Inactive-A numerous issues with daughter's computer

This is the follow up to my earlier post Can't install antivirus, windows update fails, and so does windows defender

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by Jasmine Bradley (administrator) on JASMINEBRADLEY (27-07-2016 20:02:15)
Running from C:\Users\Jasmine Bradley\Downloads
Loaded Profiles: Jasmine Bradley & Guest1 (Available Profiles: Jasmine Bradley & Guest1 & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Smilebox, Inc.) C:\Users\Jasmine Bradley\AppData\Roaming\Smilebox\SmileboxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\nacl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\19.4.0\ScriptHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Jasmine Bradley\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Jasmine Bradley\AppData\Local\Akamai\netsession_win.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11046504 2010-07-13] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2095616 2010-07-20] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATORHL] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121456 2010-12-01] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-07-19] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2662472 2016-04-24] ()
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1627032 2014-02-05] (Autodesk, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24204648 2016-07-05] (Dropbox, Inc.)
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\Run: [Facebook Update] => C:\Users\Jasmine Bradley\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\Run: [EPSON WorkForce 610 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\\E_S20IC1.EXE /FU "C:\Users\JASMIN~1\AppData\Local\Temp\E_S7F9B.tmp" /EF "HKCU "
HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\Run: [WorkForce 610(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\\E_S20IC1.EXE /FU "C:\Users\JASMIN~1\AppData\Local\Temp\E_S7723.tmp" /EF "HKCU "
HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\Run: [SmileboxTray] => C:\Users\Jasmine Bradley\AppData\Roaming\Smilebox\SmileboxTray.exe [341976 2015-03-13] (Smilebox, Inc.)
HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Jasmine Bradley\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\Run: [GoogleChromeAutoLaunch_42C4852E2D7C308ECAB61EC971603720] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.)
HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2289996081-3835449814-1943132980-1007\...\Run: [WorkForce 610(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\\E_S20IC1.EXE /FU "C:\Users\Guest1\AppData\Local\Temp\E_S10EE.tmp" /EF "HKCU "
HKU\S-1-5-21-2289996081-3835449814-1943132980-1007\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2289996081-3835449814-1943132980-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2289996081-3835449814-1943132980-1007\...\Policies\Explorer: [NoViewContextMenu] 0
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-06-28]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1DD8FB72-425C-4E14-9FA7-A2D1AE409428}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{FBDFC363-1285-4706-9B21-9FA4ED583840}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={678D06CF-487F-4EE4-A5A5-55438099D0F5}&mid=2e46117876e747d088a41943ef1a6319-2634ee12333fd14cf2cce064c234d9dd2676d158&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=sa&d=2014-02-09 07:38:05&v=19.4.0.508&pid=safeguard&sg=0&sap=hp
HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2289996081-3835449814-1943132980-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={678D06CF-487F-4EE4-A5A5-55438099D0F5}&mid=2e46117876e747d088a41943ef1a6319-2634ee12333fd14cf2cce064c234d9dd2676d158&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=sa&d=2014-02-09 07:38:05&v=19.4.0.508&pid=safeguard&sg=0&sap=hp
HKU\S-1-5-21-2289996081-3835449814-1943132980-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2289996081-3835449814-1943132980-1001 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2289996081-3835449814-1943132980-1001 -> Comcast URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
SearchScopes: HKU\S-1-5-21-2289996081-3835449814-1943132980-1001 -> {0E3BB414-81EC-4149-890B-1935CE2C432D} URL = hxxp://www.mysearchresults.com/search?&c=2643&t=03&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2289996081-3835449814-1943132980-1001 -> {9438D61A-42FE-410D-BB10-9BF12775C6EF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=976A7AEE-786A-44E0-ADE4-93DBFF071454&apn_sauid=4AC8636F-B0FA-4E0E-890A-7F60F2B32839
SearchScopes: HKU\S-1-5-21-2289996081-3835449814-1943132980-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={678D06CF-487F-4EE4-A5A5-55438099D0F5}&mid=2e46117876e747d088a41943ef1a6319-2634ee12333fd14cf2cce064c234d9dd2676d158&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=sa&d=2014-02-09 07:38:05&v=19.4.0.508&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2289996081-3835449814-1943132980-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2289996081-3835449814-1943132980-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2289996081-3835449814-1943132980-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2289996081-3835449814-1943132980-1007 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKU\S-1-5-21-2289996081-3835449814-1943132980-1007 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={678D06CF-487F-4EE4-A5A5-55438099D0F5}&mid=2e46117876e747d088a41943ef1a6319-2634ee12333fd14cf2cce064c234d9dd2676d158&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=sa&d=2014-02-09 07:38:05&v=19.4.0.508&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2289996081-3835449814-1943132980-1007 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\19.4.0.508\AVG SafeGuard toolbar_toolbar.dll [2016-04-24] (AVG Secure Search)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2011-05-13] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-23] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.4.0.508\AVG SafeGuard toolbar_toolbar.dll [2016-04-24] (AVG Secure Search)
Toolbar: HKU\S-1-5-21-2289996081-3835449814-1943132980-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2289996081-3835449814-1943132980-1007 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.4.0\ViProtocol.dll [2016-04-24] (AVG Secure Search)

FireFox:
========
FF ProfilePath: C:\Users\Jasmine Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\x6zxz4g8.default-1438788500440
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://www.google.com/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-07-14] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.4.0\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2289996081-3835449814-1943132980-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jasmine Bradley\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-08-27] (Citrix Online)
FF Plugin HKU\S-1-5-21-2289996081-3835449814-1943132980-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jasmine Bradley\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2289996081-3835449814-1943132980-1001: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Jasmine Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\0ifi0tj3.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll [No File]
FF Plugin HKU\S-1-5-21-2289996081-3835449814-1943132980-1007: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Jasmine Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\x6zxz4g8.default-1438788500440\searchplugins\avg-secure-search.xml [2016-03-29]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml [2013-09-25]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2013-08-16]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-04-24]
FF Extension: AVG SafeGuard toolbar - C:\Users\Jasmine Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\x6zxz4g8.default-1438788500440\Extensions\avg@safeguard.xpi [2016-03-28]
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net [2016-06-20] [not signed]
FF Extension: Unit Layers - C:\Program Files (x86)\Mozilla Firefox\extensions\fgsegj@ohwcaijlmohgftbpsu.org [2016-06-20] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-06-20] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-06-20] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-06-25] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3303001&SearchSource=48&CUI=UN35833233241582310&UM=2
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3303001&SearchSource=48&CUI=UN35833233241582310&UM=2 ", "hxxp://www.google.com/ ", "hxxp://start.sweetpacks.com/?barid=&src=10&&st=23 "
CHR Profile: C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Slither.io Mods) - C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnlenmmkifnhllnjfoangnjokeadhbbk [2016-05-17]
CHR Extension: (Google Docs Offline) - C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-02]
CHR Extension: (Dragon Ball Z Shenron Theme) - C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\hogkhdclokhnolngljabbmalbjgadidl [2016-07-06]
CHR Extension: (Norton Identity Safe) - C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-27]
CHR Extension: (Agar.io Bot) - C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlnlogedhgopimklhbhmpnliaclegdhg [2015-09-28]
CHR Extension: (Google Hangouts) - C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-07-23]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-08-11]
CHR Extension: (AVG Secure Search) - C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2016-05-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]
CHR HKLM\...\Chrome\Extension: [eblihieomkjeiobglmnbmidkajdcfkpa] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eblihieomkjeiobglmnbmidkajdcfkpa] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-07] (Dropbox, Inc.)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [129648 2010-12-01] (Portrait Displays, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [293128 2016-05-31] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 vToolbarUpdater19.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\ToolbarUpdater.exe [1888328 2016-04-24] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-03-10] (MBB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150906.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150906.001\EX64.SYS [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S1 SASDIFSV; \??\C:\Users\JASMIN~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Users\JASMIN~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-27 20:02 - 2016-07-27 20:02 - 00033785 _____ C:\Users\Jasmine Bradley\Downloads\FRST.txt
2016-07-27 20:00 - 2016-07-27 20:02 - 00000000 ____D C:\FRST
2016-07-27 19:56 - 2016-07-27 19:57 - 02394112 _____ (Farbar) C:\Users\Jasmine Bradley\Downloads\FRST64.exe
2016-07-27 07:22 - 2016-07-27 07:22 - 09751184 _____ (TeamViewer GmbH) C:\Users\Jasmine Bradley\Downloads\TeamViewer_Setup_en(1).exe
2016-07-27 07:19 - 2016-07-27 07:19 - 02662800 _____ (Google) C:\Users\Jasmine Bradley\Downloads\gpautobackup_setup.exe
2016-07-27 07:11 - 2016-07-27 07:11 - 09751184 _____ (TeamViewer GmbH) C:\Users\Jasmine Bradley\Downloads\TeamViewer_Setup_en.exe
2016-07-24 19:43 - 2016-07-24 19:43 - 02228459 _____ C:\Users\Guest1\Downloads\jonah.zip
2016-07-24 12:44 - 2016-07-24 12:44 - 00103800 _____ C:\Users\Guest1\Downloads\KareemVanCallahan.doc.pdf
2016-07-23 16:36 - 2016-07-23 16:36 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-07-23 15:26 - 2016-07-23 15:26 - 00000134 _____ C:\Users\Jasmine Bradley\Desktop\Internet Explorer Troubleshooting.url
2016-07-23 14:30 - 2016-07-23 14:41 - 00000000 ____D C:\Users\Jasmine Bradley\Desktop\working on it
2016-07-23 14:22 - 2016-07-23 16:55 - 00000000 ____D C:\ProgramData\Avg
2016-07-23 14:22 - 2016-07-23 16:54 - 00000000 ____D C:\Users\Jasmine Bradley\AppData\Local\AvgSetupLog
2016-07-23 14:21 - 2016-07-23 14:22 - 03143504 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jasmine Bradley\Downloads\AVG_Protection_Free_1606.exe
2016-07-23 08:03 - 2016-07-23 08:03 - 00159370 _____ C:\Users\Guest1\Downloads\K-LOVE Radio (@kloveradio) • Instagram photos and videos.htm
2016-07-23 08:03 - 2016-07-23 08:03 - 00000000 ____D C:\Users\Guest1\Downloads\K-LOVE Radio (@kloveradio) • Instagram photos and videos_files
2016-07-21 12:07 - 2016-07-21 12:07 - 01444992 _____ C:\Users\Guest1\Downloads\SteamSetup.exe
2016-07-08 20:26 - 2016-07-08 20:26 - 00169861 _____ C:\Users\Jasmine Bradley\Documents\JasmineNCallahan2016.pdf
2016-07-08 18:14 - 2016-07-08 18:14 - 00167060 _____ C:\Users\Jasmine Bradley\Documents\JasmineNCallahan716.pdf
2016-07-08 18:05 - 2016-07-08 18:05 - 00161316 _____ C:\Users\Jasmine Bradley\Downloads\JasmineNCallahanR16(1).pdf
2016-07-08 12:01 - 2016-07-08 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-29 09:50 - 2016-06-29 09:50 - 00603716 _____ C:\Users\Jasmine Bradley\Downloads\JCallahan H6 DMV.pdf
2016-06-28 17:23 - 2016-06-28 17:23 - 00000000 ____D C:\Users\Jasmine Bradley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-06-28 17:22 - 2016-06-28 17:22 - 00420192 _____ () C:\Users\Jasmine Bradley\Downloads\DellSystemDetectLauncher.exe
2016-06-28 15:53 - 2016-06-28 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-27 20:01 - 2009-07-13 21:45 - 00009920 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-27 20:01 - 2009-07-13 21:45 - 00009920 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-27 19:33 - 2015-09-24 09:49 - 00000622 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2289996081-3835449814-1943132980-1001.job
2016-07-27 19:23 - 2012-03-31 10:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-27 19:21 - 2013-05-15 19:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-27 19:19 - 2015-12-07 14:14 - 00000926 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-07-27 18:08 - 2015-09-24 09:49 - 00000718 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2289996081-3835449814-1943132980-1001.job
2016-07-27 17:31 - 2011-10-13 14:51 - 00000968 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2289996081-3835449814-1943132980-1001UA.job
2016-07-27 17:31 - 2011-10-13 14:51 - 00000946 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2289996081-3835449814-1943132980-1001Core.job
2016-07-27 16:21 - 2013-05-15 19:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-27 15:31 - 2015-12-07 14:14 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-07-27 15:31 - 2013-12-04 20:20 - 00000468 ____H C:\Windows\Tasks\SK.Enhancer-S-161304646.job
2016-07-27 07:19 - 2016-05-17 08:46 - 00003246 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJasmine Bradley
2016-07-27 07:19 - 2016-05-17 08:46 - 00000372 _____ C:\Windows\Tasks\HPCeeScheduleForJasmine Bradley.job
2016-07-25 17:03 - 2011-04-19 08:55 - 00000000 ____D C:\ProgramData\PDFC
2016-07-25 17:02 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-24 21:02 - 2011-08-24 21:16 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4B0F68BA-C798-4564-93C5-F3B1FEDFDEE6}
2016-07-23 15:20 - 2013-07-18 03:01 - 00000000 ____D C:\Windows\system32\MRT
2016-07-23 14:38 - 2012-12-07 19:14 - 00000000 ____D C:\ProgramData\MFAData
2016-07-23 14:22 - 2014-10-24 17:35 - 00000000 ____D C:\Users\Jasmine Bradley\AppData\Local\Avg
2016-07-23 14:21 - 2014-11-23 11:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-23 14:20 - 2014-11-21 09:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-23 14:20 - 2014-11-21 09:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-23 14:20 - 2014-03-17 09:34 - 00001068 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-18 23:49 - 2014-11-23 19:43 - 00000000 ____D C:\Users\Guest1\AppData\Roaming\.minecraft
2016-07-16 14:35 - 2012-01-07 21:53 - 00000000 ____D C:\Users\Jasmine Bradley\AppData\Roaming\Skype
2016-07-14 21:23 - 2012-03-31 10:35 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 21:23 - 2012-03-31 10:35 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 21:23 - 2011-10-14 21:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-12 19:30 - 2011-10-14 21:01 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-12 19:30 - 2011-04-19 08:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-08 12:02 - 2015-12-07 14:14 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-07-03 21:25 - 2016-06-20 00:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-03 21:25 - 2012-05-26 18:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-01 18:28 - 2015-09-24 09:49 - 00003776 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2289996081-3835449814-1943132980-1001
2016-07-01 18:28 - 2015-09-24 09:49 - 00003680 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2289996081-3835449814-1943132980-1001
2016-07-01 15:02 - 2012-11-08 19:42 - 00003230 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJASMINEBRADLEY$
2016-07-01 15:02 - 2012-11-08 19:42 - 00000354 _____ C:\Windows\Tasks\HPCeeScheduleForJASMINEBRADLEY$.job
2016-07-01 10:36 - 2014-11-23 19:19 - 00000000 ____D C:\Users\Guest1\AppData\Roaming\Adobe
2016-07-01 10:30 - 2009-07-13 22:13 - 00797824 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-01 10:30 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-06-28 17:23 - 2013-04-02 19:45 - 00000000 ____D C:\Users\Jasmine Bradley\AppData\Local\Deployment
2016-06-28 17:22 - 2013-04-02 19:45 - 00000000 ____D C:\Users\Jasmine Bradley\AppData\Local\Apps\2.0
2016-06-28 15:53 - 2015-09-02 10:04 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-06-28 15:53 - 2015-08-01 23:13 - 00001926 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

==================== Files in the root of some directories =======

2013-06-28 14:27 - 2013-08-16 10:02 - 0003715 ____N () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-02-09 08:37 - 2014-06-02 03:03 - 0003745 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-04-03 13:15 - 2014-04-03 14:37 - 0000762 _____ () C:\Users\Jasmine Bradley\AppData\Roaming\com.teknia.flashworks.xml
2011-11-07 15:35 - 2011-11-07 15:40 - 0000077 _____ () C:\Users\Jasmine Bradley\AppData\Roaming\Rim.Desktop.Exception.log
2011-07-23 12:09 - 2013-01-14 21:18 - 0002013 _____ () C:\Users\Jasmine Bradley\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-11-07 15:35 - 2011-11-07 15:40 - 0000077 _____ () C:\Users\Jasmine Bradley\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-05-22 23:24 - 2012-05-22 23:24 - 0003584 _____ () C:\Users\Jasmine Bradley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-03 10:18 - 2011-08-24 21:12 - 0025271 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Jasmine Bradley\AppData\Local\Temp\avg-b7d6277f-30c6-4655-a280-2a37a6ead272.exe
C:\Users\Jasmine Bradley\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzacdy0.dll
C:\Users\Jasmine Bradley\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Jasmine Bradley\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jasmine Bradley\AppData\Local\Temp\Tsu28DAAC0B.dll
C:\Users\Jasmine Bradley\AppData\Local\Temp\Tsu3589AFBF.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2016-07-27 01:02

==================== End of FRST.txt ============================

======================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Jasmine Bradley (2016-07-27 20:03:01)
Running from C:\Users\Jasmine Bradley\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-05-28 14:56:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2289996081-3835449814-1943132980-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2289996081-3835449814-1943132980-1004 - Limited - Enabled)
Guest (S-1-5-21-2289996081-3835449814-1943132980-501 - Limited - Enabled) => C:\Users\Guest
Guest1 (S-1-5-21-2289996081-3835449814-1943132980-1007 - Limited - Enabled) => C:\Users\Guest1
HomeGroupUser$ (S-1-5-21-2289996081-3835449814-1943132980-1002 - Limited - Enabled)
Jasmine Bradley (S-1-5-21-2289996081-3835449814-1943132980-1001 - Administrator - Enabled) => C:\Users\Jasmine Bradley

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

5.0.0 (HKLM-x32\...\{7CB9E0A1-6516-44BE-A8EB-5CC48B805648}_is1) (Version: 5.0 - Teknia)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Ancient Hearts (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{E2D662AD-3FE3-26C5-5540-90E4974EF412}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Autodesk Download Manager (HKLM-x32\...\{C897D9EC-13C6-4A22-ABF7-33F2126A7DB6}) (Version: 3.0.8.0 - Autodesk, Inc.)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.4.0.508 - AVG Technologies)
Azteca (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Collapse Crunch (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect (HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.)
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard)
DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON WorkForce 610 Series Printer Uninstall (HKLM\...\EPSON WorkForce 610 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
e-Sword (HKLM-x32\...\{118071AB-6572-4FAD-A1FD-67264C994350}) (Version: 10.01.0000 - Rick Meyers)
Facebook for HP TouchSmart (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 7.20.0.5174 (HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\GoToMeeting) (Version: 7.20.0.5174 - CitrixOnline)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP AppsCenter for TouchSmart (HKLM-x32\...\{8317485C-067B-4B5B-A2A3-9D36B7B0399E}) (Version: 4.0.0.1 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.3 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.02.031 - Portrait Displays, Inc.)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP)
HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP TouchSmart (HKLM-x32\...\{1502291B-3C1B-4781-99F8-9D6D8C650588}) (Version: 4.0.41.0 - Hewlett-Packard)
HP TouchSmart Browser (HKLM-x32\...\{4ACC9E9C-12D6-4A9D-8FBC-3FD469B9FD34}) (Version: 4.1.0012 - Hewlett-Packard)
HP TouchSmart Calendar (HKLM-x32\...\{297FA7DE-08E5-44A6-8F66-9E26F61F4810}) (Version: 4.1.3869.29064 - Hewlett-Packard)
HP TouchSmart Canvas (HKLM-x32\...\{909CE9B4-76A7-4C3D-A9AC-CE231B3E4B40}) (Version: 2.0.3917.26233 - Hewlett-Packard)
HP TouchSmart Clock (HKLM-x32\...\{97AA232A-58CB-41A2-A258-0593F98AB1E0}) (Version: 3.1.3881.29051 - Hewlett-Packard)
HP TouchSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4625 - Hewlett-Packard)
HP TouchSmart eBay (HKLM-x32\...\{967C033E-00C7-4805-9A80-C1C35DA4CF0C}) (Version: 1.0.3923.31229 - Hewlett-Packard)
HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4517 - Hewlett-Packard)
HP TouchSmart Notes (HKLM-x32\...\{1F40643A-3489-4262-B7BA-F2EC6FA0A1C8}) (Version: 4.1.3916.21107 - Hewlett-Packard)
HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.1.4503 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP TouchSmart RSS (HKLM-x32\...\{608D7847-39B7-4D1D-AF6D-7DCC38C77615}) (Version: 4.1.0009 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 3.2.0.2 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{0581D120-6992-46FA-AAA2-42FA7EFF99C1}) (Version: 3.0.3910.29600 - Hewlett-Packard)
HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.1.4503 - Hewlett-Packard)
HP TouchSmart Weather (HKLM-x32\...\{554D4753-4637-477E-BB52-901A819C798D}) (Version: 4.0.4.0 - Hewlett-Packard)
HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3303 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-2289996081-3835449814-1943132980-1007\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iTunes (HKLM\...\{B613A9BB-2B34-4824-A4BE-2427653D59D6}) (Version: 10.4.0.80 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.334.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM-x32\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Miss Spider (HKLM-x32\...\Miss Spider) (Version: - )
MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.)
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4412 - Hewlett-Packard)
Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.57 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.35 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6156 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Safari (HKLM-x32\...\{735619D4-B42A-437A-958C-199BFCAEDB38}) (Version: 5.34.50.0 - Apple Inc.)
SDK (x32 Version: 2.22.002 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skip-Bo - Castaway Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13348 - Skype Technologies S.A.)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Smilebox (HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\Smilebox) (Version: 1.0.0.27710 - Smilebox, Inc.)
Tropical Fish Shop - Annabel's Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
zipForm6 (HKLM-x32\...\zipForm6) (Version: 1.0.0.0 - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2289996081-3835449814-1943132980-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Jasmine Bradley\AppData\Local\Citrix\GoToMeeting\3019\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0012DD62-3FEE-4A1F-8538-0D619292C203} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {02FC79EF-CB97-4E9B-A2F1-8A4D6998C13B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {04308AAD-EB65-41AC-83A8-820152CBF548} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0B98445A-338D-4DBB-92BB-3AF380C44FCD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {0C779BBE-D930-45EF-954E-F8239DD1FD88} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\SymErr.exe
Task: {0F44519B-D606-4AE8-8B5A-6B26139B5481} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-07-08] (HP Inc.)
Task: {14841DCD-F4F4-4729-8253-FC8654CDCDF7} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {19793F91-612B-4E06-8AE0-C6F3F4BD0BAD} - System32\Tasks\HPCeeScheduleForJASMINEBRADLEY$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {1BD6EACC-4430-4605-BB1B-D5FAB45C8E59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-Packard)
Task: {215153A8-F6C9-437B-ACD0-0B47C9DE6A27} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-09-03] (CyberLink)
Task: {36A63F1A-8BDD-4908-BC6B-CF972EDB33A9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-07] (Dropbox, Inc.)
Task: {40F3EAF4-ACF4-4DEC-BC5B-B47332D5C95B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {4725CD6A-5A13-4674-8103-61097B1CF5AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4C36557C-61B4-4E37-8AB4-117D4DD894A6} - System32\Tasks\HPCeeScheduleForJasmine Bradley => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {509973F5-6A0C-4419-AE61-F4EFEC1A6058} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {533BAC6F-0CF3-4C2B-A7BB-60AB2DB2C90D} - System32\Tasks\1114tbUpdateInfo => C:\ProgramData\Avg_Update_1114tb\1114tb_{E3784161-6738-4511-94D7-6D78CA34FA30}.exe [2014-11-06] ()
Task: {5CA623F2-3E0C-48FE-94E9-808E38228487} - System32\Tasks\0116tbUpdateInfo => C:\ProgramData\Avg_Update_0116tb\0116tb_{FDDF23C0-AFCF-4E66-B68A-968050B2D208}.exe
Task: {60A74EBC-BCB7-4E89-84FE-82F762013E0F} - System32\Tasks\{2BEA9D14-C754-4365-AAF1-503318E5B7C2} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {64451F03-84EA-4CD3-A8B4-98BEE07166AB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6CC64F98-1899-4B68-922B-44F25181E020} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {78200A20-FA8F-4511-B647-864A1DAED8FC} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {7B74EA80-C03F-44AF-828E-A9B26E793BFD} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\SymErr.exe
Task: {83EB04D2-2CA9-45BF-809A-20D18C127BFB} - System32\Tasks\{CE2DAF97-AE74-427E-9D4C-323DFBAEBE4B} => pcalua.exe -a "C:\Program Files (x86)\Minecraft\Minecraft.exe" -d "C:\Program Files (x86)\Minecraft "
Task: {8C8B29B2-F8C4-4E91-95B4-B8FD275A220E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-07] (Dropbox, Inc.)
Task: {903702FD-B236-4D1D-BFA8-0F64CA9C2827} - System32\Tasks\{506E024F-A8D6-41F0-B1D1-8E706918282F} => C:\Program Files (x86)\Hp\Digital Imaging\bin\Hpqdirec.exe
Task: {94D79860-7D86-4245-8F2A-E0F1FAE15536} - System32\Tasks\SK.Enhancer-S-161304646 => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION
Task: {95293446-0267-4DEF-94D7-DB1A46D18E75} - System32\Tasks\{B43123D3-C048-485E-9F3F-E8BA7BB52316} => pcalua.exe -a C:\Users\Public\Documents\QRC2005.exe -d C:\Users\Public\Documents
Task: {9610A5B6-BB0F-4527-A0AE-A99E71273127} - System32\Tasks\G2MUploadTask-S-1-5-21-2289996081-3835449814-1943132980-1001 => C:\Users\Jasmine Bradley\AppData\Local\Citrix\GoToMeeting\5174\g2mupload.exe [2016-07-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {99BDF557-DF82-412F-8997-74186C7D8566} - System32\Tasks\G2MUpdateTask-S-1-5-21-2289996081-3835449814-1943132980-1001 => C:\Users\Jasmine Bradley\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe [2016-07-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {9BF9F32B-75C5-4D9C-B509-02E0374B31B1} - System32\Tasks\{DD81F5BE-3279-40D9-82A6-3CEA02AFB71F} => C:\Program Files (x86)\Hp\Digital Imaging\bin\Hpqdirec.exe
Task: {AB528FF2-4845-4DA3-91FF-0FBD36437E8F} - System32\Tasks\{EE45419C-B85D-4B05-9754-A7AC73A5299F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.5.0.124/en/abandoninstall?page=tsPlugin&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {B284898A-0835-4EC8-8196-5F67DEF436B4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\WSCStub.exe
Task: {B7A285F8-F1AA-4355-A2E2-F7D586BDA023} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {B7E22483-917D-432D-98A0-E90C567D4EA6} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-19] (CyberLink)
Task: {B9497448-3BFE-461E-BD75-838B6BBC04E5} - System32\Tasks\WebReg Officejet J6400 Series => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe
Task: {BF2A2C80-A16F-40B2-A8F0-953E347C7F70} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2289996081-3835449814-1943132980-1001UA => C:\Users\Jasmine Bradley\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {DAD11B5E-D4FD-4B1C-8C83-6EFE917C965D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2289996081-3835449814-1943132980-1001Core => C:\Users\Jasmine Bradley\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {DE516324-5A6A-4E71-8618-7FB5BDD59CD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {EAE920B6-9833-4E4F-958B-EE12468ECDA0} - System32\Tasks\{F66DE155-C86C-421A-AD9D-80D8E1A5D16C} => pcalua.exe -a E:\INSTMSI.EXE -d E:\
Task: {EBD0717D-9DF2-4C81-BC75-538E48435FC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN39H491QM05YY => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-07-08] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0116tbUpdateInfo.job => C:\ProgramData\Avg_Update_0116tb\0116tb_{FDDF23C0-AFCF-4E66-B68A-968050B2D208}.exe
Task: C:\Windows\Tasks\1114tbUpdateInfo.job => C:\ProgramData\Avg_Update_1114tb\1114tb_{E3784161-6738-4511-94D7-6D78CA34FA30}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2289996081-3835449814-1943132980-1001Core.job => C:\Users\Jasmine Bradley\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2289996081-3835449814-1943132980-1001UA.job => C:\Users\Jasmine Bradley\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2289996081-3835449814-1943132980-1001.job => C:\Users\Jasmine Bradley\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2289996081-3835449814-1943132980-1001.job => C:\Users\Jasmine Bradley\AppData\Local\Citrix\GoToMeeting\5174\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJasmine Bradley.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJASMINEBRADLEY$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\SK.Enhancer-S-161304646.job => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exeG/schedule /profile c:\programdata\quickset\sk.enhancer\161304646.ini Jasmine BradleySK.Enh <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\GameExplorer\{f41abb66-f415-4c77-a2ae-917b23460332}\SupportTasks\0\More Games.lnk -> hxxp://hp.wildgames.com/?dp=hpcpc1c11&mc=gameexplorer_support
Shortcut: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\GameExplorer\{f07a743d-54ae-4686-b920-3aa7f436091d}\SupportTasks\0\More Games.lnk -> hxxp://hp.wildgames.com/?dp=hpcpc1c11&mc=gameexplorer_support
Shortcut: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\GameExplorer\{e5541345-a785-4e1e-906e-5bf6068ba4c0}\SupportTasks\0\More Games.lnk -> hxxp://hp.wildgames.com/?dp=hpcpc1c11&mc=gameexplorer_support
Shortcut: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\GameExplorer\{c72b7369-81ff-40fb-8294-f5006edf73ef}\SupportTasks\0\More Games.lnk -> hxxp://hp.wildgames.com/?dp=hpcpc1c11&mc=gameexplorer_support
Shortcut: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\GameExplorer\{9c57dc32-44bf-4dad-8cce-4d334f4f725a}\SupportTasks\0\More Games.lnk -> hxxp://hp.wildgames.com/?dp=hpcpc1c11&mc=gameexplorer_support
Shortcut: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\GameExplorer\{8dde8af6-a947-49ea-8858-e46765d3acb9}\SupportTasks\0\More Games.lnk -> hxxp://hp.wildgames.com/?dp=hpcpc1c11&mc=gameexplorer_support
Shortcut: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\GameExplorer\{5fe74c0f-3b4e-4d19-ba1a-45d1ca676438}\SupportTasks\0\More Games.lnk -> hxxp://hp.wildgames.com/?dp=hpcpc1c11&mc=gameexplorer_support
Shortcut: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\GameExplorer\{4f4fa136-6ede-454c-9495-620e06dcb70f}\SupportTasks\0\More Games.lnk -> hxxp://hp.wildgames.com/?dp=hpcpc1c11&mc=gameexplorer_support
Shortcut: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\GameExplorer\{119eedc1-0c64-4f7d-a42f-15559b86ea74}\SupportTasks\0\More Games.lnk -> hxxp://hp.wildgames.com/?dp=hpcpc1c11&mc=gameexplorer_support
Shortcut: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\GameExplorer\{0f8ecab3-81e7-4900-87ab-0b1cdc6bc1eb}\SupportTasks\0\More Games.lnk -> hxxp://hp.wildgames.com/?dp=hpcpc1c11&mc=gameexplorer_support
Shortcut: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\GameExplorer\{060c286e-7b14-4bf4-9936-205028416ca7}\SupportTasks\0\More Games.lnk -> hxxp://hp.wildgames.com/?dp=hpcpc1c11&mc=gameexplorer_support
Shortcut: C:\Users\Jasmine Bradley\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

ShortcutWithArgument: C:\Users\Jasmine Bradley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-04-24 08:57 - 2016-04-24 08:56 - 02662472 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2009-06-08 16:45 - 2009-06-08 16:45 - 00098304 ____N () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-19 08:24 - 2011-04-19 08:24 - 00270336 ____N () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 ____N () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 ____N () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-13 21:05 - 2009-03-12 16:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2013-01-13 21:05 - 2008-11-21 14:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2016-04-24 08:57 - 2016-04-24 08:56 - 00527944 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\log4cplusU.dll
2015-12-07 14:18 - 2016-06-06 18:58 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-07-08 12:01 - 2016-06-06 18:58 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-07-08 12:01 - 2016-06-06 18:59 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-07-08 12:01 - 2016-06-06 18:58 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-07 14:18 - 2016-06-06 18:58 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-07 14:18 - 2016-06-06 18:58 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-07 14:18 - 2016-07-05 11:00 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-07 14:18 - 2016-06-06 19:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-07-08 12:01 - 2016-06-06 18:58 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-07 14:18 - 2016-07-05 11:00 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-07 14:18 - 2016-06-06 18:58 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-07-08 12:01 - 2016-07-05 10:59 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-07 14:18 - 2016-06-06 18:59 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-07-08 12:01 - 2016-07-05 10:59 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-07-08 12:01 - 2016-07-05 10:59 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-07 14:18 - 2016-07-05 11:00 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-07-08 12:01 - 2016-07-05 11:00 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-07-08 12:01 - 2016-07-05 11:00 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-07-08 12:01 - 2016-06-06 19:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-07 14:18 - 2016-06-06 19:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-07 14:18 - 2016-06-06 19:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-07 14:18 - 2016-06-06 19:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-17 23:58 - 2016-07-05 11:00 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-07 14:18 - 2016-06-06 19:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-07 14:18 - 2016-06-06 19:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-07 14:18 - 2016-06-06 19:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-07 14:18 - 2016-06-06 19:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-07 14:18 - 2016-06-06 19:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-17 23:58 - 2016-07-05 11:00 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-07-08 12:01 - 2016-07-05 11:00 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-07 14:18 - 2016-06-06 19:00 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-07 14:18 - 2016-06-06 19:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-07-08 12:01 - 2016-07-05 10:59 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-07 14:18 - 2016-06-06 19:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-02-17 23:58 - 2016-07-05 11:00 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-17 23:58 - 2016-07-05 11:00 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-17 23:58 - 2016-07-05 11:00 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2015-12-07 14:18 - 2016-06-06 18:58 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-07-08 12:01 - 2016-06-06 18:59 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-07-08 12:01 - 2016-07-05 10:59 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-07 14:18 - 2016-07-05 11:00 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-07 14:18 - 2016-06-06 19:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-17 23:58 - 2016-07-05 11:00 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-07-08 12:01 - 2016-07-05 11:00 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-07-08 12:01 - 2016-06-06 19:01 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-07-08 12:01 - 2016-07-05 11:00 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-08 12:01 - 2016-07-05 11:00 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-07 14:18 - 2016-06-06 18:59 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-07-08 12:01 - 2016-07-05 11:00 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-07-08 12:01 - 2016-07-05 11:00 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-07-08 12:01 - 2016-07-05 11:00 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-07-08 12:01 - 2016-07-05 11:00 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-07-08 12:01 - 2016-07-05 11:00 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-07-08 12:01 - 2016-07-05 11:00 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-07 14:18 - 2016-06-06 19:00 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2015-12-07 14:18 - 2016-07-05 11:00 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-07-08 12:01 - 2016-07-05 11:00 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-07-08 12:01 - 2016-07-05 11:00 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-06-16 14:22 - 2016-06-15 02:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-16 14:22 - 2016-06-15 02:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

 

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => " "= "service "

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\...\sony.com -> sony.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-06-28 15:53 - 00000070 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jasmine Bradley\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2289996081-3835449814-1943132980-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Jasmine Bradley^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: InstaLAN => "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{A1131EB5-12AB-4EE1-8955-0925A8415C5E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{61273DAD-ADFC-49F9-A667-80164DC2AC76}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{F7C8E4A5-7AC9-4CDD-8E21-58FFD8DD9BB8}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Block) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe
FirewallRules: [UDP Query User{1860FBDA-7AE8-4002-990E-BEE3B39264C8}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Block) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe
FirewallRules: [{0BA99DA0-DED8-4AD2-B61B-BAFA311A65A9}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{18782B17-C9AE-47AD-8E99-F3F1080EB21C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [TCP Query User{F0BF32F9-336F-42B2-A710-DF0A5C211E98}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{AC0D63B3-C37D-4CAD-A182-597D6DF6C099}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{FEDF6B1B-191E-4637-850A-C3B243212D17}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{09E8C163-510E-47F3-BEFE-A02693D44728}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{6AF97851-1048-49FB-85F6-05C17973D423}C:\program files (x86)\hewlett-packard\touchsmart\photo\hptouchsmartphoto.exe] => (Block) C:\program files (x86)\hewlett-packard\touchsmart\photo\hptouchsmartphoto.exe
FirewallRules: [UDP Query User{3F87C5FF-2DA5-466C-9FF5-1FAA9DA05F0E}C:\program files (x86)\hewlett-packard\touchsmart\photo\hptouchsmartphoto.exe] => (Block) C:\program files (x86)\hewlett-packard\touchsmart\photo\hptouchsmartphoto.exe
FirewallRules: [{3F6903D6-77CD-493B-ADA5-6E8177897BCD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F7E82524-6471-482C-99DA-1CA2D2D95F4A}] => (Allow) C:\Users\Jasmine Bradley\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{6F6ECD7D-177D-44DB-B13F-79A84ABDEC2E}C:\users\jasmine bradley\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jasmine bradley\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{D1272FBD-00C8-4899-BC05-C5E24BFA18E0}C:\users\jasmine bradley\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jasmine bradley\appdata\local\akamai\netsession_win.exe
FirewallRules: [{13931768-823B-41F8-82E8-EE8E083D75FB}] => (Allow) c:\program files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3326431C-4DDF-4A05-8EC3-CDCD1A68DFA2}] => (Allow) c:\program files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{45B2C492-8674-475B-AF8A-E0288896973E}] => (Allow) C:\Users\Jasmine Bradley\AppData\Local\Temp\7zSC60.tmp\SymNRT.exe
FirewallRules: [{FC44C3E8-11E7-4F74-A3DD-D2CF6DB9280C}] => (Allow) C:\Users\Jasmine Bradley\AppData\Local\Temp\7zSC60.tmp\SymNRT.exe
FirewallRules: [TCP Query User{150CAF1A-900E-4050-96D5-D9E64F040DCA}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{2B82C4A7-C105-4042-A85E-BB48D9795C0E}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{5D269562-D7FC-41DD-A797-DBB231492BB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{461730C0-82DC-4938-8D8C-004F0620B957}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{63E99E9B-0162-44A2-9534-F6E917A2D944}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B98D2918-0AFE-459D-9DE2-4C28D96E9681}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{37DD1422-84B7-48B5-9933-CEE9451A15F7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Restore Points =========================

23-07-2016 15:04:21 Windows Update
23-07-2016 16:38:13 Windows Update
23-07-2016 16:57:46 Windows Update
23-07-2016 20:11:05 Windows Update
24-07-2016 01:12:08 Windows Update
24-07-2016 03:00:24 Windows Update
24-07-2016 06:12:43 Windows Update
24-07-2016 11:13:17 Windows Update
24-07-2016 16:13:56 Windows Update
24-07-2016 21:14:23 Windows Update
24-07-2016 21:16:02 Windows Update
25-07-2016 17:11:01 Windows Update
25-07-2016 22:11:41 Windows Update
26-07-2016 03:00:24 Windows Update
26-07-2016 03:12:10 Windows Update
26-07-2016 08:12:41 Windows Update
26-07-2016 13:13:15 Windows Update
26-07-2016 23:13:49 Windows Update
27-07-2016 03:00:30 Windows Update
27-07-2016 04:14:09 Windows Update
27-07-2016 09:14:34 Windows Update
27-07-2016 14:15:09 Windows Update
27-07-2016 19:15:38 Windows Update

==================== Faulty Device Manager Devices =============

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/27/2016 07:37:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (07/27/2016 07:37:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (07/27/2016 06:01:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (07/27/2016 06:01:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (07/27/2016 05:31:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (07/27/2016 05:31:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (07/27/2016 05:01:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (07/27/2016 05:01:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (07/27/2016 04:31:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (07/27/2016 04:31:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)


System errors:
=============
Error: (07/27/2016 08:01:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1079 = The account specified for this service is different from the account specified for other services running in the same process.


Error: (07/27/2016 08:01:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Workstation service failed to start due to the following error:
%%1079 = The account specified for this service is different from the account specified for other services running in the same process.


Error: (07/27/2016 08:01:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1079 = The account specified for this service is different from the account specified for other services running in the same process.


Error: (07/27/2016 08:01:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Workstation service failed to start due to the following error:
%%1079 = The account specified for this service is different from the account specified for other services running in the same process.


Error: (07/27/2016 08:01:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1079 = The account specified for this service is different from the account specified for other services running in the same process.


Error: (07/27/2016 08:01:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Workstation service failed to start due to the following error:
%%1079 = The account specified for this service is different from the account specified for other services running in the same process.


Error: (07/27/2016 08:01:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1079 = The account specified for this service is different from the account specified for other services running in the same process.


Error: (07/27/2016 08:01:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Workstation service failed to start due to the following error:
%%1079 = The account specified for this service is different from the account specified for other services running in the same process.


Error: (07/27/2016 08:01:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1079 = The account specified for this service is different from the account specified for other services running in the same process.


Error: (07/27/2016 08:01:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Workstation service failed to start due to the following error:
%%1079 = The account specified for this service is different from the account specified for other services running in the same process.



CodeIntegrity:
===================================
Date: 2013-10-05 20:16:14.106
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-05 20:16:13.856
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-05 03:17:49.048
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-05 03:17:48.783
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-05 03:00:51.405
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-05 03:00:51.187
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-27 16:44:16.612
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-27 16:44:16.363
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-27 16:44:16.097
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-27 16:44:15.848
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X2 240e Processor
Percentage of memory in use: 36%
Total physical RAM: 3839.3 MB
Available physical RAM: 2433.8 MB
Total Virtual: 7676.77 MB
Available Virtual: 5252.36 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:915.32 GB) (Free:781.48 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.1 GB) (Free:2 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:7.45 GB) (Free:0.09 GB) FAT32
Drive i: (WDO_MEDIA64) (Removable) (Total:3.6 GB) (Free:3.3 GB) FAT32
Drive j: () (Removable) (Total:0.94 GB) (Free:0.65 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4A3D5E34)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=915.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 963 MB) (Disk ID: DD419849)
Partition 1: (Not Active) - (Size=963 MB) - (Type=06)

========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 3.6 GB) (Disk ID: 94BAC93A)
Partition 1: (Active) - (Size=3.6 GB) - (Type=0B)

==================== End of Addition.txt ============================

 

{
"header ": {
"program ": {
"project ": "RogueKiller ",
"version ": "12.4.1.0 ",
"x64 ": true,
"date ": "Jul 28 2016 ",
"contact ": "Contact - Adlice Software ",
"feedback ": "Adlice forum ",
"website ": "RogueKiller Anti-Malware Free Download - Official Website ",
"blog ": "Adlice Software "
},
"environment ": {
"operating_system ": "Windows 7 (6.1.7601 Service Pack 1) 64 bits version ",
"boot ": 0,
"winpe ": false,
"user ": "Jasmine Bradley ",
"user_admin ": true,
"program_location ": "C:\\Program Files\\RogueKiller\\RogueKiller64.exe ",
"x64 ": true,
"licensing ": "free "
},
"report ": {
"type ": 1,
"aborted ": false,
"date ": "07/28/2016 21:17:38 ",
"switches ": 0,
"debug ": false,
"count ": 51,
"show_legit_hooks ": false,
"expert_mode ": false
}
},
"information ": {
"processes ": [
{
"name ": "[System Process] ",
"name_parent ": " ",
"pid ": 0,
"path ": " ",
"command_line ": " ",
"pid_parent ": 0,
"path_parent ": " ",
"is_64 ": true
},
{
"name ": "System ",
"name_parent ": " ",
"pid ": 4,
"path ": " ",
"command_line ": " ",
"pid_parent ": 0,
"path_parent ": " ",
"is_64 ": true
},
{
"name ": "smss.exe ",
"name_parent ": " ",
"pid ": 272,
"path ": "C:\\Windows\\System32\\smss.exe ",
"command_line ": "\\SystemRoot\\System32\\smss.exe ",
"pid_parent ": 4,
"path_parent ": " ",
"is_64 ": true
},
{
"name ": "csrss.exe ",
"name_parent ": " ",
"pid ": 408,
"path ": "C:\\Windows\\System32\\csrss.exe ",
"command_line ": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ",
"pid_parent ": 392,
"path_parent ": " ",
"is_64 ": true
},
{
"name ": "csrss.exe ",
"name_parent ": "svchost.exe ",
"pid ": 484,
"path ": "C:\\Windows\\System32\\csrss.exe ",
"command_line ": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ",
"pid_parent ": 476,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "wininit.exe ",
"name_parent ": " ",
"pid ": 492,
"path ": "C:\\Windows\\System32\\wininit.exe ",
"command_line ": "wininit.exe ",
"pid_parent ": 392,
"path_parent ": " ",
"is_64 ": true
},
{
"name ": "services.exe ",
"name_parent ": "wininit.exe ",
"pid ": 544,
"path ": "C:\\Windows\\System32\\services.exe ",
"command_line ": "C:\\Windows\\system32\\services.exe ",
"pid_parent ": 492,
"path_parent ": "C:\\Windows\\System32\\wininit.exe ",
"is_64 ": true
},
{
"name ": "winlogon.exe ",
"name_parent ": "svchost.exe ",
"pid ": 568,
"path ": "C:\\Windows\\System32\\winlogon.exe ",
"command_line ": "winlogon.exe ",
"pid_parent ": 476,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "lsass.exe ",
"name_parent ": "wininit.exe ",
"pid ": 596,
"path ": "C:\\Windows\\System32\\lsass.exe ",
"command_line ": "C:\\Windows\\system32\\lsass.exe ",
"pid_parent ": 492,
"path_parent ": "C:\\Windows\\System32\\wininit.exe ",
"is_64 ": true
},
{
"name ": "lsm.exe ",
"name_parent ": "wininit.exe ",
"pid ": 608,
"path ": "C:\\Windows\\System32\\lsm.exe ",
"command_line ": "C:\\Windows\\system32\\lsm.exe ",
"pid_parent ": 492,
"path_parent ": "C:\\Windows\\System32\\wininit.exe ",
"is_64 ": true
},
{
"name ": "svchost.exe ",
"name_parent ": "services.exe ",
"pid ": 696,
"path ": "C:\\Windows\\System32\\svchost.exe ",
"command_line ": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "svchost.exe ",
"name_parent ": "services.exe ",
"pid ": 780,
"path ": "C:\\Windows\\System32\\svchost.exe ",
"command_line ": "C:\\Windows\\system32\\svchost.exe -k RPCSS ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "atiesrxx.exe ",
"name_parent ": "services.exe ",
"pid ": 844,
"path ": "C:\\Windows\\System32\\atiesrxx.exe ",
"command_line ": "C:\\Windows\\system32\\atiesrxx.exe ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "svchost.exe ",
"name_parent ": "services.exe ",
"pid ": 912,
"path ": "C:\\Windows\\System32\\svchost.exe ",
"command_line ": "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "svchost.exe ",
"name_parent ": "services.exe ",
"pid ": 948,
"path ": "C:\\Windows\\System32\\svchost.exe ",
"command_line ": "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "svchost.exe ",
"name_parent ": "services.exe ",
"pid ": 972,
"path ": "C:\\Windows\\System32\\svchost.exe ",
"command_line ": "C:\\Windows\\system32\\svchost.exe -k LocalService ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "svchost.exe ",
"name_parent ": "services.exe ",
"pid ": 996,
"path ": "C:\\Windows\\System32\\svchost.exe ",
"command_line ": "C:\\Windows\\system32\\svchost.exe -k netsvcs ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "svchost.exe ",
"name_parent ": "services.exe ",
"pid ": 476,
"path ": "C:\\Windows\\System32\\svchost.exe ",
"command_line ": "C:\\Windows\\system32\\svchost.exe -k NetworkService ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "svchost.exe ",
"name_parent ": "services.exe ",
"pid ": 1160,
"path ": "C:\\Windows\\System32\\svchost.exe ",
"command_line ": "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "atieclxx.exe ",
"name_parent ": "atiesrxx.exe ",
"pid ": 1280,
"path ": "C:\\Windows\\System32\\atieclxx.exe ",
"command_line ": "atieclxx ",
"pid_parent ": 844,
"path_parent ": "C:\\Windows\\System32\\atiesrxx.exe ",
"is_64 ": true
},
{
"name ": "wisptis.exe ",
"name_parent ": "svchost.exe ",
"pid ": 1296,
"path ": "C:\\Windows\\System32\\wisptis.exe ",
"command_line ": "/QuitInfo:0000000000000490;0000000000000494; /AddRef; ",
"pid_parent ": 948,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "spoolsv.exe ",
"name_parent ": "services.exe ",
"pid ": 1424,
"path ": "C:\\Windows\\System32\\spoolsv.exe ",
"command_line ": "C:\\Windows\\System32\\spoolsv.exe ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "eEBSvc.exe ",
"name_parent ": "services.exe ",
"pid ": 1524,
"path ": "C:\\Program Files (x86)\\Common Files\\EPSON\\EBAPI\\eEBSvc.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Common Files\\EPSON\\EBAPI\\eEBSVC.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": false
},
{
"name ": "armsvc.exe ",
"name_parent ": "services.exe ",
"pid ": 1684,
"path ": "C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": false
},
{
"name ": "AERTSr64.exe ",
"name_parent ": "services.exe ",
"pid ": 1728,
"path ": "C:\\Program Files\\Realtek\\Audio\\HDA\\AERTSr64.exe ",
"command_line ": "\ "C:\\Program Files\\Realtek\\Audio\\HDA\\AERTSr64.EXE\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "AppleMobileDeviceService.exe ",
"name_parent ": "services.exe ",
"pid ": 1824,
"path ": "C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": false
},
{
"name ": "wisptis.exe ",
"name_parent ": "svchost.exe ",
"pid ": 1948,
"path ": "C:\\Windows\\System32\\wisptis.exe ",
"command_line ": "/QuitInfo:0000000000000544;0000000000000548; /AddRef; ",
"pid_parent ": 948,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "TabTip.exe ",
"name_parent ": "svchost.exe ",
"pid ": 1980,
"path ": "C:\\Program Files\\Common Files\\microsoft shared\\ink\\TabTip.exe ",
"command_line ": "/QuitInfo:000000000000052C;0000000000000550; ",
"pid_parent ": 948,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "taskhost.exe ",
"name_parent ": "services.exe ",
"pid ": 1988,
"path ": "C:\\Windows\\System32\\taskhost.exe ",
"command_line ": "\ "taskhost.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "dwm.exe ",
"name_parent ": "svchost.exe ",
"pid ": 1104,
"path ": "C:\\Windows\\System32\\dwm.exe ",
"command_line ": "\ "C:\\Windows\\system32\\Dwm.exe\" ",
"pid_parent ": 948,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "TabTip32.exe ",
"name_parent ": "TabTip.exe ",
"pid ": 308,
"path ": "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\ink\\TabTip32.exe ",
"command_line ": "/loadhooks /Parent:00000000000007BC ",
"pid_parent ": 1980,
"path_parent ": "C:\\Program Files\\Common Files\\microsoft shared\\ink\\TabTip.exe ",
"is_64 ": false
},
{
"name ": "explorer.exe ",
"name_parent ": " ",
"pid ": 1776,
"path ": "C:\\Windows\\explorer.exe ",
"command_line ": "C:\\Windows\\Explorer.EXE ",
"pid_parent ": 1108,
"path_parent ": " ",
"is_64 ": true
},
{
"name ": "mDNSResponder.exe ",
"name_parent ": "services.exe ",
"pid ": 2096,
"path ": "C:\\Program Files (x86)\\Bonjour\\mDNSResponder.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Bonjour\\mDNSResponder.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": false
},
{
"name ": "DTSRVC.exe ",
"name_parent ": "services.exe ",
"pid ": 2136,
"path ": "C:\\Program Files (x86)\\Common Files\\Portrait Displays\\Shared\\DTSRVC.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Common Files\\Portrait Displays\\Shared\\DTSRVC.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": false
},
{
"name ": "E_S40STB.EXE ",
"name_parent ": "services.exe ",
"pid ": 2172,
"path ": "C:\\ProgramData\\EPSON\\EPW!3 SSRP\\E_S40STB.EXE ",
"command_line ": "\ "C:\\ProgramData\\EPSON\\EPW!3 SSRP\\E_S40STB.EXE\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "E_S40RPB.EXE ",
"name_parent ": "services.exe ",
"pid ": 2212,
"path ": "C:\\ProgramData\\EPSON\\EPW!3 SSRP\\E_S40RPB.EXE ",
"command_line ": "\ "C:\\ProgramData\\EPSON\\EPW!3 SSRP\\E_S40RPB.EXE\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "svchost.exe ",
"name_parent ": "services.exe ",
"pid ": 2236,
"path ": "C:\\Windows\\System32\\svchost.exe ",
"command_line ": "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "HPClientServices.exe ",
"name_parent ": "services.exe ",
"pid ": 2292,
"path ": "C:\\Program Files\\Hewlett-Packard\\HP Client Services\\HPClientServices.exe ",
"command_line ": "\ "C:\\Program Files\\Hewlett-Packard\\HP Client Services\\HPClientServices.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "pdfsvc.exe ",
"name_parent ": "services.exe ",
"pid ": 2492,
"path ": "C:\\Program Files (x86)\\PDF Complete\\pdfsvc.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\PDF Complete\\pdfsvc.exe\" /startedbyscm:66B66708-40E2BE4D-pdfcService ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": false
},
{
"name ": "pdisrvc.exe ",
"name_parent ": "services.exe ",
"pid ": 2676,
"path ": "C:\\Program Files (x86)\\Common Files\\Portrait Displays\\Drivers\\pdisrvc.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Common Files\\Portrait Displays\\Drivers\\pdisrvc.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": false
},
{
"name ": "RNowSvc.exe ",
"name_parent ": "services.exe ",
"pid ": 2744,
"path ": "C:\\Program Files (x86)\\Roxio\\RoxioNow Player\\RNowSvc.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Roxio\\RoxioNow Player\\RNowSvc.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": false
},
{
"name ": "sftvsa.exe ",
"name_parent ": "services.exe ",
"pid ": 2996,
"path ": "C:\\Program Files (x86)\\Microsoft Application Virtualization Client\\sftvsa.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Microsoft Application Virtualization Client\\sftvsa.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": false
},
{
"name ": "c2c_service.exe ",
"name_parent ": "services.exe ",
"pid ": 3024,
"path ": "C:\\ProgramData\\Skype\\Toolbars\\Skype C2C Service\\c2c_service.exe ",
"command_line ": "\ "C:\\ProgramData\\Skype\\Toolbars\\Skype C2C Service\\c2c_service.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": false
},
{
"name ": "svchost.exe ",
"name_parent ": "services.exe ",
"pid ": 2432,
"path ": "C:\\Windows\\System32\\svchost.exe ",
"command_line ": "C:\\Windows\\system32\\svchost.exe -k imgsvc ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "ToolbarUpdater.exe ",
"name_parent ": "services.exe ",
"pid ": 1920,
"path ": "C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\vToolbarUpdater\\19.4.0\\ToolbarUpdater.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\vToolbarUpdater\\19.4.0\\ToolbarUpdater.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": false
},
{
"name ": "WLIDSVC.EXE ",
"name_parent ": "services.exe ",
"pid ": 3076,
"path ": "C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDSVC.EXE ",
"command_line ": "\ "C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDSVC.EXE\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "sftlist.exe ",
"name_parent ": "services.exe ",
"pid ": 3140,
"path ": "C:\\Program Files (x86)\\Microsoft Application Virtualization Client\\sftlist.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Microsoft Application Virtualization Client\\sftlist.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": false
},
{
"name ": "WLIDSVCM.EXE ",
"name_parent ": "WLIDSVC.EXE ",
"pid ": 3256,
"path ": "C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDSVCM.EXE ",
"command_line ": "WLIDSvcM.exe 3076 ",
"pid_parent ": 3076,
"path_parent ": "C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDSVC.EXE ",
"is_64 ": true
},
{
"name ": "RAVCpl64.exe ",
"name_parent ": "Explorer.EXE ",
"pid ": 3316,
"path ": "C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe ",
"command_line ": "\ "C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe\" -s ",
"pid_parent ": 1776,
"path_parent ": "C:\\Windows\\explorer.exe ",
"is_64 ": true
},
{
"name ": "hpsysdrv.exe ",
"name_parent ": "Explorer.EXE ",
"pid ": 3324,
"path ": "C:\\Program Files (x86)\\Hewlett-Packard\\HP Odometer\\hpsysdrv.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Hewlett-Packard\\HP Odometer\\hpsysdrv.exe\" ",
"pid_parent ": 1776,
"path_parent ": "C:\\Windows\\explorer.exe ",
"is_64 ": false
},
{
"name ": "SSScheduler.exe ",
"name_parent ": "Explorer.EXE ",
"pid ": 3368,
"path ": "C:\\Program Files\\McAfee Security Scan\\3.11.334\\SSScheduler.exe ",
"command_line ": "\ "C:\\Program Files\\McAfee Security Scan\\3.11.334\\SSScheduler.exe\" ",
"pid_parent ": 1776,
"path_parent ": "C:\\Windows\\explorer.exe ",
"is_64 ": true
},
{
"name ": "CVHSVC.EXE ",
"name_parent ": "services.exe ",
"pid ": 3688,
"path ": "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Virtualization Handler\\CVHSVC.EXE ",
"command_line ": "\ "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Virtualization Handler\\CVHSVC.EXE\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": false
},
{
"name ": "BATINDICATOR.exe ",
"name_parent ": " ",
"pid ": 3720,
"path ": "C:\\Program Files (x86)\\Hewlett-Packard\\HP Keyboard\\BATINDICATOR.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Hewlett-Packard\\HP Keyboard\\BATINDICATOR.exe\" ",
"pid_parent ": 3336,
"path_parent ": " ",
"is_64 ": false
},
{
"name ": "BATINDICATOR_HIDList.exe ",
"name_parent ": " ",
"pid ": 3728,
"path ": "C:\\Program Files (x86)\\Hewlett-Packard\\HP Keyboard\\BATINDICATOR_HIDList.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Hewlett-Packard\\HP Keyboard\\BATINDICATOR_HIDList.exe\" ",
"pid_parent ": 3336,
"path_parent ": " ",
"is_64 ": false
},
{
"name ": "iTunesHelper.exe ",
"name_parent ": " ",
"pid ": 3788,
"path ": "C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\" ",
"pid_parent ": 3336,
"path_parent ": " ",
"is_64 ": false
},
{
"name ": "EEventManager.exe ",
"name_parent ": " ",
"pid ": 3840,
"path ": "C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe\" ",
"pid_parent ": 3336,
"path_parent ": " ",
"is_64 ": false
},
{
"name ": "vprot.exe ",
"name_parent ": " ",
"pid ": 3868,
"path ": "C:\\Program Files (x86)\\AVG SafeGuard toolbar\\vprot.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\AVG SafeGuard toolbar\\vprot.exe\" ",
"pid_parent ": 3336,
"path_parent ": " ",
"is_64 ": false
},
{
"name ": "OSDManager.exe ",
"name_parent ": "DTSRVC.exe ",
"pid ": 3880,
"path ": "C:\\Program Files (x86)\\Hewlett-Packard\\HP My Display TouchSmart Edition\\OSDManager.exe ",
"command_line ": "-dumy ",
"pid_parent ": 2136,
"path_parent ": "C:\\Program Files (x86)\\Common Files\\Portrait Displays\\Shared\\DTSRVC.exe ",
"is_64 ": false
},
{
"name ": "Dropbox.exe ",
"name_parent ": " ",
"pid ": 3948,
"path ": "C:\\Program Files (x86)\\Dropbox\\Client\\Dropbox.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Dropbox\\Client\\Dropbox.exe\" /systemstartup ",
"pid_parent ": 3336,
"path_parent ": " ",
"is_64 ": false
},
{
"name ": "SearchIndexer.exe ",
"name_parent ": "services.exe ",
"pid ": 4056,
"path ": "C:\\Windows\\System32\\SearchIndexer.exe ",
"command_line ": "C:\\Windows\\system32\\SearchIndexer.exe /Embedding ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "WmiPrvSE.exe ",
"name_parent ": "svchost.exe ",
"pid ": 3388,
"path ": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe ",
"command_line ": "C:\\Windows\\system32\\wbem\\wmiprvse.exe ",
"pid_parent ": 696,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "WUDFHost.exe ",
"name_parent ": "svchost.exe ",
"pid ": 3752,
"path ": "C:\\Windows\\System32\\WUDFHost.exe ",
"command_line ": "\ "C:\\Windows\\System32\\WUDFHost.exe\" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-1fca0ae1-dc96-44a3-84ca-6d26ac4dc30a -SystemEventPortName:HostProcess-5ccf6573-5a58-4ac2-9b46-2e1fadf49389 -IoCancelEventPortName:HostProcess-2d26cd2c-6f1a-44dd-9b06-a96c5e8e3488 -NonStateChangingEventPortName:HostProcess-78281354-ab52-4c0d-a15e-dd8e55e95393 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:b3382b93-a683-4042-9e93-ccda25ed48da -DeviceGroupId:WpdFsGroup ",
"pid_parent ": 948,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "taskeng.exe ",
"name_parent ": "svchost.exe ",
"pid ": 3956,
"path ": "C:\\Windows\\System32\\taskeng.exe ",
"command_line ": "taskeng.exe {214C92DF-4B44-4BD4-8B07-3FFBB84EF5AC} ",
"pid_parent ": 996,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "iPodService.exe ",
"name_parent ": "services.exe ",
"pid ": 4168,
"path ": "C:\\Program Files\\iPod\\bin\\iPodService.exe ",
"command_line ": "\ "C:\\Program Files\\iPod\\bin\\iPodService.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "YCMMirage.exe ",
"name_parent ": "taskeng.exe ",
"pid ": 4308,
"path ": "C:\\Program Files (x86)\\Hewlett-Packard\\Media\\Webcam\\YCMMirage.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Hewlett-Packard\\Media\\Webcam\\YCMMirage.exe\" ",
"pid_parent ": 3956,
"path_parent ": "C:\\Windows\\System32\\taskeng.exe ",
"is_64 ": false
},

 

{
"name ": "unsecapp.exe ",
"name_parent ": "svchost.exe ",
"pid ": 4820,
"path ": "C:\\Windows\\System32\\wbem\\unsecapp.exe ",
"command_line ": "C:\\Windows\\system32\\wbem\\unsecapp.exe -Embedding ",
"pid_parent ": 696,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "MOM.exe ",
"name_parent ": " ",
"pid ": 2192,
"path ": "c:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe ",
"command_line ": "\ "c:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM\" ",
"pid_parent ": 3708,
"path_parent ": " ",
"is_64 ": true
},
{
"name ": "CCC.exe ",
"name_parent ": "MOM.exe ",
"pid ": 3284,
"path ": "C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe\" 0 ",
"pid_parent ": 2192,
"path_parent ": "c:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe ",
"is_64 ": true
},
{
"name ": "GCalService.exe ",
"name_parent ": "services.exe ",
"pid ": 5344,
"path ": "C:\\Program Files (x86)\\Hewlett-Packard\\TouchSmart\\Calendar\\Service\\GCalService.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Hewlett-Packard\\TouchSmart\\Calendar\\Service\\GCalService.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": false
},
{
"name ": "HPTouchSmartSyncCalReminderApp.exe ",
"name_parent ": "GCalService.exe ",
"pid ": 5408,
"path ": "C:\\Program Files (x86)\\Hewlett-Packard\\TouchSmart\\Calendar\\Service\\HPTouchSmartSyncCalReminderApp.exe ",
"command_line ": "HPTouchSmartSyncCalReminderApp.exe ",
"pid_parent ": 5344,
"path_parent ": "C:\\Program Files (x86)\\Hewlett-Packard\\TouchSmart\\Calendar\\Service\\GCalService.exe ",
"is_64 ": false
},
{
"name ": "InputPersonalization.exe ",
"name_parent ": "services.exe ",
"pid ": 5420,
"path ": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\InputPersonalization.exe ",
"command_line ": "\ "C:\\Program Files\\Common Files\\Microsoft Shared\\Ink\\InputPersonalization.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "csrss.exe ",
"name_parent ": " ",
"pid ": 3068,
"path ": "C:\\Windows\\System32\\csrss.exe ",
"command_line ": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ",
"pid_parent ": 5880,
"path_parent ": " ",
"is_64 ": true
},
{
"name ": "winlogon.exe ",
"name_parent ": " ",
"pid ": 3976,
"path ": "C:\\Windows\\System32\\winlogon.exe ",
"command_line ": "winlogon.exe ",
"pid_parent ": 5880,
"path_parent ": " ",
"is_64 ": true
},
{
"name ": "atieclxx.exe ",
"name_parent ": "atiesrxx.exe ",
"pid ": 4400,
"path ": "C:\\Windows\\System32\\atieclxx.exe ",
"command_line ": "atieclxx ",
"pid_parent ": 844,
"path_parent ": "C:\\Windows\\System32\\atiesrxx.exe ",
"is_64 ": true
},
{
"name ": "wisptis.exe ",
"name_parent ": "svchost.exe ",
"pid ": 5664,
"path ": "C:\\Windows\\System32\\wisptis.exe ",
"command_line ": "/QuitInfo:0000000000000A48;00000000000009B0; /AddRef; ",
"pid_parent ": 948,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "taskhost.exe ",
"name_parent ": "services.exe ",
"pid ": 6140,
"path ": "C:\\Windows\\System32\\taskhost.exe ",
"command_line ": "\ "taskhost.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "wisptis.exe ",
"name_parent ": "svchost.exe ",
"pid ": 720,
"path ": "C:\\Windows\\System32\\wisptis.exe ",
"command_line ": "/QuitInfo:00000000000006AC;0000000000000A58; /AddRef; ",
"pid_parent ": 948,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "TabTip.exe ",
"name_parent ": "svchost.exe ",
"pid ": 5784,
"path ": "C:\\Program Files\\Common Files\\microsoft shared\\ink\\TabTip.exe ",
"command_line ": "/QuitInfo:00000000000009C4;00000000000009C0; ",
"pid_parent ": 948,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "TabTip32.exe ",
"name_parent ": "TabTip.exe ",
"pid ": 3600,
"path ": "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\ink\\TabTip32.exe ",
"command_line ": "/loadhooks /Parent:0000000000001698 ",
"pid_parent ": 5784,
"path_parent ": "C:\\Program Files\\Common Files\\microsoft shared\\ink\\TabTip.exe ",
"is_64 ": false
},
{
"name ": "dwm.exe ",
"name_parent ": "svchost.exe ",
"pid ": 4408,
"path ": "C:\\Windows\\System32\\dwm.exe ",
"command_line ": "\ "C:\\Windows\\system32\\Dwm.exe\" ",
"pid_parent ": 948,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "explorer.exe ",
"name_parent ": " ",
"pid ": 5180,
"path ": "C:\\Windows\\explorer.exe ",
"command_line ": "C:\\Windows\\Explorer.EXE ",
"pid_parent ": 3936,
"path_parent ": " ",
"is_64 ": true
},
{
"name ": "RAVCpl64.exe ",
"name_parent ": "Explorer.EXE ",
"pid ": 5044,
"path ": "C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe ",
"command_line ": "\ "C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe\" -s ",
"pid_parent ": 5180,
"path_parent ": "C:\\Windows\\explorer.exe ",
"is_64 ": true
},
{
"name ": "hpsysdrv.exe ",
"name_parent ": "Explorer.EXE ",
"pid ": 508,
"path ": "C:\\Program Files (x86)\\Hewlett-Packard\\HP Odometer\\hpsysdrv.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Hewlett-Packard\\HP Odometer\\hpsysdrv.exe\" ",
"pid_parent ": 5180,
"path_parent ": "C:\\Windows\\explorer.exe ",
"is_64 ": false
},
{
"name ": "FacebookUpdate.exe ",
"name_parent ": "Explorer.EXE ",
"pid ": 4696,
"path ": "C:\\Users\\Jasmine Bradley\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe ",
"command_line ": "\ "C:\\Users\\Jasmine Bradley\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver ",
"pid_parent ": 5180,
"path_parent ": "C:\\Windows\\explorer.exe ",
"is_64 ": false
},
{
"name ": "SmileboxTray.exe ",
"name_parent ": "Explorer.EXE ",
"pid ": 5072,
"path ": "C:\\Users\\Jasmine Bradley\\AppData\\Roaming\\Smilebox\\SmileboxTray.exe ",
"command_line ": "\ "C:\\Users\\Jasmine Bradley\\AppData\\Roaming\\Smilebox\\SmileboxTray.exe\" ",
"pid_parent ": 5180,
"path_parent ": "C:\\Windows\\explorer.exe ",
"is_64 ": false
},
{
"name ": "chrome.exe ",
"name_parent ": "Explorer.EXE ",
"pid ": 4776,
"path ": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --no-startup-window /prefetch:5 ",
"pid_parent ": 5180,
"path_parent ": "C:\\Windows\\explorer.exe ",
"is_64 ": false
},
{
"name ": "chrome.exe ",
"name_parent ": "chrome.exe ",
"pid ": 3156,
"path ": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=crashpad-handler /prefetch:7 --no-rate-limit \ "--database=C:\\Users\\Jasmine Bradley\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=51.0.2704.103 --handshake-handle=0xd4 ",
"pid_parent ": 4776,
"path_parent ": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe ",
"is_64 ": false
},
{
"name ": "SSScheduler.exe ",
"name_parent ": "Explorer.EXE ",
"pid ": 5932,
"path ": "C:\\Program Files\\McAfee Security Scan\\3.11.334\\SSScheduler.exe ",
"command_line ": "\ "C:\\Program Files\\McAfee Security Scan\\3.11.334\\SSScheduler.exe\" ",
"pid_parent ": 5180,
"path_parent ": "C:\\Windows\\explorer.exe ",
"is_64 ": true
},
{
"name ": "chrome.exe ",
"name_parent ": "chrome.exe ",
"pid ": 5112,
"path ": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableMediaRouter/Disabled/ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OfferUploadCreditCards/Enabled/OmniboxBundledExperimentV1/PP_Ethersuggest_A4_Stable_R8/OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/ResourcePriorities/Launch25PermanentA_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_01/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --type=gpu-process --channel=\ "4776.0.1320415767\\1205510274\" --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,10,12,13,25,54 --gpu-vendor-id=0x1002 --gpu-device-id=0x9712 --gpu-driver-vendor=\ "ATI Technologies Inc.\" --gpu-driver-version=8.733.0.0 --mojo-platform-channel-handle=960 --ignored=\" --type=renderer \" /prefetch:2 ",
"pid_parent ": 4776,
"path_parent ": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe ",
"is_64 ": false
},
{
"name ": "BATINDICATOR.exe ",
"name_parent ": " ",
"pid ": 6200,
"path ": "C:\\Program Files (x86)\\Hewlett-Packard\\HP Keyboard\\BATINDICATOR.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Hewlett-Packard\\HP Keyboard\\BATINDICATOR.exe\" ",
"pid_parent ": 5972,
"path_parent ": " ",
"is_64 ": false
},
{
"name ": "BATINDICATOR_HIDList.exe ",
"name_parent ": " ",
"pid ": 6212,
"path ": "C:\\Program Files (x86)\\Hewlett-Packard\\HP Keyboard\\BATINDICATOR_HIDList.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Hewlett-Packard\\HP Keyboard\\BATINDICATOR_HIDList.exe\" ",
"pid_parent ": 5972,
"path_parent ": " ",
"is_64 ": false
},
{
"name ": "iTunesHelper.exe ",
"name_parent ": " ",
"pid ": 6264,
"path ": "C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\" ",
"pid_parent ": 5972,
"path_parent ": " ",
"is_64 ": false
},
{
"name ": "EEventManager.exe ",
"name_parent ": " ",
"pid ": 6280,
"path ": "C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe\" ",
"pid_parent ": 5972,
"path_parent ": " ",
"is_64 ": false
},
{
"name ": "vprot.exe ",
"name_parent ": " ",
"pid ": 6324,
"path ": "C:\\Program Files (x86)\\AVG SafeGuard toolbar\\vprot.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\AVG SafeGuard toolbar\\vprot.exe\" ",
"pid_parent ": 5972,
"path_parent ": " ",
"is_64 ": false
},
{
"name ": "DLMSession.exe ",
"name_parent ": " ",
"pid ": 6332,
"path ": "C:\\Program Files (x86)\\Common Files\\Autodesk Shared\\Autodesk Download Manager\\DLMSession.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Common Files\\Autodesk Shared\\Autodesk Download Manager\\DLMSession.exe\" ",
"pid_parent ": 5972,
"path_parent ": " ",
"is_64 ": false
},
{
"name ": "audiodg.exe ",
"name_parent ": "svchost.exe ",
"pid ": 6348,
"path ": "C:\\Windows\\System32\\audiodg.exe ",
"command_line ": " ",
"pid_parent ": 912,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "Dropbox.exe ",
"name_parent ": " ",
"pid ": 6504,
"path ": "C:\\Program Files (x86)\\Dropbox\\Client\\Dropbox.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Dropbox\\Client\\Dropbox.exe\" /systemstartup ",
"pid_parent ": 5972,
"path_parent ": " ",
"is_64 ": false
},
{
"name ": "chrome.exe ",
"name_parent ": "chrome.exe ",
"pid ": 6596,
"path ": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OfferUploadCreditCards/Enabled/OmniboxBundledExperimentV1/PP_Ethersuggest_A4_Stable_R8/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch25PermanentA_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_01/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=66D372F532F5710EF58CE2B47AE5DF38 --lang=en-US --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel=\ "4776.1.2057411090\\1761906491\" --mojo-platform-channel-handle=1716 /prefetch:1 ",
"pid_parent ": 4776,
"path_parent ": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe ",
"is_64 ": false
},
{
"name ": "chrome.exe ",
"name_parent ": "chrome.exe ",
"pid ": 6604,
"path ": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableMediaRouter/Disabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OfferUploadCreditCards/Enabled/OmniboxBundledExperimentV1/PP_Ethersuggest_A4_Stable_R8/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/*QUIC/EnabledNoId/RenderingPipelineThrottling/Disabled/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch25PermanentA_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_01/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=E6F0366C108940B2FC7027B9FF2A1968 --lang=en-US --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel=\ "4776.2.1629911507\\356062791\" --mojo-platform-channel-handle=1776 /prefetch:1 ",
"pid_parent ": 4776,
"path_parent ": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe ",
"is_64 ": false
},
{
"name ": "OSDManager.exe ",
"name_parent ": "DTSRVC.exe ",
"pid ": 6768,
"path ": "C:\\Program Files (x86)\\Hewlett-Packard\\HP My Display TouchSmart Edition\\OSDManager.exe ",
"command_line ": "-dumy ",
"pid_parent ": 2136,
"path_parent ": "C:\\Program Files (x86)\\Common Files\\Portrait Displays\\Shared\\DTSRVC.exe ",
"is_64 ": false
},
{
"name ": "firefox.exe ",
"name_parent ": "Explorer.EXE ",
"pid ": 7108,
"path ": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" ",
"pid_parent ": 5180,
"path_parent ": "C:\\Windows\\explorer.exe ",
"is_64 ": false
},
{
"name ": "wuauclt.exe ",
"name_parent ": "svchost.exe ",
"pid ": 6232,
"path ": "C:\\Windows\\System32\\wuauclt.exe ",
"command_line ": "\ "C:\\Windows\\system32\\wuauclt.exe\" ",
"pid_parent ": 996,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "unsecapp.exe ",
"name_parent ": "svchost.exe ",
"pid ": 5448,
"path ": "C:\\Windows\\System32\\wbem\\unsecapp.exe ",
"command_line ": "C:\\Windows\\system32\\wbem\\unsecapp.exe -Embedding ",
"pid_parent ": 696,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "HPTouchSmartSyncCalReminderApp.exe ",
"name_parent ": "GCalService.exe ",
"pid ": 6364,
"path ": "C:\\Program Files (x86)\\Hewlett-Packard\\TouchSmart\\Calendar\\Service\\HPTouchSmartSyncCalReminderApp.exe ",
"command_line ": "HPTouchSmartSyncCalReminderApp.exe ",
"pid_parent ": 5344,
"path_parent ": "C:\\Program Files (x86)\\Hewlett-Packard\\TouchSmart\\Calendar\\Service\\GCalService.exe ",
"is_64 ": false
},
{
"name ": "nacl64.exe ",
"name_parent ": "chrome.exe ",
"pid ": 5172,
"path ": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\51.0.2704.103\\nacl64.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Google\\Chrome\\Application\\51.0.2704.103\\nacl64\" --type=nacl-broker --channel=\ "4776.14.884731319\\1812642520\" --mojo-platform-channel-handle=3984 ",
"pid_parent ": 4776,
"path_parent ": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe ",
"is_64 ": true
},
{
"name ": "nacl64.exe ",
"name_parent ": "nacl64.exe ",
"pid ": 4700,
"path ": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\51.0.2704.103\\nacl64.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Google\\Chrome\\Application\\51.0.2704.103\\nacl64.exe\" --type=nacl-loader --channel=\ "4776.13.1416195515\\1202929518\" --ignored=\" --type=renderer \" ",
"pid_parent ": 5172,
"path_parent ": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\51.0.2704.103\\nacl64.exe ",
"is_64 ": true
},
{
"name ": "cmd.exe ",
"name_parent ": "chrome.exe ",
"pid ": 4392,
"path ": "C:\\Windows\\SysWOW64\\cmd.exe ",
"command_line ": "C:\\Windows\\system32\\cmd.exe /c \ "C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\ScriptHelperInstaller\\19.4.0\\ScriptHelper.exe\" --parent-window=0 chrome-extension://ndibdjnfmopecpmkdieinmbadjfpblof/ < \\\\.\\pipe\\chrome.nativeMessaging.in.c3c2522ad34406fc > \\\\.\\pipe\\chrome.nativeMessaging.out.c3c2522ad34406fc ",
"pid_parent ": 4776,
"path_parent ": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe ",
"is_64 ": false
},
{
"name ": "conhost.exe ",
"name_parent ": "csrss.exe ",
"pid ": 2684,
"path ": "C:\\Windows\\System32\\conhost.exe ",
"command_line ": "\\??\\C:\\Windows\\system32\\conhost.exe \ "-1536943407272768383-759502803259211647-719433014760418532076741953-1545524721 ",
"pid_parent ": 3068,
"path_parent ": "C:\\Windows\\System32\\csrss.exe ",
"is_64 ": true
},
{
"name ": "ScriptHelper.exe ",
"name_parent ": "cmd.exe ",
"pid ": 5780,
"path ": "C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\ScriptHelperInstaller\\19.4.0\\ScriptHelper.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\ScriptHelperInstaller\\19.4.0\\ScriptHelper.exe\" --parent-window=0 chrome-extension://ndibdjnfmopecpmkdieinmbadjfpblof/ ",
"pid_parent ": 4392,
"path_parent ": "C:\\Windows\\SysWOW64\\cmd.exe ",
"is_64 ": false
},
{
"name ": "msiexec.exe ",
"name_parent ": "services.exe ",
"pid ": 7248,
"path ": "C:\\Windows\\SysWOW64\\msiexec.exe ",
"command_line ": "C:\\Windows\\SysWOW64\\msiexec.exe /V ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": false
},
{
"name ": "cmd.exe ",
"name_parent ": " ",
"pid ": 4728,
"path ": "C:\\Windows\\SysWOW64\\cmd.exe ",
"command_line ": "C:\\Windows\\system32\\cmd.exe /c \ "\ "C:/Users/Jasmine Bradley/AppData/Local/Akamai/installer_no_upload_silent.exe\" & \ "C:/Users/Jasmine Bradley/AppData/Local/Akamai/netsession_win.exe\ "\" ",
"pid_parent ": 7436,
"path_parent ": " ",
"is_64 ": false
},
{
"name ": "netsession_win.exe ",
"name_parent ": "cmd.exe ",
"pid ": 7044,
"path ": "C:\\Users\\Jasmine Bradley\\AppData\\Local\\Akamai\\netsession_win.exe ",
"command_line ": "\ "C:/Users/Jasmine Bradley/AppData/Local/Akamai/netsession_win.exe\" ",
"pid_parent ": 4728,
"path_parent ": "C:\\Windows\\SysWOW64\\cmd.exe ",
"is_64 ": false
},
{
"name ": "netsession_win.exe ",
"name_parent ": "netsession_win.exe ",
"pid ": 6820,
"path ": "C:\\Users\\Jasmine Bradley\\AppData\\Local\\Akamai\\netsession_win.exe ",
"command_line ": "\ "C:/Users/Jasmine Bradley/AppData/Local/Akamai/netsession_win.exe\" --client ",
"pid_parent ": 7044,
"path_parent ": "C:\\Users\\Jasmine Bradley\\AppData\\Local\\Akamai\\netsession_win.exe ",
"is_64 ": false
},
{
"name ": "MOM.exe ",
"name_parent ": " ",
"pid ": 7456,
"path ": "c:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe ",
"command_line ": "\ "c:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM\" ",
"pid_parent ": 6184,
"path_parent ": " ",
"is_64 ": true
},
{
"name ": "CCC.exe ",
"name_parent ": "MOM.exe ",
"pid ": 7688,
"path ": "C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe\" 0 ",
"pid_parent ": 7456,
"path_parent ": "c:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe ",
"is_64 ": true
},
{
"name ": "InputPersonalization.exe ",
"name_parent ": "services.exe ",
"pid ": 7104,
"path ": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\InputPersonalization.exe ",
"command_line ": "\ "C:\\Program Files\\Common Files\\Microsoft Shared\\Ink\\InputPersonalization.exe\" ",
"pid_parent ": 544,
"path_parent ": "C:\\Windows\\System32\\services.exe ",
"is_64 ": true
},
{
"name ": "SearchProtocolHost.exe ",
"name_parent ": "SearchIndexer.exe ",
"pid ": 6532,
"path ": "C:\\Windows\\System32\\SearchProtocolHost.exe ",
"command_line ": "\ "C:\\Windows\\system32\\SearchProtocolHost.exe\" Global\\UsGthrFltPipeMssGthrPipe21_ Global\\UsGthrCtrlFltPipeMssGthrPipe21 1 -2147483646 \ "Software\\Microsoft\\Windows Search\" \ "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)\" \ "C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\usgthrsvc\" \ "DownLevelDaemon\" ",
"pid_parent ": 4056,
"path_parent ": "C:\\Windows\\System32\\SearchIndexer.exe ",
"is_64 ": true
},
{
"name ": "taskeng.exe ",
"name_parent ": "svchost.exe ",
"pid ": 4656,
"path ": "C:\\Windows\\System32\\taskeng.exe ",
"command_line ": "taskeng.exe {1168DC80-90E6-48F0-9CB6-CC98862D4590} ",
"pid_parent ": 996,
"path_parent ": "C:\\Windows\\System32\\svchost.exe ",
"is_64 ": true
},
{
"name ": "HPSF.exe ",
"name_parent ": "taskeng.exe ",
"pid ": 7200,
"path ": "C:\\Program Files (x86)\\Hewlett-Packard\\HP Support Framework\\HPSF.exe ",
"command_line ": "\ "C:\\Program Files (x86)\\Hewlett-Packard\\HP Support Framework\\HPSF.exe\" /taskrestart ",
"pid_parent ": 4656,
"path_parent ": "C:\\Windows\\System32\\taskeng.exe ",
"is_64 ": true
},
{
"name ": "SearchFilterHost.exe ",
"name_parent ": "SearchIndexer.exe ",
"pid ": 7400,
"path ": "C:\\Windows\\System32\\SearchFilterHost.exe ",
"command_line ": "\ "C:\\Windows\\system32\\SearchFilterHost.exe\" 0 520 524 532 65536 528 ",
"pid_parent ": 4056,
"path_parent ": "C:\\Windows\\System32\\SearchIndexer.exe ",
"is_64 ": true
},
{
"name ": "RogueKiller64.exe ",
"name_parent ": " ",
"pid ": 7440,
"path ": "C:\\Program Files\\RogueKiller\\RogueKiller64.exe ",
"command_line ": "\ "C:\\Program Files\\RogueKiller\\RogueKiller64.exe\" ",
"pid_parent ": 8028,
"path_parent ": " ",
"is_64 ": true
}
]
},
"results ": {
"processes ": [],
"modules ": [],
"services ": [],
"registry ": [
{
"scan_what ": 2,
"scan_how ": [
6
],
"scan_how_trigger ": 6,
"vendors ": [
"PUP "
],
"rule_name ": "SOFTWARE ",
"view ": 512,
"value ": " ",
"subkey ": "AVG Security Toolbar ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_LOCAL_MACHINE\\Software ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 2,
"scan_how ": [
6
],
"scan_how_trigger ": 6,
"vendors ": [
"PUP "
],
"rule_name ": "SOFTWARE ",
"view ": 512,
"value ": " ",
"subkey ": "OutfoxTV ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_LOCAL_MACHINE\\Software ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 2,
"scan_how ": [
6
],
"scan_how_trigger ": 6,
"vendors ": [
"PUP "
],
"rule_name ": "SOFTWARE ",
"view ": 512,
"value ": " ",
"subkey ": "SK.Enhancer ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_LOCAL_MACHINE\\Software ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 2,
"scan_how ": [
6
],
"scan_how_trigger ": 6,
"vendors ": [
"PUP "
],
"rule_name ": "SOFTWARE ",
"view ": 512,
"value ": " ",
"subkey ": "SP Global ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_LOCAL_MACHINE\\Software ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 2,
"scan_how ": [
6
],
"scan_how_trigger ": 6,
"vendors ": [
"PUP "
],
"rule_name ": "SOFTWARE ",
"view ": 512,
"value ": " ",
"subkey ": "SProtector ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_LOCAL_MACHINE\\Software ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 2,
"scan_how ": [
6
],
"scan_how_trigger ": 6,
"vendors ": [
"PUP "
],
"rule_name ": "SOFTWARE ",
"view ": 256,
"value ": " ",
"subkey ": "AVG Security Toolbar ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_USERS\\S-1-5-21-2289996081-3835449814-1943132980-1001\\Software ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 2,
"scan_how ": [
6
],
"scan_how_trigger ": 6,
"vendors ": [
"PUP "
],
"rule_name ": "SOFTWARE ",
"view ": 256,
"value ": " ",
"subkey ": "WebApp ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_USERS\\S-1-5-21-2289996081-3835449814-1943132980-1001\\Software ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 2,
"scan_how ": [
6
],
"scan_how_trigger ": 6,
"vendors ": [
"PUP "
],
"rule_name ": "SOFTWARE ",
"view ": 512,
"value ": " ",
"subkey ": "AVG Security Toolbar ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_USERS\\S-1-5-21-2289996081-3835449814-1943132980-1001\\Software ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 2,
"scan_how ": [
6
],
"scan_how_trigger ": 6,
"vendors ": [
"PUP "
],
"rule_name ": "SOFTWARE ",
"view ": 512,
"value ": " ",
"subkey ": "WebApp ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_USERS\\S-1-5-21-2289996081-3835449814-1943132980-1001\\Software ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 2,
"scan_how ": [
6
],
"scan_how_trigger ": 6,
"vendors ": [
"PUP "
],
"rule_name ": "UNINSTALL ",
"view ": 512,
"value ": " ",
"subkey ": "{A35CA8FF-CB7D-8361-1CB9-83219CD11C78} ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 2,
"scan_how ": [
6
],
"scan_how_trigger ": 6,
"vendors ": [
"PUP "
],
"rule_name ": "UNINSTALL ",
"view ": 512,
"value ": " ",
"subkey ": "{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},

 

{
"scan_what ": 2,
"scan_how ": [
1
],
"scan_how_trigger ": 1,
"vendors ": [
"PUP "
],
"rule_name ": "BHO ",
"view ": 512,
"value ": " ",
"subkey ": "{95B7759C-8C7F-4BF1-B163-73684A933233} ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser

Helper Objects ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 1,
"scan_how ": [
3
],
"scan_how_trigger ": 3,
"vendors ": [
"PUP "
],
"rule_name ": "Toolbar ",
"view ": 512,
"value ": "{95B7759C-8C7F-4BF1-B163-73684A933233} ",
"subkey ": " ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 1,
"scan_how ": [
3
],
"scan_how_trigger ": 3,
"vendors ": [
"PUP "
],
"rule_name ": "Toolbar ",
"view ": 256,
"value ": "{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} ",
"subkey ": " ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_USERS\\S-1-5-21-2289996081-3835449814-1943132980-1007\\SOFTWARE\\Microsoft\

\Internet Explorer\\Toolbar\\WebBrowser ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 1,
"scan_how ": [
3
],
"scan_how_trigger ": 3,
"vendors ": [
"PUP "
],
"rule_name ": "Toolbar ",
"view ": 512,
"value ": "{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} ",
"subkey ": " ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_USERS\\S-1-5-21-2289996081-3835449814-1943132980-1007\\SOFTWARE\\Microsoft\

\Internet Explorer\\Toolbar\\WebBrowser ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 1,
"scan_how ": [
5,
6,
7
],
"scan_how_trigger ": 7,
"vendors ": [
"Suspicious.Path "
],
"rule_name ": "RUN ",
"view ": 256,
"value ": "EPSON WorkForce 610 Series ",
"subkey ": " ",
"value_old_data ": " ",
"value_data ": "C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\\\E_S20IC1.EXE /FU \ "C:\\Users\

\JASMIN~1\\AppData\\Local\\Temp\\E_S7F9B.tmp\" /EF \ "HKCU\" ",
"path ": "HKEY_USERS\\S-1-5-21-2289996081-3835449814-1943132980-1001\\Software\\Microsoft\

\Windows\\CurrentVersion\\Run ",
"extra ": " ",
"files_status ": "[x][x][x][x][x] ",
"vtscore ": -1,
"files ": [
{
"path_expanded ": "C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_S20IC1.EXE ",
"path_compressed ": "%SystemRoot%\\system32\\spool\\DRIVERS\\x64\\3\\E_S20IC1.EXE ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
},
{
"path_expanded ": "/FU ",
"path_compressed ": "/FU ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
},
{
"path_expanded ": "C:\\Users\\JASMIN~1\\AppData\\Local\\Temp\\E_S7F9B.tmp ",
"path_compressed ": "%SystemDrive%\\Users\\JASMIN~1\\AppData\\Local\\Temp\\E_S7F9B.tmp ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
},
{
"path_expanded ": "/EF ",
"path_compressed ": "/EF ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
},
{
"path_expanded ": "HKCU ",
"path_compressed ": "HKCU ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
}
],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 1,
"scan_how ": [
5,
6,
7
],
"scan_how_trigger ": 7,
"vendors ": [
"Suspicious.Path "
],
"rule_name ": "RUN ",
"view ": 256,
"value ": "WorkForce 610(Network) ",
"subkey ": " ",
"value_old_data ": " ",
"value_data ": "C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\\\E_S20IC1.EXE /FU \ "C:\\Users\

\JASMIN~1\\AppData\\Local\\Temp\\E_S7723.tmp\" /EF \ "HKCU\" ",
"path ": "HKEY_USERS\\S-1-5-21-2289996081-3835449814-1943132980-1001\\Software\\Microsoft\

\Windows\\CurrentVersion\\Run ",
"extra ": " ",
"files_status ": "[x][x][x][x][x] ",
"vtscore ": -1,
"files ": [
{
"path_expanded ": "C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_S20IC1.EXE ",
"path_compressed ": "%SystemRoot%\\system32\\spool\\DRIVERS\\x64\\3\\E_S20IC1.EXE ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
},
{
"path_expanded ": "/FU ",
"path_compressed ": "/FU ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
},
{
"path_expanded ": "C:\\Users\\JASMIN~1\\AppData\\Local\\Temp\\E_S7723.tmp ",
"path_compressed ": "%SystemDrive%\\Users\\JASMIN~1\\AppData\\Local\\Temp\\E_S7723.tmp ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
},
{
"path_expanded ": "/EF ",
"path_compressed ": "/EF ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
},
{
"path_expanded ": "HKCU ",
"path_compressed ": "HKCU ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
}
],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 1,
"scan_how ": [
5,
6,
7
],
"scan_how_trigger ": 7,
"vendors ": [
"Suspicious.Path "
],
"rule_name ": "RUN ",
"view ": 512,
"value ": "EPSON WorkForce 610 Series ",
"subkey ": " ",
"value_old_data ": " ",
"value_data ": "C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\\\E_S20IC1.EXE /FU \ "C:\\Users\

\JASMIN~1\\AppData\\Local\\Temp\\E_S7F9B.tmp\" /EF \ "HKCU\" ",
"path ": "HKEY_USERS\\S-1-5-21-2289996081-3835449814-1943132980-1001\\Software\\Microsoft\

\Windows\\CurrentVersion\\Run ",
"extra ": " ",
"files_status ": "[x][x][x][x][x] ",
"vtscore ": -1,
"files ": [
{
"path_expanded ": "C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_S20IC1.EXE ",
"path_compressed ": "%SystemRoot%\\system32\\spool\\DRIVERS\\x64\\3\\E_S20IC1.EXE ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
},
{
"path_expanded ": "/FU ",
"path_compressed ": "/FU ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
},
{
"path_expanded ": "C:\\Users\\JASMIN~1\\AppData\\Local\\Temp\\E_S7F9B.tmp ",
"path_compressed ": "%SystemDrive%\\Users\\JASMIN~1\\AppData\\Local\\Temp\\E_S7F9B.tmp ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
},
{
"path_expanded ": "/EF ",
"path_compressed ": "/EF ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
},
{
"path_expanded ": "HKCU ",
"path_compressed ": "HKCU ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
}
],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 1,
"scan_how ": [
5,
6,
7
],
"scan_how_trigger ": 7,
"vendors ": [
"Suspicious.Path "
],
"rule_name ": "RUN ",
"view ": 512,
"value ": "WorkForce 610(Network) ",
"subkey ": " ",
"value_old_data ": " ",
"value_data ": "C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\\\E_S20IC1.EXE /FU \ "C:\\Users\

\JASMIN~1\\AppData\\Local\\Temp\\E_S7723.tmp\" /EF \ "HKCU\" ",
"path ": "HKEY_USERS\\S-1-5-21-2289996081-3835449814-1943132980-1001\\Software\\Microsoft\

\Windows\\CurrentVersion\\Run ",
"extra ": " ",
"files_status ": "[x][x][x][x][x] ",
"vtscore ": -1,
"files ": [
{
"path_expanded ": "C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_S20IC1.EXE ",
"path_compressed ": "%SystemRoot%\\system32\\spool\\DRIVERS\\x64\\3\\E_S20IC1.EXE ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
},
{
"path_expanded ": "/FU ",
"path_compressed ": "/FU ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
},
{
"path_expanded ": "C:\\Users\\JASMIN~1\\AppData\\Local\\Temp\\E_S7723.tmp ",
"path_compressed ": "%SystemDrive%\\Users\\JASMIN~1\\AppData\\Local\\Temp\\E_S7723.tmp ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
},
{
"path_expanded ": "/EF ",
"path_compressed ": "/EF ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
},
{
"path_expanded ": "HKCU ",
"path_compressed ": "HKCU ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
}
],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 2,
"scan_how ": [
4
],
"scan_how_trigger ": 4,
"vendors ": [
"Suspicious.Path "
],
"rule_name ": "Services ",
"view ": 256,
"value ": " ",
"subkey ": "SASDIFSV ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services ",
"extra ": "\\??\\C:\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\\SASDIFSV64.SYS ",
"files_status ": "[x] ",
"vtscore ": -1,
"files ": [
{
"path_expanded ": "C:\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\\SASDIFSV64.SYS ",
"path_compressed ": "%SystemDrive%\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\

\SASDIFSV64.SYS ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
}
],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 2,
"scan_how ": [
4
],
"scan_how_trigger ": 4,
"vendors ": [
"Suspicious.Path "
],
"rule_name ": "Services ",
"view ": 256,
"value ": " ",
"subkey ": "SASKUTIL ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services ",
"extra ": "\\??\\C:\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\\SASKUTIL64.SYS ",
"files_status ": "[x] ",
"vtscore ": -1,
"files ": [
{
"path_expanded ": "C:\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\\SASKUTIL64.SYS ",
"path_compressed ": "%SystemDrive%\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\

\SASKUTIL64.SYS ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
}
],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 2,
"scan_how ": [
4
],
"scan_how_trigger ": 4,
"vendors ": [
"Suspicious.Path "
],
"rule_name ": "Services ",
"view ": 256,
"value ": " ",
"subkey ": "SASDIFSV ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services ",
"extra ": "\\??\\C:\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\\SASDIFSV64.SYS ",
"files_status ": "[x] ",
"vtscore ": -1,
"files ": [
{
"path_expanded ": "C:\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\\SASDIFSV64.SYS ",
"path_compressed ": "%SystemDrive%\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\

\SASDIFSV64.SYS ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
}
],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 2,
"scan_how ": [
4
],
"scan_how_trigger ": 4,
"vendors ": [
"Suspicious.Path "
],
"rule_name ": "Services ",
"view ": 256,
"value ": " ",
"subkey ": "SASKUTIL ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services ",
"extra ": "\\??\\C:\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\\SASKUTIL64.SYS ",
"files_status ": "[x] ",
"vtscore ": -1,
"files ": [
{
"path_expanded ": "C:\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\\SASKUTIL64.SYS ",
"path_compressed ": "%SystemDrive%\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\

\SASKUTIL64.SYS ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
}
],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 2,
"scan_how ": [
4
],
"scan_how_trigger ": 4,
"vendors ": [
"Suspicious.Path "
],
"rule_name ": "Services ",
"view ": 256,
"value ": " ",
"subkey ": "SASDIFSV ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_LOCAL_MACHINE\\System\\ControlSet002\\Services ",
"extra ": "\\??\\C:\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\\SASDIFSV64.SYS ",
"files_status ": "[x] ",
"vtscore ": -1,
"files ": [
{
"path_expanded ": "C:\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\\SASDIFSV64.SYS ",
"path_compressed ": "%SystemDrive%\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\

\SASDIFSV64.SYS ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
}
],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 2,
"scan_how ": [
4
],
"scan_how_trigger ": 4,
"vendors ": [
"Suspicious.Path "
],
"rule_name ": "Services ",
"view ": 256,
"value ": " ",
"subkey ": "SASKUTIL ",
"value_old_data ": " ",
"value_data ": " ",
"path ": "HKEY_LOCAL_MACHINE\\System\\ControlSet002\\Services ",
"extra ": "\\??\\C:\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\\SASKUTIL64.SYS ",
"files_status ": "[x] ",
"vtscore ": -1,
"files ": [
{
"path_expanded ": "C:\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\\SASKUTIL64.SYS ",
"path_compressed ": "%SystemDrive%\\Users\\JASMIN~1\\AppData\\Local\\Temp\\SAS_SelfExtract\

\SASKUTIL64.SYS ",
"md5 ": " ",
"exists ": false,
"signed ": false,
"signer ": " ",
"vtscore ": -1
}
],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 1,
"scan_how ": [
13
],
"scan_how_trigger ": 13,
"vendors ": [
"PUM.HomePage "
],
"rule_name ": "IE Settings ",
"view ": 256,
"value ": "Start Page ",
"subkey ": " ",
"value_old_data ": " ",
"value_data ": "Search

&mid=2e46117876e747d088a41943ef1a6319-

2634ee12333fd14cf2cce064c234d9dd2676d158&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=sa&d=2014-02-09

07:38:05&v=19.4.0.508&pid=safeguard&sg=0&sap=hp ",
"path ": "HKEY_USERS\\S-1-5-21-2289996081-3835449814-1943132980-1001\\Software\\Microsoft\

\Internet Explorer\\Main ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 1,
"scan_how ": [
13
],
"scan_how_trigger ": 13,
"vendors ": [
"PUM.HomePage "
],
"rule_name ": "IE Settings ",
"view ": 512,
"value ": "Start Page ",
"subkey ": " ",
"value_old_data ": " ",
"value_data ": "Search

&mid=2e46117876e747d088a41943ef1a6319-

2634ee12333fd14cf2cce064c234d9dd2676d158&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=sa&d=2014-02-09

07:38:05&v=19.4.0.508&pid=safeguard&sg=0&sap=hp ",
"path ": "HKEY_USERS\\S-1-5-21-2289996081-3835449814-1943132980-1001\\Software\\Microsoft\

\Internet Explorer\\Main ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 1,
"scan_how ": [
13
],
"scan_how_trigger ": 13,
"vendors ": [
"PUM.HomePage "
],
"rule_name ": "IE Settings ",
"view ": 256,
"value ": "Start Page ",
"subkey ": " ",
"value_old_data ": " ",
"value_data ": "Search

&mid=2e46117876e747d088a41943ef1a6319-

2634ee12333fd14cf2cce064c234d9dd2676d158&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=sa&d=2014-

02-09 07:38:05&v=19.4.0.508&pid=safeguard&sg=0&sap=hp ",
"path ": "HKEY_USERS\\S-1-5-21-2289996081-3835449814-1943132980-1007\\Software\\Microsoft\

\Internet Explorer\\Main ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 1,
"scan_how ": [
13
],
"scan_how_trigger ": 13,
"vendors ": [
"PUM.HomePage "
],
"rule_name ": "IE Settings ",
"view ": 512,
"value ": "Start Page ",
"subkey ": " ",
"value_old_data ": " ",
"value_data ": "Search

&mid=2e46117876e747d088a41943ef1a6319-

2634ee12333fd14cf2cce064c234d9dd2676d158&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=sa&d=2014-

02-09 07:38:05&v=19.4.0.508&pid=safeguard&sg=0&sap=hp ",
"path ": "HKEY_USERS\\S-1-5-21-2289996081-3835449814-1943132980-1007\\Software\\Microsoft\

\Internet Explorer\\Main ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 1,
"scan_how ": [
13
],
"scan_how_trigger ": 13,
"vendors ": [
"PUM.SearchPage "
],
"rule_name ": "IE Settings ",
"view ": 256,
"value ": "Search Bar ",
"subkey ": " ",
"value_old_data ": " ",
"value_data ": "Preserve ",
"path ": "HKEY_USERS\\S-1-5-21-2289996081-3835449814-1943132980-1001\\Software\\Microsoft\

\Internet Explorer\\Main ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 1,
"scan_how ": [
13
],
"scan_how_trigger ": 13,
"vendors ": [
"PUM.SearchPage "
],
"rule_name ": "IE Settings ",
"view ": 512,
"value ": "Search Bar ",
"subkey ": " ",
"value_old_data ": " ",
"value_data ": "Preserve ",
"path ": "HKEY_USERS\\S-1-5-21-2289996081-3835449814-1943132980-1001\\Software\\Microsoft\

\Internet Explorer\\Main ",
"extra ": " ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 1,
"scan_how ": [
11
],
"scan_how_trigger ": 11,
"vendors ": [
"PUM.Dns "
],
"rule_name ": "DNS ",
"view ": 256,
"value ": "DhcpNameServer ",
"subkey ": " ",
"value_old_data ": " ",
"value_data ": "10.0.0.1 ",
"path ": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\

\Interfaces\\{FBDFC363-1285-4706-9B21-9FA4ED583840} ",
"extra ": "[] ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 1,
"scan_how ": [
11
],
"scan_how_trigger ": 11,
"vendors ": [
"PUM.Dns "
],
"rule_name ": "DNS ",
"view ": 256,
"value ": "DhcpNameServer ",
"subkey ": " ",
"value_old_data ": " ",
"value_data ": "10.0.0.1 ",
"path ": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\Tcpip\\Parameters\\Interfaces\

\{FBDFC363-1285-4706-9B21-9FA4ED583840} ",
"extra ": "[] ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 1,
"scan_how ": [
11
],
"scan_how_trigger ": 11,
"vendors ": [
"PUM.Dns "
],
"rule_name ": "DNS ",
"view ": 256,
"value ": "DhcpNameServer ",
"subkey ": " ",
"value_old_data ": " ",
"value_data ": "10.0.0.1 ",
"path ": "HKEY_LOCAL_MACHINE\\System\\ControlSet002\\Services\\Tcpip\\Parameters\\Interfaces\

\{FBDFC363-1285-4706-9B21-9FA4ED583840} ",
"extra ": "[] ",
"files_status ": " ",
"vtscore ": -1,
"files ": [],
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
}
],
"tasks ": [
{
"scan_what ": 0,
"scan_how ": [
1,
2
],
"vendors ": [
"Suspicious.Path "
],
"parent_folder ": " ",
"name ": "0116tbUpdateInfo.job ",
"path ": "%WINDIR%\\Tasks\\0116tbUpdateInfo.job ",
"application_path ": "C:\\ProgramData\\Avg_Update_0116tb\\0116tb_{FDDF23C0-AFCF-4E66-B68A-

968050B2D208}.exe ",
"application_args ": " /SETINFO /CMPID=0116tb /INFORETRY=3 /RUNBY=UP ",
"vtscore ": -2,
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 0,
"scan_how ": [
1,
2
],
"vendors ": [
"Suspicious.Path "
],
"parent_folder ": " ",
"name ": "SK.Enhancer-S-161304646.job ",
"path ": "%WINDIR%\\Tasks\\SK.Enhancer-S-161304646.job ",
"application_path ": "c:\\programdata\\quickset\\sk.enhancer\\SK.Enhancer.exe ",
"application_args ": "/schedule /profile \ "c:\\programdata\\quickset\\sk.enhancer\

\161304646.ini\" ",
"vtscore ": -2,
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
},
{
"scan_what ": 0,
"scan_how ": [
1,
2
],
"vendors ": [
"Suspicious.Path "
],
"parent_folder ": "\\ ",
"name ": "0116tbUpdateInfo ",
"path ": "\\0116tbUpdateInfo ",
"application_path ": "C:\\ProgramData\\Avg_Update_0116tb\\0116tb_{FDDF23C0-AFCF-4E66-B68A-

968050B2D208}.exe ",
"application_args ": "/SETINFO /CMPID=0116tb /INFORETRY=3 /RUNBY=UP ",
"vtscore ": -2,
"status_str ": "Found ",
"status_choice ": 0,
"status_removed ": 0
}
],
"filesystem ": [
{
"scan_what ": 3,
"scan_how ": [
1,
9
],
"vendors ": [
"PUP "
],
"status_choice ": 0,
"processed ": [
{
"type ": 2,
"name ": "Strongvault ",
"path_expanded ": "C:\\Users\\Jasmine Bradley\\AppData\\Roaming\\Strongvault ",
"path_compressed ": "%APPDATA%\\Strongvault ",
"extra ": " ",
"md5 ": " ",
"md5_low_level ": " ",
"forged ": false,
"lnk_target ": " ",
"lnk_args ": " ",
"junc_target ": " ",
"junc_tag ": 0,
"junc_error ": 0,
"exists ": true,
"signed ": false,
"signer ": " ",
"status_str ": "Found ",
"status_removed ": 0
}
]
},
{
"scan_what ": 3,
"scan_how ": [
1,
9
],
"vendors ": [
"PUP "
],
"status_choice ": 0,
"processed ": [
{
"type ": 2,
"name ": "Companion ",
"path_expanded ": "C:\\Users\\Jasmine Bradley\\AppData\\Roaming\\Yahoo!\\Companion ",
"path_compressed ": "%APPDATA%\\Yahoo!\\Companion ",
"extra ": " ",
"md5 ": " ",
"md5_low_level ": " ",
"forged ": false,
"lnk_target ": " ",
"lnk_args ": " ",
"junc_target ": " ",
"junc_tag ": 0,
"junc_error ": 0,
"exists ": true,
"signed ": false,
"signer ": " ",
"status_str ": "Found ",
"status_removed ": 0
}
]
},
{
"scan_what ": 3,
"scan_how ": [
1,
9
],
"vendors ": [
"PUP "
],
"status_choice ": 0,
"processed ": [
{
"type ": 2,
"name ": "AVG SafeGuard toolbar ",
"path_expanded ": "C:\\Users\\Jasmine Bradley\\AppData\\Local\\AVG SafeGuard toolbar ",
"path_compressed ": "%localappdata%\\AVG SafeGuard toolbar ",
"extra ": " ",
"md5 ": " ",
"md5_low_level ": " ",
"forged ": false,
"lnk_target ": " ",
"lnk_args ": " ",
"junc_target ": " ",
"junc_tag ": 0,
"junc_error ": 0,
"exists ": true,
"signed ": false,
"signer ": " ",
"status_str ": "Found ",
"status_removed ": 0
}
]
},
{
"scan_what ": 3,
"scan_how ": [
1,
9
],
"vendors ": [
"PUP "
],
"status_choice ": 0,
"processed ": [
{
"type ": 2,
"name ": "StrongVault ",
"path_expanded ": "C:\\Users\\Jasmine Bradley\\AppData\\Local\\StrongVault ",
"path_compressed ": "%localappdata%\\StrongVault ",
"extra ": " ",
"md5 ": " ",
"md5_low_level ": " ",
"forged ": false,
"lnk_target ": " ",
"lnk_args ": " ",
"junc_target ": " ",
"junc_tag ": 0,
"junc_error ": 0,
"exists ": true,
"signed ": false,
"signer ": " ",
"status_str ": "Found ",
"status_removed ": 0
}
]
},
{
"scan_what ": 3,
"scan_how ": [
1,
9
],
"vendors ": [
"PUP "
],
"status_choice ": 0,
"processed ": [
{
"type ": 2,
"name ": "AVG SafeGuard toolbar ",
"path_expanded ": "C:\\ProgramData\\AVG SafeGuard toolbar ",
"path_compressed ": "%programdata%\\AVG SafeGuard toolbar ",
"extra ": " ",
"md5 ": " ",
"md5_low_level ": " ",
"forged ": false,
"lnk_target ": " ",
"lnk_args ": " ",
"junc_target ": " ",
"junc_tag ": 0,
"junc_error ": 0,
"exists ": true,
"signed ": false,
"signer ": " ",
"status_str ": "Found ",
"status_removed ": 0
}
]
},
{
"scan_what ": 3,
"scan_how ": [
1,
9
],
"vendors ": [
"PUP "
],
"status_choice ": 0,
"processed ": [
{
"type ": 2,
"name ": "AVG Secure Search ",
"path_expanded ": "C:\\ProgramData\\AVG Secure Search ",
"path_compressed ": "%programdata%\\AVG Secure Search ",
"extra ": " ",
"md5 ": " ",
"md5_low_level ": " ",
"forged ": false,
"lnk_target ": " ",
"lnk_args ": " ",
"junc_target ": " ",
"junc_tag ": 0,
"junc_error ": 0,
"exists ": true,
"signed ": false,
"signer ": " ",
"status_str ": "Found ",
"status_removed ": 0
}
]
},
{
"scan_what ": 3,
"scan_how ": [
1,
9
],
"vendors ": [
"PUP "
],
"status_choice ": 0,
"processed ": [
{
"type ": 2,
"name ": "QuickSet ",
"path_expanded ": "C:\\ProgramData\\QuickSet ",
"path_compressed ": "%programdata%\\QuickSet ",
"extra ": " ",
"md5 ": " ",
"md5_low_level ": " ",
"forged ": false,
"lnk_target ": " ",
"lnk_args ": " ",
"junc_target ": " ",
"junc_tag ": 0,
"junc_error ": 0,
"exists ": true,
"signed ": false,
"signer ": " ",
"status_str ": "Found ",
"status_removed ": 0
}
]
},
{
"scan_what ": 3,
"scan_how ": [
1,
9
],
"vendors ": [
"PUP "
],
"status_choice ": 0,
"processed ": [
{
"type ": 2,
"name ": "Wincert ",
"path_expanded ": "C:\\ProgramData\\Wincert ",
"path_compressed ": "%programdata%\\Wincert ",
"extra ": " ",
"md5 ": " ",
"md5_low_level ": " ",
"forged ": false,
"lnk_target ": " ",
"lnk_args ": " ",
"junc_target ": " ",
"junc_tag ": 0,
"junc_error ": 0,
"exists ": true,
"signed ": false,
"signer ": " ",
"status_str ": "Found ",
"status_removed ": 0
}
]
},
{
"scan_what ": 3,
"scan_how ": [
1,
9
],
"vendors ": [
"PUP "
],
"status_choice ": 0,
"processed ": [
{
"type ": 2,
"name ": "AVG SafeGuard toolbar ",
"path_expanded ": "C:\\Program Files (x86)\\AVG SafeGuard toolbar ",
"path_compressed ": "%programfiles(x86)%\\AVG SafeGuard toolbar ",
"extra ": " ",
"md5 ": " ",
"md5_low_level ": " ",
"forged ": false,
"lnk_target ": " ",
"lnk_args ": " ",
"junc_target ": " ",
"junc_tag ": 0,
"junc_error ": 0,
"exists ": true,
"signed ": false,
"signer ": " ",
"status_str ": "Found ",
"status_removed ": 0
}
]
},
{
"scan_what ": 3,
"scan_how ": [
1,
9
],
"vendors ": [
"PUP "
],
"status_choice ": 0,
"processed ": [
{
"type ": 2,
"name ": "AVG Security Toolbar ",
"path_expanded ": "C:\\Program Files (x86)\\AVG Security Toolbar ",
"path_compressed ": "%programfiles(x86)%\\AVG Security Toolbar ",
"extra ": " ",
"md5 ": " ",
"md5_low_level ": " ",
"forged ": false,
"lnk_target ": " ",
"lnk_args ": " ",
"junc_target ": " ",
"junc_tag ": 0,
"junc_error ": 0,
"exists ": true,
"signed ": false,
"signer ": " ",
"status_str ": "Found ",
"status_removed ": 0
}
]
},
{
"scan_what ": 3,
"scan_how ": [
1,
9
],
"vendors ": [
"PUP "
],
"status_choice ": 0,
"processed ": [
{
"type ": 2,
"name ": "Movies Toolbar ",
"path_expanded ": "C:\\Program Files (x86)\\Movies Toolbar ",
"path_compressed ": "%programfiles(x86)%\\Movies Toolbar ",
"extra ": " ",
"md5 ": " ",
"md5_low_level ": " ",
"forged ": false,
"lnk_target ": " ",
"lnk_args ": " ",
"junc_target ": " ",
"junc_tag ": 0,
"junc_error ": 0,
"exists ": true,
"signed ": false,
"signer ": " ",
"status_str ": "Found ",
"status_removed ": 0
}
]
},
{
"scan_what ": 3,
"scan_how ": [
1,
9
],
"vendors ": [
"PUP "
],
"status_choice ": 0,
"processed ": [
{
"type ": 2,
"name ": "PC Health Kit ",
"path_expanded ": "C:\\Program Files (x86)\\PC Health Kit ",
"path_compressed ": "%programfiles(x86)%\\PC Health Kit ",
"extra ": " ",
"md5 ": " ",
"md5_low_level ": " ",
"forged ": false,
"lnk_target ": " ",
"lnk_args ": " ",
"junc_target ": " ",
"junc_tag ": 0,
"junc_error ": 0,
"exists ": true,
"signed ": false,
"signer ": " ",
"status_str ": "Found ",
"status_removed ": 0
}
]
},
{
"scan_what ": 3,
"scan_how ": [
1,
9
],
"vendors ": [
"PUP "
],
"status_choice ": 0,
"processed ": [
{
"type ": 2,
"name ": "SearchDonkey ",
"path_expanded ": "C:\\Program Files (x86)\\SearchDonkey ",
"path_compressed ": "%programfiles(x86)%\\SearchDonkey ",
"extra ": " ",
"md5 ": " ",
"md5_low_level ": " ",
"forged ": false,
"lnk_target ": " ",
"lnk_args ": " ",
"junc_target ": " ",
"junc_tag ": 0,
"junc_error ": 0,
"exists ": true,
"signed ": false,
"signer ": " ",
"status_str ": "Found ",
"status_removed ": 0
}
]
}
],
"hosts ": {
"is_too_big ": false,
"lines ": []
},
"antirootkit ": {
"is_driver_loaded ": true,
"driver_error ": 0,
"results ": []
},
"web_browsers ": [
{
"scan_what ": 1,
"scan_how ": [],
"vendors ": [
"PUP "
],
"browser ": 3,
"browser_str ": "CHROME ",
"addon ": {
"user ": "Default ",
"name ": "AVG Secure Search ",
"id ": "ndibdjnfmopecpmkdieinmbadjfpblof "
},
"status_str ": "Found ",
"status_malicious ": true,
"status_choice ": 0,
"status_removed ": 0
}
],
"disk ": {
"results ": [],
"mbr ": "+++++ PhysicalDrive0: Hitachi HDS721010CLA332 SATA Disk Device +++++\n--- User ---\n

[MBR] 7c6ea6021ff23d2b67549d10105b1723\n[BSP] 978439898e73ee7fb0a5855af0895f33 : HP|VT.Unknown

MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100

MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] NTFS (0x7)

[VISIBLE] Offset (sectors): 206911 | Size: 937284 MB [Windows Vista/7/8 Bootstrap | Windows

Vista/7/8 Bootloader]\n2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1919764480 | Size:

16483 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser =

LL2 ... OK\n\n+++++ PhysicalDrive1: SanDisk Cruzer Blade USB Device +++++\n--- User ---\n[MBR]

33a0f33fb7e7f518f64aedcb9dad35b0\n[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code

\nPartition table:\n0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 32 | Size: 7633 MB\nUser

= LL1 ... OK\nError reading LL2 MBR! ([32] The request is not supported. )\n\n+++++

PhysicalDrive2: USB 2.0 Flash Drive USB Device +++++\n--- User ---\n[MBR]

253935acff8aa7021ee3241dc95336dc\n[BSP] 60d310a025c2ef8444e7d4c3d36a908b : Unknown|VT.Unknown MBR

Code\nPartition table:\n0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 504 | Size: 962 MB

\nUser = LL1 ... OK\nError reading LL2 MBR! ([32] The request is not supported. )\n\n+++++

PhysicalDrive3: Generic- Multi-Card USB Device +++++\nError reading User MBR! ([15] The device is

not ready. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] The request is not

supported. )\n\n+++++ PhysicalDrive4: EPSON Storage USB Device +++++\nError reading User MBR!

([15] The device is not ready. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32]

The request is not supported. )\n\n "
}
}
}

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/28/2016
Scan Time: 9:41 PM
Logfile: malware bytes 1.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.29.02
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jasmine Bradley

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 491313
Time Elapsed: 27 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\TRACING\MyPC Backup_RASAPI32, Quarantined, [cff71f0a98029c9a0c966d68a55e4db3],
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\TRACING\MyPC Backup_RASMANCS, Quarantined, [6d59a386b9e146f03e648055be45619f],
PUP.Optional.MySearchResults, HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0E3BB414-81EC-4149-890B-1935CE2C432D}, Quarantined, [a2241514871394a298be3974709345bb],
PUP.Optional.ASK, HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9438D61A-42FE-410D-BB10-9BF12775C6EF}, Quarantined, [c3030e1b425851e57f9ad11f689bae52],

Registry Values: 2
PUP.Optional.MySearchResults, HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0E3BB414-81EC-4149-890B-1935CE2C432D}|URL, Search - {searchTerms}, Quarantined, [a2241514871394a298be3974709345bb]
PUP.Optional.ASK, HKU\S-1-5-21-2289996081-3835449814-1943132980-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9438D61A-42FE-410D-BB10-9BF12775C6EF}|URL, http://websearch.ask.com/redirect?c...pn_sauid=4AC8636F-B0FA-4E0E-890A-7F60F2B32839, Quarantined, [c3030e1b425851e57f9ad11f689bae52]

Registry Data: 0
(No malicious items detected)

Folders: 11
PUP.Optional.SurfAndKeep, C:\Program Files (x86)\surff, and keeep, Quarantined, [05c149e08f0b37ffeba5684f36cda65a],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\common, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\config, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\newtab, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\newtab\js, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\settings, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\settings\common, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\settings\partner, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\_metadata, Quarantined, [596d60c99703999dd831dadc4ab8ac54],

Files: 19
PUP.Optional.SurfAndKeep, C:\Program Files (x86)\surff, and keeep\vCX3bjWt0.tlb, Quarantined, [05c149e08f0b37ffeba5684f36cda65a],
PUP.Optional.SurfAndKeep, C:\Program Files (x86)\surff, and keeep\vCX3bjWt0.dat, Quarantined, [05c149e08f0b37ffeba5684f36cda65a],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\manifest.json, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\common\aes.js, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\common\config.js, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\common\config.js.bak, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\common\mode-ecb.js, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\common\utils.js, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\config\build.json, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\newtab\newtab-hp.html, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\newtab\js\newtab-hp.js, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\settings\common\redirect.js, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\settings\partner\background.js, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\settings\partner\Reporting.js, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\_metadata\computed_hashes.json, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.Ilivid, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf\1.1_0\_metadata\verified_contents.json, Quarantined, [596d60c99703999dd831dadc4ab8ac54],
PUP.Optional.ASK, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml, Quarantined, [d4f2a0894c4e91a53b1ce6b529db2fd1],
PUP.Optional.Conduit, C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ( "session ":{ "restore_on_startup ":4, "startup_urls ":[ "Restore Browser Settings"]}}), Bad: ( "session ":{ "restore_on_startup ":4, "startup_urls ":[ "Search ", "Google ", "Search"]}, "software_reporter ":{ "prompt_seed ": "20151015 ", "prompt_version ": "4.32.1 "}, "sync ":{ "remaining_rollback_tries ":0}}), Replaced,[edd9d257e5b5ba7c0c3b8e10b153e21e]
PUP.Optional.Conduit, C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ( "session ":{ "restore_on_startup ":4, "startup_urls ":[ "Restore Browser Settings"]}}), Bad: ( "session ":{ "restore_on_startup ":4, "startup_urls ":[ "Search ", "Google ", "Search"]}, "software_reporter ":{ "prompt_seed ": "20151015 ", "prompt_version ": "4.32.1 "}, "sync ":{}}), Replaced,[824435f4772395a107405f3f09fb01ff]

Physical Sectors: 0
(No malicious items detected)


(end)

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 7/28/2016 9:40 PM, SYSTEM, JASMINEBRADLEY, Manual, Remediation Database, 2016.2.12.1, 2016.7.23.1,
Update, 7/28/2016 9:40 PM, SYSTEM, JASMINEBRADLEY, Manual, Rootkit Database, 2016.2.8.1, 2016.5.27.1,
Update, 7/28/2016 9:40 PM, SYSTEM, JASMINEBRADLEY, Manual, IP Database, 2016.2.8.1, 2016.7.28.1,
Update, 7/28/2016 9:40 PM, SYSTEM, JASMINEBRADLEY, Manual, Domain Database, 2016.2.16.8, 2016.7.28.4,
Update, 7/28/2016 9:40 PM, SYSTEM, JASMINEBRADLEY, Manual, Malware Database, 2016.2.16.6, 2016.7.29.2,
Scan, 7/28/2016 10:09 PM, SYSTEM, JASMINEBRADLEY, Manual, Start:7/28/2016 9:41 PM, Duration:27 min 20 sec, Threat Scan, Completed, 0 Malware Detections, 36 Non-Malware Detections,

(end)

 

# AdwCleaner v5.201 - Logfile created 28/07/2016 at 22:21:09
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-28.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Jasmine Bradley - JASMINEBRADLEY
# Running from : C:\Users\Jasmine Bradley\Downloads\adwcleaner_5.201.exe
# Option : Clean
# Support : ToolsLib

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater15.5.0
[-] Service Deleted : vToolbarUpdater19.4.0

***** [ Folders ] *****

[+] Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\8f0dab8fd2800df8
[-] Folder Deleted : C:\ProgramData\Avg_Update_0215tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_0814tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_1114tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_1214tb
[-] Folder Deleted : C:\ProgramData\surff, and keeep
[#] Folder Deleted : C:\ProgramData\Application Data\AVG SafeGuard toolbar
[#] Folder Deleted : C:\ProgramData\Application Data\AVG Secure Search
[#] Folder Deleted : C:\ProgramData\Application Data\8f0dab8fd2800df8
[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0215tb
[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0814tb
[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_1114tb
[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_1214tb
[#] Folder Deleted : C:\ProgramData\Application Data\surff, and keeep
[+] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
[-] Folder Deleted : C:\Users\Jasmine Bradley\AppData\LocalLow\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\Guest1\AppData\Local\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\Guest1\AppData\LocalLow\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\Guest\AppData\Local\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\Guest\AppData\LocalLow\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[-] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[-] Folder Deleted : C:\Users\Jasmine Bradley\AppData\Local\VirtualStore\Program Files (x86)\Movies Toolbar
[-] Folder Deleted : C:\Users\Jasmine Bradley\AppData\Local\VirtualStore\Program Files (x86)\Playalot Games
[#] Folder Deleted : C:\Users\Jasmine Bradley\AppData\Local\VirtualStore\Program Files (x86)\movies toolbar

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
[-] File Deleted : C:\Users\Jasmine Bradley\Desktop\Sync Folder.lnk
[-] File Deleted : C:\Users\Jasmine Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\x6zxz4g8.default-1438788500440\searchplugins\avg-secure-search.xml
[-] File Deleted : C:\Users\Guest1\AppData\Roaming\Mozilla\Firefox\Profiles\ifde612q.default\searchplugins\avg-secure-search.xml
[-] File Deleted : C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mogmppbjfkngfoaecoialclfiabnpndg
[-] File Deleted : C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homes.trovit.com_0.localstorage
[-] File Deleted : C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homes.trovit.com_0.localstorage-journal
[-] File Deleted : C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mysearch.avg.com_0.localstorage
[-] File Deleted : C:\Users\Jasmine Bradley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mysearch.avg.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : LaunchApp
[-] Task Deleted : 1114tbUpdateInfo
[-] Task Deleted : 1114tbUpdateInfo

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\s
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iLividSetup-r418-n-bf(4).exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Web browsers ] *****

[-] [C:\Users\Jasmine Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\x6zxz4g8.default-1438788500440\prefs.js] Deleted : user_pref( "browser.search.defaultenginename ", "AVG Secure Search ");
[-] [C:\Users\Jasmine Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\x6zxz4g8.default-1438788500440\prefs.js] Deleted : user_pref( "browser.search.selectedEngine ", "AVG Secure Search ");
[-] [C:\Users\Guest1\AppData\Roaming\Mozilla\Firefox\Profiles\ifde612q.default\prefs.js] Deleted : user_pref( "browser.search.defaultenginename ", "AVG Secure Search ");
[-] [C:\Users\Guest1\AppData\Roaming\Mozilla\Firefox\Profiles\ifde612q.default\prefs.js] Deleted : user_pref( "browser.search.selectedEngine ", "AVG Secure Search ");
[-] [C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : delta-search.com
[-] [C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.searchguru.info
[-] [C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.ask.com
[-] [C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearchresults.com
[-] [C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.avg.com___
[-] [C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : nortonsafe.search.ask.com
[-] [C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : claro-search.com
[-] [C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.avg.com____
[-] [C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.avg.com_____
[-] [C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : dts.search.ask.com
[-] [C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.avg.com__
[-] [C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.babylon.com
[-] [C:\Users\Guest1\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.avg.com_
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : nortonsafe.search.ask.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : delta-search.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.ask.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : claro-search.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.avg.com____
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.avg.com___
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearchresults.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.avg.com__
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.avg.com_____
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.avg.com_
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.babylon.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : dts.search.ask.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.searchguru.info

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [16674 bytes] - [28/07/2016 22:21:09]
C:\AdwCleaner\AdwCleaner[R0].txt - [21044 bytes] - [26/09/2013 13:33:21]
C:\AdwCleaner\AdwCleaner[R1].txt - [1076 bytes] - [26/09/2013 17:23:06]
C:\AdwCleaner\AdwCleaner[R2].txt - [1313 bytes] - [27/09/2013 18:18:36]
C:\AdwCleaner\AdwCleaner[S0].txt - [19933 bytes] - [26/09/2013 13:34:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [18066 bytes] - [27/09/2013 18:19:14]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [17116 bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64
Ran by Jasmine Bradley (Administrator) on Thu 07/28/2016 at 22:27:52.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 84

Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{008716E4-26AD-472C-B110-472BC8C4F2C8} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{11A66B76-76D3-4D64-AE6F-8A79F9A183E6} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{12F2FD69-DC1F-4FC4-880F-5F9401470647} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{165D09A4-6049-4C29-9707-C78BC4A7B2F8} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{297688CF-85A4-47C3-9411-D1765B1C53B3} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{305C7C2C-4B2F-4916-8727-1099B3D0D4DF} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{47DA7CA0-968C-48BE-980B-D8AFE446B9F4} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{4D73A89F-780C-4DC0-9AF8-3E5C8B1C8354} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{563F22DA-5C56-4144-A200-1BA556CF40BF} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{751C739E-6148-4E63-B2E9-AB40B57943D9} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{7D1D529E-C9BA-49C3-95EF-AC1185B1E0F3} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{906B886D-A5C6-4916-ACF0-25597CB6FF9B} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{96D0013A-FA0E-48AE-9A5E-3DDAA0AE17A1} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{96D17CA9-E1C6-42F1-89ED-F125A230059F} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{99CA4EC7-0B8B-4C12-BB02-9434F1D3456C} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{9F814F41-5CA3-41C3-8B8F-80436BD600AD} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{A341A1F2-DBFE-4AE0-B651-E798E9B7CE99} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{AB2ABA2D-6055-4232-947D-502D1F21DB79} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{B852F4EB-6A2D-4D1E-9618-1BEE5E6E8AD0} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{CCA4D85B-72A3-48B4-B972-ED044B511395} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{CE8EEE95-EF7F-4C86-AC0C-68EB869D35F9} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{D06B2C44-4730-4AAB-8E52-CCF53006336E} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{D5482CC2-4B7F-412F-8760-4E060C5A8173} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{EA69F0EF-2C85-46B6-A863-5B3A53707DF2} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{ECB2605A-6532-4935-9B19-C739FD73EC09} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\{F4237B89-CE52-4AEE-A474-36DBD5240DF5} (Empty Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\stronghold_llc (Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Roaming\bargainmatch (Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0EGV3FHN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EPDV3EJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65BCFVUO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DT0C1RQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6N6U5OXC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\954GIEOE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACKH176W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ASM3Y3J3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYC2TJ2E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C50C9J6H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUROWJKX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K7HRRO0Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9ZQXB67 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LF0EC02V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPEGUMIR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIDIFXFC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NME5Q7EO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRE78M0U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QC3DWQG9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0IRPZ76 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFT973A2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJL3IWHV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYZOYN4G (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jasmine Bradley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5SH9FLH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0EGV3FHN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EPDV3EJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65BCFVUO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DT0C1RQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6N6U5OXC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\954GIEOE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACKH176W (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ASM3Y3J3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYC2TJ2E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C50C9J6H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUROWJKX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K7HRRO0Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9ZQXB67 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LF0EC02V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPEGUMIR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIDIFXFC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NME5Q7EO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRE78M0U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QC3DWQG9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0IRPZ76 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFT973A2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJL3IWHV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYZOYN4G (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5SH9FLH (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\OutfoxTV (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/28/2016 at 22:31:02.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~