Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

laptop runs slow, infected with lots of popups

infected slow running

  • Please log in to reply

#1
shaz

shaz

    Member

  • Member
  • PipPipPip
  • 145 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-12-2016
Ran by lillia (administrator) on LILLIA-PC (06-12-2016 22:03:18)
Running from C:\Users\lillia\Downloads
Loaded Profiles: lillia (Available Profiles: lillia)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\windows\System32\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_svc.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TOSHIBA Corporation) C:\windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\windows\System32\CompatTelRunner.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Intel Corporation) C:\windows\System32\igfxtray.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\System32\igfxpers.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(Smilebox, Inc.) C:\Users\lillia\AppData\Roaming\Smilebox\SmileboxTray.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\windows\System32\DbxSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [TPSCMain] => C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [740792 2011-12-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-29] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2166376 2016-11-03] (Hola Networks Ltd.) <===== ATTENTION
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [MRT] => C:\windows\system32\MRT.exe [141011376 2016-11-29] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25838592 2016-11-29] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2939937528-1813498291-454416258-1000\...\Run: [Speech Recognition] => C:\windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2939937528-1813498291-454416258-1000\...\Run: [8] => wscript.exe //B "C:\Users\lillia\AppData\Local\Temp\8.0.0.72Doda.vbs" <===== ATTENTION
HKU\S-1-5-21-2939937528-1813498291-454416258-1000\...\Run: [SmileboxTray] => C:\Users\lillia\AppData\Roaming\Smilebox\SmileboxTray.exe [346072 2016-06-13] (Smilebox, Inc.)
HKU\S-1-5-21-2939937528-1813498291-454416258-1000\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [921192 2016-11-09] (Google Inc.)
HKU\S-1-5-21-2939937528-1813498291-454416258-1000\...\MountPoints2: {ea2d7f4d-7c8e-11e1-9085-806e6f6e6963} - D:\avengers.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-10-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-10-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-10-16] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-30] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-29] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-29] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2016-03-31]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0E868304-0BC3-4DC5-88CD-F467833E6188}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{38A8CCA0-5CB0-4488-B75E-E4BAA785FE7E}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6B78A2B8-0A12-4124-B9CC-EA4E570B18F9}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{6B78A2B8-0A12-4124-B9CC-EA4E570B18F9}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{F6B074C9-C768-494A-BF1E-0582E3A80BDC}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130946631100445610&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130946631100445610&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2939937528-1813498291-454416258-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2939937528-1813498291-454416258-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-42c9edae&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2939937528-1813498291-454416258-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=AU&userid=7516e4b5-ad12-4215-a3fb-437a25b96058&searchtype=ds&q={searchTerms}&installDate=10/03/2013
SearchScopes: HKU\S-1-5-21-2939937528-1813498291-454416258-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP20DB11EB-88AF-48F9-A89E-8A36E434432E&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2939937528-1813498291-454416258-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2939937528-1813498291-454416258-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-42c9edae&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2939937528-1813498291-454416258-1000 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-07-22] (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-11-03] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: news.net -> {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} -> No File
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-11-04] (<TOSHIBA>)
BHO: DownloadHelper Class -> {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} -> C:\Program Files (x86)\Common Files\Download Helper\DownloadHelperx64.dll [2012-12-11] (IE Download Helper)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: iSkysoft iTube Studio 4.2.0 -> {1A6B6AD0-2735-498F-834C-AFCEA37847C2} -> C:\ProgramData\iSkysoft\iTube Studio\WSBrowserAppMgr.dll [2014-09-19] (Wondershare)
BHO-x32: Boostyb.Core.BHO -> {42ad2408-abba-2408-1972-4706560e817b} -> C:\windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-07-22] (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-07] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-03] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-07] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-11-04] (<TOSHIBA>)
BHO-x32: DownloadHelper Class -> {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} -> C:\Program Files (x86)\Common Files\Download Helper\DownloadHelper.dll [2012-12-11] (IE Download Helper)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-07-22] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-07-22] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2939937528-1813498291-454416258-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2939937528-1813498291-454416258-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} -  No File
Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: 906g22t7.default-1439010042289
FF ProfilePath: C:\Users\lillia\AppData\Roaming\Mozilla\Firefox\Profiles\906g22t7.default-1439010042289 [2016-10-20]
FF NewTab: Mozilla\Firefox\Profiles\906g22t7.default-1439010042289 -> hxxp://www.yoursearching.com/newtab/?type=nt&ts=1449978097&z=66159756c1b0f1406240a4fg6zfzbt0tcmebde2tcw&from=cor&uid=TOSHIBAXMK3275GSX_32B9F1J4SXX32B9F1J4S
FF Homepage: Mozilla\Firefox\Profiles\906g22t7.default-1439010042289 -> hxxp://www.yoursearching.com/?type=hp&ts=1449978097&z=66159756c1b0f1406240a4fg6zfzbt0tcmebde2tcw&from=cor&uid=TOSHIBAXMK3275GSX_32B9F1J4SXX32B9F1J4S
FF Extension: (FirefixTab) - C:\Users\lillia\AppData\Roaming\Mozilla\Firefox\Profiles\906g22t7.default-1439010042289\Extensions\[email protected] [2015-12-13] [not signed]
FF Extension: (YahooToolsProtected ) - C:\Users\lillia\AppData\Roaming\Mozilla\Firefox\Profiles\906g22t7.default-1439010042289\Extensions\[email protected] [2015-12-13] [not signed]
FF Extension: (Set Search Settings) - C:\Users\lillia\AppData\Roaming\Mozilla\Firefox\Profiles\906g22t7.default-1439010042289\Extensions\{63669749-1062-4de2-bbf9-925a148cf30f} [2015-12-13] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-29]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\lillia\AppData\Roaming\Mozilla\Extensions\[email protected] => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\iSkysoft\iTube Studio\[email protected]
FF Extension: (iSkysoft iTube Studio) - C:\ProgramData\iSkysoft\iTube Studio\[email protected] [2015-01-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\lillia\AppData\Roaming\Mozilla\Firefox\Profiles\906g22t7.default-1439010042289\extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\lillia\AppData\Roaming\Mozilla\Firefox\Profiles\906g22t7.default-1439010042289\extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2013-10-17] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-08-01] (Nitro PDF)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-08-28] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2013-10-17] (Adobe Systems)
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\lillia\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2016-04-06] ()
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\lillia\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2016-04-06] (Hola)
FF Plugin HKU\S-1-5-21-2939937528-1813498291-454416258-1000: @citrixonline.com/appdetectorplugin -> C:\Users\lillia\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-2939937528-1813498291-454416258-1000: @hola.org/vlc -> C:\Users\lillia\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-08-07] (Hola)
FF Plugin HKU\S-1-5-21-2939937528-1813498291-454416258-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\lillia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default [2016-12-06]
CHR Extension: (Google Slides) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-19]
CHR Extension: (Google Docs) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19]
CHR Extension: (Google Drive) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (News.net) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbbgcooaabknohabmoaikiakkoignai [2013-08-08] [UpdateUrl: hxxps://toolbar.news.net/toolbar-source/update.chrome.xml] <==== ATTENTION
CHR Extension: (Google Search) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Video Downloader professional) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-07-21]
CHR Extension: (Avast SafePrice) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-15]
CHR Extension: (Google Sheets) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-19]
CHR Extension: (Booking.com for Chrome™) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip [2015-09-17]
CHR Extension: (Google Docs Offline) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-06]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-12-06]
CHR Extension: (Avast Online Security) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-04]
CHR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngaimicbbkhmieoabiijcknkfompchd [2015-01-05]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2016-06-23]
CHR Extension: (Video Download Helper) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcccbolclahdbkahlppenfodnheapah [2015-01-04]
CHR Extension: (Video Downloader [FVD]) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2015-05-08]
CHR Extension: (Facebook AdBlock) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpacabphcagfehdgnigmfnbjdampbaa [2016-05-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-11]
CHR Extension: (Video download helper) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnkioblodjcgkdailhejgcocjkkoochj [2015-04-26]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2016-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Print Friendly & PDF) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-12-16]
CHR Extension: (Gmail) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-15]
CHR Extension: (RoboForm Password Manager) - C:\Users\lillia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-11-20]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-07-22]
CHR HKU\S-1-5-21-2939937528-1813498291-454416258-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\lillia\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-09-15]
CHR HKU\S-1-5-21-2939937528-1813498291-454416258-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dllmkpieefobacaineiimjahccjeakab] - C:\Users\lillia\AppData\Local\CRE\dllmkpieefobacaineiimjahccjeakab.crx <not found>
CHR HKU\S-1-5-21-2939937528-1813498291-454416258-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dllmkpieefobacaineiimjahccjeakab] - C:\Users\lillia\AppData\Local\CRE\dllmkpieefobacaineiimjahccjeakab.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-02-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-07-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-29] (Dropbox, Inc.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [42096 2016-11-29] (Dropbox, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-07-10] () [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-02-20] (Freemake) [File not signed]
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [5622376 2016-11-03] (Hola Networks Ltd.) <==== ATTENTION
R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [8104576 2015-10-27] (Hola Networks Ltd.) <==== ATTENTION
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-21] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-03] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-08-01] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [418312 2014-08-01] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [37144 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [513632 2016-09-23] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R1 ElRawDisk; C:\windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-14] (Malwarebytes Corporation)
R1 PSSDKLBF; C:\windows\system32\Drivers\pssdklbf.sys [65600 2015-01-04] (microOLAP Technologies LTD)
R0 PxHlpa64; C:\windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-06 22:03 - 2016-12-06 22:04 - 00040104 _____ C:\Users\lillia\Downloads\FRST.txt
2016-12-06 22:02 - 2016-12-06 22:03 - 00000000 ____D C:\FRST
2016-12-06 21:59 - 2016-12-06 22:00 - 02419712 _____ (Farbar) C:\Users\lillia\Downloads\FRST64.exe
2016-12-06 21:47 - 2016-12-06 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-29 21:28 - 2016-12-06 21:28 - 00000022 _____ C:\windows\S.dirmngr
2016-11-29 21:04 - 2016-11-29 21:04 - 00001893 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-11-29 20:58 - 2016-08-30 15:06 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-11-29 00:05 - 2016-11-29 00:05 - 00075888 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2016-11-29 00:05 - 2016-11-29 00:05 - 00075888 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2016-11-29 00:05 - 2016-11-29 00:05 - 00075888 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2016-11-29 00:05 - 2016-11-29 00:05 - 00042096 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2016-11-27 19:51 - 2016-11-03 01:36 - 00382696 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-11-27 19:51 - 2016-11-03 01:22 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-11-27 19:51 - 2016-10-28 13:59 - 00394440 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-11-27 19:51 - 2016-10-28 13:14 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-11-27 19:51 - 2016-10-28 04:51 - 02896384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-11-27 19:51 - 2016-10-28 04:28 - 25763328 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-11-27 19:51 - 2016-10-28 04:28 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-11-27 19:51 - 2016-10-28 04:19 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-11-27 19:51 - 2016-10-28 03:46 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-11-27 19:51 - 2016-10-28 03:46 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-11-27 19:51 - 2016-10-28 03:44 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-11-27 19:51 - 2016-10-28 03:44 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-11-27 19:51 - 2016-10-28 03:17 - 15257088 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-11-27 19:51 - 2016-10-28 03:16 - 02920448 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-11-27 19:51 - 2016-10-28 03:03 - 01543680 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-11-27 19:51 - 2016-10-28 01:05 - 20304896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-11-27 19:51 - 2016-10-26 01:02 - 03219456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-11-27 19:51 - 2016-10-23 03:27 - 02287616 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-11-27 19:51 - 2016-10-23 02:44 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-11-27 19:51 - 2016-10-23 02:43 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-11-27 19:51 - 2016-10-23 02:43 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-11-27 19:51 - 2016-10-23 02:30 - 13654016 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-11-27 19:51 - 2016-10-23 02:12 - 02444800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-11-27 19:51 - 2016-10-23 02:09 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-11-27 19:51 - 2016-10-16 01:31 - 00976896 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-11-27 19:51 - 2016-10-16 01:13 - 00741888 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-11-27 19:51 - 2016-10-12 01:37 - 00370920 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2016-11-27 19:51 - 2016-10-12 01:31 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\IMJP10.IME
2016-11-27 19:51 - 2016-10-12 01:31 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2016-11-27 19:51 - 2016-10-12 01:31 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2016-11-27 19:51 - 2016-10-12 01:31 - 00176128 _____ (Microsoft Corporation) C:\windows\system32\tintlgnt.ime
2016-11-27 19:51 - 2016-10-12 01:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\quick.ime
2016-11-27 19:51 - 2016-10-12 01:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\qintlgnt.ime
2016-11-27 19:51 - 2016-10-12 01:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\phon.ime
2016-11-27 19:51 - 2016-10-12 01:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\cintlgnt.ime
2016-11-27 19:51 - 2016-10-12 01:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\chajei.ime
2016-11-27 19:51 - 2016-10-12 01:31 - 00132608 _____ (Microsoft Corporation) C:\windows\system32\pintlgnt.ime
2016-11-27 19:51 - 2016-10-12 01:18 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\tintlgnt.ime
2016-11-27 19:51 - 2016-10-12 01:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\cintlgnt.ime
2016-11-27 19:51 - 2016-10-12 01:18 - 00090112 _____ (Microsoft Corporation) C:\windows\SysWOW64\pintlgnt.ime
2016-11-27 19:51 - 2016-10-11 23:33 - 00187392 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAnimation.dll
2016-11-27 19:51 - 2016-10-11 23:06 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\UIAnimation.dll
2016-11-27 19:51 - 2016-10-11 01:33 - 01462272 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-11-27 19:51 - 2016-10-11 01:33 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-11-27 19:51 - 2016-10-11 01:16 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-11-27 19:51 - 2016-10-08 01:40 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-11-27 19:51 - 2016-10-08 01:37 - 05547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-11-27 19:51 - 2016-10-08 01:37 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-11-27 19:51 - 2016-10-08 01:35 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-11-27 19:51 - 2016-10-08 01:32 - 03649536 _____ (Microsoft Corporation) C:\windows\system32\MSVidCtl.dll
2016-11-27 19:51 - 2016-10-08 01:18 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-11-27 19:51 - 2016-10-08 01:18 - 03944680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-11-27 19:51 - 2016-10-08 01:15 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-11-27 19:51 - 2016-10-08 01:12 - 02291712 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVidCtl.dll
2016-11-27 19:51 - 2016-10-06 00:54 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys
2016-11-27 19:51 - 2016-09-16 00:56 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2016-11-27 19:51 - 2016-09-10 04:20 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2016-11-27 19:51 - 2016-09-10 04:00 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2016-11-27 19:50 - 2016-11-03 01:32 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-11-27 19:50 - 2016-11-03 01:32 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-11-27 19:50 - 2016-11-03 01:32 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-11-27 19:50 - 2016-11-03 01:32 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-11-27 19:50 - 2016-11-03 01:16 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-11-27 19:50 - 2016-11-03 01:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-11-27 19:50 - 2016-11-03 01:16 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-11-27 19:50 - 2016-11-03 00:53 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-11-27 19:50 - 2016-10-28 05:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-11-27 19:50 - 2016-10-28 05:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-11-27 19:50 - 2016-10-28 04:55 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-11-27 19:50 - 2016-10-28 04:54 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-11-27 19:50 - 2016-10-28 04:54 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-11-27 19:50 - 2016-10-28 04:53 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-11-27 19:50 - 2016-10-28 04:53 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-11-27 19:50 - 2016-10-28 04:44 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-11-27 19:50 - 2016-10-28 04:43 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-11-27 19:50 - 2016-10-28 04:38 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-11-27 19:50 - 2016-10-28 04:37 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-11-27 19:50 - 2016-10-28 04:37 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-11-27 19:50 - 2016-10-28 04:37 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-11-27 19:50 - 2016-10-28 04:37 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-11-27 19:50 - 2016-10-28 04:24 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-11-27 19:50 - 2016-10-28 04:15 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-11-27 19:50 - 2016-10-28 04:13 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-11-27 19:50 - 2016-10-28 04:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-11-27 19:50 - 2016-10-28 04:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-11-27 19:50 - 2016-10-28 04:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-11-27 19:50 - 2016-10-28 04:02 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-11-27 19:50 - 2016-10-28 03:49 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-11-27 19:50 - 2016-10-28 02:54 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-11-27 19:50 - 2016-10-23 03:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-11-27 19:50 - 2016-10-23 03:36 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-11-27 19:50 - 2016-10-23 03:36 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-11-27 19:50 - 2016-10-23 03:35 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-11-27 19:50 - 2016-10-23 03:35 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-11-27 19:50 - 2016-10-23 03:34 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-11-27 19:50 - 2016-10-23 03:27 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-11-27 19:50 - 2016-10-23 03:26 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-11-27 19:50 - 2016-10-23 03:22 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-11-27 19:50 - 2016-10-23 03:21 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-11-27 19:50 - 2016-10-23 03:21 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-11-27 19:50 - 2016-10-23 03:20 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-11-27 19:50 - 2016-10-23 03:09 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-11-27 19:50 - 2016-10-23 03:04 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-27 19:50 - 2016-10-23 03:03 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-11-27 19:50 - 2016-10-23 02:59 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-11-27 19:50 - 2016-10-23 02:58 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-11-27 19:50 - 2016-10-23 02:56 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-11-27 19:50 - 2016-10-23 02:54 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-11-27 19:50 - 2016-10-23 02:46 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-11-27 19:50 - 2016-10-23 02:45 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-11-27 19:50 - 2016-10-23 02:09 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-11-27 19:50 - 2016-10-16 01:31 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\INETRES.dll
2016-11-27 19:50 - 2016-10-16 01:13 - 00084480 _____ (Microsoft Corporation) C:\windows\SysWOW64\INETRES.dll
2016-11-27 19:50 - 2016-10-12 01:31 - 00457216 _____ (Microsoft Corporation) C:\windows\system32\imkr80.ime
2016-11-27 19:50 - 2016-10-12 01:31 - 00246784 _____ (Microsoft Corporation) C:\windows\system32\input.dll
2016-11-27 19:50 - 2016-10-12 01:18 - 01027584 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10.IME
2016-11-27 19:50 - 2016-10-12 01:18 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2016-11-27 19:50 - 2016-10-12 01:18 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2016-11-27 19:50 - 2016-10-12 01:18 - 00430080 _____ (Microsoft Corporation) C:\windows\SysWOW64\imkr80.ime
2016-11-27 19:50 - 2016-10-12 01:18 - 00202240 _____ (Microsoft Corporation) C:\windows\SysWOW64\input.dll
2016-11-27 19:50 - 2016-10-12 01:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\quick.ime
2016-11-27 19:50 - 2016-10-12 01:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qintlgnt.ime
2016-11-27 19:50 - 2016-10-12 01:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\phon.ime
2016-11-27 19:50 - 2016-10-12 01:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\chajei.ime
2016-11-27 19:50 - 2016-10-11 01:38 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-11-27 19:50 - 2016-10-11 01:38 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-11-27 19:50 - 2016-10-11 01:34 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-11-27 19:50 - 2016-10-11 01:34 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-11-27 19:50 - 2016-10-11 01:34 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-11-27 19:50 - 2016-10-11 01:34 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-11-27 19:50 - 2016-10-11 01:33 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-11-27 19:50 - 2016-10-11 01:33 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-11-27 19:50 - 2016-10-11 01:33 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-11-27 19:50 - 2016-10-11 01:33 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-11-27 19:50 - 2016-10-11 01:33 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-11-27 19:50 - 2016-10-11 01:33 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-11-27 19:50 - 2016-10-11 01:33 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-11-27 19:50 - 2016-10-11 01:33 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-11-27 19:50 - 2016-10-11 01:33 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-11-27 19:50 - 2016-10-11 01:33 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-11-27 19:50 - 2016-10-11 01:33 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-11-27 19:50 - 2016-10-11 01:33 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-11-27 19:50 - 2016-10-11 01:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-11-27 19:50 - 2016-10-11 01:16 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-11-27 19:50 - 2016-10-11 01:16 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-11-27 19:50 - 2016-10-11 01:16 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-11-27 19:50 - 2016-10-11 01:16 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-11-27 19:50 - 2016-10-11 01:16 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-11-27 19:50 - 2016-10-11 01:16 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-11-27 19:50 - 2016-10-11 01:16 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-11-27 19:50 - 2016-10-11 01:16 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-11-27 19:50 - 2016-10-11 01:16 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-11-27 19:50 - 2016-10-11 01:16 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-11-27 19:50 - 2016-10-11 01:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-11-27 19:50 - 2016-10-11 01:16 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-11-27 19:50 - 2016-10-11 01:16 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-11-27 19:50 - 2016-10-11 01:02 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-11-27 19:50 - 2016-10-11 00:56 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-11-27 19:50 - 2016-10-11 00:55 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-11-27 19:50 - 2016-10-11 00:55 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-11-27 19:50 - 2016-10-11 00:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-11-27 19:50 - 2016-10-11 00:54 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-11-27 19:50 - 2016-10-11 00:50 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00877056 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:32 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00581632 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 01:04 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-11-27 19:50 - 2016-10-08 01:04 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-11-27 19:50 - 2016-10-08 01:04 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-11-27 19:50 - 2016-10-08 01:01 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-11-27 19:50 - 2016-10-08 01:00 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-11-27 19:50 - 2016-10-08 00:56 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-11-27 19:50 - 2016-10-08 00:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-11-27 19:50 - 2016-10-08 00:50 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-11-27 19:50 - 2016-10-08 00:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-11-27 19:50 - 2016-10-08 00:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-11-27 19:50 - 2016-10-08 00:49 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 00:49 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 00:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-27 19:50 - 2016-10-08 00:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-27 19:50 - 2016-09-14 01:37 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-11-27 19:50 - 2016-09-14 01:11 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-11-27 19:50 - 2016-08-23 02:19 - 01386496 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2016-11-24 14:50 - 2016-11-24 14:51 - 00000000 ____D C:\Users\lillia\Desktop\New folder
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-06 22:03 - 2009-07-14 14:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-06 22:03 - 2009-07-14 14:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-06 21:58 - 2012-04-02 17:00 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-06 21:48 - 2015-12-29 13:24 - 00000908 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-06 21:47 - 2015-12-29 13:22 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-06 21:44 - 2012-08-15 07:32 - 00000000 ____D C:\Users\lillia\AppData\Local\Adobe
2016-12-06 21:39 - 2016-02-14 16:01 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-06 21:36 - 2015-12-29 13:24 - 00000904 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-06 21:34 - 2012-04-02 16:29 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-12-06 21:32 - 2015-12-29 13:24 - 00003904 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-12-06 21:31 - 2015-12-29 13:24 - 00003652 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-12-06 21:28 - 2009-07-14 15:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-11-29 21:38 - 2016-08-30 20:38 - 00003892 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1468446250
2016-11-29 21:36 - 2009-07-14 15:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2016-11-29 21:36 - 2009-07-14 13:20 - 00000000 ____D C:\windows\inf
2016-11-29 21:27 - 2009-07-14 14:45 - 00528096 _____ C:\windows\system32\FNTCACHE.DAT
2016-11-29 21:17 - 2012-08-13 22:29 - 00000000 ____D C:\Users\lillia
2016-11-29 21:17 - 2012-04-02 16:25 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-11-29 21:13 - 2014-10-07 09:58 - 00000568 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2939937528-1813498291-454416258-1000.job
2016-11-29 21:07 - 2013-11-01 03:00 - 141011376 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-11-29 21:07 - 2013-10-28 15:18 - 00000000 ____D C:\windows\system32\MRT
2016-11-29 20:59 - 2013-06-30 07:39 - 00003922 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-11-28 15:25 - 2016-03-31 20:53 - 00000000 ____D C:\Users\lillia\Documents\Audible
2016-11-28 15:25 - 2015-12-04 02:55 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-11-28 15:25 - 2015-07-02 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-11-28 15:25 - 2012-08-14 00:23 - 00000000 ____D C:\Users\lillia\AppData\Roaming\Skype
2016-11-28 15:25 - 2012-04-02 17:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-28 15:25 - 2012-04-02 17:14 - 00000000 ____D C:\ProgramData\Skype
2016-11-28 15:25 - 2009-07-14 13:20 - 00000000 ____D C:\windows\servicing
2016-11-28 15:25 - 2009-07-14 13:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-11-28 15:24 - 2009-07-14 13:20 - 00000000 ____D C:\windows\registration
2016-11-15 21:24 - 2012-04-02 17:00 - 00002464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 21:18 - 2014-09-15 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-15 21:18 - 2012-04-02 16:25 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-11-15 21:18 - 2012-04-02 16:25 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-15 21:18 - 2012-04-02 16:25 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-11-15 21:17 - 2012-04-02 16:25 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-11-15 21:17 - 2012-04-02 16:25 - 00000000 ____D C:\windows\system32\Macromed
2016-11-15 20:22 - 2015-05-30 17:26 - 00000664 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-2939937528-1813498291-454416258-1000.job
2016-11-15 20:05 - 2012-09-19 23:00 - 00000932 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2939937528-1813498291-454416258-1000UA.job
2016-11-15 20:04 - 2012-08-13 22:29 - 00000000 ____D C:\Users\lillia\AppData\Local\Google
 
==================== Files in the root of some directories =======
 
2013-08-09 00:09 - 2013-08-09 00:09 - 0003004 _____ () C:\Program Files (x86)\WebCakeLayers.crx
2014-09-19 00:24 - 2014-09-19 00:24 - 0000132 _____ () C:\Users\lillia\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-07-28 13:53 - 2015-07-28 13:53 - 0002226 _____ () C:\Users\lillia\AppData\Local\recently-used.xbel
2015-04-13 19:37 - 2015-04-13 19:37 - 0007605 _____ () C:\Users\lillia\AppData\Local\Resmon.ResmonCfg
2012-09-28 22:40 - 2012-09-28 22:40 - 0000001 _____ () C:\Users\lillia\AppData\Local\socialxchrome.dat
 
Files to move or delete:
====================
C:\Program Files\Hola\app\hola.exe
 
 
Some files in TEMP:
====================
C:\Users\lillia\AppData\Local\Temp\2jfuweif.exe
C:\Users\lillia\AppData\Local\Temp\contentDATs.exe
C:\Users\lillia\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\lillia\AppData\Local\Temp\FreemakeVideoConverter_4.1.3.7.exe
C:\Users\lillia\AppData\Local\Temp\GoogleSetup.exe
C:\Users\lillia\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.369.exe
C:\Users\lillia\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.9.10.exe
C:\Users\lillia\AppData\Local\Temp\install_helper.exe
C:\Users\lillia\AppData\Local\Temp\jna3963519408831437084.dll
C:\Users\lillia\AppData\Local\Temp\jna4188095247478626886.dll
C:\Users\lillia\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\lillia\AppData\Local\Temp\mssinstaller.exe
C:\Users\lillia\AppData\Local\Temp\nshCC47.exe
C:\Users\lillia\AppData\Local\Temp\nsn1BF1.exe
C:\Users\lillia\AppData\Local\Temp\nssD02F.exe
C:\Users\lillia\AppData\Local\Temp\nsx2248.exe
C:\Users\lillia\AppData\Local\Temp\OfficeSetup.exe
C:\Users\lillia\AppData\Local\Temp\outlookset.exe
C:\Users\lillia\AppData\Local\Temp\prestall.exe
C:\Users\lillia\AppData\Local\Temp\readSTILog.dll
C:\Users\lillia\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\lillia\AppData\Local\Temp\SkypeSetup.exe
C:\Users\lillia\AppData\Local\Temp\SmartbarExeInstaller.exe
C:\Users\lillia\AppData\Local\Temp\SpeedAnalysisSetup-1-.exe
C:\Users\lillia\AppData\Local\Temp\tbBit0.dll
C:\Users\lillia\AppData\Local\Temp\tbBitT.dll
C:\Users\lillia\AppData\Local\Temp\tbedrs.dll
C:\Users\lillia\AppData\Local\Temp\TB_F5EA.exe
C:\Users\lillia\AppData\Local\Temp\uninst1.exe
C:\Users\lillia\AppData\Local\Temp\utt6EC.tmp.exe
C:\Users\lillia\AppData\Local\Temp\utt82A2.tmp.exe
C:\Users\lillia\AppData\Local\Temp\utt9AE9.tmp.exe
C:\Users\lillia\AppData\Local\Temp\utt9EFE.tmp.exe
C:\Users\lillia\AppData\Local\Temp\uttEE3B.tmp.exe
C:\Users\lillia\AppData\Local\Temp\uttEEF7.tmp.exe
C:\Users\lillia\AppData\Local\Temp\vcredist_x64.exe
C:\Users\lillia\AppData\Local\Temp\winziprosetup.exe
C:\Users\lillia\AppData\Local\Temp\{557FE003-5975-4A91-9DCF-3D6713A558CB}-DropboxClient_3.18.1.exe
C:\Users\lillia\AppData\Local\Temp\{576BBE70-2D3B-4B46-B277-F6ADF93EE725}-DropboxClient_4.4.29.exe
C:\Users\lillia\AppData\Local\Temp\{58DB34EF-8744-4AAD-B633-3F98DDAF09C2}-DropboxClient_13.4.21.exe
C:\Users\lillia\AppData\Local\Temp\{6E633B06-4A55-4121-A149-0F8DFE1C319A}-39.0.2171.95_38.0.2125.111_chrome_updater.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-05-27 10:52
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-12-2016
Ran by lillia (06-12-2016 22:06:26)
Running from C:\Users\lillia\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-13 12:29:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2939937528-1813498291-454416258-500 - Administrator - Disabled)
Guest (S-1-5-21-2939937528-1813498291-454416258-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2939937528-1813498291-454416258-1148 - Limited - Enabled)
lillia (S-1-5-21-2939937528-1813498291-454416258-1000 - Administrator - Enabled) => C:\Users\lillia
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7 Sticky Notes (HKLM-x32\...\{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1) (Version:  - Fabio Martin)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.2.0.248 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2939937528-1813498291-454416258-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.19 - Audible, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 12.3.2280 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Boost Your Browser (HKLM-x32\...\{28AAEC25-198C-44D6-8D70-77494DFA8DB4}) (Version: 0.7 - Nikozen)
Buildbox version 1.3.5 (HKLM-x32\...\{48821C7F-98B9-48F6-B703-8F384F57EE14}_is1) (Version: 1.3.5 - Secret Headquarters, Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - )
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
e-tax 2013 (HKLM-x32\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.8.509 - Australian Taxation Office)
e-tax 2015 (HKLM-x32\...\{9D19C250-CE9A-4BF0-91C8-031665D54D16}) (Version: 2.7.488 - Australian Taxation Office)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free YouTube Downloader 4.1.477 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Freemake Video Converter version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Drive (HKLM-x32\...\{3D7AB4D4-2E45-4986-BAC5-5B3CEED21FAA}) (Version: 1.32.3592.6117 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.26.0.5808 (HKU\S-1-5-21-2939937528-1813498291-454416258-1000\...\GoToMeeting) (Version: 7.26.0.5808 - CitrixOnline)
Gpg4win (2.2.5) (HKLM-x32\...\GPG4Win) (Version: 2.2.5 - The Gpg4win Project)
Hola™ 1.18.524 - Better Internet (HKLM\...\Hola) (Version: 1.18.524 - Hola Networks Ltd.) <==== ATTENTION
iDailyDiary 3.85 (HKLM-x32\...\iDailyDiary_is1) (Version:  - Splinterware Software Solutions)
IE Download Helper (HKLM-x32\...\{424E1389-2414-4394-9476-5D26316F291F}) (Version: 3.5 - IE Download Helper)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2639 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
IPVanish (x32 Version: 2.0.5604.20704 - IPVanish.com) Hidden
IPVanish VPN (HKLM-x32\...\{a6b3b951-4bc3-45c5-a015-9567736951ed}) (Version: 2.0.5604.20704 - IPVanish.com)
iSkysoft iTube Studio(Build 4.2.2.0) (HKLM-x32\...\iSkysoft iTube Studio_is1) (Version: 4.2.2.0 - iSkysoft Software)
IsoBuster 3.3 (HKLM-x32\...\IsoBuster_is1) (Version: 3.3 - Smart Projects)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kindle Converter (HKLM-x32\...\kindleConverter) (Version: 1.2.1 - eBook Converter)
Maelstrom (HKU\S-1-5-21-2939937528-1813498291-454416258-1000\...\Maelstrom) (Version: 44.0.1.3 - Maelstrom)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Sounds (HKLM-x32\...\{10CE1EA2-12E9-11D3-825E-00C04F6843FE}) (Version: 1.0.0.0 - Microsoft Corp)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2939937528-1813498291-454416258-1000\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Nitro Pro 9 (HKLM-x32\...\{c5237a45-d0a0-4c12-9269-f59919377de1}) (Version: 9.5.3.8 - Nitro)
Nitro Pro 9 (Version: 9.5.3.8 - Nitro) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Opera Stable 35.0.2066.82 (HKLM-x32\...\Opera 35.0.2066.82) (Version: 35.0.2066.82 - Opera Software)
Outlook Setup Tool (HKLM-x32\...\outlookset) (Version: 2.2.19 - Starfield Technologies)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
RoboForm 7-9-14-4 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-14-4 - Siber Systems)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Seagulls version 1.5.1 (HKLM-x32\...\{7EF9A132-4F1C-4F32-AC8C-95B8E2486AB2}_is1) (Version: 1.5.1 - Inebriated Squirrel)
SHG Installation (HKLM-x32\...\{D0205533-2ABF-4F02-9F36-FD4AC925484E}) (Version: 2.1.2 - SafeHarborGames)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Smart File Advisor 1.2.0 (HKLM-x32\...\Smart File Advisor_is1) (Version: 1.2.0 - Filefacts.net) <==== ATTENTION
Smilebox (HKU\S-1-5-21-2939937528-1813498291-454416258-1000\...\Smilebox) (Version: 1.0.0.30048 - Smilebox, Inc.)
Splashtop Remote Client (x32 Version: 1.1.5.0 - Splashtop Inc.) Hidden
Spotify (HKU\S-1-5-21-2939937528-1813498291-454416258-1000\...\Spotify) (Version: 1.0.20.101.ge6957e14 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.2 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 2.1.17.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}) (Version: 8.0.43 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0018 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Peak Shift Control (HKLM\...\{73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}) (Version: 3.00.07.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0008 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
Viber (HKU\S-1-5-21-2939937528-1813498291-454416258-1000\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wondershare DVD Slideshow Builder Deluxe(Build 6.1.11.66) (HKLM-x32\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.1.11.66 - WonderShare Software Co.,Ltd.)
Worlds Fastest Pizza ARCADE VERSION (HKU\S-1-5-21-2939937528-1813498291-454416258-1000\...\Worlds Fastest Pizza ARCADE VERSION) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2939937528-1813498291-454416258-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\lillia\AppData\Local\Citrix\GoToMeeting\4007\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2939937528-1813498291-454416258-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\lillia\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2939937528-1813498291-454416258-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\lillia\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2939937528-1813498291-454416258-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\lillia\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2939937528-1813498291-454416258-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\lillia\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2939937528-1813498291-454416258-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\lillia\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00665910-B114-4EB8-B4B3-F8BE3291DD26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {143F17E5-298D-411D-992C-B8C8FCBF260B} - System32\Tasks\{A98C1CD6-4F5B-44DC-B4AF-43E0874FB71E} => pcalua.exe -a C:\Users\lillia\Downloads\setupconsumerc2rolw.exe -d C:\Users\lillia\Downloads
Task: {209F3F89-084B-4ED4-95F0-42DFF0B1D1DA} - System32\Tasks\AdobeAAMUpdater-1.0-lillia-PC-lillia => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)
Task: {49F361EF-ED15-4D2B-83A9-C188DBC6A21A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {4C054805-C297-48CE-86EF-0E5371D8FB4F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {59BD77BB-E7C6-422F-92DE-761FCC992921} - System32\Tasks\SafeZone scheduled Autoupdate 1468446250 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {68130E30-177A-493A-B814-8F175C131750} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJLMHMMJNJOMMMIMCNLJNJMJMMCNLMOJHMNJCNHMJMMJIMCNPMKMJMHMJJNJGMPMLJGMHMHMJNJICMIMCNGMCNOMLMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMLMFMMIMMLMNMGMFMPMJNHICMMIMMLMNMGMJNBJCMDJGJDJDJGJOJJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFMMM (the data entry has 39 more characters).
Task: {70E251E3-644C-43D9-942C-E19C8574F82B} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-10-25] (TOSHIBA CORPORATION)
Task: {769227E0-22FC-4BC8-A100-F13BE6E643E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {76B18DF2-D74C-4630-A5E1-8A88DB51B5DA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-15] (Adobe Systems Incorporated)
Task: {7709B4DF-7781-4F4B-81E6-1C5C390E897D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {84D2A3A4-0F42-45BB-A1CB-4594B44EB2E7} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {87DB3947-E197-4900-94BC-2D0F87C85761} - System32\Tasks\{C9C3CACB-7A26-460E-858F-FDFE54BFE0A9} => pcalua.exe -a "C:\Users\lillia\Downloads\setupconsumerc2rolw (2).exe" -d C:\Users\lillia\Downloads
Task: {8F168BE0-F593-4B4B-A888-AB2C7F1F8209} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-07-22] (Siber Systems)
Task: {9345B51E-61AF-4353-9986-BAA58026C151} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-30] (AVAST Software)
Task: {9E9D357F-83DE-435F-AECD-68C0D390F388} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-29] (Dropbox, Inc.)
Task: {A1144BFB-6DCF-4AFF-9912-FD4E940B6DE3} - System32\Tasks\Opera scheduled Autoupdate 1455429772 => C:\Program Files (x86)\Opera\launcher.exe [2016-02-22] (Opera Software)
Task: {A1ECB24E-55AF-40CB-BE85-713325D1D3E0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {AE9FE016-ED03-4467-BDB2-CE1727068DD8} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2015-06-25] (TuneUp Software)
Task: {AEB38141-1DD8-4026-9658-6E2644A8CA69} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {B41E3FFD-2402-4C93-9D62-629C3A1155D4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-29] (Dropbox, Inc.)
Task: {BE5D8C6E-5FFF-4AB5-83D8-A0335BAB555B} - \Desk 365 RunAsStdUser -> No File <==== ATTENTION
Task: {D3E8488B-C812-4162-96BA-6442EDD3204F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2939937528-1813498291-454416258-1000UA => C:\Users\lillia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-19] (Facebook Inc.)
Task: {D52E4A12-78F6-43A0-A2A2-4C9CB5CFE4E1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2939937528-1813498291-454416258-1000Core => C:\Users\lillia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-19] (Facebook Inc.)
Task: {D85A31EB-C606-4790-A7B4-915D78B16A99} - System32\Tasks\G2MUpdateTask-S-1-5-21-2939937528-1813498291-454416258-1000 => C:\Users\lillia\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe [2016-11-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {DAA50905-EEF3-4231-9D73-F2C90E21FE18} - System32\Tasks\{6A44E09B-A238-4CAF-91D3-A2BD22F3A2F1} => pcalua.exe -a C:\Users\lillia\Downloads\boostyb\setup.exe -d C:\Users\lillia\Downloads\boostyb
Task: {E93840EF-8F3A-4C3B-B937-EBA95BAF35D9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {FDF937A1-F445-457B-AACD-3C37C8C7A11D} - System32\Tasks\G2MUploadTask-S-1-5-21-2939937528-1813498291-454416258-1000 => C:\Users\lillia\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe [2016-11-03] (Citrix Online, a division of Citrix Systems, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2939937528-1813498291-454416258-1000Core.job => C:\Users\lillia\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2939937528-1813498291-454416258-1000UA.job => C:\Users\lillia\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2939937528-1813498291-454416258-1000.job => C:\Users\lillia\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-2939937528-1813498291-454416258-1000.job => C:\Users\lillia\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\lillia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kindle Converter\Website.lnk -> hxxp://www.ebook-converter.com/
 
ShortcutWithArgument: C:\Users\lillia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=TOSHIBAXMK3275GSX_32B9F1J4SXX32B9F1J4S&ts=1372541357
ShortcutWithArgument: C:\Users\lillia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursearching.com/?type=sc&ts=1449978097&z=66159756c1b0f1406240a4fg6zfzbt0tcmebde2tcw&from=cor&uid=TOSHIBAXMK3275GSX_32B9F1J4SXX32B9F1J4S
ShortcutWithArgument: C:\Users\lillia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursearching.com/?type=sc&ts=1449978097&z=66159756c1b0f1406240a4fg6zfzbt0tcmebde2tcw&from=cor&uid=TOSHIBAXMK3275GSX_32B9F1J4SXX32B9F1J4S
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursearching.com/?type=sc&ts=1449978097&z=66159756c1b0f1406240a4fg6zfzbt0tcmebde2tcw&from=cor&uid=TOSHIBAXMK3275GSX_32B9F1J4SXX32B9F1J4S
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursearching.com/?type=sc&ts=1449978097&z=66159756c1b0f1406240a4fg6zfzbt0tcmebde2tcw&from=cor&uid=TOSHIBAXMK3275GSX_32B9F1J4SXX32B9F1J4S
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-04-02 16:45 - 2010-09-10 10:26 - 00162824 _____ () C:\Windows\System32\GFNEXSrv.exe
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-10 20:11 - 2015-07-10 20:11 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2012-04-02 16:29 - 2012-01-21 04:45 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2014-08-01 14:23 - 2014-08-01 14:23 - 00418312 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2015-06-25 07:53 - 2015-06-25 07:53 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2013-10-16 18:02 - 2013-10-16 18:02 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2011-08-23 08:19 - 2011-08-23 08:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-16 08:19 - 2010-12-16 08:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-01-20 09:00 - 2011-01-20 09:00 - 00118784 _____ () C:\Program Files\TOSHIBA\PeakShift\MUIHelp.dll
2012-02-02 04:34 - 2012-02-02 04:34 - 00094208 _____ () C:\windows\System32\IccLibDll_x64.dll
2011-11-26 11:51 - 2011-11-26 11:51 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2016-08-30 15:05 - 2016-08-30 15:05 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-12-06 21:29 - 2016-12-06 21:29 - 03066880 _____ () C:\Program Files\AVAST Software\Avast\defs\16120500\algo.dll
2016-08-30 15:05 - 2016-08-30 15:05 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-07-10 19:57 - 2015-07-10 19:57 - 00221696 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2015-07-10 19:51 - 2015-07-10 19:51 - 00087040 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2015-07-10 19:43 - 2015-07-10 19:43 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2015-07-10 19:57 - 2015-07-10 19:57 - 00070656 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2015-07-10 19:59 - 2015-07-10 19:59 - 00744448 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2014-03-28 08:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-28 08:23 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-28 08:23 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-28 08:23 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-28 08:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-04-02 16:28 - 2012-01-21 04:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-07-12 10:20 - 2016-07-12 10:20 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-11-15 21:24 - 2016-11-09 06:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 21:24 - 2016-11-09 06:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2016-11-15 20:12 - 2016-11-15 20:12 - 17772736 _____ () C:\Users\lillia\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll
2016-12-06 21:47 - 2016-10-29 09:50 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-12-06 21:46 - 2016-10-29 09:50 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-12-06 21:46 - 2016-10-29 09:51 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-12-06 21:47 - 2016-10-29 09:50 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-12-06 21:47 - 2016-10-29 09:50 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-12-06 21:47 - 2016-10-29 09:50 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-12-06 21:47 - 2016-11-29 00:17 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-12-06 21:47 - 2016-10-29 09:50 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-12-06 21:46 - 2016-11-29 00:16 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-12-06 21:47 - 2016-10-29 09:51 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-12-06 21:46 - 2016-11-29 00:16 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-12-06 21:46 - 2016-11-29 00:16 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-12-06 21:47 - 2016-10-29 09:53 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-12-06 21:47 - 2016-11-29 00:17 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-12-06 21:46 - 2016-11-29 00:16 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-12-06 21:46 - 2016-11-29 00:16 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-12-06 21:47 - 2016-10-29 09:50 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-12-06 21:46 - 2016-10-29 09:53 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-12-06 21:47 - 2016-10-29 09:53 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-12-06 21:47 - 2016-10-29 09:53 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-12-06 21:47 - 2016-11-29 00:17 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-12-06 21:47 - 2016-10-29 09:53 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-12-06 21:47 - 2016-11-29 00:17 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-12-06 21:47 - 2016-10-29 09:53 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-12-06 21:47 - 2016-10-29 09:53 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-12-06 21:47 - 2016-10-29 09:53 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-12-06 21:47 - 2016-10-29 09:53 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-12-06 21:47 - 2016-10-29 09:53 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-12-06 21:47 - 2016-10-29 09:53 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-12-06 21:47 - 2016-10-29 09:53 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-12-06 21:46 - 2016-11-29 00:16 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-12-06 21:46 - 2016-11-29 00:16 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-12-06 21:47 - 2016-10-29 09:52 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-12-06 21:46 - 2016-11-29 00:16 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-12-06 21:47 - 2016-10-29 09:53 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-12-06 21:47 - 2016-11-29 00:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-12-06 21:47 - 2016-11-29 00:17 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-12-06 21:47 - 2016-11-29 00:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-12-06 21:47 - 2016-11-29 00:17 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-12-06 21:47 - 2016-10-29 09:53 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-12-06 21:47 - 2016-11-29 00:17 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-12-06 21:46 - 2016-11-29 00:16 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-12-06 21:46 - 2016-10-29 09:49 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-12-06 21:46 - 2016-11-29 00:16 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-12-06 21:46 - 2016-11-29 00:16 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-12-06 21:47 - 2016-10-29 09:51 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-12-06 21:47 - 2016-11-29 00:16 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-12-06 21:47 - 2016-11-29 00:17 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-12-06 21:46 - 2016-11-29 00:16 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-12-06 21:47 - 2016-11-29 00:16 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-12-06 21:47 - 2016-11-29 00:16 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-12-06 21:47 - 2016-11-29 00:16 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-12-06 21:47 - 2016-11-29 00:17 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-12-06 21:46 - 2016-10-29 09:56 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-12-06 21:46 - 2016-10-29 09:56 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-12-06 21:47 - 2016-11-29 00:16 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-12-06 21:47 - 2016-11-29 00:16 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-12-06 21:47 - 2016-11-29 00:16 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-12-06 21:47 - 2016-10-29 09:53 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-12-06 21:47 - 2016-11-29 00:17 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2015-06-25 07:51 - 2015-06-25 07:51 - 00611128 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUKernel.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00152888 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUBasic.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00820024 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\MainControls.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00119096 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUTransl.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00161080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\PerlRegEx.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00210744 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\XMLComponents.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00449848 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\GR32_D6.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00129336 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SchedAgent_2007.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00335672 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUCompression.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00307000 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\DEC.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00493368 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\Html.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00307000 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\ntrtl60.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00278840 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\AppInitialization.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00033080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUBase.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00215864 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\ProgramRating.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00423224 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\VisControls.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 01145144 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxBarD12.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00044856 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxCoreD12.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00016184 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxComnD12.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00055608 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxThemeD12.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00852280 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\cxLibraryD12.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00069944 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxGDIPlusD12.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00068408 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SysControls.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00144184 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUIcoEngineerDirTree.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00076600 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUShell.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00154424 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\cefcomponent.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00107320 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUShredder.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00470840 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SysInfo.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00656696 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\MSI_D6.bpl
2015-06-25 07:52 - 2015-06-25 07:52 - 00963384 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TuningWizard.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00092984 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUApps.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00042808 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TURar.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00047928 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUApplications.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00083256 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUOperaClass.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00107320 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\Internet.bpl
2015-06-25 07:52 - 2015-06-25 07:52 - 00458040 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\PowerManager.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00633144 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUDiskCleanerClass.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00489784 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\Traces.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00042808 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUSafariClass.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00140088 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\CommonForms.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00609080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\VirtualTreesR.bpl
2015-06-25 07:51 - 2015-06-25 07:51 - 00065848 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUIECacheClass.bpl
2015-06-25 07:54 - 2015-06-25 07:54 - 00357176 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\tuavgx.dll
2014-09-09 10:30 - 2014-09-09 10:30 - 13417496 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\windows:nlsPreferences [386]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2939937528-1813498291-454416258-1000\...\hola.org -> hxxp://hola.org
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-05-16 21:06 - 2013-09-03 17:19 - 00000833 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2939937528-1813498291-454416258-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\lillia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^lillia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Agosexi => C:\Users\lillia\AppData\Roaming\Ugfy\xykow.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BreakingNews => C:\Program Files\BreakingNews\BreakingNews\DesktopContainer.exe
MSCONFIG\startupreg: CAHeadless => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\iSkysoft\iTube Studio\DelayPluginI.exe
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: Facebook Update => "C:\Users\lillia\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: hola => C:\Program Files\Hola\app\hola.exe --silent
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Magisto video editor tray app => C:\Program Files (x86)\Magisto\magisto.exe
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: RoboForm => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Smart File Advisor => "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc
MSCONFIG\startupreg: Splashtop Inc. => C:\Users\lillia\AppData\Roaming\B41030\B41030.exe
MSCONFIG\startupreg: Spotify => "C:\Users\lillia\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\lillia\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\lillia\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Ykurruu => C:\Users\lillia\AppData\Roaming\Moty\ighuq.exe
MSCONFIG\startupreg: Ziralocao => C:\Users\lillia\AppData\Roaming\Ygwi\byup.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CA8B2F83-CCD6-48CF-A778-285CA9C6C74D}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{88864CEA-1ED7-43A0-93A5-64266D324C45}] => LPort=2869
FirewallRules: [{EFC26CB2-C09C-4FE3-B61F-D8935B77BCCC}] => LPort=1900
FirewallRules: [{4A78F25E-4196-453C-AD51-1ACD2691E917}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0CDE4600-79D9-4602-91A4-40D7C781B176}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{9879C054-89D8-4055-AC8E-DD558FCD3F35}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8701B5B9-0CD2-46C4-926F-8C0D602528AE}] => C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{E0DC89EA-386A-453E-9F39-89568C2666AA}] => C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{967A43E6-34F8-4181-BDFB-E09E8094E4F2}] => C:\Users\lillia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{9F38AAC5-F6E2-4D8D-A08F-C30334E4B42D}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{616841A3-EA8B-4228-8D20-9AD926FC7CB2}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{3B9A21ED-DDDB-4B84-B5DE-69964CE5DC1C}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{4B0B7C59-7C0C-4CE8-9D55-7C04F8F1B7C6}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{11875DDA-4667-40E6-B431-32E7AF0BEC31}] => C:\Users\lillia\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{A28DEB10-0A06-45EF-9979-4EA76BC006A8}C:\users\lillia\appdata\local\viber\viber.exe] => C:\users\lillia\appdata\local\viber\viber.exe
FirewallRules: [UDP Query User{0CE1F5B3-D49B-4EFF-93D6-5D8917C6E81C}C:\users\lillia\appdata\local\viber\viber.exe] => C:\users\lillia\appdata\local\viber\viber.exe
FirewallRules: [{9C18CEED-78F5-4B35-8839-D4F63213C2B9}] => C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{411CA2E8-982D-4DFE-880F-228BF7C5B12C}] => C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{F541C1F7-F182-4972-A133-63988FE7669A}] => C:\Users\lillia\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{A13E26B7-193F-47D0-A9EF-BBFDEAAD9A0D}] => C:\Users\lillia\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{FEAD97D2-0AAC-4080-B7E2-4C1092614812}] => C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{A6227118-42E5-449A-9BB6-B5BD9E3500DB}] => C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{FB1ECD3B-EA35-400E-87FF-F593A68330EF}] => C:\Users\lillia\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{93E2D4E3-FC59-46A2-AC08-9B16CEBCB01C}] => C:\Users\lillia\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [TCP Query User{1557BE39-E22F-459F-9E43-8DC4DC9D7E0D}C:\users\lillia\appdata\roaming\spotify\spotify.exe] => C:\users\lillia\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{AC073E2E-9EC8-4216-AC24-1FC4580D0EE3}C:\users\lillia\appdata\roaming\spotify\spotify.exe] => C:\users\lillia\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4551C4DE-9778-4B99-BEC5-08E8F613296C}C:\users\lillia\appdata\roaming\spotify\spotify.exe] => C:\users\lillia\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{63925D23-3EBC-47F5-A4D4-4CA2D66E30B6}C:\users\lillia\appdata\roaming\spotify\spotify.exe] => C:\users\lillia\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E2939371-0FCE-48B2-B757-5A81A3A70B8D}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5842772C-5756-4524-AB61-89B2C01E2EB5}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1ECD8082-E354-43A5-9857-E8E112953E8A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{583160DF-8C9E-4642-A006-50AE77DCA5B4}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4DDF5FF7-A6F0-44CD-B112-A70338331B92}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{58192DCA-87C2-4BC9-9A1B-66B1517E0BE9}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1F0B604E-0CF6-4E59-996B-D0A4754A5172}] => C:\Users\lillia\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{52E22F5D-9DF7-463A-9783-11802E25CF80}] => C:\Users\lillia\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{F5794999-29AE-48F5-935B-B5B12D8A1EF3}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{46504550-70D7-4575-ACE6-D396503FB2B0}C:\program files (x86)\seagulls\seagullgame\binaries\win64\seagullgame.exe] => C:\program files (x86)\seagulls\seagullgame\binaries\win64\seagullgame.exe
FirewallRules: [UDP Query User{39137BD0-CE95-4CE6-8EFD-AEFABABBCD6A}C:\program files (x86)\seagulls\seagullgame\binaries\win64\seagullgame.exe] => C:\program files (x86)\seagulls\seagullgame\binaries\win64\seagullgame.exe
FirewallRules: [TCP Query User{55FB5914-CF79-40FA-95CC-C088EE1CD39E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{5D5E971E-6065-411B-B5CB-787519677E94}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{78EABB23-A7E9-49BF-BCDC-A78BC055F0F3}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5A4DB5E3-9B47-4FED-9FE2-58ED9009172C}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
15-09-2016 19:09:11 Windows Update
22-09-2016 03:00:30 Windows Update
13-10-2016 03:00:21 Windows Update
18-10-2016 09:26:01 Windows Update
19-10-2016 11:12:27 Windows Update
20-11-2016 04:54:02 Windows Update
29-11-2016 21:01:02 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/06/2016 09:47:52 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
Error: (12/06/2016 09:47:47 PM) (Source: DbxSvc) (EventID: 270) (User: )
Description: Filter Unload failed with: (-2145452013) The system could not find the filter specified.
 
Error: (12/06/2016 09:29:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/06/2016 09:28:19 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
Error: (11/29/2016 09:30:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x5305bdf9
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23569, time stamp: 0x57f7bc1f
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x520
Faulting application start time: 0x01d24a33be6ef288
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\windows\syswow64\KERNELBASE.dll
Report Id: 41badb06-b627-11e6-89a1-e840f299ce9c
 
Error: (11/29/2016 09:30:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/29/2016 09:30:24 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
   at System.Management.ManagementScope.InitializeGuts(System.Object)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetLoggedOnUsersList()
   at FreemakeUtilsService.Common.ToolbarInstallationChecker.CollectInformation()
   at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
   at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
   at FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
   at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (11/29/2016 09:28:42 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
Error: (11/29/2016 08:57:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/29/2016 08:56:52 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
 
System errors:
=============
Error: (12/06/2016 09:29:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/06/2016 09:29:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (12/06/2016 09:28:02 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:40:36 PM on ‎29/‎11/‎2016 was unexpected.
 
Error: (11/29/2016 09:30:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/29/2016 09:30:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (11/29/2016 09:30:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/29/2016 09:23:44 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (11/29/2016 08:57:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/29/2016 08:57:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (11/27/2016 09:10:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-29 18:24:29.046
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-29 18:24:28.937
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-29 16:45:07.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-29 16:45:07.426
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-29 16:41:56.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-29 16:41:56.248
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-28 16:45:57.476
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-28 16:45:57.351
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-27 22:53:17.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-27 22:53:17.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU B815 @ 1.60GHz
Percentage of memory in use: 64%
Total physical RAM: 3985.8 MB
Available physical RAM: 1416.91 MB
Total Virtual: 7969.79 MB
Available Virtual: 4989.66 MB
 
==================== Drives ================================
 
Drive c: (S3A9565D002) (Fixed) (Total:284.1 GB) (Free:146.06 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,887 posts
  • MVP
Uninstall:
 
Freemake Video Converter
Hola™ 1.18.524 - Better Internet
Java 8 Update 65 
McAfee Security Scan Plus
Skype Click to Call
Smilebox 
Spybot - Search & Destroy
 

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
 
If you feel you must have Java:
Get the latest Java at:
 
Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
 

 
Download the attached fixlist.txt to the same location as FRST
Attached File  fixlist.txt   27.91KB   34 downloads
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     
    You should also take the time to let Avast do a boot-time scan.  This takes about 6 hours so best to let it run at night while you sleep.
     

     
    Open Avast, Scan, Scan for Viruses, Change the Quick Scan (in the box in the center of the page) to Boot-time Scan.  Then at the bottom of the page click on Scan Settings.
     
    Make sure both boxes are checked and click on the gray box to the right of the orange ones.  It should turn orange.  Change where it says "Fix Automatically" to "Move to
    Chest."  OK.  Now click on Start and then close Avast.  Mute your speakers so it doesn't wake you up when Windows boots.
     
    When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
     
     
    Copy and paste the text from the log to a Reply when done.
     
     
     
     
     

    • 0






    Similar Topics


    Also tagged with one or more of these keywords: infected, slow running

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP