\thom hp extra\AppData\Roaming\ActUpdate.log
2014-03-28 17:57 - 2015-01-30 17:52 - 0003284 _____ () C:\Users\thom hp extra\AppData\Roaming\ANIWZCS{9E2AE674-D8F7-4C69-A94F-804538642535}
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\thom hp extra\AppData\Roaming\GaO48WQ
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\thom hp extra\AppData\Roaming\LzQT6q4CAfmRtZRX
2015-01-31 18:36 - 2015-01-31 18:37 - 0032254 _____ () C:\Users\thom hp extra\AppData\Roaming\NGEN_AppLog_Install.txt
2015-11-12 21:18 - 2015-11-12 21:18 - 0007887 _____ () C:\Users\thom hp extra\AppData\Roaming\pcouffin.cat
2015-11-12 21:18 - 2015-11-12 21:18 - 0001144 _____ () C:\Users\thom hp extra\AppData\Roaming\pcouffin.inf
2015-11-12 21:20 - 2015-11-12 21:20 - 0000034 _____ () C:\Users\thom hp extra\AppData\Roaming\pcouffin.log
2015-11-12 21:18 - 2015-11-12 21:18 - 0047360 _____ (VSO Software) C:\Users\thom hp extra\AppData\Roaming\pcouffin.sys
2015-08-11 21:37 - 2015-08-11 21:37 - 0000233 _____ () C:\Users\thom hp extra\AppData\Local\poetsch.bat
2015-07-24 21:15 - 2015-07-24 21:15 - 0007605 _____ () C:\Users\thom hp extra\AppData\Local\Resmon.ResmonCfg
2015-02-01 22:16 - 2015-02-01 22:16 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-03-08 16:55 - 2014-03-08 16:55 - 0004147 _____ () C:\ProgramData\duavsiev.mnv
2015-01-31 18:43 - 2015-01-31 18:43 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-02-03 09:03 - 2016-01-27 15:36 - 0000461 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-11-15 21:16 - 2015-11-15 21:16 - 0004943 _____ () C:\ProgramData\rxsmznjf.zcp

Some files in TEMP:
====================
C:\Users\thom hp extra\AppData\Local\Temp\avguirn_08117067953.exe
C:\Users\thom hp extra\AppData\Local\Temp\avguirn_081317204299.exe
C:\Users\thom hp extra\AppData\Local\Temp\avguirn_081476418522.exe
C:\Users\thom hp extra\AppData\Local\Temp\FMSD4C.tmp.exe
C:\Users\thom hp extra\AppData\Local\Temp\sqlite3.dll
C:\Users\thom hp extra\AppData\Local\Temp\update.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-29 00:19

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by thom hp extra (2016-04-04 08:42:36)
Running from C:\Users\thom hp extra\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2014-03-06 23:06:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4133590188-1570471198-2000522743-500 - Administrator - Disabled)
Guest (S-1-5-21-4133590188-1570471198-2000522743-501 - Limited - Enabled)
thom hp extra (S-1-5-21-4133590188-1570471198-2000522743-1000 - Administrator - Enabled) => C:\Users\thom hp extra
UpdatusUser (S-1-5-21-4133590188-1570471198-2000522743-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
ABBulkMailer (HKLM\...\{88D11640-A72A-423B-A892-391704A8B6E6}) (Version: 7.7 - ABO)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\{44CF4DB9-707A-4395-839C-573FBC206CB9}) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{D5DDB55E-C051-514E-8AF4-4087C880BAD4}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ASUS GPU Tweak (HKLM\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.2.4 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (Version: 2.4.2.4 - ASUSTek COMPUTER INC.) Hidden
AVG (Version: 16.51.7497 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4545 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.51.7497 - AVG Technologies)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)
Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
ConvertXtoDVD 2.2.3.258 (HKLM\...\{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1) (Version: 2.2.3.258 - VSO-Software SARL)
Dropbox (HKLM\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.27.33 - Dropbox, Inc.) Hidden
Fitbit Connect (HKLM\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
FMW 1 (Version: 1.62.2 - AVG Technologies) Hidden
Google Chrome (HKLM\...\{B6FC2A04-CA24-37A9-9977-D08FB30E7E0B}) (Version: 49.0.2623.110 - Google, Inc.)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.15.0.4732 (HKU\S-1-5-21-4133590188-1570471198-2000522743-1000\...\GoToMeeting) (Version: 7.15.0.4732 - CitrixOnline)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HydraVision (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iSkysoft Video Editor(Build 4.7.2) (HKLM\...\iSkysoft Video Editor_is1) (Version: - iSkysoft Software)
join.me (HKU\S-1-5-21-4133590188-1570471198-2000522743-1000\...\JoinMe) (Version: 2.13.0.1917 - LogMeIn, Inc.)
join.me.launcher (Version: 1.0.624.0 - LogMeIn, Inc.) Hidden
Kodi (HKU\S-1-5-21-4133590188-1570471198-2000522743-1000\...\Kodi) (Version: - XBMC-Foundation)
Lead Tools Direct 297 Club (HKLM\...\{EE3AC114-0E7E-495B-9C5F-4DA853E845CD}) (Version: 8.7.0.2 - Software Success LLC)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{4AB6A079-178B-4144-B21F-4D1AE71666A2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movavi Video Editor 11 (HKLM\...\Movavi Video Editor 11) (Version: 11.0.0 - Movavi)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Net Extractor (HKLM\...\{B4F771C8-4831-4C22-B157-1F3942A4A904}) (Version: 8.9.1.0 - Software Success LLC)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Quicken 2014 (HKLM\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.8.8 - Intuit)
Revo Uninstaller 1.94 (HKLM\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Sage ACT! Premium 2011 (HKLM\...\InstallShield_{90D98D17-B609-4605-9A7D-4591A12A3485}) (Version: 13.1.0.0 - Sage, Inc.)
Sage ACT! Premium 2011 (Version: 13.1.0.0 - Sage, Inc.) Hidden
SeaMonkey 2.39 (x86 en-US) (HKLM\...\SeaMonkey 2.39 (x86 en-US)) (Version: 2.39 - Mozilla)
Second Nature - Natural Beauty by Kevin McNeal (HKLM\...\Second Nature - Natural Beauty by Kevin McNeal) (Version: 4.47 - Second Nature Software, Inc.)
Skype™ 7.12 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World Community Grid (HKLM\...\{204A5C8D-5FE3-42F3-95DF-81685E863135}) (Version: 7.2.47 - World Community Grid)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4133590188-1570471198-2000522743-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\thom hp extra\AppData\Local\Citrix\GoToMeeting\4190\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {117F9879-ADB8-4620-99DC-35F7068803E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)
Task: {1BC2A16D-9E46-4160-BBE6-D1704EE6C4B1} - System32\Tasks\{6CCF5B0F-8CA3-468B-ABA0-B50B920A28AB} => pcalua.exe -a "C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\x86\SetupARP.exe" -c /X86
Task: {1D28D053-41CE-4AAF-AB21-9E2AE7CA1166} - System32\Tasks\G2MUpdateTask-S-1-5-21-4133590188-1570471198-2000522743-1000 => C:\Users\thom hp extra\AppData\Local\Citrix\GoToMeeting\4732\g2mupdate.exe [2016-03-30] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {2E533853-F126-45F1-BF1F-FFFA305D01F7} - System32\Tasks\G2MUploadTask-S-1-5-21-4133590188-1570471198-2000522743-1000 => C:\Users\thom hp extra\AppData\Local\Citrix\GoToMeeting\4732\g2mupload.exe [2016-03-30] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {34E8D6B0-EC5D-4F33-8CA5-23F8A7B6653B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-19] (Google Inc.)
Task: {3D1BAF98-0CA7-4EFD-A3D4-F19370BB29C7} - System32\Tasks\IntegrationManager => C:\Users\thom hp extra\AppData\Local\intmanager\int.exe [2015-10-06] ()
Task: {43EFF209-74CF-473F-8894-CE3782BD43D3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-07-12] (Dropbox, Inc.)
Task: {5A2F0CAC-17F3-4DA2-BB43-D2A843D43976} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-19] (Adobe Systems Incorporated)
Task: {5E2C2A6F-4399-4091-917D-6C4BC138D3E8} - \TweakBit\FixMyPC\Start FixMyPC automatic scanning -> No File <==== ATTENTION
Task: {5F1676B2-44D6-42E9-B17A-BC0C7BE38416} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {67730C60-5303-43C1-8B09-DED83EA4329E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {67776C06-D262-4E0F-95A5-57F25F0A9DAD} - System32\Tasks\{EAAAF60C-2709-41EC-8B93-BFAF6CD48D19} => pcalua.exe -a "C:\Users\thom hp extra\Downloads\vb27_207272.exe" -d "C:\Users\thom hp extra\Downloads"
Task: {6C19CB3D-A765-4295-BA0D-8B1A193BCBEE} - System32\Tasks\Quicken for Windows => C:\Program Files\Quicken\bagent.exe [2015-03-25] (Intuit Inc.)
Task: {76C8B16B-829B-4261-896D-FC3EA356D88B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {7B007236-35A7-453C-9F79-61D64F56EE9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {7CE94C98-066A-4862-B9A8-16367E87A0F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {80ACCE2C-5C6F-4C73-B5C6-331119ED035C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {8BAC166A-3BEA-4F6C-8B49-289C8537708C} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {96339CE9-EBC1-4193-9852-F139B4A784A8} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe
Task: {970EDE0F-C362-4C29-A6D8-EBD889D73E79} - System32\Tasks\Component System\Component => C:\Users\thom hp extra\AppData\Local\Component\com.exe [2015-10-24] ()
Task: {9FF5FEBD-856B-4FC7-9D3D-E7CE89E44238} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {B769C544-E029-414E-95B8-0530DA0CA284} - System32\Tasks\{E8B288B1-2ED9-4FAD-A728-C25E7ACE93EF} => pcalua.exe -a "C:\Users\thom hp extra\Downloads\vb27_207272.exe" -d "C:\Users\thom hp extra\Downloads"
Task: {B903B1E9-72C1-4156-8FA2-F93952B2B3A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-19] (Google Inc.)
Task: {F0F0E9AE-7CC7-48E5-96F9-83FCEF053EB1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-07-12] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4133590188-1570471198-2000522743-1000.job => C:\Users\thom hp extra\AppData\Local\Citrix\GoToMeeting\4732\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4133590188-1570471198-2000522743-1000.job => C:\Users\thom hp extra\AppData\Local\Citrix\GoToMeeting\4732\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\thom hp extra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.blueskiestoday.com/go/
ShortcutWithArgument: C:\Users\thom hp extra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.blueskiestoday.com/go/

==================== Loaded Modules (Whitelisted) ==============

2016-03-19 14:14 - 2016-02-23 13:19 - 00034768 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2016-03-19 14:13 - 2016-02-23 13:20 - 00019408 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
2016-03-19 14:14 - 2016-02-23 13:19 - 00116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2016-03-19 14:14 - 2016-02-23 13:19 - 00093640 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2016-03-19 14:14 - 2016-02-23 13:19 - 00018376 _____ () C:\Program Files\Dropbox\Client\select.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00019760 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2016-03-19 14:14 - 2016-02-23 13:21 - 00105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2016-03-19 14:14 - 2016-02-23 13:19 - 00392144 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2016-03-19 14:14 - 2016-03-11 19:18 - 00381752 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2016-03-19 14:14 - 2016-02-23 13:19 - 00692688 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2016-03-19 14:13 - 2016-03-11 19:18 - 00020816 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-03-19 14:14 - 2016-02-23 13:20 - 00112592 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2016-03-19 14:13 - 2016-03-11 19:18 - 01682760 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-03-19 14:13 - 2016-03-11 19:18 - 00020808 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00020800 _____ () C:\Program Files\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00021840 _____ () C:\Program Files\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-03-19 14:13 - 2016-03-11 19:18 - 00038696 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2016-03-19 14:14 - 2016-02-23 13:21 - 00020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2016-03-19 14:14 - 2016-02-23 13:21 - 00024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2016-03-19 14:14 - 2016-02-23 13:21 - 00114640 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2016-03-19 14:14 - 2016-02-23 13:21 - 00124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00021832 _____ () C:\Program Files\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-03-19 14:14 - 2016-02-23 13:21 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2016-03-19 14:14 - 2016-02-23 13:21 - 00175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2016-03-19 14:14 - 2016-02-23 13:21 - 00030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2016-03-19 14:14 - 2016-02-23 13:21 - 00043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2016-03-19 14:14 - 2016-02-23 13:21 - 00028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2016-03-19 14:14 - 2016-02-23 13:21 - 00048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2016-03-19 14:13 - 2016-03-11 19:18 - 00026456 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-03-19 14:14 - 2016-02-23 13:21 - 00057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2016-03-19 14:14 - 2016-02-23 13:21 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2016-03-19 14:13 - 2016-03-11 19:18 - 00117056 _____ () C:\Program Files\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00024392 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-03-19 14:14 - 2016-02-23 13:21 - 00036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2016-03-19 14:14 - 2016-03-11 19:18 - 00023376 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-03-19 14:14 - 2016-02-23 13:19 - 00134608 _____ () C:\Program Files\Dropbox\Client\_elementtree.pyd
2016-03-19 14:14 - 2016-02-23 13:19 - 00134088 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2016-03-19 14:14 - 2016-02-23 13:20 - 00240584 _____ () C:\Program Files\Dropbox\Client\jpegtran.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00052024 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00021824 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00019776 _____ () C:\Program Files\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-03-19 14:13 - 2016-03-11 19:18 - 00020280 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-03-19 14:14 - 2016-02-23 13:21 - 00350152 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00022352 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-03-19 14:13 - 2016-03-11 19:18 - 00084792 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-03-19 14:14 - 2016-03-11 19:18 - 01826096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2016-03-19 14:14 - 2016-02-23 13:20 - 00083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 03928880 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 01971504 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00531248 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00132912 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00223544 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00207672 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00158008 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00042808 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-03-19 14:14 - 2016-02-23 13:23 - 00017864 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
2016-03-19 14:14 - 2016-02-23 13:23 - 01631184 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2016-03-19 14:14 - 2016-03-11 19:18 - 00024904 _____ () C:\Program Files\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00546096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
2016-03-19 14:14 - 2016-03-11 19:18 - 00357680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2016-03-19 14:14 - 2016-02-23 13:25 - 00697304 _____ () C:\Program Files\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-11-15 21:34 - 2014-09-11 19:58 - 01498112 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2015-11-15 21:34 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2015-10-27 22:25 - 2015-10-27 22:25 - 00213936 _____ () C:\Users\thom hp extra\AppData\Local\join.me.launcher\ExternalLibs\x86\JoinMe.Launcher.Win.Wrapper.dll
2015-11-04 16:48 - 2015-11-03 15:17 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll
2012-10-19 14:18 - 2012-10-19 14:18 - 00081920 _____ () C:\Program Files\BOINC\zlib1.dll
2014-03-06 22:02 - 2002-07-25 04:50 - 00077872 _____ () C:\Program Files\ACT\SNPrompt.dll
2014-03-06 22:02 - 1999-03-23 15:39 - 00307870 _____ () C:\Program Files\ACT\ICDLLW32.dll
2014-03-06 22:02 - 1999-03-23 15:32 - 00200578 _____ () C:\Program Files\ACT\PDDLLW32.dll
2014-03-06 22:02 - 1996-10-09 10:31 - 00052736 _____ () C:\Program Files\ACT\Serial32.dll
2014-03-06 22:02 - 2002-07-25 04:55 - 00069697 _____ () C:\Program Files\ACT\ACTNOXL8.DLL
2014-03-06 22:02 - 2002-07-25 04:55 - 00221247 _____ () C:\Program Files\ACT\ACTSTR.DLL
2014-03-06 22:02 - 2002-07-25 04:54 - 00041041 _____ () C:\Program Files\ACT\ActABCache.dll
2014-03-06 22:02 - 2002-07-25 04:55 - 00045056 _____ () C:\Program Files\ACT\res_ie.dll
2015-07-17 11:15 - 2015-07-17 11:15 - 01448448 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_oet1_vina_7.19_windows_intelx86
2016-03-23 02:49 - 2016-03-23 02:49 - 00212936 _____ () C:\Program Files\TurboTax\Home & Business 2015\32bit\ServiceBus.dll
2016-03-23 02:49 - 2016-03-23 02:49 - 00080840 _____ () C:\Program Files\TurboTax\Home & Business 2015\32bit\ManagedServiceBus.dll
2016-03-23 02:49 - 2016-03-23 02:49 - 03353032 _____ () C:\Program Files\TurboTax\Home & Business 2015\32bit\v8-ia32.dll
2015-10-14 08:15 - 2015-10-14 08:15 - 00395208 _____ () C:\Program Files\TurboTax\Home & Business 2015\32bit\ClearScriptV8-32.dll
2015-10-23 00:16 - 2015-10-23 00:16 - 05341696 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_fahb_bedam_7.14_windows_intelx86

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2015-11-24 14:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4133590188-1570471198-2000522743-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\thom hp extra\Pictures\Second Nature.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: ASGT => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: Fitbit Connect => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: Sage ACT! Scheduler => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Sage ACT! Outlook Sync.lnk => C:\Windows\pss\Sage ACT! Outlook Sync.lnk.CommonStartup
MSCONFIG\startupreg: Act! Preloader => "C:\Program Files\ACT\Act for Windows\ActSage.exe" -preload
MSCONFIG\startupreg: Act.Outlook.Service => "C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe"
MSCONFIG\startupreg: boincmgr => "C:\Program Files\BOINC\boincmgr.exe" /a /s
MSCONFIG\startupreg: boinctray => "C:\Program Files\BOINC\boinctray.exe"
MSCONFIG\startupreg: CTHelper => CTHELPER.EXE
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: Dropbox => "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Officejet Pro 8600 (NET) => "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN229AQ02Z05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: QuickenScheduledUpdates => C:\Program Files\Quicken\bagent.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{08D93653-B999-41E4-B187-37290693E404}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{72D0DF2A-5E8E-4583-94EC-EEF638E63F59}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{618A904D-406F-4A88-B1E8-369C70B3BF82}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{3AB3E42D-E61D-4D01-9A4E-2CDBD6C02FE6}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{8F5832B0-164E-48DC-B38D-7ECEB42199F6}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [TCP Query User{FA0EABD2-7E52-4296-ACE3-1615D1779C2B}C:\program files\act\act for windows\actsage.exe] => (Block) C:\program files\act\act for windows\actsage.exe
FirewallRules: [UDP Query User{B95ABAEF-0B51-4124-9B5A-06EA01F30741}C:\program files\act\act for windows\actsage.exe] => (Block) C:\program files\act\act for windows\actsage.exe
FirewallRules: [TCP Query User{79F64179-8A80-4C60-9FF9-481737E32A04}C:\program files\act\act for windows\actsage.exe] => (Allow) C:\program files\act\act for windows\actsage.exe
FirewallRules: [UDP Query User{8D3883B9-C3F1-4F70-8F2B-34940B9E487D}C:\program files\act\act for windows\actsage.exe] => (Allow) C:\program files\act\act for windows\actsage.exe
FirewallRules: [TCP Query User{E05A6A58-6FAA-40BB-A56E-DEC4068563A7}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe
FirewallRules: [UDP Query User{83D4AEE2-8C8C-4B46-AC2A-1A71BA6C4F28}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe
FirewallRules: [TCP Query User{9722345B-FD67-4A1B-8BF2-3420E147C456}C:\users\thom hp extra\desktop\nextlevelafrica-qt.exe] => (Allow) C:\users\thom hp extra\desktop\nextlevelafrica-qt.exe
FirewallRules: [UDP Query User{0070A6A7-7D90-4C79-94D6-7A40B6B513DB}C:\users\thom hp extra\desktop\nextlevelafrica-qt.exe] => (Allow) C:\users\thom hp extra\desktop\nextlevelafrica-qt.exe
FirewallRules: [{8B9EC8BB-1D2A-4685-B94E-66E7675A3308}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7248E747-8685-4978-A171-B396E3A639DE}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{5F478FE4-5B52-4C04-A960-B8181B822565}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{E8F05724-ACB8-4715-B83E-8A5A3BEABC84}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{B4783BED-DF6B-45D7-A831-939900455C76}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{D70ACCCD-2264-4D42-B0FB-A491D8319E1D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{F34C48ED-A916-412F-8FCD-CD2D71CDDD5C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{1C82A635-B30F-433B-91D0-37C13C62420A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{644B2EF9-3A37-4697-B1EA-FC776BD2C72E}C:\program files\teamviewer\teamviewer.exe] => (Allow) C:\program files\teamviewer\teamviewer.exe
FirewallRules: [UDP Query User{16C64792-8BFD-4900-BE29-FD8545677233}C:\program files\teamviewer\teamviewer.exe] => (Allow) C:\program files\teamviewer\teamviewer.exe
FirewallRules: [{C1B80640-3083-41D0-BB32-A87BCA746C89}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{C2E7F7A5-7859-46B6-A431-252F790ED9F1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{0B3C7FF9-B78D-4A54-9F63-04668672C3DB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EF2CE6AD-E982-4F95-910B-659383784270}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{87E0D1AD-FF9A-49DF-9FB2-1EAD1412A0B7}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{A1AB6379-DDB1-4773-93AC-14F0E52486BA}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{4DD22E50-08F0-4CB7-A266-09CF4F699619}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{46AB324E-88DA-48C5-8E8F-BC2F3524F839}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{1579DCDE-EE37-43F0-B7F7-2C88B0756A09}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{7A38CF91-6DDF-4A87-96D2-25165C113FA9}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{D7FF9638-F0CD-4CBE-BCCC-20F83EAB8CFB}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{51553C9E-540A-446F-995F-9EAF1BF01BB9}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{9811A711-83D6-42B5-A456-A885ACA27001}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{718F7CFA-A650-4C6C-AA46-1B3FCD44226E}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2ED9E3D8-27CB-4B0D-A14A-59B22A12136B}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A9E06EE8-0C38-45ED-A795-72100E76CC4E}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{8E2478CE-EE24-42B7-9F1E-CEE14B8987D8}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DB1FAEC1-B696-4FAF-84DA-E1F3B7874B49}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

==================== Restore Points =========================

15-03-2016 03:00:35 Windows Update
24-03-2016 03:00:31 Windows Update
03-04-2016 00:16:58 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: FNetDevi
Description: FNetDevi
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: FNetDevi
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2016 06:39:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: qwpatch.exe, version: 0.0.0.0, time stamp: 0x56a59cca
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x19e8
Faulting application start time: 0xqwpatch.exe0
Faulting application path: qwpatch.exe1
Faulting module path: qwpatch.exe2
Report Id: qwpatch.exe3

Error: (03/28/2016 10:02:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: qwpatch.exe, version: 0.0.0.0, time stamp: 0x56a59cca
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1b40
Faulting application start time: 0xqwpatch.exe0
Faulting application path: qwpatch.exe1
Faulting module path: qwpatch.exe2
Report Id: qwpatch.exe3

Error: (03/28/2016 10:01:49 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: QW.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.Run()
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at QuickenWindow.Program.ShowMain()
at QuickenWindow.Program.Main()

Error: (03/25/2016 08:55:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/25/2016 08:42:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ActEmail.exe, version: 1.0.0.1, time stamp: 0x3d3fdea5
Faulting module name: ActEmail.exe, version: 1.0.0.1, time stamp: 0x3d3fdea5
Exception code: 0xc0000005
Fault offset: 0x00003776
Faulting process id: 0x2a4
Faulting application start time: 0xActEmail.exe0
Faulting application path: ActEmail.exe1
Faulting module path: ActEmail.exe2
Report Id: ActEmail.exe3

Error: (03/24/2016 04:37:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 42.0.0.5785, time stamp: 0x563996b0
Faulting module name: mozglue.dll, version: 42.0.0.5785, time stamp: 0x56399471
Exception code: 0x80000003
Fault offset: 0x000025be
Faulting process id: 0x25c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (03/24/2016 10:40:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer_Service.exe, version: 11.0.56083.0, time stamp: 0x56d725ae
Faulting module name: TeamViewer_Service.exe, version: 11.0.56083.0, time stamp: 0x56d725ae
Exception code: 0xc0000005
Fault offset: 0x002af383
Faulting process id: 0xa30
Faulting application start time: 0xTeamViewer_Service.exe0
Faulting application path: TeamViewer_Service.exe1
Faulting module path: TeamViewer_Service.exe2
Report Id: TeamViewer_Service.exe3

Error: (03/22/2016 09:06:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ActEmail.exe, version: 1.0.0.1, time stamp: 0x3d3fdea5
Faulting module name: ActEmail.exe, version: 1.0.0.1, time stamp: 0x3d3fdea5
Exception code: 0xc0000005
Fault offset: 0x00003776
Faulting process id: 0x62c
Faulting application start time: 0xActEmail.exe0
Faulting application path: ActEmail.exe1
Faulting module path: ActEmail.exe2
Report Id: ActEmail.exe3

Error: (03/20/2016 06:47:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2016 12:58:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chess.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 204

Start Time: 01d18231d3ec4460

Termination Time: 0

Application Path: C:\Program Files\Microsoft Games\chess\chess.exe

Report Id:


System errors:
=============
Error: (03/30/2016 05:00:54 AM) (Source: nvstor32) (EventID: 3) (User: )
Description: Data error on device.



Device: \Device\RaidPort0

Model: WDC WD1000FYPS-01ZKB0

Firmware Version: 02.0

Serial Number: WD-WCASJ0680372

Port: 1

Error: (03/25/2016 08:56:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FNetDevi

Error: (03/24/2016 10:41:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 11 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.

Error: (03/22/2016 06:22:30 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{0283995D-71A2-4368-B948-69DB3C45847A} because another computer on the network has the same name. The server could not start.

Error: (03/20/2016 06:46:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FNetDevi

Error: (03/19/2016 05:46:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FNetDevi

Error: (03/16/2016 02:49:55 AM) (Source: nvstor32) (EventID: 3) (User: )
Description: Data error on device.



Device: \Device\RaidPort0

Model: WDC WD1000FYPS-01ZKB0

Firmware Version: 02.0

Serial Number: WD-WCASJ0680372

Port: 1

Error: (03/13/2016 09:34:21 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FNetDevi

Error: (03/12/2016 10:31:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FNetDevi

Error: (03/12/2016 10:27:05 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B5B32F2B-7906-4BDA-898D-226C1DB0374B}


CodeIntegrity:
===================================
Date: 2015-11-15 09:38:15.356
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-15 09:38:07.608
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-15 09:11:25.182
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-15 09:11:25.027
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-15 09:11:24.751
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-15 09:06:20.527
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-15 09:06:20.128
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-15 09:06:18.966
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-15 09:06:18.886
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-11-15 09:06:17.977
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+
Percentage of memory in use: 94%
Total physical RAM: 2046.55 MB
Available physical RAM: 122.56 MB
Total Virtual: 4239.68 MB
Available Virtual: 838.66 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:448.2 GB) (Free:334.24 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:17.56 GB) (Free:9.72 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Local Disk) (Fixed) (Total:931.51 GB) (Free:456.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=448.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: AA494790)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
thom15
Regular Member
 
Posts: 42
Joined: July 11th, 2008, 11:49 pm
Advertisement
Register to Remove

Re: slow pc

Unread postby pgmigg » April 4th, 2016, 10:11 am

No Description of Problems or Symptoms

By posting just the FRST logs without any supporting symptoms or explanations it is likely that your log will be passed by and you will not receive the help you're requesting.

May I draw your attention to THIS topic, which you should have read, that states what we need you to post, so we can help you.
Specifically, this section will tell you what information we require before we can help you and why we need it.

If you still need help, please start a new thread an include your full FRST logs:
  • FRST.txt.
  • Addition.txt.
  • A description of the problems or symptoms you're experiencing.

This topic will now be closed.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 133 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware