Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Avast Threat Pop-Ups in Chrome


  • Please log in to reply

#1
taipei_tony

taipei_tony

    Member

  • Member
  • PipPip
  • 35 posts

Hello all, my system has been behaving erratically lately, most notably, Chrome browser is acting up a bit. Starting a few days ago, whenever I open Chrome, I'll immediately get a pop-up from Avast saying "Threat has been detected". I have attached screenshots of two recent pop-ups, the second one seems a bit alarming. 

 

Just want to make sure that all is good with my system. Thanks!

 

Below are the two FRST logs.

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Tony (administrator) on TONY-PC (22-03-2017 20:09:07)
Running from C:\Users\Tony\Desktop
Loaded Profiles: Tony & postgres (Available Profiles: Tony & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
() C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe
() C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe
(Flux Software LLC) C:\Users\Tony\AppData\Local\FluxSoftware\Flux\flux.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780968 2011-04-29] (Synaptics Incorporated)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Google Pinyin 3 Autoupdater] => C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe [1854008 2011-10-25] (Google Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1573504 2011-06-23] (Conexant Systems, Inc.)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70328 2015-01-08] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-17] (AVAST Software)
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\Run: [F.lux] => C:\Users\Tony\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-17] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-17] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{0714651A-25F9-4DC3-AACC-7C8EE204E81D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{1F54C2B4-EF9C-48AD-9DCA-F25EF5107F83}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{FD2E3BD5-60BB-4B5A-94FE-743FA2825C4A}: [NameServer] 8.8.8.8,8.8.4.4
 
Internet Explorer:
==================
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-17] (AVAST Software)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {88B8A9C7-10A1-4535-8EEB-0D875349E5B8} hxxps://etrade.emega.com.tw/CA/axekey.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-02] (Skype Technologies)
 
FireFox:
========
FF DefaultProfile: gt83rqoy.default-1383689389646
FF ProfilePath: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\gt83rqoy.default-1383689389646 [2017-03-07]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\gt83rqoy.default-1383689389646 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\gt83rqoy.default-1383689389646 -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\gt83rqoy.default-1383689389646 -> www.yahoo.com 
 www.google.com
FF Extension: (Perapera Chinese) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\gt83rqoy.default-1383689389646\Extensions\[email protected] [2016-07-31]
FF Extension: (Firefox Hotfix) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\gt83rqoy.default-1383689389646\Extensions\[email protected] [2016-09-18]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-03-17]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-03-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\windows\SysWOW64\npDeployJava1.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3482530603-2352231087-752530051-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Tony\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-3482530603-2352231087-752530051-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tony\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-23] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Users\Tony\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-03] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://us.yahoo.com/
CHR StartupUrls: Default -> "hxxps://us.yahoo.com/","hxxp://www.google.com/"
CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default [2017-03-22]
CHR Extension: (Google Slides) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-01]
CHR Extension: (Google Docs) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]
CHR Extension: (Google Drive) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
CHR Extension: (Google Search) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-01]
CHR Extension: (Google Docs Offline) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Perapera Chinese Popup Dictionary) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlcddplhfenagbaipfjhhcjmebhkkaif [2015-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2015-10-09]
CHR Extension: (Gmail) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-17] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-17] (AVAST Software)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [28288 2011-06-23] (Conexant Systems, Inc.)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [206008 2015-01-08] ()
R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [3645624 2015-01-08] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 postgresql-8.4; C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe [66048 2011-01-27] (PostgreSQL Global Development Group) [File not signed]
R2 SamsungUPDUtilSvc; C:\windows\SysWOW64\SecUPDUtilSvc.exe [118576 2014-11-26] ()
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [2030808 2015-01-21] (VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [225464 2014-12-19] (VMware)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [530648 2015-02-11] (VMware, Inc.)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-17] (AVAST Software s.r.o.)
R0 aswbidsh; C:\windows\system32\drivers\aswbidsha.sys [189768 2017-03-17] (AVAST Software s.r.o.)
R0 aswblog; C:\windows\system32\drivers\aswbloga.sys [334600 2017-03-17] (AVAST Software s.r.o.)
R0 aswbuniv; C:\windows\system32\drivers\aswbuniva.sys [48528 2017-03-17] (AVAST Software s.r.o.)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [38296 2017-03-17] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [32088 2017-03-17] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [126600 2017-03-17] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [100640 2017-03-17] (AVAST Software)
R0 aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [75704 2017-03-17] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [993608 2017-03-17] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [548928 2017-03-21] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [162528 2017-03-17] (AVAST Software)
R0 aswVmm; C:\windows\system32\drivers\aswVmm.sys [337592 2017-03-17] (AVAST Software)
R3 MCfilt; C:\windows\System32\drivers\MCfilt64.sys [32344 2010-12-08] (Creative Technology Ltd.)
S2 DgiVecp; \??\C:\windows\system32\Drivers\DgiVecp.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-22 20:09 - 2017-03-22 20:10 - 00034358 _____ C:\Users\Tony\Desktop\FRST.txt
2017-03-22 20:06 - 2017-03-22 20:06 - 00000029 _____ C:\Users\Tony\Desktop\Geeks to Go.txt
2017-03-22 20:05 - 2017-03-22 20:05 - 02424832 _____ (Farbar) C:\Users\Tony\Downloads\FRST64.exe
2017-03-22 20:05 - 2017-03-22 20:05 - 02424832 _____ (Farbar) C:\Users\Tony\Desktop\FRST64.exe
2017-03-22 19:56 - 2017-03-22 19:56 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-21 18:55 - 2017-03-21 18:55 - 00000000 ____D C:\Users\Tony\Desktop\Lakers
2017-03-20 23:32 - 2017-03-20 23:32 - 00247484 _____ C:\Users\Tony\Downloads\2016TurboTaxReturn (1).pdf
2017-03-20 23:32 - 2017-03-20 23:32 - 00247484 _____ C:\Users\Tony\Desktop\2016TurboTaxReturn (1).pdf
2017-03-20 22:01 - 2017-03-20 22:01 - 00000937 _____ C:\Users\Public\Desktop\WinRAR.lnk
2017-03-20 19:08 - 2017-03-20 19:08 - 00000084 _____ C:\Users\Tony\Desktop\Record.txt
2017-03-20 17:27 - 2017-03-20 17:27 - 00266288 _____ C:\windows\Minidump\032017-25022-01.dmp
2017-03-20 05:03 - 2017-03-20 05:03 - 00490853 _____ C:\Users\Tony\Downloads\Hey-160714PW (1).PDF
2017-03-18 16:49 - 2017-03-18 17:50 - 00000310 _____ C:\Users\Tony\Desktop\DRIPS.txt
2017-03-17 23:51 - 2017-03-18 02:09 - 00000905 _____ C:\Users\Tony\Desktop\Tax Stock Records.txt
2017-03-17 21:58 - 2017-03-17 21:58 - 00000000 ____D C:\Users\Tony\Desktop\Hsin
2017-03-17 21:49 - 2017-03-22 19:45 - 00004172 _____ C:\windows\System32\Tasks\Avast Emergency Update
2017-03-17 21:49 - 2017-03-17 21:48 - 00334600 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbloga.sys
2017-03-17 21:49 - 2017-03-17 21:48 - 00309272 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsdrivera.sys
2017-03-17 21:49 - 2017-03-17 21:48 - 00189768 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsha.sys
2017-03-17 21:49 - 2017-03-17 21:48 - 00048528 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbuniva.sys
2017-03-17 21:48 - 2017-03-17 21:48 - 00398408 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2017-03-16 18:29 - 2017-03-17 18:12 - 00000470 _____ C:\Users\Tony\Desktop\Laptops.txt
2017-03-14 13:52 - 2017-03-04 09:39 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-03-14 13:52 - 2017-03-04 01:01 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-03-14 13:52 - 2017-03-04 00:59 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-03-14 13:52 - 2017-03-04 00:51 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-03-14 13:52 - 2017-03-04 00:45 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-03-14 13:52 - 2017-03-04 00:21 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-03-14 13:52 - 2017-03-03 23:55 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-03-14 13:52 - 2017-03-02 11:01 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2017-03-14 13:52 - 2017-03-02 10:55 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-03-14 13:52 - 2017-03-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2017-03-14 13:52 - 2017-03-02 10:35 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2017-03-14 13:52 - 2017-03-02 10:31 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-03-14 13:52 - 2017-03-02 10:28 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2017-03-14 13:52 - 2017-03-02 09:50 - 01312768 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-03-14 13:51 - 2017-03-04 10:24 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-03-14 13:51 - 2017-03-04 01:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-03-14 13:51 - 2017-03-04 01:20 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-03-14 13:51 - 2017-03-04 01:02 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-03-14 13:51 - 2017-03-04 01:01 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-03-14 13:51 - 2017-03-04 01:01 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-03-14 13:51 - 2017-03-04 01:01 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-03-14 13:51 - 2017-03-04 00:52 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-03-14 13:51 - 2017-03-04 00:48 - 25746944 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-03-14 13:51 - 2017-03-04 00:46 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-03-14 13:51 - 2017-03-04 00:45 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-03-14 13:51 - 2017-03-04 00:45 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-03-14 13:51 - 2017-03-04 00:44 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-03-14 13:51 - 2017-03-04 00:36 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-03-14 13:51 - 2017-03-04 00:32 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-03-14 13:51 - 2017-03-04 00:31 - 06045696 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-03-14 13:51 - 2017-03-04 00:23 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-03-14 13:51 - 2017-03-04 00:16 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-03-14 13:51 - 2017-03-04 00:16 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-03-14 13:51 - 2017-03-04 00:13 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-03-14 13:51 - 2017-03-04 00:11 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-03-14 13:51 - 2017-03-03 23:57 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-03-14 13:51 - 2017-03-03 23:54 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-03-14 13:51 - 2017-03-03 23:52 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-03-14 13:51 - 2017-03-03 23:52 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-03-14 13:51 - 2017-03-03 23:26 - 15259648 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-03-14 13:51 - 2017-03-03 23:25 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-03-14 13:51 - 2017-03-03 23:12 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-03-14 13:51 - 2017-03-03 23:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-03-14 13:51 - 2017-03-03 21:18 - 20281856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-03-14 13:51 - 2017-03-02 11:16 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2017-03-14 13:51 - 2017-03-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2017-03-14 13:51 - 2017-03-02 11:01 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-03-14 13:51 - 2017-03-02 11:01 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2017-03-14 13:51 - 2017-03-02 11:00 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-03-14 13:51 - 2017-03-02 10:54 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2017-03-14 13:51 - 2017-03-02 10:51 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2017-03-14 13:51 - 2017-03-02 10:50 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2017-03-14 13:51 - 2017-03-02 10:49 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-03-14 13:51 - 2017-03-02 10:49 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2017-03-14 13:51 - 2017-03-02 10:41 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2017-03-14 13:51 - 2017-03-02 10:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-14 13:51 - 2017-03-02 10:32 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2017-03-14 13:51 - 2017-03-02 10:29 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-03-14 13:51 - 2017-03-02 10:22 - 04604416 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-03-14 13:51 - 2017-03-02 10:21 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-03-14 13:51 - 2017-03-02 10:19 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-03-14 13:51 - 2017-03-02 10:17 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-03-14 13:51 - 2017-03-02 10:17 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2017-03-14 13:51 - 2017-03-02 10:11 - 13654528 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-03-14 13:51 - 2017-03-02 09:53 - 02767360 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-03-14 13:51 - 2017-03-02 09:50 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-03-14 13:51 - 2017-02-22 16:42 - 00084712 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2017-03-14 13:51 - 2017-02-22 16:37 - 01285632 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2017-03-14 13:51 - 2017-02-18 07:05 - 01609216 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2017-03-14 13:51 - 2017-02-18 07:05 - 00646656 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2017-03-14 13:51 - 2017-02-11 08:58 - 00462848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2017-03-14 13:51 - 2017-02-11 08:58 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2017-03-14 13:51 - 2017-02-11 08:58 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2017-03-14 13:51 - 2017-02-10 09:32 - 00803328 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2017-03-14 13:51 - 2017-02-10 09:32 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2017-03-14 13:51 - 2017-02-10 09:17 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2017-03-14 13:51 - 2017-02-10 09:17 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2017-03-14 13:51 - 2017-02-10 07:33 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2017-03-14 13:51 - 2017-02-09 09:36 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-03-14 13:51 - 2017-02-09 09:35 - 05548264 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-03-14 13:51 - 2017-02-09 09:35 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-03-14 13:51 - 2017-02-09 09:35 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-03-14 13:51 - 2017-02-09 09:35 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-03-14 13:51 - 2017-02-09 09:33 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00040960 _____ (Microsoft Corporation) C:\windows\system32\WcsPlugInService.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00625664 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\icm32.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:19 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2017-03-14 13:51 - 2017-02-09 09:19 - 03945192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2017-03-14 13:51 - 2017-02-09 09:16 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00481792 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00215040 _____ (Microsoft Corporation) C:\windows\SysWOW64\icm32.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:03 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-03-14 13:51 - 2017-02-09 09:03 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2017-03-14 13:51 - 2017-02-09 09:03 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-03-14 13:51 - 2017-02-09 09:02 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-03-14 13:51 - 2017-02-09 09:00 - 03220480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-03-14 13:51 - 2017-02-09 08:59 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2017-03-14 13:51 - 2017-02-09 08:58 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2017-03-14 13:51 - 2017-02-09 08:55 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-03-14 13:51 - 2017-02-09 08:55 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-03-14 13:51 - 2017-02-09 08:55 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-03-14 13:51 - 2017-02-09 08:54 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2017-03-14 13:51 - 2017-02-09 08:54 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-03-14 13:51 - 2017-02-09 08:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-03-14 13:51 - 2017-02-09 08:51 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WcsPlugInService.dll
2017-03-14 13:51 - 2017-02-09 08:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2017-03-14 13:51 - 2017-02-09 08:50 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2017-03-14 13:51 - 2017-02-09 08:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2017-03-14 13:51 - 2017-02-09 08:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2017-03-14 13:51 - 2017-02-09 08:49 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-03-14 13:51 - 2017-02-09 08:49 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 08:49 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 08:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 08:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 07:06 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2017-03-14 13:51 - 2017-02-09 07:06 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2017-03-14 13:51 - 2017-02-06 09:14 - 00733696 _____ (Microsoft Corporation) C:\windows\HelpPane.exe
2017-03-14 13:51 - 2017-01-13 11:00 - 00976896 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2017-03-14 13:51 - 2017-01-13 11:00 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\INETRES.dll
2017-03-14 13:51 - 2017-01-13 10:45 - 00741888 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2017-03-14 13:51 - 2017-01-13 10:45 - 00084480 _____ (Microsoft Corporation) C:\windows\SysWOW64\INETRES.dll
2017-03-14 13:51 - 2017-01-11 11:01 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2017-03-14 13:51 - 2017-01-11 11:01 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2017-03-14 13:51 - 2017-01-11 10:43 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2017-03-14 13:51 - 2017-01-11 10:43 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2017-03-14 13:51 - 2017-01-06 11:00 - 01574912 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2017-03-14 13:51 - 2017-01-06 10:44 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2017-03-14 13:09 - 2017-03-14 13:09 - 00000014 _____ C:\Users\Tony\Desktop\SS Mission Viejo.txt
2017-03-14 10:37 - 2017-03-15 14:36 - 00690651 _____ C:\Users\Tony\Desktop\Claimant's Statement - Filled.pdf
2017-03-13 22:43 - 2017-03-13 22:43 - 00690416 _____ C:\Users\Tony\Downloads\Claimant's Statement - Spousal (1).pdf
2017-03-13 22:43 - 2017-03-13 22:43 - 00690416 _____ C:\Users\Tony\Desktop\Claimant's Statement - Spousal (1).pdf
2017-03-12 23:05 - 2017-03-12 23:05 - 00690416 _____ C:\Users\Tony\Downloads\Claimant's Statement - Spousal.pdf
2017-03-11 16:23 - 2017-03-11 16:23 - 00000038 _____ C:\Users\Tony\Desktop\CPA.txt
2017-03-09 13:43 - 2017-03-09 13:43 - 00000225 _____ C:\Users\Tony\Desktop\AT&T's Flashing Yellow Light.url
2017-03-08 12:45 - 2017-03-08 12:45 - 00029923 _____ C:\Users\Tony\Downloads\ReservationSearch.aspx
2017-03-08 11:44 - 2017-03-08 11:44 - 00673089 _____ C:\Users\Tony\Downloads\1099.pdf
2017-03-07 13:15 - 2017-03-07 13:15 - 00247484 _____ C:\Users\Tony\Downloads\2016TurboTaxReturn.pdf
2017-03-07 11:37 - 2017-03-07 11:37 - 00588793 _____ C:\Users\Tony\Downloads\Document_372017_123750_PM_NhLJX5rD.pdf
2017-03-05 22:08 - 2017-03-05 22:08 - 00000026 _____ C:\Users\Tony\Desktop\Visit in SF.txt
2017-03-04 23:07 - 2017-03-04 23:07 - 00000026 _____ C:\Users\Tony\Desktop\Golf Shoes.txt
2017-03-01 10:49 - 2017-03-01 10:49 - 24581731 _____ C:\Users\Tony\Downloads\VID_20161228_225035672.mp4
2017-03-01 02:07 - 2017-03-01 02:07 - 00000083 _____ C:\Users\Tony\Desktop\Feb expenses.txt
2017-03-01 01:40 - 2017-03-08 00:32 - 00000127 _____ C:\Users\Tony\Desktop\TransAmerica.txt
2017-02-26 15:37 - 2017-02-26 15:38 - 00000056 _____ C:\Users\Tony\Desktop\Shifen Pics.txt
2017-02-26 10:39 - 2017-02-26 10:39 - 00000264 _____ C:\Users\Tony\Desktop\Survivor.txt
2017-02-26 10:29 - 2017-02-26 10:35 - 00000000 ____D C:\Users\Tony\Desktop\OKC
2017-02-26 08:52 - 2017-02-26 09:44 - 00000274 _____ C:\Users\Tony\Desktop\New Pics Sort.txt
2017-02-25 11:17 - 2017-02-25 11:17 - 00000050 _____ C:\Users\Tony\Desktop\Mom Money Transaction.txt
2017-02-23 03:26 - 2016-12-31 08:36 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2017-02-23 03:26 - 2016-12-31 08:36 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2017-02-23 03:26 - 2016-12-31 08:36 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2017-02-23 03:26 - 2016-12-31 08:36 - 00233984 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2017-02-23 03:26 - 2016-12-31 08:36 - 00133632 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-22 20:10 - 2015-06-08 09:24 - 00000536 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3482530603-2352231087-752530051-1000.job
2017-03-22 20:09 - 2015-01-09 01:54 - 00000000 ____D C:\FRST
2017-03-22 20:09 - 2009-07-13 21:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-22 20:09 - 2009-07-13 21:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-22 20:01 - 2009-07-13 22:13 - 00800820 _____ C:\windows\system32\PerfStringBackup.INI
2017-03-22 20:01 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2017-03-22 19:56 - 2011-09-26 21:19 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-03-22 19:55 - 2011-10-09 05:14 - 00000000 ____D C:\Users\postgres
2017-03-22 19:55 - 2011-10-04 06:56 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-03-22 19:55 - 2011-10-04 06:56 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-03-22 19:54 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-03-22 19:46 - 2011-10-12 13:26 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{8E6A4211-3F19-4F2D-AC5F-BD7D11C1D32B}
2017-03-22 19:43 - 2015-06-15 11:51 - 00000632 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-3482530603-2352231087-752530051-1000.job
2017-03-21 10:45 - 2011-10-08 04:04 - 00548928 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2017-03-20 22:20 - 2015-08-13 14:31 - 00000000 ____D C:\Users\Tony\Desktop\Assets - Income
2017-03-20 22:01 - 2014-08-17 12:52 - 00000000 ____D C:\Users\Tony\AppData\Local\Adobe
2017-03-20 22:01 - 2011-10-08 07:57 - 00000000 ____D C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-20 22:01 - 2011-10-08 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-20 22:01 - 2011-10-08 07:56 - 00000000 ____D C:\Program Files\WinRAR
2017-03-20 17:27 - 2013-10-27 07:13 - 00000000 ____D C:\windows\Minidump
2017-03-18 21:54 - 2016-03-23 02:06 - 00003890 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1458723986
2017-03-18 20:38 - 2016-07-02 14:42 - 00000712 _____ C:\Users\Tony\Desktop\Watched Documentaries.txt
2017-03-18 00:10 - 2011-10-04 06:56 - 00064152 _____ C:\Users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-17 21:54 - 2012-01-25 21:36 - 00000000 ____D C:\Temp
2017-03-17 21:50 - 2011-10-04 11:21 - 00000000 ____D C:\Users\Tony\AppData\Roaming\SoftGrid Client
2017-03-17 21:49 - 2013-03-18 08:29 - 00337592 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2017-03-17 21:48 - 2016-03-23 02:06 - 00032088 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2017-03-17 21:48 - 2014-05-09 06:52 - 00038296 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2017-03-17 21:48 - 2014-01-22 10:48 - 00162528 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2017-03-17 21:48 - 2013-03-18 08:29 - 00337592 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys.148981258491306
2017-03-17 21:48 - 2013-03-18 08:29 - 00075704 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2017-03-17 21:48 - 2012-02-29 01:25 - 00100640 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2017-03-17 21:48 - 2011-10-08 04:04 - 00993608 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2017-03-17 21:48 - 2011-10-08 04:04 - 00547904 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys.148981258343104
2017-03-17 21:48 - 2011-10-08 04:04 - 00126600 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2017-03-14 15:35 - 2016-09-25 19:31 - 00000000 ____D C:\windows\rescache
2017-03-14 14:57 - 2013-03-14 14:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-14 14:57 - 2013-03-14 14:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-14 14:57 - 2009-07-13 21:45 - 00294784 _____ C:\windows\system32\FNTCACHE.DAT
2017-03-14 14:55 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-14 14:02 - 2013-07-16 11:07 - 00000000 ____D C:\windows\system32\MRT
2017-03-14 13:56 - 2011-10-04 12:31 - 138634176 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-03-14 13:54 - 2014-12-10 17:47 - 00000000 ____D C:\windows\system32\appraiser
2017-03-14 13:54 - 2013-03-14 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-14 08:54 - 2013-06-17 01:18 - 00004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-03-14 08:54 - 2012-03-31 00:40 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-03-14 08:54 - 2011-11-17 03:40 - 00000000 ____D C:\windows\system32\Macromed
2017-03-14 08:54 - 2011-10-11 13:38 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 08:54 - 2011-09-26 20:33 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-03-09 19:22 - 2015-06-15 11:51 - 00003658 _____ C:\windows\System32\Tasks\G2MUploadTask-S-1-5-21-3482530603-2352231087-752530051-1000
2017-03-09 19:22 - 2015-06-08 09:24 - 00003562 _____ C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3482530603-2352231087-752530051-1000
2017-03-05 22:08 - 2016-11-11 08:56 - 00000620 _____ C:\Users\Tony\Desktop\Sarah Taiwan.txt
2017-03-05 21:57 - 2011-10-15 07:28 - 00000000 ____D C:\Users\Tony\AppData\Roaming\vlc
2017-03-05 21:45 - 2016-09-29 22:19 - 00000172 _____ C:\Users\Tony\Desktop\Sarah References.txt
2017-03-05 20:06 - 2016-09-18 23:52 - 00000000 ____D C:\Users\Tony\AppData\Local\Ignition Casino
2017-03-05 20:05 - 2015-03-24 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Omaha Indicator
2017-03-05 20:05 - 2015-03-24 22:29 - 00000000 ____D C:\Program Files (x86)\Omaha Indicator
2017-03-05 20:04 - 2015-03-24 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Indicator
2017-03-05 20:04 - 2015-03-24 21:57 - 00000000 ____D C:\Program Files (x86)\Holdem Indicator
2017-03-05 20:01 - 2016-09-18 23:50 - 00000000 ____D C:\Ignition
2017-03-02 01:14 - 2016-04-16 19:12 - 00000120 _____ C:\Users\Tony\Desktop\Banks, OCCU, Chase, Citibank,BOA.txt
2017-02-24 02:52 - 2016-09-24 18:18 - 00000490 _____ C:\Users\Tony\Desktop\Cars.txt
2017-02-23 11:19 - 2015-09-12 03:32 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-23 03:49 - 2014-05-06 17:04 - 00000000 ___SD C:\windows\system32\CompatTel
2017-02-23 03:19 - 2016-11-06 08:09 - 00000145 _____ C:\Users\Tony\Desktop\Life Quote.txt
 
==================== Files in the root of some directories =======
 
2011-10-09 05:15 - 2011-10-09 05:15 - 0069263 _____ () C:\Program Files (x86)\hminstalllog.txt
2016-02-10 16:20 - 2016-02-10 16:20 - 0001448 _____ () C:\Users\Tony\AppData\Local\recently-used.xbel
2011-10-15 08:33 - 2011-10-15 08:33 - 0007646 _____ () C:\Users\Tony\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2017-02-28 19:59 - 2017-02-28 19:59 - 0008704 _____ () C:\Users\Tony\AppData\Local\Temp\osgisodf.dll
2016-10-03 18:25 - 2016-10-03 18:25 - 0008704 _____ () C:\Users\Tony\AppData\Local\Temp\qrtmk1-p.dll
2016-12-15 06:46 - 2016-12-15 06:47 - 30533688 _____ () C:\Users\Tony\AppData\Local\Temp\vlc-2.2.4-win32.exe
2016-11-04 06:20 - 2016-11-04 06:20 - 0011776 _____ () C:\Users\Tony\AppData\Local\Temp\xcoe5x4x.dll
2017-01-01 08:15 - 2017-01-01 08:15 - 0008704 _____ () C:\Users\Tony\AppData\Local\Temp\yuktw0_l.dll
2017-01-31 23:45 - 2016-02-11 20:25 - 0384512 _____ (PokerStars) C:\Users\Tony\AppData\Local\Temp\_unps.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-14 14:37
 
==================== End of FRST.txt ============================
 
 
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Tony (22-03-2017 20:11:05)
Running from C:\Users\Tony\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-10-04 13:55:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3482530603-2352231087-752530051-500 - Administrator - Disabled)
Guest (S-1-5-21-3482530603-2352231087-752530051-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3482530603-2352231087-752530051-1245 - Limited - Enabled)
postgres (S-1-5-21-3482530603-2352231087-752530051-1002 - Limited - Enabled) => C:\Users\postgres
Tony (S-1-5-21-3482530603-2352231087-752530051-1000 - Administrator - Enabled) => C:\Users\Tony
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Age of Empires III - The Asian Dynasties (HKLM-x32\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires Online (HKLM-x32\...\Steam App 105430) (Version:  - Microsoft)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   - )
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.16.0 - Conexant)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.3.5.0 - Synaptics Incorporated)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Dropbox (HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\Dropbox) (Version: 2.6.27 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
f.lux (HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\Flux) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.46.3.WIN.FullTilt.COM - )
GameRanger (HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\GameRanger) (Version:  - GameRanger Technologies)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Goalwin Poker (HKLM-x32\...\Goalwin Poker_is1) (Version:  - goalwin)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.1.0.6519 (HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\GoToMeeting) (Version: 8.1.0.6519 - CitrixOnline)
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
Holdem Indicator 2.5.7 (HKLM-x32\...\Holdem Indicator_is1) (Version:  - hxxp://www.HoldemIndicator.com)
Holdem Manager (HKLM-x32\...\HoldemManager) (Version:  - )
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version:  - )
Ignition Casino (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E4}}_is1) (Version:   - )
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
join.me (HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\JoinMe) (Version: 2.0.1.783 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LINE (HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\LINE) (Version: 5.0.1.1391 - LINE Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Omaha Indicator 1.9.4 (HKLM-x32\...\Omaha Indicator_is1) (Version:  - hxxp://www.OmahaIndicator.com)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.590 (x32 Version: 3.55.2393.590 - Avast Software) Hidden
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SyncUP (HKLM-x32\...\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}) (Version: 1.8.21200.33.104 - Nero AG)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.13500 - Nero AG)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
UBNet (HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\UBNet) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Horizon Client (HKLM\...\{4CE5CE6C-14DA-41E7-8728-07C95F3CBC59}) (Version: 3.3.0.25749 - VMware, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
谷歌拼音输入法 3.0 (HKLM\...\GooglePinyin3) (Version:  - Google Inc.)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3482530603-2352231087-752530051-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3482530603-2352231087-752530051-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\3019\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3482530603-2352231087-752530051-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3482530603-2352231087-752530051-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3482530603-2352231087-752530051-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3482530603-2352231087-752530051-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {193F9613-5DD3-439D-9496-9B0FB4882C10} - System32\Tasks\G2MUpdateTask-S-1-5-21-3482530603-2352231087-752530051-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupdate.exe [2017-03-09] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6D81ACBC-430C-457C-A729-C9D3092154DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-01] (Google Inc.)
Task: {78979ADB-A7A7-4EF7-AA17-827D5146BBFF} - System32\Tasks\G2MUploadTask-S-1-5-21-3482530603-2352231087-752530051-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupload.exe [2017-03-09] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {89266FEE-8848-4DBB-8F09-27795B16917C} - System32\Tasks\SafeZone scheduled Autoupdate 1458723986 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-03] (Avast Software)
Task: {A87C59C3-A3D6-4874-86E9-8101121343E7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {AF7CE3AF-D259-44B4-8142-7B5B7E073D20} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-17] (AVAST Software)
Task: {BEBE4AAC-2C0C-4E90-AD89-D615A1EFA72B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)
Task: {C2D3D31B-45F6-41C1-831D-BF187FF99E9E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-01] (Google Inc.)
Task: {FA5DA2D9-777B-4BF8-918A-D5C5497496B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3482530603-2352231087-752530051-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-3482530603-2352231087-752530051-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupload.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-05-02 11:41 - 2011-05-02 11:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-04-18 01:30 - 2014-04-16 01:22 - 00029184 _____ () C:\windows\System32\usp02l.dll
2015-01-08 12:52 - 2015-01-08 12:52 - 00206008 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
2015-01-08 12:58 - 2015-01-08 12:58 - 03645624 _____ () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
2015-04-18 01:32 - 2014-11-26 04:07 - 00118576 _____ () C:\windows\SysWOW64\SecUPDUtilSvc.exe
2011-09-26 21:19 - 2011-08-18 08:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-09-26 22:53 - 2011-06-10 11:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-03-17 21:48 - 2017-03-17 21:48 - 00162600 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-03-17 21:48 - 2017-03-17 21:48 - 00792656 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2011-09-26 20:42 - 2010-12-17 08:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-05-02 11:41 - 2011-05-02 11:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-10-25 04:10 - 2011-10-25 04:10 - 01208376 _____ () C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe
2017-03-17 21:48 - 2017-03-17 21:48 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-22 19:45 - 2017-03-22 19:45 - 05991696 _____ () C:\Program Files\AVAST Software\Avast\defs\17032205\algo.dll
2017-03-17 21:48 - 2017-03-17 21:48 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-01-08 12:47 - 2015-01-08 12:47 - 00225464 _____ () C:\Program Files (x86)\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll
2011-10-09 05:13 - 2011-01-27 22:15 - 00172032 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\LIBPQ.dll
2011-10-09 05:13 - 2009-02-12 12:01 - 00976384 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\libxml2.dll
2011-10-09 05:13 - 2005-07-20 03:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\zlib1.dll
2016-09-15 00:18 - 2016-09-15 00:18 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-03-17 21:48 - 2017-03-17 21:48 - 00290352 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-08-04 22:39 - 2016-08-04 22:39 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\6b6a16e7c272095c219589e723d94bef\IsdiInterop.ni.dll
2011-09-26 20:32 - 2011-02-18 06:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3482530603-2352231087-752530051-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Facebook Update => "C:\Users\Tony\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: Stage Remote => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F70742D9-2128-49D8-8529-C7073CF713F1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0F9A0D00-793C-4BB7-98D5-1EC0BCAE4A76}] => (Allow) C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{9FD793A6-DDBA-4607-8588-65A71AA6BF95}] => (Allow) LPort=9700
FirewallRules: [{379B49E8-CA1C-4ACB-8B75-32D88A8891F0}] => (Allow) LPort=9701
FirewallRules: [{B0007347-34DE-4722-8A3A-164FAD0BA42B}] => (Allow) LPort=9702
FirewallRules: [{705A0C01-C369-4731-9E85-F82B15B1FB6B}] => (Allow) LPort=9700
FirewallRules: [{2D0C9251-D9FF-4EDF-899F-057E2ACB946D}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{D8EEBE02-F2D3-4A97-993A-5CAA965FA667}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{D50A78DB-F24B-4422-8FA7-D1837CE6C1EC}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{B3652C73-C897-415B-90B2-5192F3FCE7DA}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{DFFE37A5-342F-43F6-96F9-EF28600D7B3E}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{D79AE09A-49D3-450C-A488-1722E67EB97E}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{CBEDDFA1-9F9A-4686-8D5B-29101E76CD43}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{4B111BCA-F165-402E-9001-4DCCEC73CE1D}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{E782A9EC-00CD-4844-AC5C-3B28C312AC33}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{6825046C-F43E-4BC9-8E51-8DD059126B04}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{39F127C0-3981-4786-9C8B-509AD118B84F}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{D9A3B45E-F231-438F-AA6D-55F581704D6C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0191EDB2-15B8-472A-A810-D34599BE2A11}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EA59D83B-A7D5-452A-8FA2-26DDD1ABB5FE}] => (Allow) LPort=2869
FirewallRules: [{84099D83-E1DC-44EA-9788-E5C250AFD102}] => (Allow) LPort=1900
FirewallRules: [{37F38C8A-9893-4E11-B30F-12EB2826F836}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{97F379DE-2B76-4A9D-AEAB-5C5F5E664722}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{403DBE0C-1913-4514-8C86-6EE168A5B529}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4A40B80C-D903-4F38-B0DF-3CC1109E8E53}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{AA2D9644-D5BE-4D93-9297-E1AA9FD289B2}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{E82657E4-00C2-4B77-8AC5-5C964AD19DD0}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{61F3726E-3E74-40CC-A19D-C0384C014C3A}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [{E4C776A5-DA32-48D0-BAEE-881167A62F0D}] => (Allow) LPort=5432
FirewallRules: [TCP Query User{12211D55-54B0-496D-8B82-84E5AD1BFF6C}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{D1ADA654-FEF6-4AA6-AA7B-A14AE7F7D26D}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{94FD74DC-CDF9-4E16-9C01-8630033FD7E7}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe
FirewallRules: [UDP Query User{922C711C-D83C-4138-9903-2B0AE15D301C}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe
FirewallRules: [{184778BF-C40C-4A72-AB94-A187F7251D0F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7C7771E8-BA25-467C-ACA7-9A771FE51CD2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{BBFF65E5-BB63-4420-9F76-005FCFC05ED6}C:\program files (x86)\steam\steamapps\[email protected]\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\[email protected]\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{607BAF48-8B21-404E-AD1B-13F32E564B57}C:\program files (x86)\steam\steamapps\[email protected]\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\[email protected]\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{8E4588D7-37D3-42F4-BD38-2BA4A5485DBF}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe
FirewallRules: [UDP Query User{FD9ECCFE-D91B-4332-BCCF-5CFD0A400C51}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe
FirewallRules: [{96181F82-09D2-4E7D-9CBF-1270C2737E4A}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{981C22F3-0640-4E1C-84BA-7D7E1CC799CE}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{E091CC6C-F102-48AC-B304-77589C316035}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{70A9FF18-3F92-4C41-972F-5782E5AB220A}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [TCP Query User{BA0DA172-ABED-4FD2-8006-75C37E8C465F}C:\program files (x86)\microsoft games\age of empires iii\age3.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires iii\age3.exe
FirewallRules: [UDP Query User{2BF5CDB9-E1F6-4724-A7E6-718FEBAFE2F6}C:\program files (x86)\microsoft games\age of empires iii\age3.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires iii\age3.exe
FirewallRules: [TCP Query User{41FF87B2-360B-4551-BE65-2B6B8A36F77B}C:\program files (x86)\microsoft games\age of empires iii\age3y.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires iii\age3y.exe
FirewallRules: [UDP Query User{A9C82293-6B05-4DA7-933A-279EE4165DD9}C:\program files (x86)\microsoft games\age of empires iii\age3y.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires iii\age3y.exe
FirewallRules: [TCP Query User{F0DA24F9-3E8D-4F8F-A3D3-EAD9B9F0C6F9}C:\users\tony\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\tony\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{A5293922-6E41-47CA-B5D1-699B3ADA56D2}C:\users\tony\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\tony\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [{E07113B2-A652-4228-9685-125DC86F59C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\AOEOnline.exe
FirewallRules: [{DEC89F53-965A-4D74-9C0B-B0FA729E4A70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\AOEOnline.exe
FirewallRules: [{63772653-F703-42DF-80DB-1420E213736C}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{D592F9C8-8C0E-49E5-BFF7-41BB22AB9FF9}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [TCP Query User{7D1B15C3-0AF0-4CCE-9954-798437B69E3C}C:\program files (x86)\naver\line\line.exe] => (Block) C:\program files (x86)\naver\line\line.exe
FirewallRules: [UDP Query User{864F59C2-ADCA-407E-B4BF-205CB4CA1882}C:\program files (x86)\naver\line\line.exe] => (Block) C:\program files (x86)\naver\line\line.exe
FirewallRules: [TCP Query User{9B6E7A5C-3608-48FF-8E0E-FF6975DCFF6E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{90B669D8-DB5D-4166-B87E-1DE260148B2D}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{338CD00B-4F61-4EC8-A4BD-4DD995DB271B}] => (Allow) C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{32293A51-2E0A-49DD-9F66-C565BDAC22F1}] => (Allow) C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F9902A0B-AB80-4668-AE07-0D2C70AB439F}] => (Allow) C:\Users\Tony\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9795D7FB-F2B2-45DE-B26B-31282A95F5B5}] => (Allow) C:\Users\Tony\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4DDD67A0-E525-44F4-83D0-10B89448B1E4}] => (Allow) C:\Users\Tony\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{19DAA26E-8ABC-46A4-B059-3E69C45CB563}] => (Allow) C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A3017A19-07C2-4A42-A609-4BD1A1BA7E31}] => (Allow) C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{59E6A212-F098-457A-A2C5-7C8C90AE436F}] => (Allow) C:\Users\Tony\AppData\Local\Temp\nsd44C7.tmp\CnetInstaller-10294998.exe
FirewallRules: [{5876E59F-13E8-4BE8-813D-029ED74A6E17}] => (Allow) C:\Users\Tony\AppData\Local\Temp\nsd44C7.tmp\CnetInstaller-10294998.exe
FirewallRules: [{3C85C69B-CA79-4B47-A328-F24FF63B47FA}] => (Allow) C:\Users\Tony\AppData\Local\Temp\nsaC6.tmp\CnetInstaller-10294998.exe
FirewallRules: [{367B0B21-6458-462C-88FD-0A365108158C}] => (Allow) C:\Users\Tony\AppData\Local\Temp\nsaC6.tmp\CnetInstaller-10294998.exe
FirewallRules: [{961CF610-5622-4721-A72A-478E1FEBD4B5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{221A5059-5854-4E0F-B692-F807A9FB3435}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A4FC5ADC-FCDD-486D-89D2-8FABC0B7460A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{89AA7F5B-1051-460C-846B-58E389F76BB1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F3C65D75-DFDA-4928-B726-23D988502F95}] => (Allow) C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe
FirewallRules: [{02304A97-A245-4775-A9D8-585C73730C0B}] => (Allow) C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe
FirewallRules: [{3E6D8A08-E9F3-4C35-90EA-6A874AC0BD9A}] => (Allow) C:\Program Files (x86)\Omaha Indicator\OmahaIndicator.exe
FirewallRules: [{B7A4C07D-F72F-416C-8124-0D0389BBC9CE}] => (Allow) C:\Program Files (x86)\Omaha Indicator\OmahaIndicator.exe
FirewallRules: [{CD6F6DBA-9095-4A6D-892F-430048ED601B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{376FDD4E-A3B3-4BD5-953A-C6A248D5DF87}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{2286192F-32B0-4448-B889-07108613A94D}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{9902416F-D932-4EE7-9B78-EC0F063A336D}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{43B2A1F6-CE2C-4AE1-8238-85602771F4AF}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{7396F8B5-CDCA-4DD7-A9F7-05E65F68B46B}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{1DFC59CF-E60C-4687-8FC9-5A62B3A9F86B}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{A3C21FB0-26AF-4713-9D60-D48AF03942EC}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{2780197A-1013-4D4E-B4BB-D2EFAD5F9347}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [TCP Query User{7F0A3D6C-790C-41D8-A53F-E42042DF1F69}C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe] => (Allow) C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe
FirewallRules: [UDP Query User{FD157118-3AEA-44BC-BDBD-581FE62C3D6B}C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe] => (Allow) C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe
FirewallRules: [{FA2EA39F-6898-4283-B488-CCA95C1C3339}] => (Allow) C:\Program Files (x86)\Omaha Indicator\OmahaIndicator.exe
FirewallRules: [{F0C8CE54-9ADC-4135-8FEB-3C1E1FBF4ACF}] => (Allow) C:\Program Files (x86)\Omaha Indicator\OmahaIndicator.exe
FirewallRules: [{958B966E-191F-4E6A-B258-95C54DC41068}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{21240DC2-37B9-4A07-931C-54F293B36F48}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D805B7D7-9E6A-4A16-A4BA-71879B3DDFBE}] => (Allow) C:\Users\Tony\AppData\Local\Line\bin\4.7.0.1027\LINE.exe
FirewallRules: [{9C76DBA1-2F0A-4E27-BBE0-08C1242783D6}] => (Allow) C:\Users\Tony\AppData\Local\Line\bin\4.7.0.1027\LINE.exe
FirewallRules: [{BA38B4D9-AB11-4007-BD3A-11D2703E9106}] => (Allow) C:\Users\Tony\AppData\Local\Line\bin\4.7.0.1027\LineUpdater.exe
FirewallRules: [{B8F93B7F-6A6E-487A-843D-F0630B41FF7E}] => (Allow) C:\Users\Tony\AppData\Local\Line\bin\4.7.0.1027\LineUpdater.exe
FirewallRules: [{0466A23F-297F-4D99-BFE0-4986B4BBD238}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D2FC8C61-9A17-48AA-8C54-255957EB6019}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{913BDC1C-17E1-4D45-B65C-F534D1C36095}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
 
==================== Restore Points =========================
 
21-03-2017 11:35:07 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/22/2017 07:55:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/22/2017 07:55:25 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2017-03-22 19:55:25 PDTFATAL:  the database system is starting up
 
Error: (03/22/2017 07:50:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/21/2017 10:49:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/20/2017 09:40:02 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/20/2017 09:39:54 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2017-03-20 21:39:54 PDTFATAL:  the database system is starting up
 
Error: (03/20/2017 05:30:47 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/20/2017 02:35:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmware-usbarbitrator64.exe, version: 12.2.7.0, time stamp: 0x54c03130
Faulting module name: vmware-usbarbitrator64.exe, version: 12.2.7.0, time stamp: 0x54c03130
Exception code: 0xc0000005
Fault offset: 0x0000000000006102
Faulting process id: 0x26bc
Faulting application start time: 0x01d29fb45e5473e0
Faulting application path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Faulting module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Report Id: 25b054b6-0db5-11e7-98f1-ac7289af52e8
 
Error: (03/20/2017 05:06:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/18/2017 04:05:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
 
System errors:
=============
Error: (03/22/2017 07:55:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (03/22/2017 07:53:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
 
Error: (03/22/2017 07:43:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vmwsprrdpwks service.
 
Error: (03/21/2017 10:45:03 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
 
Error: (03/20/2017 09:42:15 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]
 
Error: (03/20/2017 09:39:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (03/20/2017 07:44:41 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: [email protected]
 
Error: (03/20/2017 05:29:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The postgresql-8.4 - PostgreSQL Server 8.4 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (03/20/2017 05:29:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the postgresql-8.4 - PostgreSQL Server 8.4 service to connect.
 
Error: (03/20/2017 05:28:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
The system cannot find the file specified.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 4002.13 MB
Available physical RAM: 2383 MB
Total Virtual: 8002.44 MB
Available Virtual: 5989.19 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:97.66 GB) (Free:3.08 GB) NTFS
Drive d: (DATA) (Fixed) (Total:185.69 GB) (Free:22.75 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B2158B78)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=185.7 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================

 

Attached Thumbnails

  • Google Play Threat.jpg
  • Avast 2.jpg

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Let's run Rogue Killer
 
Portable 32 bits
Portable 64 bits <===Get this download
 
Download and Save.
 
 
 
Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)
 
Start Scan
Start Scan
 
Will take about 20 minutes to complete.
 
Open Report
Export TXT (save it to your desktop as rk) Save
 
Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.
 
Open rk.txt and copy and paste it to your next Reply. 

  • 0

#3
taipei_tony

taipei_tony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Hi thanks for the response. Here is the RK log, took over an hour for the scan lol.

 

RogueKiller V12.10.1.0 (x64) [Mar 20 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tony [Administrator]
Started from : C:\Users\Tony\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 03/26/2017 19:13:40 (Duration : 01:03:25)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 12 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3482530603-2352231087-752530051-1000\Software\TNT2 -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3482530603-2352231087-752530051-1000\Software\TNT2 -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59E6A212-F098-457A-A2C5-7C8C90AE436F} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Tony\AppData\Local\Temp\nsd44C7.tmp\CnetInstaller-10294998.exe|Name=proinstaller1893| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5876E59F-13E8-4BE8-813D-029ED74A6E17} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Tony\AppData\Local\Temp\nsd44C7.tmp\CnetInstaller-10294998.exe|Name=proinstaller1893| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3C85C69B-CA79-4B47-A328-F24FF63B47FA} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Tony\AppData\Local\Temp\nsaC6.tmp\CnetInstaller-10294998.exe|Name=proinstaller1775| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {367B0B21-6458-462C-88FD-0A365108158C} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Tony\AppData\Local\Temp\nsaC6.tmp\CnetInstaller-10294998.exe|Name=proinstaller1775| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {59E6A212-F098-457A-A2C5-7C8C90AE436F} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Tony\AppData\Local\Temp\nsd44C7.tmp\CnetInstaller-10294998.exe|Name=proinstaller1893| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5876E59F-13E8-4BE8-813D-029ED74A6E17} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Tony\AppData\Local\Temp\nsd44C7.tmp\CnetInstaller-10294998.exe|Name=proinstaller1893| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3C85C69B-CA79-4B47-A328-F24FF63B47FA} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Tony\AppData\Local\Temp\nsaC6.tmp\CnetInstaller-10294998.exe|Name=proinstaller1775| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {367B0B21-6458-462C-88FD-0A365108158C} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Tony\AppData\Local\Temp\nsaC6.tmp\CnetInstaller-10294998.exe|Name=proinstaller1775| [x] -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[Tr.Gen0][File] C:\Users\Tony\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.SearchEngine][Firefox:Config] gt83rqoy.default-1383689389646 : user_pref("browser.search.selectedEngine", "Yahoo!"); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS723232A7A364 +++++
--- User ---
[MBR] 97868a00c7b51e7d21fd762ede285d7e
[BSP] ea64bfee6eaf38edc7e411fcb6983355 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 15000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30926848 | Size: 100000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 235726848 | Size: 190143 MB
User = LL1 ... OK
User = LL2 ... OK

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Go ahead and let Rogue Killer remove everything it found.

 

Then I would let Avast do a boot-time scan tonight while you sleep:

 

Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.
 
  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.
 
When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
 
 
Copy and paste the text from the log to a Reply when done.
 

 

  


  • 0

#5
taipei_tony

taipei_tony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Hi here is the Boot-time scan log:

 

10/25/2015 18:20
Scan of all local drives
 
 
Scanning aborted
Number of searched folders: 672
Number of tested files: 55777
Number of infected files: 0
 
----------------------------------------
03/26/2017 21:02
Scan of all local drives
 
File C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DIQXNZG5\HIGHLIGHT_DAY28_Favorites[1].xap|>HIGHLIGHT_DAY28_Favorites.dll Error 42125 {ZIP archive is corrupted.}
File C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZVFIRC8\HIGHLIGHT_DAY14FullView[1].xap|>HIGHLIGHT_DAY14FullView.dll Error 42125 {ZIP archive is corrupted.}
Number of searched folders: 44201
Number of tested files: 1060688
Number of infected files: 0

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Avast doesn't see anything other than a corrupt zip file in a download from IE.

 

Are you still seeing the problem?


  • 0

#7
taipei_tony

taipei_tony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

There hasn't been any Avast warnings in the past few days so I think I'm all good. Thanks!


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Time to clean up:
 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
 
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
 
If you are a Facebook user get the FB Purity extension for your browser:
This will stop all of the suggested pages and ads so that Facebook loads much quicker.
 
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP