Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

slow internet, video, dropping internet access


  • Please log in to reply

#1
mcgyver0308

mcgyver0308

    New Member

  • Member
  • Pip
  • 9 posts

I normally use fire fox but i have tried ie and the results are the same. pages load slow, video is agonizingly slow.  when I open a new page CPU and memory usage go way up.. Also while staying connected to wireless, I frequently drop internet access while other computers and devices have no problems. this has only been happening to this computer for about 3 months now. I have run FRST64 and included logs. I have AVG anti virus and have run spybot and super anti spyware, which have helped some but not alot.

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by User (administrator) on MIKES (24-12-2016 12:45:30)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-01] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2180680 2016-10-23] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-12-17] (SUPERAntiSpyware)
HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\MountPoints2: {cc931181-4393-11e4-9677-206a8ad0086d} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3910213348-232855233-1580435985-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-12] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-10-02]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F39B4088-0516-4CD6-8270-D0B8882D719A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-3910213348-232855233-1580435985-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={D1822272-3420-4BDB-B169-705CCA2F776E}&mid=dad0fed541a747d095d3314fa04ebc16-768c2b92b3d91c3ebb961ddf43e7275fabce4d6b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-07-19 11:02:12&v=4.2.9.726&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-3910213348-232855233-1580435985-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3910213348-232855233-1580435985-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={D1822272-3420-4BDB-B169-705CCA2F776E}&mid=dad0fed541a747d095d3314fa04ebc16-768c2b92b3d91c3ebb961ddf43e7275fabce4d6b&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-07-19 11:02:12&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3910213348-232855233-1580435985-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={D1822272-3420-4BDB-B169-705CCA2F776E}&mid=dad0fed541a747d095d3314fa04ebc16-768c2b92b3d91c3ebb961ddf43e7275fabce4d6b&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-07-19 11:02:12&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3910213348-232855233-1580435985-1000 -> {FF8696AC-21F3-476A-9FCD-E7661714B270} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121211180840.dll => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121211180843.dll => No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-03-08] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll [2016-10-23] (AVG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jz8zt8um.default-1482119433892 [2016-12-24]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-03-06]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-11-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-15] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-05-14] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3910213348-232855233-1580435985-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-09] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3910213348-232855233-1580435985-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll [2012-10-04] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011-04-25] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2011-04-25] (Citrix Systems, Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [107648 2012-03-08] (Atheros Commnucations) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337696 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-11-02] (AVG Technologies CZ, s.r.o.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [162648 2012-03-16] (Intel Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vToolbarUpdater40.3.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe [1349704 2016-10-23] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [980552 2016-10-23] ()
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [76960 2012-02-27] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-10-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [267520 2016-10-19] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
S2 avgntflt; C:\Windows\SysWOW64\DRIVERS\avgntflt.sys [171752 2016-08-18] (Avira Operations GmbH & Co. KG)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S1 avipbb; C:\Windows\SysWOW64\DRIVERS\avipbb.sys [145984 2016-08-18] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\SysWOW64\DRIVERS\avkmgr.sys [28600 2016-08-18] (Avira Operations GmbH & Co. KG)
S3 MUD; C:\Windows\System32\DRIVERS\MUD.sys [63232 2008-02-05] (Magellan)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-24 12:45 - 2016-12-24 12:47 - 00028582 _____ C:\Users\User\Downloads\FRST.txt
2016-12-24 12:44 - 2016-12-24 12:45 - 00000000 ____D C:\FRST
2016-12-24 12:44 - 2016-12-24 12:44 - 02420736 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-12-21 18:12 - 2016-12-21 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-21 11:15 - 2016-12-21 11:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-12-21 11:15 - 2016-12-21 11:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-12-21 11:15 - 2016-12-21 11:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-12-21 11:15 - 2016-12-21 11:15 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-12-18 20:50 - 2016-12-18 20:50 - 00000000 ____D C:\Users\User\Desktop\Old Firefox Data
2016-12-18 12:47 - 2016-12-18 12:47 - 00000000 ____D C:\Users\Guest\AppData\LocalLow\Mozilla
2016-12-17 15:42 - 2016-12-17 15:42 - 00797760 _____ C:\Users\User\Downloads\delfix_1.013.exe
2016-12-17 15:42 - 2016-12-17 15:42 - 00797760 _____ C:\Users\User\Downloads\delfix_1.013(1).exe
2016-12-17 15:41 - 2016-12-17 15:41 - 03977168 _____ C:\Users\User\Downloads\adwcleaner_6.041.exe
2016-12-17 15:39 - 2016-12-17 15:39 - 00000000 ____D C:\Users\User\AppData\Roaming\EncryptStick
2016-12-15 21:07 - 2016-12-15 21:07 - 00284488 _____ C:\Users\User\Documents\zacks resume1.pdf
2016-12-15 21:05 - 2016-12-15 21:05 - 00290492 _____ C:\Users\User\Documents\IMG_20161215_0002.pdf
2016-12-15 21:01 - 2016-12-15 21:02 - 00690465 _____ C:\Users\User\Documents\zacks resume.pdf
2016-12-15 20:55 - 2016-12-15 20:55 - 00697652 _____ C:\Users\User\Documents\IMG_20161215_0001.pdf
2016-12-15 07:39 - 2016-12-15 22:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-13 20:55 - 2016-11-21 11:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-13 20:55 - 2016-11-21 11:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-13 20:55 - 2016-11-21 11:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-13 20:55 - 2016-11-21 11:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-13 20:55 - 2016-11-20 09:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-13 20:55 - 2016-11-20 07:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-13 20:55 - 2016-11-17 09:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-13 20:55 - 2016-11-14 16:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-12-13 20:55 - 2016-11-14 15:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-12-13 20:55 - 2016-11-12 12:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-13 20:55 - 2016-11-12 11:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-13 20:55 - 2016-11-12 11:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-12-13 20:55 - 2016-11-12 10:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-13 20:55 - 2016-11-12 10:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-12-13 20:55 - 2016-11-12 10:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-13 20:55 - 2016-11-12 10:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-12-13 20:55 - 2016-11-12 10:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-13 20:55 - 2016-11-12 10:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-12-13 20:55 - 2016-11-12 10:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-12-13 20:55 - 2016-11-10 09:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-13 20:55 - 2016-11-09 09:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-13 20:55 - 2016-11-09 09:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-13 20:55 - 2016-11-09 09:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-13 20:55 - 2016-11-06 09:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-13 20:55 - 2016-11-06 09:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-13 20:55 - 2016-10-27 08:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-13 20:55 - 2016-10-27 08:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-13 20:55 - 2016-10-11 08:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-13 20:55 - 2016-10-11 08:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-13 20:55 - 2016-10-11 08:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-13 20:55 - 2016-10-11 08:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-13 20:55 - 2016-10-11 08:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-13 20:55 - 2016-10-11 08:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-13 20:55 - 2016-10-11 08:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-13 20:55 - 2016-10-11 07:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-12-13 20:55 - 2016-10-11 06:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-12-13 20:55 - 2016-10-11 06:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-12-13 20:55 - 2016-10-08 06:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-13 20:55 - 2016-10-04 08:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-13 20:55 - 2016-10-04 08:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-13 20:55 - 2016-10-04 08:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-13 20:55 - 2016-10-04 08:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-13 20:54 - 2016-11-20 09:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-12-13 20:54 - 2016-11-20 09:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-13 20:54 - 2016-11-20 09:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-13 20:54 - 2016-11-20 09:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-12-13 20:54 - 2016-11-20 09:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-13 20:54 - 2016-11-20 08:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-13 20:54 - 2016-11-20 08:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-13 20:54 - 2016-11-20 08:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-13 20:54 - 2016-11-20 08:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-12-13 20:54 - 2016-11-20 08:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-13 20:54 - 2016-11-20 08:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-12-13 20:54 - 2016-11-12 12:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-12-13 20:54 - 2016-11-12 12:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-12-13 20:54 - 2016-11-12 12:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-12-13 20:54 - 2016-11-12 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-12-13 20:54 - 2016-11-12 12:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-12-13 20:54 - 2016-11-12 12:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-13 20:54 - 2016-11-12 12:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-12-13 20:54 - 2016-11-12 12:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-12-13 20:54 - 2016-11-12 12:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-12-13 20:54 - 2016-11-12 12:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-12-13 20:54 - 2016-11-12 12:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-12-13 20:54 - 2016-11-12 12:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-12-13 20:54 - 2016-11-12 12:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-12-13 20:54 - 2016-11-12 12:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-13 20:54 - 2016-11-12 12:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-12-13 20:54 - 2016-11-12 11:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-13 20:54 - 2016-11-12 11:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-12-13 20:54 - 2016-11-12 11:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-12-13 20:54 - 2016-11-12 11:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-13 20:54 - 2016-11-12 11:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-12-13 20:54 - 2016-11-12 11:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-12-13 20:54 - 2016-11-12 11:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-12-13 20:54 - 2016-11-12 11:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-12-13 20:54 - 2016-11-12 11:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-12-13 20:54 - 2016-11-12 11:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-12-13 20:54 - 2016-11-12 11:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-12-13 20:54 - 2016-11-12 11:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-12-13 20:54 - 2016-11-12 11:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-12-13 20:54 - 2016-11-12 11:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-12-13 20:54 - 2016-11-12 11:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-12-13 20:54 - 2016-11-12 11:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-12-13 20:54 - 2016-11-12 11:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-12-13 20:54 - 2016-11-12 11:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-12-13 20:54 - 2016-11-12 11:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-12-13 20:54 - 2016-11-12 11:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-12-13 20:54 - 2016-11-12 11:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-12-13 20:54 - 2016-11-12 11:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-12-13 20:54 - 2016-11-12 11:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-12-13 20:54 - 2016-11-12 11:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-13 20:54 - 2016-11-12 11:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-12-13 20:54 - 2016-11-12 11:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-12-13 20:54 - 2016-11-12 11:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-12-13 20:54 - 2016-11-12 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-13 20:54 - 2016-11-12 10:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-12-13 20:54 - 2016-11-12 10:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-12-13 20:54 - 2016-11-12 10:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-12-13 20:54 - 2016-11-12 10:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-12-13 20:54 - 2016-11-12 10:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-12-13 20:54 - 2016-11-12 10:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-12-13 20:54 - 2016-11-12 10:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-12-13 20:54 - 2016-11-12 10:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-12-13 20:54 - 2016-11-12 10:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-12-13 20:54 - 2016-11-12 10:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-13 20:54 - 2016-11-12 10:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-12-13 20:54 - 2016-11-10 09:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-13 20:54 - 2016-11-09 09:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-13 20:54 - 2016-11-09 09:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-13 20:54 - 2016-11-09 09:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-13 20:54 - 2016-11-09 09:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-13 20:54 - 2016-11-09 09:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-13 20:54 - 2016-11-09 09:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-13 20:54 - 2016-11-09 09:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-12-13 20:54 - 2016-11-09 09:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-12-13 20:54 - 2016-11-09 09:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-13 20:54 - 2016-11-09 09:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-13 20:54 - 2016-11-09 08:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-12-13 20:54 - 2016-11-06 09:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-13 20:54 - 2016-10-11 08:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-13 20:54 - 2016-10-11 08:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-13 20:54 - 2016-10-11 07:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-13 20:54 - 2016-10-11 07:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-13 20:54 - 2016-10-11 07:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-13 20:54 - 2016-10-11 07:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-13 20:54 - 2016-10-11 07:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-13 20:54 - 2016-10-11 07:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-13 20:54 - 2016-10-11 07:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-13 20:54 - 2016-10-11 07:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 07:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 07:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 07:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-13 20:54 - 2016-10-04 08:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-12-13 20:54 - 2016-10-04 08:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-12-13 20:54 - 2016-10-04 08:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-12-13 20:54 - 2016-10-04 08:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-12-13 18:19 - 2016-12-13 18:19 - 00000000 ____D C:\Users\Guest\AppData\Local\CEF
2016-12-11 18:07 - 2016-12-11 18:07 - 00002148 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-12-11 18:07 - 2016-12-11 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-12-02 23:53 - 2016-12-02 23:53 - 00000062 _____ C:\Users\User\Desktop\sewing machine.txt
2016-12-02 21:19 - 2016-12-02 21:19 - 00000000 ____D C:\Users\User\AppData\Local\CEF
2016-11-29 22:34 - 2016-11-29 22:34 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
2016-11-28 07:05 - 2016-11-28 07:05 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc(71).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-24 12:45 - 2009-07-13 21:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-24 12:45 - 2009-07-13 21:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-24 12:14 - 2013-12-13 14:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-24 12:08 - 2015-11-13 12:14 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-24 11:53 - 2012-12-26 13:41 - 00000000 ____D C:\ProgramData\MFAData
2016-12-24 00:41 - 2016-11-23 00:52 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2016-12-23 22:24 - 2015-11-13 12:14 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-23 22:16 - 2016-09-25 19:53 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-12-23 22:14 - 2012-09-27 21:45 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-12-22 21:31 - 2014-02-10 17:19 - 00000000 ___RD C:\Users\User\Dropbox
2016-12-22 21:29 - 2012-09-27 21:45 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-12-22 21:28 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-21 18:12 - 2015-11-13 12:14 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-20 16:22 - 2014-12-04 19:23 - 00000000 ____D C:\Users\Guest\AppData\Local\CrashDumps
2016-12-18 10:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-18 01:04 - 2016-02-05 11:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-12-18 00:34 - 2015-03-22 11:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-17 15:43 - 2015-03-22 11:10 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-12-17 15:43 - 2015-03-22 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-17 15:43 - 2015-03-22 11:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-17 15:39 - 2015-03-22 10:42 - 00000000 ____D C:\AdwCleaner
2016-12-17 15:36 - 2009-07-13 22:13 - 00782010 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-17 15:36 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-12-16 21:27 - 2012-11-04 13:03 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 21:27 - 2012-11-04 13:03 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 13:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-12-15 22:53 - 2013-09-16 16:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-15 21:20 - 2013-06-21 21:26 - 00007185 _____ C:\Windows\wininit.ini
2016-12-15 08:23 - 2009-07-13 21:45 - 00285920 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-15 08:02 - 2013-08-19 16:37 - 00000000 ____D C:\Windows\system32\MRT
2016-12-15 07:53 - 2013-03-15 21:23 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-15 07:18 - 2013-12-13 14:17 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-15 07:17 - 2012-07-05 03:00 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-15 07:17 - 2012-07-05 03:00 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-15 07:16 - 2012-07-05 03:00 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-15 07:16 - 2012-07-05 03:00 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 19:28 - 2013-12-25 18:11 - 00774624 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-11 18:50 - 2015-10-30 10:46 - 00000940 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-12-11 18:50 - 2014-04-04 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-12-11 18:40 - 2015-01-21 09:48 - 00000000 ____D C:\Users\TEMP
2016-12-11 18:07 - 2012-11-04 13:03 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-11 18:02 - 2015-11-13 12:14 - 00003900 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-12-11 18:02 - 2015-11-13 12:14 - 00003648 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-12-11 17:54 - 2015-07-19 10:01 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-12-11 17:53 - 2016-11-15 11:26 - 00000000 ____D C:\ProgramData\Avg_Update_1116sp
2016-12-11 17:53 - 2015-02-16 16:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-12-11 17:53 - 2014-01-03 15:28 - 00000000 ____D C:\Users\Guest
2016-12-11 17:51 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2016-12-11 17:50 - 2015-07-19 10:01 - 00000000 ____D C:\ProgramData\AVG Web TuneUp

==================== Files in the root of some directories =======

2013-09-20 15:50 - 2014-06-05 11:27 - 0003736 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-01-30 20:27 - 2014-01-30 20:27 - 0000060 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\User\AppData\Local\Tempdivx02d6
2015-06-02 21:32 - 2015-06-02 21:32 - 1328472 _____ (DivX, LLC) C:\Users\User\AppData\Local\Tempdivx334f.exe
2015-06-02 21:32 - 2015-06-02 21:32 - 0043682 _____ () C:\Users\User\AppData\Local\Tempdivxb798
2012-09-27 21:57 - 2012-09-27 22:00 - 0002454 _____ () C:\ProgramData\clear.fiSDK20.log
2013-03-04 19:57 - 2013-03-04 19:58 - 0000376 _____ () C:\ProgramData\hpzinstall.log
2012-09-27 21:59 - 2012-09-27 21:59 - 0000032 _____ () C:\ProgramData\PS.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-16 13:03

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by User (24-12-2016 12:48:06)
Running from C:\Users\User\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-28 04:25:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3910213348-232855233-1580435985-500 - Administrator - Disabled)
Guest (S-1-5-21-3910213348-232855233-1580435985-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3910213348-232855233-1580435985-1005 - Limited - Enabled)
User (S-1-5-21-3910213348-232855233-1580435985-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2728.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2728.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Instant Update Service (HKLM\...\{682EC6E8-A300-45FD-8F09-0F3A6EA334D6}) (Version: 1.00.3004 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 20.11.1107.1418 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.126 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Atheros)
AVG (Version: 16.131.7924 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4739 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.131.7924 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.6.255 - AVG Technologies)
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.00 - Canon Inc.)
Canon MG5400 series On-screen Manual (HKLM-x32\...\Canon MG5400 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG5400 series User Registration (HKLM-x32\...\Canon MG5400 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.70 - DivX, LLC)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.57.1 - Dropbox, Inc.) Hidden
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM-x32\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PrintMaster 6.0 Platinum (HKLM-x32\...\0832-3492-6567-1002) (Version: 6.0.6.146 - Encore Software Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6577 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27015 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.2.0 - Synaptics Incorporated)
TOPO! 4 (HKLM-x32\...\{5B3FB6D4-1B88-413D-8DE7-A7E2D58DE5B2}) (Version: 4.4.1 - National Geographic Maps)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Unity Web Player (HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VantagePoint (HKLM-x32\...\InstallShield_{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}) (Version: 2.43.0000 - Magellan Navigation, Inc.)
VantagePoint (x32 Version: 2.43.0000 - Magellan Navigation, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
video4fuze 0.6 (HKLM-x32\...\video4fuze) (Version: 0.6 - ssorgatem productions)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {008309CA-5759-4A54-9374-0E87AB2568E9} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {035FD0C7-6A7A-4F77-9C79-840F8231F8C5} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {05C8B81B-00CE-4F41-BC81-EE81B4429C82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-15] (Adobe Systems Incorporated)
Task: {0B38F106-7193-458C-A3EE-D532E6E20CA9} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {0DB1BB4A-3F43-43A1-954C-6FB2D54408E7} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {1CB30930-A1B6-4CD1-8080-F62F4361602E} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2012-01-18] (Acer)
Task: {246ED16A-197D-41F8-9BE4-1589A13FD03D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {3650BFBC-FFDE-4C2A-A44F-FBB451652A23} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {5D3C0B8B-5AB0-41A4-A33D-4C04501916C1} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {68DB9391-97C2-4A84-8843-2AC276C2C60E} - System32\Tasks\{6C770607-AF17-47A3-BA13-7B3D4609748C} => pcalua.exe -a C:\Users\User\Downloads\MVP_243.exe -d C:\Users\User\Downloads
Task: {7A78E652-6ABB-4E51-98FC-AEB8C2C6D4C0} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {8B269379-1448-4C08-8C56-832C05FCEAD8} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {A8EB7A9B-1C6B-4BF5-BCEE-F44C48DDAED1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {ACD0CFE6-4FB8-4E97-8EDE-A9771D775724} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {B23A906D-ACEF-4D00-981D-62B969D51582} - System32\Tasks\{AF680108-542E-4E1D-9578-C467A08E848A} => pcalua.exe -a "C:\Program Files (x86)\WildGames\Uninstall.exe" -d C:\Windows\system32
Task: {B860807D-D232-44D8-802C-BE051CE0107A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {C4B8B3E4-0B5F-4C56-8C01-EB4107732D60} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D209EB8F-AE97-4E6F-B4FF-3D196537DA82} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {DA8D2EFA-2A40-44A9-84A6-F3A1DCD84AFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {DF42F613-DD74-4474-9A8A-1887375C2457} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {EFF6AFF6-829B-4955-AB5F-D4C345E07D75} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-19 10:01 - 2016-10-23 15:14 - 00980552 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2011-06-17 06:49 - 2011-06-17 06:49 - 00034304 _____ () C:\Windows\System32\ssp8ml6.dll
2006-12-04 00:26 - 2006-12-04 00:26 - 00022016 _____ () C:\Windows\System32\sugs2l6.dll
2012-09-27 21:45 - 2012-03-16 04:48 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-09-27 22:02 - 2012-03-26 18:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2015-02-16 16:20 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-16 16:20 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-16 16:20 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-16 16:20 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-16 16:20 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-09-27 21:45 - 2012-03-07 07:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-12-11 18:14 - 2016-12-11 18:12 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-03-22 09:53 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15463 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3910213348-232855233-1580435985-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Dolby PCEE4\pcee4.exe" -autostart
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: InstantUpdate => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: VantagePointLite.exe => "C:\Program Files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A6773784-2305-4FA5-819B-D0418E0CA755}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2CACAA2C-C514-4392-8638-2B52AD49D354}] => LPort=2869
FirewallRules: [{99231177-EE65-4A96-8FCE-7485AE1E43CD}] => LPort=1900
FirewallRules: [{89D9DFF1-76F7-4978-9FE5-9F00A9FB4073}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6F68B07E-1E51-4521-8E3A-ABFB96505E24}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{CCCAEC12-A668-4D4C-A30D-930597385362}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B9989C24-C7AE-451E-9D3B-1FC05C9A8872}] => C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{3088D0AE-12DC-40EA-8066-BB1485232D9E}] => C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{FA64D39F-8D92-4AE8-86A1-0B56196BA5B0}] => C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{EF33DFAE-86D7-495B-9D8C-57037A12C853}] => C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BBA72985-0465-462A-80C4-0FC08CFA94EC}] => C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{06346D29-3499-4831-A6E4-777836A93C56}] => C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{0EE38B1B-C0DD-49AD-B60A-08A83BF73702}] => C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{46E16E82-7286-4377-95C6-6B54AC634539}] => C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{CD2C13F0-5D4D-4B80-9045-611CDE92F3E9}] => C:\Program Files (x86)\Acer\clear.fi SDK20\Movie\PlayMovie.exe
FirewallRules: [{7CDB6857-EB3F-4C2F-A5CB-3DD474D936CF}] => C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\VideoPlayer.exe
FirewallRules: [{95CE1F32-7EFF-45B8-9688-3BACAA27045A}] => C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\MusicPlayer.exe
FirewallRules: [{B8AA2780-6B9F-4CC7-9BF2-DB41771EA257}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{3386BFE6-7B56-4853-BCCC-7F8498A46475}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{2446A0E6-380F-42CB-8E53-836F961F560F}] => C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{4DA9FF1C-D2F4-4114-AA58-C3184F9C22A2}] => C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{287B5641-7777-40CE-A95B-F383D10E4F50}] => C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{BE54EE7F-7439-4B5C-BB2C-65A5036EFC1C}] => C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{2B9DA29F-B0F0-49BC-98BA-7614FCD0A4A9}] => C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{CD5A0336-7141-4F2A-BF5B-EA0D0787944C}] => C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{B9C9609F-0943-4ED0-AB1A-4189DB3178E7}] => C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{6E58E154-B495-4869-9777-3F60A3C06424}] => C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [TCP Query User{60F48F07-CA30-4044-841A-8472308D9E4D}C:\users\user\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => C:\users\user\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{CFF8AF3A-8C4E-4CE5-BB01-7D9693DE2A78}C:\users\user\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => C:\users\user\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{A640F2EE-3D26-40FD-99C5-69BD1160D4D1}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{065E2F44-94CA-47B1-B646-4AE1AF28A9EE}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{4743DCAC-A94F-460A-9431-314AB329A059}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{D21C52C4-A6AD-4A9C-9392-7322863DCC8D}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{BAA67218-3C5B-450F-812B-82244A52B5B4}] => C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{7F8097CB-A22F-41D9-B9E6-74C57C225ADC}] => C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{A1F90AC6-64D2-4FB2-B7B7-813E05D8DE87}] => C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{B21A1A2C-3017-4A3D-AD7A-DDDFCD1A6A35}] => C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{248953EE-6BB0-44AD-87CB-225BD4DCAFA0}] => C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{80905D32-D2F9-48CF-A1D1-A6415D411017}] => C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{EF0E4CE4-1DF7-4E99-9C32-2F131509B2F8}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EAAD9A90-B444-4B01-9427-D96A0B77DE5E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B09E8C05-83F2-4503-A65F-0EDE622EA6CC}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DEE73AEA-3217-48D4-BDC7-DDDECD19D9C2}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FB3D593E-B176-488D-A448-5FFC58B70593}] => C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{3250A909-7858-426C-9891-CB6012DB701C}] => C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{541A7B7B-F849-407F-9A09-1AA8B621C316}] => C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{855B9242-CD00-4362-BDFD-FA533B3F7AF0}] => C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{527E7780-361B-477E-97D2-1826D0C04C61}] => C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{D2B96845-2E88-49B9-BDCD-8131581233B7}] => C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{A41BB430-412A-422E-897C-4BA7114AF2C1}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{476932F0-B4AA-4E8A-8864-BB476252489F}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{114E96A2-BB13-4C28-8FFF-A8891F4172B7}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{7D489927-7BE7-41E2-AE63-B654B165EB70}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{9F9CE1E8-DA5A-40B5-BEDA-6457E67B7699}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AF191252-4F15-4E7E-B712-BC65015C6A95}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EF7E972-BDA9-4D5C-BB3F-C55B880DCBEF}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{E610F791-CC03-4211-8173-1A98FFBF6270}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{D3D88364-5BDC-4728-965C-5E5100AE6CF7}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{B2DE16DC-0408-4451-A0C0-F758EE193D63}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{521E21EA-1EF9-42A2-AA43-5DE778411093}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/22/2016 09:28:54 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/21/2016 06:12:48 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/21/2016 06:12:47 PM) (Source: DbxSvc) (EventID: 270) (User: )
Description: Filter Unload failed with: (-2145452013) The system could not find the filter specified.

Error: (12/21/2016 05:14:39 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/21/2016 03:20:16 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/21/2016 11:22:08 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/20/2016 09:23:16 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/18/2016 08:40:23 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/18/2016 08:17:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3910213348-232855233-1580435985-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {2ee0f363-def7-410a-8847-fcc88bc04414}

Error: (12/18/2016 01:20:47 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.


System errors:
=============
Error: (12/23/2016 10:20:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (12/23/2016 10:13:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ZAtheros Wlan Agent service.

Error: (12/22/2016 09:30:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/22/2016 09:29:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avipbb
avkmgr

Error: (12/22/2016 09:28:46 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (12/22/2016 09:28:42 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (12/22/2016 09:28:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avgntflt service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/22/2016 01:18:15 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (12/22/2016 01:15:15 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/22/2016 01:15:15 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.


CodeIntegrity:
===================================
  Date: 2014-01-03 17:29:20.531
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-03 17:29:20.410
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-02 12:38:36.549
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-02 12:38:36.429
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-02 12:36:55.256
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-02 12:36:55.135
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-02 12:17:45.632
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-02 12:17:45.513
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-02 12:16:26.700
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-02 12:16:26.581
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU 967 @ 1.30GHz
Percentage of memory in use: 57%
Total physical RAM: 3889.6 MB
Available physical RAM: 1652.17 MB
Total Virtual: 7777.39 MB
Available Virtual: 4881.56 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:446.13 GB) (Free:203.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 18AB0785)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
Uninstall spybot S&D and undo any immunization.
Uninstall SUPERAntiSpyware
 
Your AVG is causing problems.  I would try the free Avast in its place:
 
 
Click on Download then choose the free version.
 
 
Download, Save, but do not install yet.  Uninstall AVG
Reboot.
 
Install Avast by right clicking on the downloaded file and Run As Admin.
register if they ask you to.  Decline any optional software.
 
Reboot.
 
Finsih the install and stick with the free Basic version.
 
Run FRST again.  Check the Addition.txt box before hitting Scan.  Post both logs.
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)
 
 
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 

  • 0

#3
mcgyver0308

mcgyver0308

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

this is after running FRST againScan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by User (administrator) on MIKES (25-12-2016 02:57:10)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-01] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2180680 2016-10-23] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-25] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\MountPoints2: {cc931181-4393-11e4-9677-206a8ad0086d} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3910213348-232855233-1580435985-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-12] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-12-25] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-10-02]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F39B4088-0516-4CD6-8270-D0B8882D719A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-3910213348-232855233-1580435985-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={D1822272-3420-4BDB-B169-705CCA2F776E}&mid=dad0fed541a747d095d3314fa04ebc16-768c2b92b3d91c3ebb961ddf43e7275fabce4d6b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-07-19 11:02:12&v=4.2.9.726&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-3910213348-232855233-1580435985-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3910213348-232855233-1580435985-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={D1822272-3420-4BDB-B169-705CCA2F776E}&mid=dad0fed541a747d095d3314fa04ebc16-768c2b92b3d91c3ebb961ddf43e7275fabce4d6b&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-07-19 11:02:12&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3910213348-232855233-1580435985-1000 -> {FF8696AC-21F3-476A-9FCD-E7661714B270} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121211180840.dll => No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-12-25] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-25] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121211180843.dll => No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-03-08] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-12-25] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll [2016-10-23] (AVG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-25] (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-04-25] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jz8zt8um.default-1482119433892 [2016-12-25]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-25]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-25]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-03-06]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-11-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-15] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-05-14] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3910213348-232855233-1580435985-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-09] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3910213348-232855233-1580435985-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll [2012-10-04] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011-04-25] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2011-04-25] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2011-04-25] (Citrix Systems, Inc.)

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2016-12-25]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-25]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-25]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-25]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-25]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-25]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-25]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-25]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-25]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [107648 2012-03-08] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-25] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [162648 2012-03-16] (Intel Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 vToolbarUpdater40.3.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe [1349704 2016-10-23] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [980552 2016-10-23] ()
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [76960 2012-02-27] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-12-25] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-12-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-12-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-12-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-12-25] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-12-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-12-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-12-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-12-25] (AVAST Software)
S2 avgntflt; C:\Windows\SysWOW64\DRIVERS\avgntflt.sys [171752 2016-08-18] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\SysWOW64\DRIVERS\avipbb.sys [145984 2016-08-18] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\SysWOW64\DRIVERS\avkmgr.sys [28600 2016-08-18] (Avira Operations GmbH & Co. KG)
S3 MUD; C:\Windows\System32\DRIVERS\MUD.sys [63232 2008-02-05] (Magellan)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-25 02:47 - 2016-12-25 02:47 - 00000000 ____D C:\Users\User\AppData\Roaming\Sun
2016-12-25 02:23 - 2016-12-25 02:37 - 00003884 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1482657779
2016-12-25 02:23 - 2016-12-25 02:23 - 00001047 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-12-25 02:23 - 2016-12-25 02:23 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-12-25 02:22 - 2016-12-25 02:22 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-12-25 02:21 - 2016-12-25 02:21 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-12-25 02:21 - 2016-12-25 02:21 - 00001926 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-12-25 02:21 - 2016-12-25 02:21 - 00000000 ____D C:\Users\User\AppData\Roaming\AVAST Software
2016-12-25 02:21 - 2016-12-25 02:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-12-25 02:20 - 2016-12-25 02:21 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-12-25 02:20 - 2016-12-25 02:21 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-12-25 02:20 - 2016-12-25 02:21 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-12-25 02:20 - 2016-12-25 02:20 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-12-25 02:20 - 2016-12-25 02:20 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-12-25 02:20 - 2016-12-25 02:20 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-12-25 02:20 - 2016-12-25 02:20 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-12-25 02:20 - 2016-12-25 02:20 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-12-25 02:20 - 2016-12-25 02:20 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-12-25 02:20 - 2016-12-25 02:20 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-12-25 00:57 - 2016-12-25 00:57 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-25 00:57 - 2016-12-25 00:57 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-25 00:55 - 2016-12-25 01:05 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148265314859810
2016-12-25 00:55 - 2016-12-25 01:05 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148265314931512
2016-12-25 00:55 - 2016-12-25 01:04 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.148265314767707
2016-12-25 00:55 - 2016-12-25 00:55 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-12-25 00:53 - 2016-12-25 02:22 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-25 00:53 - 2016-12-25 02:22 - 00000000 ____D C:\Program Files\AVAST Software
2016-12-25 00:51 - 2016-12-25 00:51 - 06334848 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup_online.exe
2016-12-25 00:25 - 2016-12-25 00:21 - 00000938 ____R C:\Windows\system32\Drivers\etc\hosts.20161225-002508.backup
2016-12-24 12:48 - 2016-12-24 12:50 - 00046449 _____ C:\Users\User\Downloads\Addition.txt
2016-12-24 12:45 - 2016-12-25 02:58 - 00029029 _____ C:\Users\User\Downloads\FRST.txt
2016-12-24 12:44 - 2016-12-25 02:57 - 00000000 ____D C:\FRST
2016-12-24 12:44 - 2016-12-24 12:44 - 02420736 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-12-21 18:12 - 2016-12-21 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-21 11:15 - 2016-12-21 11:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-12-21 11:15 - 2016-12-21 11:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-12-21 11:15 - 2016-12-21 11:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-12-21 11:15 - 2016-12-21 11:15 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-12-18 20:50 - 2016-12-18 20:50 - 00000000 ____D C:\Users\User\Desktop\Old Firefox Data
2016-12-18 12:47 - 2016-12-18 12:47 - 00000000 ____D C:\Users\Guest\AppData\LocalLow\Mozilla
2016-12-17 15:42 - 2016-12-17 15:42 - 00797760 _____ C:\Users\User\Downloads\delfix_1.013.exe
2016-12-17 15:42 - 2016-12-17 15:42 - 00797760 _____ C:\Users\User\Downloads\delfix_1.013(1).exe
2016-12-17 15:41 - 2016-12-17 15:41 - 03977168 _____ C:\Users\User\Downloads\adwcleaner_6.041.exe
2016-12-17 15:39 - 2016-12-17 15:39 - 00000000 ____D C:\Users\User\AppData\Roaming\EncryptStick
2016-12-15 21:07 - 2016-12-15 21:07 - 00284488 _____ C:\Users\User\Documents\zacks resume1.pdf
2016-12-15 21:05 - 2016-12-15 21:05 - 00290492 _____ C:\Users\User\Documents\IMG_20161215_0002.pdf
2016-12-15 21:01 - 2016-12-15 21:02 - 00690465 _____ C:\Users\User\Documents\zacks resume.pdf
2016-12-15 20:55 - 2016-12-15 20:55 - 00697652 _____ C:\Users\User\Documents\IMG_20161215_0001.pdf
2016-12-15 07:39 - 2016-12-15 22:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-13 20:55 - 2016-11-21 11:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-13 20:55 - 2016-11-21 11:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-13 20:55 - 2016-11-21 11:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-13 20:55 - 2016-11-21 11:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-13 20:55 - 2016-11-20 09:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-13 20:55 - 2016-11-20 07:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-13 20:55 - 2016-11-17 09:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-13 20:55 - 2016-11-14 16:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-12-13 20:55 - 2016-11-14 15:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-12-13 20:55 - 2016-11-12 12:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-13 20:55 - 2016-11-12 11:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-13 20:55 - 2016-11-12 11:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-12-13 20:55 - 2016-11-12 10:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-13 20:55 - 2016-11-12 10:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-12-13 20:55 - 2016-11-12 10:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-13 20:55 - 2016-11-12 10:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-12-13 20:55 - 2016-11-12 10:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-13 20:55 - 2016-11-12 10:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-12-13 20:55 - 2016-11-12 10:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-12-13 20:55 - 2016-11-10 09:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-13 20:55 - 2016-11-09 09:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-13 20:55 - 2016-11-09 09:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-13 20:55 - 2016-11-09 09:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-13 20:55 - 2016-11-06 09:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-13 20:55 - 2016-11-06 09:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-13 20:55 - 2016-10-27 08:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-13 20:55 - 2016-10-27 08:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-13 20:55 - 2016-10-11 08:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-13 20:55 - 2016-10-11 08:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-13 20:55 - 2016-10-11 08:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-13 20:55 - 2016-10-11 08:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-13 20:55 - 2016-10-11 08:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-13 20:55 - 2016-10-11 08:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-13 20:55 - 2016-10-11 08:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-13 20:55 - 2016-10-11 07:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-12-13 20:55 - 2016-10-11 06:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-12-13 20:55 - 2016-10-11 06:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-12-13 20:55 - 2016-10-08 06:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-13 20:55 - 2016-10-04 08:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-13 20:55 - 2016-10-04 08:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-13 20:55 - 2016-10-04 08:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-13 20:55 - 2016-10-04 08:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-13 20:54 - 2016-11-21 11:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-13 20:54 - 2016-11-20 09:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-12-13 20:54 - 2016-11-20 09:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-13 20:54 - 2016-11-20 09:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-13 20:54 - 2016-11-20 09:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-13 20:54 - 2016-11-20 09:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-12-13 20:54 - 2016-11-20 09:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-13 20:54 - 2016-11-20 08:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-13 20:54 - 2016-11-20 08:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-13 20:54 - 2016-11-20 08:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-13 20:54 - 2016-11-20 08:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-12-13 20:54 - 2016-11-20 08:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-13 20:54 - 2016-11-20 08:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-12-13 20:54 - 2016-11-12 12:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-12-13 20:54 - 2016-11-12 12:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-12-13 20:54 - 2016-11-12 12:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-12-13 20:54 - 2016-11-12 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-12-13 20:54 - 2016-11-12 12:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-12-13 20:54 - 2016-11-12 12:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-13 20:54 - 2016-11-12 12:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-12-13 20:54 - 2016-11-12 12:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-12-13 20:54 - 2016-11-12 12:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-12-13 20:54 - 2016-11-12 12:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-12-13 20:54 - 2016-11-12 12:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-12-13 20:54 - 2016-11-12 12:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-12-13 20:54 - 2016-11-12 12:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-12-13 20:54 - 2016-11-12 12:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-13 20:54 - 2016-11-12 12:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-12-13 20:54 - 2016-11-12 11:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-13 20:54 - 2016-11-12 11:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-12-13 20:54 - 2016-11-12 11:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-12-13 20:54 - 2016-11-12 11:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-13 20:54 - 2016-11-12 11:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-12-13 20:54 - 2016-11-12 11:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-12-13 20:54 - 2016-11-12 11:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-12-13 20:54 - 2016-11-12 11:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-12-13 20:54 - 2016-11-12 11:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-12-13 20:54 - 2016-11-12 11:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-12-13 20:54 - 2016-11-12 11:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-12-13 20:54 - 2016-11-12 11:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-12-13 20:54 - 2016-11-12 11:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-12-13 20:54 - 2016-11-12 11:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-12-13 20:54 - 2016-11-12 11:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-12-13 20:54 - 2016-11-12 11:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-12-13 20:54 - 2016-11-12 11:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-12-13 20:54 - 2016-11-12 11:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-12-13 20:54 - 2016-11-12 11:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-12-13 20:54 - 2016-11-12 11:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-12-13 20:54 - 2016-11-12 11:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-12-13 20:54 - 2016-11-12 11:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-12-13 20:54 - 2016-11-12 11:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-12-13 20:54 - 2016-11-12 11:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-13 20:54 - 2016-11-12 11:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-12-13 20:54 - 2016-11-12 11:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-12-13 20:54 - 2016-11-12 11:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-12-13 20:54 - 2016-11-12 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-13 20:54 - 2016-11-12 10:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-12-13 20:54 - 2016-11-12 10:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-12-13 20:54 - 2016-11-12 10:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-12-13 20:54 - 2016-11-12 10:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-12-13 20:54 - 2016-11-12 10:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-12-13 20:54 - 2016-11-12 10:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-12-13 20:54 - 2016-11-12 10:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-12-13 20:54 - 2016-11-12 10:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-12-13 20:54 - 2016-11-12 10:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-12-13 20:54 - 2016-11-12 10:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-13 20:54 - 2016-11-12 10:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-12-13 20:54 - 2016-11-10 09:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-13 20:54 - 2016-11-09 09:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-13 20:54 - 2016-11-09 09:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-13 20:54 - 2016-11-09 09:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-13 20:54 - 2016-11-09 09:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-13 20:54 - 2016-11-09 09:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-13 20:54 - 2016-11-09 09:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-13 20:54 - 2016-11-09 09:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-12-13 20:54 - 2016-11-09 09:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-12-13 20:54 - 2016-11-09 09:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-13 20:54 - 2016-11-09 09:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-13 20:54 - 2016-11-09 08:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-12-13 20:54 - 2016-11-06 09:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-13 20:54 - 2016-10-11 08:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 08:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-13 20:54 - 2016-10-11 08:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-13 20:54 - 2016-10-11 08:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-13 20:54 - 2016-10-11 07:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-13 20:54 - 2016-10-11 07:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-13 20:54 - 2016-10-11 07:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-13 20:54 - 2016-10-11 07:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-13 20:54 - 2016-10-11 07:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-13 20:54 - 2016-10-11 07:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-13 20:54 - 2016-10-11 07:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-13 20:54 - 2016-10-11 07:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 07:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 07:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-13 20:54 - 2016-10-11 07:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-13 20:54 - 2016-10-04 08:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-12-13 20:54 - 2016-10-04 08:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-12-13 20:54 - 2016-10-04 08:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-12-13 20:54 - 2016-10-04 08:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-12-13 18:19 - 2016-12-13 18:19 - 00000000 ____D C:\Users\Guest\AppData\Local\CEF
2016-12-11 18:07 - 2016-12-11 18:07 - 00002148 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-12-11 18:07 - 2016-12-11 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-12-02 23:53 - 2016-12-02 23:53 - 00000062 _____ C:\Users\User\Desktop\sewing machine.txt
2016-12-02 21:19 - 2016-12-02 21:19 - 00000000 ____D C:\Users\User\AppData\Local\CEF
2016-11-29 22:34 - 2016-11-29 22:34 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
2016-11-28 07:05 - 2016-11-28 07:05 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc(71).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-25 02:54 - 2016-11-23 00:52 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2016-12-25 02:46 - 2014-11-30 14:35 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-12-25 02:46 - 2014-11-30 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-25 02:46 - 2014-11-30 14:35 - 00000000 ____D C:\Program Files (x86)\Java
2016-12-25 02:33 - 2009-07-13 21:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-25 02:33 - 2009-07-13 21:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-25 02:32 - 2009-07-13 22:13 - 00782010 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-25 02:32 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-12-25 02:26 - 2014-02-10 17:19 - 00000000 ___RD C:\Users\User\Dropbox
2016-12-25 02:25 - 2015-11-13 12:14 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-25 02:25 - 2012-09-27 21:45 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-12-25 02:25 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-25 02:14 - 2013-12-13 14:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-25 02:08 - 2015-07-05 19:32 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-25 02:08 - 2015-06-02 18:50 - 00000000 ____D C:\Users\User\AppData\Local\Avg
2016-12-25 02:08 - 2012-12-26 13:41 - 00000000 ____D C:\ProgramData\MFAData
2016-12-25 02:07 - 2015-11-13 12:14 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-25 02:07 - 2015-02-16 16:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-12-25 02:05 - 2015-10-30 10:39 - 00000000 ____D C:\ProgramData\Avg
2016-12-25 02:05 - 2013-03-24 13:54 - 00000000 ____D C:\Program Files (x86)\AVG
2016-12-25 01:55 - 2015-10-25 11:40 - 00000000 ____D C:\Users\User\AppData\Local\AvgSetupLog
2016-12-25 01:54 - 2012-12-26 13:45 - 00000000 ___HD C:\$AVG
2016-12-25 01:08 - 2012-11-04 13:02 - 00000000 ____D C:\Users\User\AppData\Local\Google
2016-12-25 00:57 - 2012-11-04 13:03 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-25 00:26 - 2015-02-16 16:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-12-25 00:26 - 2013-06-21 21:26 - 00007205 _____ C:\Windows\wininit.ini
2016-12-25 00:00 - 2012-09-27 21:45 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-12-21 18:12 - 2015-11-13 12:14 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-20 16:22 - 2014-12-04 19:23 - 00000000 ____D C:\Users\Guest\AppData\Local\CrashDumps
2016-12-18 10:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-18 00:34 - 2015-03-22 11:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-17 15:43 - 2015-03-22 11:10 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-12-17 15:43 - 2015-03-22 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-17 15:43 - 2015-03-22 11:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-17 15:39 - 2015-03-22 10:42 - 00000000 ____D C:\AdwCleaner
2016-12-16 21:27 - 2012-11-04 13:03 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 21:27 - 2012-11-04 13:03 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 13:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-12-15 22:53 - 2013-09-16 16:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-15 08:23 - 2009-07-13 21:45 - 00285920 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-15 08:02 - 2013-08-19 16:37 - 00000000 ____D C:\Windows\system32\MRT
2016-12-15 07:53 - 2013-03-15 21:23 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-15 07:18 - 2013-12-13 14:17 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-15 07:17 - 2012-07-05 03:00 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-15 07:17 - 2012-07-05 03:00 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-15 07:16 - 2012-07-05 03:00 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-15 07:16 - 2012-07-05 03:00 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 19:28 - 2013-12-25 18:11 - 00774624 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-11 18:40 - 2015-01-21 09:48 - 00000000 ____D C:\Users\TEMP
2016-12-11 18:02 - 2015-11-13 12:14 - 00003900 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-12-11 18:02 - 2015-11-13 12:14 - 00003648 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-12-11 17:54 - 2015-07-19 10:01 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-12-11 17:53 - 2016-11-15 11:26 - 00000000 ____D C:\ProgramData\Avg_Update_1116sp
2016-12-11 17:53 - 2014-01-03 15:28 - 00000000 ____D C:\Users\Guest
2016-12-11 17:51 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2016-12-11 17:50 - 2015-07-19 10:01 - 00000000 ____D C:\ProgramData\AVG Web TuneUp

==================== Files in the root of some directories =======

2013-09-20 15:50 - 2014-06-05 11:27 - 0003736 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-01-30 20:27 - 2014-01-30 20:27 - 0000060 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2015-05-19 01:43 - 2015-05-19 01:43 - 0247298 _____ () C:\Users\User\AppData\Local\Tempdivx02d6
2015-06-02 21:32 - 2015-06-02 21:32 - 1328472 _____ (DivX, LLC) C:\Users\User\AppData\Local\Tempdivx334f.exe
2015-06-02 21:32 - 2015-06-02 21:32 - 0043682 _____ () C:\Users\User\AppData\Local\Tempdivxb798
2012-09-27 21:57 - 2012-09-27 22:00 - 0002454 _____ () C:\ProgramData\clear.fiSDK20.log
2013-03-04 19:57 - 2013-03-04 19:58 - 0000376 _____ () C:\ProgramData\hpzinstall.log
2012-09-27 21:59 - 2012-09-27 21:59 - 0000032 _____ () C:\ProgramData\PS.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-24 14:04

==================== End of FRST.txt ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by User (25-12-2016 02:59:17)
Running from C:\Users\User\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-28 04:25:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3910213348-232855233-1580435985-500 - Administrator - Disabled)
Guest (S-1-5-21-3910213348-232855233-1580435985-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3910213348-232855233-1580435985-1005 - Limited - Enabled)
User (S-1-5-21-3910213348-232855233-1580435985-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2728.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2728.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Instant Update Service (HKLM\...\{682EC6E8-A300-45FD-8F09-0F3A6EA334D6}) (Version: 1.00.3004 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 20.11.1107.1418 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.126 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.6.255 - AVG Technologies)
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.00 - Canon Inc.)
Canon MG5400 series On-screen Manual (HKLM-x32\...\Canon MG5400 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG5400 series User Registration (HKLM-x32\...\Canon MG5400 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.70 - DivX, LLC)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.57.1 - Dropbox, Inc.) Hidden
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM-x32\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PrintMaster 6.0 Platinum (HKLM-x32\...\0832-3492-6567-1002) (Version: 6.0.6.146 - Encore Software Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6577 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27015 - Realtek Semiconductor Corp.)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.2.0 - Synaptics Incorporated)
TOPO! 4 (HKLM-x32\...\{5B3FB6D4-1B88-413D-8DE7-A7E2D58DE5B2}) (Version: 4.4.1 - National Geographic Maps)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Unity Web Player (HKU\S-1-5-21-3910213348-232855233-1580435985-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VantagePoint (HKLM-x32\...\InstallShield_{1D21ED4F-3C5E-45C3-9795-8C8CB2AB31DC}) (Version: 2.43.0000 - Magellan Navigation, Inc.)
VantagePoint (x32 Version: 2.43.0000 - Magellan Navigation, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
video4fuze 0.6 (HKLM-x32\...\video4fuze) (Version: 0.6 - ssorgatem productions)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {008309CA-5759-4A54-9374-0E87AB2568E9} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {035FD0C7-6A7A-4F77-9C79-840F8231F8C5} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {05C8B81B-00CE-4F41-BC81-EE81B4429C82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-15] (Adobe Systems Incorporated)
Task: {0DB1BB4A-3F43-43A1-954C-6FB2D54408E7} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {113CA32F-FF56-4A3E-92B9-07D8FE1AAEAD} - System32\Tasks\SafeZone scheduled Autoupdate 1482657779 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {1CB30930-A1B6-4CD1-8080-F62F4361602E} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2012-01-18] (Acer)
Task: {3650BFBC-FFDE-4C2A-A44F-FBB451652A23} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {5D3C0B8B-5AB0-41A4-A33D-4C04501916C1} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {68DB9391-97C2-4A84-8843-2AC276C2C60E} - System32\Tasks\{6C770607-AF17-47A3-BA13-7B3D4609748C} => pcalua.exe -a C:\Users\User\Downloads\MVP_243.exe -d C:\Users\User\Downloads
Task: {73602E00-B59C-4355-91AC-3BCD484E84CB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-12-25] (AVAST Software)
Task: {7A78E652-6ABB-4E51-98FC-AEB8C2C6D4C0} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {8B269379-1448-4C08-8C56-832C05FCEAD8} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {A8EB7A9B-1C6B-4BF5-BCEE-F44C48DDAED1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {ACD0CFE6-4FB8-4E97-8EDE-A9771D775724} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {B23A906D-ACEF-4D00-981D-62B969D51582} - System32\Tasks\{AF680108-542E-4E1D-9578-C467A08E848A} => pcalua.exe -a "C:\Program Files (x86)\WildGames\Uninstall.exe" -d C:\Windows\system32
Task: {B860807D-D232-44D8-802C-BE051CE0107A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {BF85E417-1721-4009-8C44-9CA8EA839CC5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-12-25] (AVAST Software)
Task: {DA8D2EFA-2A40-44A9-84A6-F3A1DCD84AFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {DF42F613-DD74-4474-9A8A-1887375C2457} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {EFF6AFF6-829B-4955-AB5F-D4C345E07D75} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-19 10:01 - 2016-10-23 15:14 - 00980552 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2011-06-17 06:49 - 2011-06-17 06:49 - 00034304 _____ () C:\Windows\System32\ssp8ml6.dll
2006-12-04 00:26 - 2006-12-04 00:26 - 00022016 _____ () C:\Windows\System32\sugs2l6.dll
2012-09-27 21:45 - 2012-03-16 04:48 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-09-27 22:02 - 2012-03-26 18:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-07-19 10:01 - 2016-10-23 15:14 - 02180680 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2016-12-25 02:20 - 2016-12-25 02:20 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-12-25 02:22 - 2016-12-25 02:22 - 03131344 _____ () C:\Program Files\AVAST Software\Avast\defs\16122403\algo.dll
2016-12-25 02:20 - 2016-12-25 02:20 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2016-12-11 18:11 - 2016-11-11 13:36 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-12-11 18:11 - 2016-11-11 13:36 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-12-11 18:11 - 2016-11-11 13:36 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-12-11 18:11 - 2016-12-21 11:26 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-12-11 18:11 - 2016-11-11 13:36 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-12-11 18:11 - 2016-11-11 13:37 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-12-21 18:12 - 2016-11-11 13:36 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-12-21 18:12 - 2016-11-11 13:37 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-12-21 18:12 - 2016-11-11 13:36 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-12-11 18:11 - 2016-11-11 13:38 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-12-11 18:11 - 2016-12-21 11:26 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-12-21 18:12 - 2016-11-11 13:36 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-12-21 18:12 - 2016-11-11 13:38 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-12-11 18:11 - 2016-11-11 13:38 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-12-11 18:11 - 2016-11-11 13:39 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-12-11 18:11 - 2016-12-21 11:26 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-12-11 18:11 - 2016-11-11 13:38 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-12-11 18:11 - 2016-12-21 11:26 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-12-11 18:11 - 2016-11-11 13:38 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-12-11 18:11 - 2016-11-11 13:38 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-12-11 18:11 - 2016-11-11 13:38 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-12-11 18:11 - 2016-11-11 13:39 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-12-11 18:11 - 2016-11-11 13:39 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-12-11 18:11 - 2016-11-11 13:38 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-12-11 18:11 - 2016-11-11 13:39 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-12-11 18:11 - 2016-11-11 13:37 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-12-11 18:11 - 2016-11-11 13:39 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-12-11 18:11 - 2016-12-21 11:26 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-12-11 18:11 - 2016-12-21 11:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-12-11 18:11 - 2016-12-21 11:26 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-12-11 18:11 - 2016-12-21 11:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-12-11 18:11 - 2016-11-11 13:39 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-12-11 18:11 - 2016-12-21 11:26 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-12-21 18:12 - 2016-11-11 13:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-12-21 18:12 - 2016-12-21 11:26 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-12-21 18:12 - 2016-12-21 11:26 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-12-11 18:11 - 2016-11-11 13:37 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-12-11 18:11 - 2016-12-21 11:26 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-12-21 18:12 - 2016-11-11 13:42 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-12-21 18:12 - 2016-11-11 13:42 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-12-21 18:12 - 2016-12-21 11:26 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 00171320 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-12-11 18:11 - 2016-11-11 13:39 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-12-11 18:11 - 2016-12-21 11:26 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-21 18:12 - 2016-12-21 11:26 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-12-25 02:20 - 2016-12-25 02:20 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-09-27 21:45 - 2012-03-07 07:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-12-25 00:25 - 00000938 ____R C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3910213348-232855233-1580435985-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Dolby PCEE4\pcee4.exe" -autostart
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: InstantUpdate => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: VantagePointLite.exe => "C:\Program Files (x86)\Magellan\VantagePoint\VPLite\VantagePoint Lite.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A6773784-2305-4FA5-819B-D0418E0CA755}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2CACAA2C-C514-4392-8638-2B52AD49D354}] => LPort=2869
FirewallRules: [{99231177-EE65-4A96-8FCE-7485AE1E43CD}] => LPort=1900
FirewallRules: [{89D9DFF1-76F7-4978-9FE5-9F00A9FB4073}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6F68B07E-1E51-4521-8E3A-ABFB96505E24}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{CCCAEC12-A668-4D4C-A30D-930597385362}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B9989C24-C7AE-451E-9D3B-1FC05C9A8872}] => C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{3088D0AE-12DC-40EA-8066-BB1485232D9E}] => C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{FA64D39F-8D92-4AE8-86A1-0B56196BA5B0}] => C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{EF33DFAE-86D7-495B-9D8C-57037A12C853}] => C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BBA72985-0465-462A-80C4-0FC08CFA94EC}] => C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{06346D29-3499-4831-A6E4-777836A93C56}] => C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{0EE38B1B-C0DD-49AD-B60A-08A83BF73702}] => C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{46E16E82-7286-4377-95C6-6B54AC634539}] => C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{CD2C13F0-5D4D-4B80-9045-611CDE92F3E9}] => C:\Program Files (x86)\Acer\clear.fi SDK20\Movie\PlayMovie.exe
FirewallRules: [{7CDB6857-EB3F-4C2F-A5CB-3DD474D936CF}] => C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\VideoPlayer.exe
FirewallRules: [{95CE1F32-7EFF-45B8-9688-3BACAA27045A}] => C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\MusicPlayer.exe
FirewallRules: [{B8AA2780-6B9F-4CC7-9BF2-DB41771EA257}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{3386BFE6-7B56-4853-BCCC-7F8498A46475}] => C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{2446A0E6-380F-42CB-8E53-836F961F560F}] => C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{4DA9FF1C-D2F4-4114-AA58-C3184F9C22A2}] => C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{287B5641-7777-40CE-A95B-F383D10E4F50}] => C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{BE54EE7F-7439-4B5C-BB2C-65A5036EFC1C}] => C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{2B9DA29F-B0F0-49BC-98BA-7614FCD0A4A9}] => C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{CD5A0336-7141-4F2A-BF5B-EA0D0787944C}] => C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{B9C9609F-0943-4ED0-AB1A-4189DB3178E7}] => C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{6E58E154-B495-4869-9777-3F60A3C06424}] => C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [TCP Query User{60F48F07-CA30-4044-841A-8472308D9E4D}C:\users\user\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => C:\users\user\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{CFF8AF3A-8C4E-4CE5-BB01-7D9693DE2A78}C:\users\user\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => C:\users\user\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{A640F2EE-3D26-40FD-99C5-69BD1160D4D1}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{065E2F44-94CA-47B1-B646-4AE1AF28A9EE}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{4743DCAC-A94F-460A-9431-314AB329A059}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{D21C52C4-A6AD-4A9C-9392-7322863DCC8D}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{BAA67218-3C5B-450F-812B-82244A52B5B4}] => C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{7F8097CB-A22F-41D9-B9E6-74C57C225ADC}] => C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{A1F90AC6-64D2-4FB2-B7B7-813E05D8DE87}] => C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{B21A1A2C-3017-4A3D-AD7A-DDDFCD1A6A35}] => C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{248953EE-6BB0-44AD-87CB-225BD4DCAFA0}] => C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{80905D32-D2F9-48CF-A1D1-A6415D411017}] => C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{EF0E4CE4-1DF7-4E99-9C32-2F131509B2F8}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EAAD9A90-B444-4B01-9427-D96A0B77DE5E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B09E8C05-83F2-4503-A65F-0EDE622EA6CC}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DEE73AEA-3217-48D4-BDC7-DDDECD19D9C2}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FB3D593E-B176-488D-A448-5FFC58B70593}] => C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{3250A909-7858-426C-9891-CB6012DB701C}] => C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{541A7B7B-F849-407F-9A09-1AA8B621C316}] => C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{855B9242-CD00-4362-BDFD-FA533B3F7AF0}] => C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{527E7780-361B-477E-97D2-1826D0C04C61}] => C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{D2B96845-2E88-49B9-BDCD-8131581233B7}] => C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{A41BB430-412A-422E-897C-4BA7114AF2C1}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{476932F0-B4AA-4E8A-8864-BB476252489F}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9F9CE1E8-DA5A-40B5-BEDA-6457E67B7699}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AF191252-4F15-4E7E-B712-BC65015C6A95}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{521E21EA-1EF9-42A2-AA43-5DE778411093}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{4F914662-91C7-4D59-BB33-44E216F7432F}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{114E96A2-BB13-4C28-8FFF-A8891F4172B7}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{7D489927-7BE7-41E2-AE63-B654B165EB70}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe

==================== Restore Points =========================

24-12-2016 14:10:56 Scheduled Checkpoint
25-12-2016 01:52:25 Removed AVG
25-12-2016 01:54:53 Removed AVG 2016

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/25/2016 02:25:22 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/25/2016 02:21:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/25/2016 02:08:55 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/25/2016 01:54:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (12/25/2016 01:54:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.
.

Error: (12/25/2016 01:54:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt.

System Error:
The system cannot find the file specified.
.

Error: (12/25/2016 01:54:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (12/25/2016 01:54:53 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3910213348-232855233-1580435985-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {92ff70da-88f7-4eca-b39b-29a146c25990}

Error: (12/25/2016 01:52:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (12/25/2016 01:52:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (12/25/2016 02:26:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/25/2016 02:25:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avipbb
avkmgr

Error: (12/25/2016 02:25:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avgntflt service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/25/2016 02:10:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/25/2016 02:09:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avipbb
avkmgr

Error: (12/25/2016 02:08:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avgntflt service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/23/2016 10:20:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (12/23/2016 10:13:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ZAtheros Wlan Agent service.

Error: (12/22/2016 09:30:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/22/2016 09:29:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avipbb
avkmgr


CodeIntegrity:
===================================
  Date: 2014-01-03 17:29:20.531
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-03 17:29:20.410
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-02 12:38:36.549
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-02 12:38:36.429
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-02 12:36:55.256
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-02 12:36:55.135
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-02 12:17:45.632
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-02 12:17:45.513
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-02 12:16:26.700
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-02 12:16:26.581
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MUD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU 967 @ 1.30GHz
Percentage of memory in use: 50%
Total physical RAM: 3889.6 MB
Available physical RAM: 1915.43 MB
Total Virtual: 7777.39 MB
Available Virtual: 5757.79 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:446.13 GB) (Free:200.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 18AB0785)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Still waiting for the rest of the logs but here a fixlist to remove the remnants of AVG, Spybot, SAS and Avira.

Doesn't matter when you run it.

Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   13.65KB   28 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

  • 0

#5
mcgyver0308

mcgyver0308

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

command promt returned "could not find c:\junk.text file" when note pad came up. And in the command prompt C:\users\user>notepad \junk.text

Access is denied.

 

So I suppose I messed something up

 

 

Attached Files


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

C:\users\users in not an elevated command prompt because then it would be C:\windows\system32

 

Also it it's junk.TXT nor junk.text

 

Turns out your process explorer log is good so I don't need that junk.txt file.  I only need it when there is an svchost.exe file eating up the CPU.

 

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

 

Reboot. 

 

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

 

Copy the next two lines:

 

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 

notepad \windows\logs\cbs\junk.txt 

 

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

 

 

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

 

* System

4. Under 'Select type to list', select:

* Error

* Warning

 

 

Then use the 'Number of events' as follows:

 

 

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

 

 

Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
	sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
Search for 
device manager 
and hit Enter.
 
This should open the device manager window.  Find the Network Adapters and click on the arrow in fron to open it.  Right click on Qualcomm Atheros AR5BWB222 and select Properties then there should be a tab called Power Managagement or similar.  Uncheck:  "Allow the computer to turn off this device to save power."
 
Apparently that's a problem with this driver.

  • 0

#7
mcgyver0308

mcgyver0308

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

here are the second set of FRST and addition logs

Attached Files


  • 0

#8
mcgyver0308

mcgyver0308

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

sfc  /scannow  came back "windows resource protection did not find any integrity violations"

Attached Files


  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Uninstall:  AVG Web TuneUp 

 

Are you using Dropbox for anything?  It's causing some errors so would be best to uninstall.  If you are using it (make sure you know your login/password before uninstalling) after you uninstall, download a new copy and install it.

 

One error is caused by registry corruption so I want to look and see what that looks like.  Easiest way is with a fixlist:

 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   1.1KB   28 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
Then clear the alarms:
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
 
Now run VEW as before but just for Applications
 
 
 

 


  • 0

#10
mcgyver0308

mcgyver0308

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

seems to be running quite well now

Attached Files


  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

One of the remaining errors 

 
Log: 'Application' Date/Time: 26/12/2016 8:35:04 PM
Type: Error Category: 3
Event: 320 Source: DbxSvc

Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

 

 

 

is from dropbox.

 

It's seen on this line from FRST:

R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)

 

So the file it is having problems with is:

 

C:\Windows\system32\DbxSvc.exe

 

You might check to see if the file is there.  It's in a hidden area so you may have to ask Windows to let you see it:

http://www.howtogeek...-windows-vista/

 

 

The other one will probably be corrected next time you update Avast.

 

Speaking of Avast, let's have it run a boot-time scan tonight and see if it finds anything:

 

 
Open Avast, Scan, Scan for Viruses, Change the Quick Scan (in the box in the center of the page) to Boot-time Scan.  Then at the bottom of the page click on Scan Settings.
Make sure the Areas to Scan box says All Hard drives
Make sure both boxes are checked and click on the gray box to the right of the orange ones.  It should turn orange.  Change where it says "Fix Automatically" to "Move to
Chest."  OK.  Now click on Start and then close Avast.  Mute your speakers so it doesn't wake you up when Windows boots.
 
When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
 
 
Copy and paste the text from the log to a Reply when done.
Avast appears to be working OK.  Have you registered with them?  They just want an email address and they don't spam you.  To register, open Avast (either by click on the icon by the clock) or by All Programs , Avast Software, Avast Free AntiVirus) Then Setings (the gear), Registration.
 
Stick with Avast for a while and see how you like it.  
 
They have  started using their info popup to try and get you to upgrade so I go into Settings, General, Popups and change the first two to 1 second.
 
I don't like their Browser Cleanup so I turn it off:
Settings, Tools, Browser Cleanup (click on the white space to the right of On.)
 
 
The registration is good for 12-14 months then you will need to register again.  They will, of course, try to talk you into buying the product but you can always register again for another year free tho it may not be the default.
 

  • 0

#12
mcgyver0308

mcgyver0308

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

dbx svc is there. there are 2 of them one is just plain Dbx Svc and the othere is Dbx Svc (71)

Attached Files


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Avast only found one piece of adware that had already been removed so that looks good.  The corrupt archives belong to googleearth.  You might want to reinstall it.

 

Please download GrantPerms.zip 
and save it to your desktop.
Unzip the file and  right clcik on GrantPerms64.exe and Run As Admin.
Copy and paste the following in the edit box:
 
 
C:\Windows\system32\DbxSvc.exe
 
Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run. 
 
Once that is done.  Copy the next line:
 
sc  start  DbxSvc
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste (or Edit then Paste) and the copied line should appear.  Hit Enter 
 
Does it give you an error or does it say that the service is starting or already running?

  • 0

#14
mcgyver0308

mcgyver0308

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

grant perms was only "grant perms exec" no 64

 

it says the service is already running

 

Perms txt:

 

GrantPerms by Farbar
Ran by User (administrator) at 2016-12-27 21:13:07

===============================================
ERROR: Parsing the SD of <\\?\C:\Windows\system32\DbxSvc.exe> failed with: The system cannot find the file specified.


Operating system error message: The system cannot find the file specified.
 


  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Thanks.  Will update my canned for grantperms.

 

It's odd that you can see the file but grantperms can't.  

 

Do you use dropbox?  Can we just uninstall it?

 

I don't have it on my PC since I have no use for it.  Avast was installing dropbox as optional software for a while.  Don't know if they still do.

 

It's odd that you can see the file but grantperms can't.  


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP