Hello all, my system has been behaving erratically lately, most notably, Chrome browser is acting up a bit. Starting a few days ago, whenever I open Chrome, I'll immediately get a pop-up from Avast saying "Threat has been detected". I have attached screenshots of two recent pop-ups, the second one seems a bit alarming.
Just want to make sure that all is good with my system. Thanks!
Below are the two FRST logs.
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Tony (administrator) on TONY-PC (22-03-2017 20:09:07)
Running from C:\Users\Tony\Desktop
Loaded Profiles: Tony & postgres (Available Profiles: Tony & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
() C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe
() C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe
(Flux Software LLC) C:\Users\Tony\AppData\Local\FluxSoftware\Flux\flux.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780968 2011-04-29] (Synaptics Incorporated)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Google Pinyin 3 Autoupdater] => C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe [1854008 2011-10-25] (Google Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1573504 2011-06-23] (Conexant Systems, Inc.)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70328 2015-01-08] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-17] (AVAST Software)
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\Run: [F.lux] => C:\Users\Tony\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-17] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-17] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{0714651A-25F9-4DC3-AACC-7C8EE204E81D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{1F54C2B4-EF9C-48AD-9DCA-F25EF5107F83}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{FD2E3BD5-60BB-4B5A-94FE-743FA2825C4A}: [NameServer] 8.8.8.8,8.8.4.4
Internet Explorer:
==================
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-17] (AVAST Software)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {88B8A9C7-10A1-4535-8EEB-0D875349E5B8} hxxps://etrade.emega.com.tw/CA/axekey.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-02] (Skype Technologies)
FireFox:
========
FF DefaultProfile: gt83rqoy.default-1383689389646
FF ProfilePath: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\gt83rqoy.default-1383689389646 [2017-03-07]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\gt83rqoy.default-1383689389646 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\gt83rqoy.default-1383689389646 -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\gt83rqoy.default-1383689389646 -> www.yahoo.com
www.google.com
FF Extension: (Perapera Chinese) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\gt83rqoy.default-1383689389646\Extensions\
[email protected] [2016-07-31]
FF Extension: (Firefox Hotfix) - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\gt83rqoy.default-1383689389646\Extensions\
[email protected] [2016-09-18]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-03-17]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-03-17]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\windows\SysWOW64\npDeployJava1.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3482530603-2352231087-752530051-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Tony\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-3482530603-2352231087-752530051-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tony\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-23] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Users\Tony\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-03] (Cisco WebEx LLC)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://us.yahoo.com/
CHR StartupUrls: Default -> "hxxps://us.yahoo.com/","hxxp://www.google.com/"
CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default [2017-03-22]
CHR Extension: (Google Slides) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-01]
CHR Extension: (Google Docs) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-01]
CHR Extension: (Google Drive) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
CHR Extension: (Google Search) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-01]
CHR Extension: (Google Docs Offline) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Perapera Chinese Popup Dictionary) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlcddplhfenagbaipfjhhcjmebhkkaif [2015-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2015-10-09]
CHR Extension: (Gmail) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-17] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-17] (AVAST Software)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [28288 2011-06-23] (Conexant Systems, Inc.)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [206008 2015-01-08] ()
R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [3645624 2015-01-08] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 postgresql-8.4; C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe [66048 2011-01-27] (PostgreSQL Global Development Group) [File not signed]
R2 SamsungUPDUtilSvc; C:\windows\SysWOW64\SecUPDUtilSvc.exe [118576 2014-11-26] ()
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [2030808 2015-01-21] (VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [225464 2014-12-19] (VMware)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [530648 2015-02-11] (VMware, Inc.)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-17] (AVAST Software s.r.o.)
R0 aswbidsh; C:\windows\system32\drivers\aswbidsha.sys [189768 2017-03-17] (AVAST Software s.r.o.)
R0 aswblog; C:\windows\system32\drivers\aswbloga.sys [334600 2017-03-17] (AVAST Software s.r.o.)
R0 aswbuniv; C:\windows\system32\drivers\aswbuniva.sys [48528 2017-03-17] (AVAST Software s.r.o.)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [38296 2017-03-17] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [32088 2017-03-17] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [126600 2017-03-17] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [100640 2017-03-17] (AVAST Software)
R0 aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [75704 2017-03-17] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [993608 2017-03-17] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [548928 2017-03-21] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [162528 2017-03-17] (AVAST Software)
R0 aswVmm; C:\windows\system32\drivers\aswVmm.sys [337592 2017-03-17] (AVAST Software)
R3 MCfilt; C:\windows\System32\drivers\MCfilt64.sys [32344 2010-12-08] (Creative Technology Ltd.)
S2 DgiVecp; \??\C:\windows\system32\Drivers\DgiVecp.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-22 20:09 - 2017-03-22 20:10 - 00034358 _____ C:\Users\Tony\Desktop\FRST.txt
2017-03-22 20:06 - 2017-03-22 20:06 - 00000029 _____ C:\Users\Tony\Desktop\Geeks to Go.txt
2017-03-22 20:05 - 2017-03-22 20:05 - 02424832 _____ (Farbar) C:\Users\Tony\Downloads\FRST64.exe
2017-03-22 20:05 - 2017-03-22 20:05 - 02424832 _____ (Farbar) C:\Users\Tony\Desktop\FRST64.exe
2017-03-22 19:56 - 2017-03-22 19:56 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-21 18:55 - 2017-03-21 18:55 - 00000000 ____D C:\Users\Tony\Desktop\Lakers
2017-03-20 23:32 - 2017-03-20 23:32 - 00247484 _____ C:\Users\Tony\Downloads\2016TurboTaxReturn (1).pdf
2017-03-20 23:32 - 2017-03-20 23:32 - 00247484 _____ C:\Users\Tony\Desktop\2016TurboTaxReturn (1).pdf
2017-03-20 22:01 - 2017-03-20 22:01 - 00000937 _____ C:\Users\Public\Desktop\WinRAR.lnk
2017-03-20 19:08 - 2017-03-20 19:08 - 00000084 _____ C:\Users\Tony\Desktop\Record.txt
2017-03-20 17:27 - 2017-03-20 17:27 - 00266288 _____ C:\windows\Minidump\032017-25022-01.dmp
2017-03-20 05:03 - 2017-03-20 05:03 - 00490853 _____ C:\Users\Tony\Downloads\Hey-160714PW (1).PDF
2017-03-18 16:49 - 2017-03-18 17:50 - 00000310 _____ C:\Users\Tony\Desktop\DRIPS.txt
2017-03-17 23:51 - 2017-03-18 02:09 - 00000905 _____ C:\Users\Tony\Desktop\Tax Stock Records.txt
2017-03-17 21:58 - 2017-03-17 21:58 - 00000000 ____D C:\Users\Tony\Desktop\Hsin
2017-03-17 21:49 - 2017-03-22 19:45 - 00004172 _____ C:\windows\System32\Tasks\Avast Emergency Update
2017-03-17 21:49 - 2017-03-17 21:48 - 00334600 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbloga.sys
2017-03-17 21:49 - 2017-03-17 21:48 - 00309272 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsdrivera.sys
2017-03-17 21:49 - 2017-03-17 21:48 - 00189768 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsha.sys
2017-03-17 21:49 - 2017-03-17 21:48 - 00048528 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbuniva.sys
2017-03-17 21:48 - 2017-03-17 21:48 - 00398408 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2017-03-16 18:29 - 2017-03-17 18:12 - 00000470 _____ C:\Users\Tony\Desktop\Laptops.txt
2017-03-14 13:52 - 2017-03-04 09:39 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-03-14 13:52 - 2017-03-04 01:01 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-03-14 13:52 - 2017-03-04 00:59 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-03-14 13:52 - 2017-03-04 00:51 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-03-14 13:52 - 2017-03-04 00:45 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-03-14 13:52 - 2017-03-04 00:21 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-03-14 13:52 - 2017-03-03 23:55 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-03-14 13:52 - 2017-03-02 11:01 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2017-03-14 13:52 - 2017-03-02 10:55 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-03-14 13:52 - 2017-03-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2017-03-14 13:52 - 2017-03-02 10:35 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2017-03-14 13:52 - 2017-03-02 10:31 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-03-14 13:52 - 2017-03-02 10:28 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2017-03-14 13:52 - 2017-03-02 09:50 - 01312768 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-03-14 13:51 - 2017-03-04 10:24 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-03-14 13:51 - 2017-03-04 01:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-03-14 13:51 - 2017-03-04 01:20 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-03-14 13:51 - 2017-03-04 01:02 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-03-14 13:51 - 2017-03-04 01:01 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-03-14 13:51 - 2017-03-04 01:01 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-03-14 13:51 - 2017-03-04 01:01 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-03-14 13:51 - 2017-03-04 00:52 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-03-14 13:51 - 2017-03-04 00:48 - 25746944 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-03-14 13:51 - 2017-03-04 00:46 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-03-14 13:51 - 2017-03-04 00:45 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-03-14 13:51 - 2017-03-04 00:45 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-03-14 13:51 - 2017-03-04 00:44 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-03-14 13:51 - 2017-03-04 00:36 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-03-14 13:51 - 2017-03-04 00:32 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-03-14 13:51 - 2017-03-04 00:31 - 06045696 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-03-14 13:51 - 2017-03-04 00:23 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-03-14 13:51 - 2017-03-04 00:16 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-03-14 13:51 - 2017-03-04 00:16 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-03-14 13:51 - 2017-03-04 00:13 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-03-14 13:51 - 2017-03-04 00:11 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-03-14 13:51 - 2017-03-03 23:57 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-03-14 13:51 - 2017-03-03 23:54 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-03-14 13:51 - 2017-03-03 23:52 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-03-14 13:51 - 2017-03-03 23:52 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-03-14 13:51 - 2017-03-03 23:26 - 15259648 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-03-14 13:51 - 2017-03-03 23:25 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-03-14 13:51 - 2017-03-03 23:12 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-03-14 13:51 - 2017-03-03 23:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-03-14 13:51 - 2017-03-03 21:18 - 20281856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-03-14 13:51 - 2017-03-02 11:16 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2017-03-14 13:51 - 2017-03-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2017-03-14 13:51 - 2017-03-02 11:01 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-03-14 13:51 - 2017-03-02 11:01 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2017-03-14 13:51 - 2017-03-02 11:00 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-03-14 13:51 - 2017-03-02 10:54 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2017-03-14 13:51 - 2017-03-02 10:51 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2017-03-14 13:51 - 2017-03-02 10:50 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2017-03-14 13:51 - 2017-03-02 10:49 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-03-14 13:51 - 2017-03-02 10:49 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2017-03-14 13:51 - 2017-03-02 10:41 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2017-03-14 13:51 - 2017-03-02 10:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-14 13:51 - 2017-03-02 10:32 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2017-03-14 13:51 - 2017-03-02 10:29 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-03-14 13:51 - 2017-03-02 10:22 - 04604416 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-03-14 13:51 - 2017-03-02 10:21 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-03-14 13:51 - 2017-03-02 10:19 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-03-14 13:51 - 2017-03-02 10:17 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-03-14 13:51 - 2017-03-02 10:17 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2017-03-14 13:51 - 2017-03-02 10:11 - 13654528 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-03-14 13:51 - 2017-03-02 09:53 - 02767360 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-03-14 13:51 - 2017-03-02 09:50 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-03-14 13:51 - 2017-02-22 16:42 - 00084712 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2017-03-14 13:51 - 2017-02-22 16:37 - 01285632 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2017-03-14 13:51 - 2017-02-18 07:05 - 01609216 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2017-03-14 13:51 - 2017-02-18 07:05 - 00646656 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2017-03-14 13:51 - 2017-02-11 08:58 - 00462848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2017-03-14 13:51 - 2017-02-11 08:58 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2017-03-14 13:51 - 2017-02-11 08:58 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2017-03-14 13:51 - 2017-02-10 09:32 - 00803328 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2017-03-14 13:51 - 2017-02-10 09:32 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2017-03-14 13:51 - 2017-02-10 09:17 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2017-03-14 13:51 - 2017-02-10 09:17 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2017-03-14 13:51 - 2017-02-10 07:33 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2017-03-14 13:51 - 2017-02-09 09:36 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-03-14 13:51 - 2017-02-09 09:35 - 05548264 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-03-14 13:51 - 2017-02-09 09:35 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-03-14 13:51 - 2017-02-09 09:35 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-03-14 13:51 - 2017-02-09 09:35 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-03-14 13:51 - 2017-02-09 09:33 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00040960 _____ (Microsoft Corporation) C:\windows\system32\WcsPlugInService.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2017-03-14 13:51 - 2017-02-09 09:32 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00625664 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\icm32.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:19 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2017-03-14 13:51 - 2017-02-09 09:19 - 03945192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2017-03-14 13:51 - 2017-02-09 09:16 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00481792 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00215040 _____ (Microsoft Corporation) C:\windows\SysWOW64\icm32.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 09:03 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-03-14 13:51 - 2017-02-09 09:03 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2017-03-14 13:51 - 2017-02-09 09:03 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-03-14 13:51 - 2017-02-09 09:02 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-03-14 13:51 - 2017-02-09 09:00 - 03220480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-03-14 13:51 - 2017-02-09 08:59 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2017-03-14 13:51 - 2017-02-09 08:58 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2017-03-14 13:51 - 2017-02-09 08:55 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-03-14 13:51 - 2017-02-09 08:55 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-03-14 13:51 - 2017-02-09 08:55 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-03-14 13:51 - 2017-02-09 08:54 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2017-03-14 13:51 - 2017-02-09 08:54 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-03-14 13:51 - 2017-02-09 08:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-03-14 13:51 - 2017-02-09 08:51 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WcsPlugInService.dll
2017-03-14 13:51 - 2017-02-09 08:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2017-03-14 13:51 - 2017-02-09 08:50 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2017-03-14 13:51 - 2017-02-09 08:50 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2017-03-14 13:51 - 2017-02-09 08:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2017-03-14 13:51 - 2017-02-09 08:49 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-03-14 13:51 - 2017-02-09 08:49 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 08:49 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 08:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 08:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-14 13:51 - 2017-02-09 07:06 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2017-03-14 13:51 - 2017-02-09 07:06 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2017-03-14 13:51 - 2017-02-06 09:14 - 00733696 _____ (Microsoft Corporation) C:\windows\HelpPane.exe
2017-03-14 13:51 - 2017-01-13 11:00 - 00976896 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2017-03-14 13:51 - 2017-01-13 11:00 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\INETRES.dll
2017-03-14 13:51 - 2017-01-13 10:45 - 00741888 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2017-03-14 13:51 - 2017-01-13 10:45 - 00084480 _____ (Microsoft Corporation) C:\windows\SysWOW64\INETRES.dll
2017-03-14 13:51 - 2017-01-11 11:01 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2017-03-14 13:51 - 2017-01-11 11:01 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2017-03-14 13:51 - 2017-01-11 10:43 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2017-03-14 13:51 - 2017-01-11 10:43 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2017-03-14 13:51 - 2017-01-06 11:00 - 01574912 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2017-03-14 13:51 - 2017-01-06 10:44 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2017-03-14 13:09 - 2017-03-14 13:09 - 00000014 _____ C:\Users\Tony\Desktop\SS Mission Viejo.txt
2017-03-14 10:37 - 2017-03-15 14:36 - 00690651 _____ C:\Users\Tony\Desktop\Claimant's Statement - Filled.pdf
2017-03-13 22:43 - 2017-03-13 22:43 - 00690416 _____ C:\Users\Tony\Downloads\Claimant's Statement - Spousal (1).pdf
2017-03-13 22:43 - 2017-03-13 22:43 - 00690416 _____ C:\Users\Tony\Desktop\Claimant's Statement - Spousal (1).pdf
2017-03-12 23:05 - 2017-03-12 23:05 - 00690416 _____ C:\Users\Tony\Downloads\Claimant's Statement - Spousal.pdf
2017-03-11 16:23 - 2017-03-11 16:23 - 00000038 _____ C:\Users\Tony\Desktop\CPA.txt
2017-03-09 13:43 - 2017-03-09 13:43 - 00000225 _____ C:\Users\Tony\Desktop\AT&T's Flashing Yellow Light.url
2017-03-08 12:45 - 2017-03-08 12:45 - 00029923 _____ C:\Users\Tony\Downloads\ReservationSearch.aspx
2017-03-08 11:44 - 2017-03-08 11:44 - 00673089 _____ C:\Users\Tony\Downloads\1099.pdf
2017-03-07 13:15 - 2017-03-07 13:15 - 00247484 _____ C:\Users\Tony\Downloads\2016TurboTaxReturn.pdf
2017-03-07 11:37 - 2017-03-07 11:37 - 00588793 _____ C:\Users\Tony\Downloads\Document_372017_123750_PM_NhLJX5rD.pdf
2017-03-05 22:08 - 2017-03-05 22:08 - 00000026 _____ C:\Users\Tony\Desktop\Visit in SF.txt
2017-03-04 23:07 - 2017-03-04 23:07 - 00000026 _____ C:\Users\Tony\Desktop\Golf Shoes.txt
2017-03-01 10:49 - 2017-03-01 10:49 - 24581731 _____ C:\Users\Tony\Downloads\VID_20161228_225035672.mp4
2017-03-01 02:07 - 2017-03-01 02:07 - 00000083 _____ C:\Users\Tony\Desktop\Feb expenses.txt
2017-03-01 01:40 - 2017-03-08 00:32 - 00000127 _____ C:\Users\Tony\Desktop\TransAmerica.txt
2017-02-26 15:37 - 2017-02-26 15:38 - 00000056 _____ C:\Users\Tony\Desktop\Shifen Pics.txt
2017-02-26 10:39 - 2017-02-26 10:39 - 00000264 _____ C:\Users\Tony\Desktop\Survivor.txt
2017-02-26 10:29 - 2017-02-26 10:35 - 00000000 ____D C:\Users\Tony\Desktop\OKC
2017-02-26 08:52 - 2017-02-26 09:44 - 00000274 _____ C:\Users\Tony\Desktop\New Pics Sort.txt
2017-02-25 11:17 - 2017-02-25 11:17 - 00000050 _____ C:\Users\Tony\Desktop\Mom Money Transaction.txt
2017-02-23 03:26 - 2016-12-31 08:36 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2017-02-23 03:26 - 2016-12-31 08:36 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2017-02-23 03:26 - 2016-12-31 08:36 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2017-02-23 03:26 - 2016-12-31 08:36 - 00233984 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2017-02-23 03:26 - 2016-12-31 08:36 - 00133632 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-22 20:10 - 2015-06-08 09:24 - 00000536 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3482530603-2352231087-752530051-1000.job
2017-03-22 20:09 - 2015-01-09 01:54 - 00000000 ____D C:\FRST
2017-03-22 20:09 - 2009-07-13 21:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-22 20:09 - 2009-07-13 21:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-22 20:01 - 2009-07-13 22:13 - 00800820 _____ C:\windows\system32\PerfStringBackup.INI
2017-03-22 20:01 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2017-03-22 19:56 - 2011-09-26 21:19 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-03-22 19:55 - 2011-10-09 05:14 - 00000000 ____D C:\Users\postgres
2017-03-22 19:55 - 2011-10-04 06:56 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-03-22 19:55 - 2011-10-04 06:56 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-03-22 19:54 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-03-22 19:46 - 2011-10-12 13:26 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{8E6A4211-3F19-4F2D-AC5F-BD7D11C1D32B}
2017-03-22 19:43 - 2015-06-15 11:51 - 00000632 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-3482530603-2352231087-752530051-1000.job
2017-03-21 10:45 - 2011-10-08 04:04 - 00548928 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2017-03-20 22:20 - 2015-08-13 14:31 - 00000000 ____D C:\Users\Tony\Desktop\Assets - Income
2017-03-20 22:01 - 2014-08-17 12:52 - 00000000 ____D C:\Users\Tony\AppData\Local\Adobe
2017-03-20 22:01 - 2011-10-08 07:57 - 00000000 ____D C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-20 22:01 - 2011-10-08 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-03-20 22:01 - 2011-10-08 07:56 - 00000000 ____D C:\Program Files\WinRAR
2017-03-20 17:27 - 2013-10-27 07:13 - 00000000 ____D C:\windows\Minidump
2017-03-18 21:54 - 2016-03-23 02:06 - 00003890 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1458723986
2017-03-18 20:38 - 2016-07-02 14:42 - 00000712 _____ C:\Users\Tony\Desktop\Watched Documentaries.txt
2017-03-18 00:10 - 2011-10-04 06:56 - 00064152 _____ C:\Users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-17 21:54 - 2012-01-25 21:36 - 00000000 ____D C:\Temp
2017-03-17 21:50 - 2011-10-04 11:21 - 00000000 ____D C:\Users\Tony\AppData\Roaming\SoftGrid Client
2017-03-17 21:49 - 2013-03-18 08:29 - 00337592 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2017-03-17 21:48 - 2016-03-23 02:06 - 00032088 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2017-03-17 21:48 - 2014-05-09 06:52 - 00038296 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2017-03-17 21:48 - 2014-01-22 10:48 - 00162528 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2017-03-17 21:48 - 2013-03-18 08:29 - 00337592 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys.148981258491306
2017-03-17 21:48 - 2013-03-18 08:29 - 00075704 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2017-03-17 21:48 - 2012-02-29 01:25 - 00100640 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2017-03-17 21:48 - 2011-10-08 04:04 - 00993608 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2017-03-17 21:48 - 2011-10-08 04:04 - 00547904 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys.148981258343104
2017-03-17 21:48 - 2011-10-08 04:04 - 00126600 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2017-03-14 15:35 - 2016-09-25 19:31 - 00000000 ____D C:\windows\rescache
2017-03-14 14:57 - 2013-03-14 14:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-14 14:57 - 2013-03-14 14:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-14 14:57 - 2009-07-13 21:45 - 00294784 _____ C:\windows\system32\FNTCACHE.DAT
2017-03-14 14:55 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-14 14:02 - 2013-07-16 11:07 - 00000000 ____D C:\windows\system32\MRT
2017-03-14 13:56 - 2011-10-04 12:31 - 138634176 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-03-14 13:54 - 2014-12-10 17:47 - 00000000 ____D C:\windows\system32\appraiser
2017-03-14 13:54 - 2013-03-14 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-14 08:54 - 2013-06-17 01:18 - 00004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-03-14 08:54 - 2012-03-31 00:40 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-03-14 08:54 - 2011-11-17 03:40 - 00000000 ____D C:\windows\system32\Macromed
2017-03-14 08:54 - 2011-10-11 13:38 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 08:54 - 2011-09-26 20:33 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-03-09 19:22 - 2015-06-15 11:51 - 00003658 _____ C:\windows\System32\Tasks\G2MUploadTask-S-1-5-21-3482530603-2352231087-752530051-1000
2017-03-09 19:22 - 2015-06-08 09:24 - 00003562 _____ C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3482530603-2352231087-752530051-1000
2017-03-05 22:08 - 2016-11-11 08:56 - 00000620 _____ C:\Users\Tony\Desktop\Sarah Taiwan.txt
2017-03-05 21:57 - 2011-10-15 07:28 - 00000000 ____D C:\Users\Tony\AppData\Roaming\vlc
2017-03-05 21:45 - 2016-09-29 22:19 - 00000172 _____ C:\Users\Tony\Desktop\Sarah References.txt
2017-03-05 20:06 - 2016-09-18 23:52 - 00000000 ____D C:\Users\Tony\AppData\Local\Ignition Casino
2017-03-05 20:05 - 2015-03-24 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Omaha Indicator
2017-03-05 20:05 - 2015-03-24 22:29 - 00000000 ____D C:\Program Files (x86)\Omaha Indicator
2017-03-05 20:04 - 2015-03-24 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Indicator
2017-03-05 20:04 - 2015-03-24 21:57 - 00000000 ____D C:\Program Files (x86)\Holdem Indicator
2017-03-05 20:01 - 2016-09-18 23:50 - 00000000 ____D C:\Ignition
2017-03-02 01:14 - 2016-04-16 19:12 - 00000120 _____ C:\Users\Tony\Desktop\Banks, OCCU, Chase, Citibank,BOA.txt
2017-02-24 02:52 - 2016-09-24 18:18 - 00000490 _____ C:\Users\Tony\Desktop\Cars.txt
2017-02-23 11:19 - 2015-09-12 03:32 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-23 03:49 - 2014-05-06 17:04 - 00000000 ___SD C:\windows\system32\CompatTel
2017-02-23 03:19 - 2016-11-06 08:09 - 00000145 _____ C:\Users\Tony\Desktop\Life Quote.txt
==================== Files in the root of some directories =======
2011-10-09 05:15 - 2011-10-09 05:15 - 0069263 _____ () C:\Program Files (x86)\hminstalllog.txt
2016-02-10 16:20 - 2016-02-10 16:20 - 0001448 _____ () C:\Users\Tony\AppData\Local\recently-used.xbel
2011-10-15 08:33 - 2011-10-15 08:33 - 0007646 _____ () C:\Users\Tony\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
2017-02-28 19:59 - 2017-02-28 19:59 - 0008704 _____ () C:\Users\Tony\AppData\Local\Temp\osgisodf.dll
2016-10-03 18:25 - 2016-10-03 18:25 - 0008704 _____ () C:\Users\Tony\AppData\Local\Temp\qrtmk1-p.dll
2016-12-15 06:46 - 2016-12-15 06:47 - 30533688 _____ () C:\Users\Tony\AppData\Local\Temp\vlc-2.2.4-win32.exe
2016-11-04 06:20 - 2016-11-04 06:20 - 0011776 _____ () C:\Users\Tony\AppData\Local\Temp\xcoe5x4x.dll
2017-01-01 08:15 - 2017-01-01 08:15 - 0008704 _____ () C:\Users\Tony\AppData\Local\Temp\yuktw0_l.dll
2017-01-31 23:45 - 2016-02-11 20:25 - 0384512 _____ (PokerStars) C:\Users\Tony\AppData\Local\Temp\_unps.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-14 14:37
==================== End of FRST.txt ============================
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Tony (22-03-2017 20:11:05)
Running from C:\Users\Tony\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-10-04 13:55:54)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3482530603-2352231087-752530051-500 - Administrator - Disabled)
Guest (S-1-5-21-3482530603-2352231087-752530051-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3482530603-2352231087-752530051-1245 - Limited - Enabled)
postgres (S-1-5-21-3482530603-2352231087-752530051-1002 - Limited - Enabled) => C:\Users\postgres
Tony (S-1-5-21-3482530603-2352231087-752530051-1000 - Administrator - Enabled) => C:\Users\Tony
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Age of Empires III - The Asian Dynasties (HKLM-x32\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires Online (HKLM-x32\...\Steam App 105430) (Version: - Microsoft)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version: - )
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.16.0 - Conexant)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.3.5.0 - Synaptics Incorporated)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Dropbox (HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\Dropbox) (Version: 2.6.27 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
f.lux (HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\Flux) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.46.3.WIN.FullTilt.COM - )
GameRanger (HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\GameRanger) (Version: - GameRanger Technologies)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Goalwin Poker (HKLM-x32\...\Goalwin Poker_is1) (Version: - goalwin)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.1.0.6519 (HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\GoToMeeting) (Version: 8.1.0.6519 - CitrixOnline)
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
Holdem Indicator 2.5.7 (HKLM-x32\...\Holdem Indicator_is1) (Version: - hxxp://www.HoldemIndicator.com)
Holdem Manager (HKLM-x32\...\HoldemManager) (Version: - )
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - )
Ignition Casino (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E4}}_is1) (Version: - )
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
join.me (HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\JoinMe) (Version: 2.0.1.783 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LINE (HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\LINE) (Version: 5.0.1.1391 - LINE Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Omaha Indicator 1.9.4 (HKLM-x32\...\Omaha Indicator_is1) (Version: - hxxp://www.OmahaIndicator.com)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.590 (x32 Version: 3.55.2393.590 - Avast Software) Hidden
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SyncUP (HKLM-x32\...\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}) (Version: 1.8.21200.33.104 - Nero AG)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.13500 - Nero AG)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
UBNet (HKU\S-1-5-21-3482530603-2352231087-752530051-1000\...\UBNet) (Version: - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Horizon Client (HKLM\...\{4CE5CE6C-14DA-41E7-8728-07C95F3CBC59}) (Version: 3.3.0.25749 - VMware, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
谷歌拼音输入法 3.0 (HKLM\...\GooglePinyin3) (Version: - Google Inc.)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3482530603-2352231087-752530051-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3482530603-2352231087-752530051-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\3019\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3482530603-2352231087-752530051-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3482530603-2352231087-752530051-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3482530603-2352231087-752530051-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3482530603-2352231087-752530051-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {193F9613-5DD3-439D-9496-9B0FB4882C10} - System32\Tasks\G2MUpdateTask-S-1-5-21-3482530603-2352231087-752530051-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupdate.exe [2017-03-09] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6D81ACBC-430C-457C-A729-C9D3092154DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-01] (Google Inc.)
Task: {78979ADB-A7A7-4EF7-AA17-827D5146BBFF} - System32\Tasks\G2MUploadTask-S-1-5-21-3482530603-2352231087-752530051-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupload.exe [2017-03-09] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {89266FEE-8848-4DBB-8F09-27795B16917C} - System32\Tasks\SafeZone scheduled Autoupdate 1458723986 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-03] (Avast Software)
Task: {A87C59C3-A3D6-4874-86E9-8101121343E7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {AF7CE3AF-D259-44B4-8142-7B5B7E073D20} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-17] (AVAST Software)
Task: {BEBE4AAC-2C0C-4E90-AD89-D615A1EFA72B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)
Task: {C2D3D31B-45F6-41C1-831D-BF187FF99E9E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-01] (Google Inc.)
Task: {FA5DA2D9-777B-4BF8-918A-D5C5497496B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3482530603-2352231087-752530051-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-3482530603-2352231087-752530051-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupload.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2011-05-02 11:41 - 2011-05-02 11:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-04-18 01:30 - 2014-04-16 01:22 - 00029184 _____ () C:\windows\System32\usp02l.dll
2015-01-08 12:52 - 2015-01-08 12:52 - 00206008 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
2015-01-08 12:58 - 2015-01-08 12:58 - 03645624 _____ () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
2015-04-18 01:32 - 2014-11-26 04:07 - 00118576 _____ () C:\windows\SysWOW64\SecUPDUtilSvc.exe
2011-09-26 21:19 - 2011-08-18 08:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-09-26 22:53 - 2011-06-10 11:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-03-17 21:48 - 2017-03-17 21:48 - 00162600 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-03-17 21:48 - 2017-03-17 21:48 - 00792656 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2011-09-26 20:42 - 2010-12-17 08:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-05-02 11:41 - 2011-05-02 11:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-10-25 04:10 - 2011-10-25 04:10 - 01208376 _____ () C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exe
2017-03-17 21:48 - 2017-03-17 21:48 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-22 19:45 - 2017-03-22 19:45 - 05991696 _____ () C:\Program Files\AVAST Software\Avast\defs\17032205\algo.dll
2017-03-17 21:48 - 2017-03-17 21:48 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-01-08 12:47 - 2015-01-08 12:47 - 00225464 _____ () C:\Program Files (x86)\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll
2011-10-09 05:13 - 2011-01-27 22:15 - 00172032 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\LIBPQ.dll
2011-10-09 05:13 - 2009-02-12 12:01 - 00976384 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\libxml2.dll
2011-10-09 05:13 - 2005-07-20 03:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\zlib1.dll
2016-09-15 00:18 - 2016-09-15 00:18 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-03-17 21:48 - 2017-03-17 21:48 - 00290352 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-08-04 22:39 - 2016-08-04 22:39 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\6b6a16e7c272095c219589e723d94bef\IsdiInterop.ni.dll
2011-09-26 20:32 - 2011-02-18 06:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3482530603-2352231087-752530051-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Facebook Update => "C:\Users\Tony\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: Stage Remote => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F70742D9-2128-49D8-8529-C7073CF713F1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0F9A0D00-793C-4BB7-98D5-1EC0BCAE4A76}] => (Allow) C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{9FD793A6-DDBA-4607-8588-65A71AA6BF95}] => (Allow) LPort=9700
FirewallRules: [{379B49E8-CA1C-4ACB-8B75-32D88A8891F0}] => (Allow) LPort=9701
FirewallRules: [{B0007347-34DE-4722-8A3A-164FAD0BA42B}] => (Allow) LPort=9702
FirewallRules: [{705A0C01-C369-4731-9E85-F82B15B1FB6B}] => (Allow) LPort=9700
FirewallRules: [{2D0C9251-D9FF-4EDF-899F-057E2ACB946D}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{D8EEBE02-F2D3-4A97-993A-5CAA965FA667}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{D50A78DB-F24B-4422-8FA7-D1837CE6C1EC}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{B3652C73-C897-415B-90B2-5192F3FCE7DA}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{DFFE37A5-342F-43F6-96F9-EF28600D7B3E}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{D79AE09A-49D3-450C-A488-1722E67EB97E}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
FirewallRules: [{CBEDDFA1-9F9A-4686-8D5B-29101E76CD43}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
FirewallRules: [{4B111BCA-F165-402E-9001-4DCCEC73CE1D}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\Controller.exe
FirewallRules: [{E782A9EC-00CD-4844-AC5C-3B28C312AC33}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\InstallerHelp.exe
FirewallRules: [{6825046C-F43E-4BC9-8E51-8DD059126B04}] => (Allow) C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
FirewallRules: [{39F127C0-3981-4786-9C8B-509AD118B84F}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{D9A3B45E-F231-438F-AA6D-55F581704D6C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0191EDB2-15B8-472A-A810-D34599BE2A11}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EA59D83B-A7D5-452A-8FA2-26DDD1ABB5FE}] => (Allow) LPort=2869
FirewallRules: [{84099D83-E1DC-44EA-9788-E5C250AFD102}] => (Allow) LPort=1900
FirewallRules: [{37F38C8A-9893-4E11-B30F-12EB2826F836}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{97F379DE-2B76-4A9D-AEAB-5C5F5E664722}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{403DBE0C-1913-4514-8C86-6EE168A5B529}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4A40B80C-D903-4F38-B0DF-3CC1109E8E53}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{AA2D9644-D5BE-4D93-9297-E1AA9FD289B2}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{E82657E4-00C2-4B77-8AC5-5C964AD19DD0}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{61F3726E-3E74-40CC-A19D-C0384C014C3A}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [{E4C776A5-DA32-48D0-BAEE-881167A62F0D}] => (Allow) LPort=5432
FirewallRules: [TCP Query User{12211D55-54B0-496D-8B82-84E5AD1BFF6C}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{D1ADA654-FEF6-4AA6-AA7B-A14AE7F7D26D}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{94FD74DC-CDF9-4E16-9C01-8630033FD7E7}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe
FirewallRules: [UDP Query User{922C711C-D83C-4138-9903-2B0AE15D301C}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe
FirewallRules: [{184778BF-C40C-4A72-AB94-A187F7251D0F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7C7771E8-BA25-467C-ACA7-9A771FE51CD2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{BBFF65E5-BB63-4420-9F76-005FCFC05ED6}C:\program files (x86)\steam\steamapps\
[email protected]\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\
[email protected]\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{607BAF48-8B21-404E-AD1B-13F32E564B57}C:\program files (x86)\steam\steamapps\
[email protected]\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\
[email protected]\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{8E4588D7-37D3-42F4-BD38-2BA4A5485DBF}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe
FirewallRules: [UDP Query User{FD9ECCFE-D91B-4332-BCCF-5CFD0A400C51}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe
FirewallRules: [{96181F82-09D2-4E7D-9CBF-1270C2737E4A}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{981C22F3-0640-4E1C-84BA-7D7E1CC799CE}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{E091CC6C-F102-48AC-B304-77589C316035}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{70A9FF18-3F92-4C41-972F-5782E5AB220A}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [TCP Query User{BA0DA172-ABED-4FD2-8006-75C37E8C465F}C:\program files (x86)\microsoft games\age of empires iii\age3.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires iii\age3.exe
FirewallRules: [UDP Query User{2BF5CDB9-E1F6-4724-A7E6-718FEBAFE2F6}C:\program files (x86)\microsoft games\age of empires iii\age3.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires iii\age3.exe
FirewallRules: [TCP Query User{41FF87B2-360B-4551-BE65-2B6B8A36F77B}C:\program files (x86)\microsoft games\age of empires iii\age3y.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires iii\age3y.exe
FirewallRules: [UDP Query User{A9C82293-6B05-4DA7-933A-279EE4165DD9}C:\program files (x86)\microsoft games\age of empires iii\age3y.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires iii\age3y.exe
FirewallRules: [TCP Query User{F0DA24F9-3E8D-4F8F-A3D3-EAD9B9F0C6F9}C:\users\tony\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\tony\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{A5293922-6E41-47CA-B5D1-699B3ADA56D2}C:\users\tony\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\tony\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [{E07113B2-A652-4228-9685-125DC86F59C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\AOEOnline.exe
FirewallRules: [{DEC89F53-965A-4D74-9C0B-B0FA729E4A70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\AOEOnline.exe
FirewallRules: [{63772653-F703-42DF-80DB-1420E213736C}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{D592F9C8-8C0E-49E5-BFF7-41BB22AB9FF9}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [TCP Query User{7D1B15C3-0AF0-4CCE-9954-798437B69E3C}C:\program files (x86)\naver\line\line.exe] => (Block) C:\program files (x86)\naver\line\line.exe
FirewallRules: [UDP Query User{864F59C2-ADCA-407E-B4BF-205CB4CA1882}C:\program files (x86)\naver\line\line.exe] => (Block) C:\program files (x86)\naver\line\line.exe
FirewallRules: [TCP Query User{9B6E7A5C-3608-48FF-8E0E-FF6975DCFF6E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{90B669D8-DB5D-4166-B87E-1DE260148B2D}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{338CD00B-4F61-4EC8-A4BD-4DD995DB271B}] => (Allow) C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{32293A51-2E0A-49DD-9F66-C565BDAC22F1}] => (Allow) C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F9902A0B-AB80-4668-AE07-0D2C70AB439F}] => (Allow) C:\Users\Tony\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9795D7FB-F2B2-45DE-B26B-31282A95F5B5}] => (Allow) C:\Users\Tony\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4DDD67A0-E525-44F4-83D0-10B89448B1E4}] => (Allow) C:\Users\Tony\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{19DAA26E-8ABC-46A4-B059-3E69C45CB563}] => (Allow) C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A3017A19-07C2-4A42-A609-4BD1A1BA7E31}] => (Allow) C:\Users\Tony\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{59E6A212-F098-457A-A2C5-7C8C90AE436F}] => (Allow) C:\Users\Tony\AppData\Local\Temp\nsd44C7.tmp\CnetInstaller-10294998.exe
FirewallRules: [{5876E59F-13E8-4BE8-813D-029ED74A6E17}] => (Allow) C:\Users\Tony\AppData\Local\Temp\nsd44C7.tmp\CnetInstaller-10294998.exe
FirewallRules: [{3C85C69B-CA79-4B47-A328-F24FF63B47FA}] => (Allow) C:\Users\Tony\AppData\Local\Temp\nsaC6.tmp\CnetInstaller-10294998.exe
FirewallRules: [{367B0B21-6458-462C-88FD-0A365108158C}] => (Allow) C:\Users\Tony\AppData\Local\Temp\nsaC6.tmp\CnetInstaller-10294998.exe
FirewallRules: [{961CF610-5622-4721-A72A-478E1FEBD4B5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{221A5059-5854-4E0F-B692-F807A9FB3435}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A4FC5ADC-FCDD-486D-89D2-8FABC0B7460A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{89AA7F5B-1051-460C-846B-58E389F76BB1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F3C65D75-DFDA-4928-B726-23D988502F95}] => (Allow) C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe
FirewallRules: [{02304A97-A245-4775-A9D8-585C73730C0B}] => (Allow) C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe
FirewallRules: [{3E6D8A08-E9F3-4C35-90EA-6A874AC0BD9A}] => (Allow) C:\Program Files (x86)\Omaha Indicator\OmahaIndicator.exe
FirewallRules: [{B7A4C07D-F72F-416C-8124-0D0389BBC9CE}] => (Allow) C:\Program Files (x86)\Omaha Indicator\OmahaIndicator.exe
FirewallRules: [{CD6F6DBA-9095-4A6D-892F-430048ED601B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{376FDD4E-A3B3-4BD5-953A-C6A248D5DF87}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{2286192F-32B0-4448-B889-07108613A94D}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{9902416F-D932-4EE7-9B78-EC0F063A336D}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{43B2A1F6-CE2C-4AE1-8238-85602771F4AF}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{7396F8B5-CDCA-4DD7-A9F7-05E65F68B46B}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{1DFC59CF-E60C-4687-8FC9-5A62B3A9F86B}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{A3C21FB0-26AF-4713-9D60-D48AF03942EC}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{2780197A-1013-4D4E-B4BB-D2EFAD5F9347}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [TCP Query User{7F0A3D6C-790C-41D8-A53F-E42042DF1F69}C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe] => (Allow) C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe
FirewallRules: [UDP Query User{FD157118-3AEA-44BC-BDBD-581FE62C3D6B}C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe] => (Allow) C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe
FirewallRules: [{FA2EA39F-6898-4283-B488-CCA95C1C3339}] => (Allow) C:\Program Files (x86)\Omaha Indicator\OmahaIndicator.exe
FirewallRules: [{F0C8CE54-9ADC-4135-8FEB-3C1E1FBF4ACF}] => (Allow) C:\Program Files (x86)\Omaha Indicator\OmahaIndicator.exe
FirewallRules: [{958B966E-191F-4E6A-B258-95C54DC41068}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{21240DC2-37B9-4A07-931C-54F293B36F48}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D805B7D7-9E6A-4A16-A4BA-71879B3DDFBE}] => (Allow) C:\Users\Tony\AppData\Local\Line\bin\4.7.0.1027\LINE.exe
FirewallRules: [{9C76DBA1-2F0A-4E27-BBE0-08C1242783D6}] => (Allow) C:\Users\Tony\AppData\Local\Line\bin\4.7.0.1027\LINE.exe
FirewallRules: [{BA38B4D9-AB11-4007-BD3A-11D2703E9106}] => (Allow) C:\Users\Tony\AppData\Local\Line\bin\4.7.0.1027\LineUpdater.exe
FirewallRules: [{B8F93B7F-6A6E-487A-843D-F0630B41FF7E}] => (Allow) C:\Users\Tony\AppData\Local\Line\bin\4.7.0.1027\LineUpdater.exe
FirewallRules: [{0466A23F-297F-4D99-BFE0-4986B4BBD238}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D2FC8C61-9A17-48AA-8C54-255957EB6019}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{913BDC1C-17E1-4D45-B65C-F534D1C36095}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
==================== Restore Points =========================
21-03-2017 11:35:07 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/22/2017 07:55:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/22/2017 07:55:25 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2017-03-22 19:55:25 PDTFATAL: the database system is starting up
Error: (03/22/2017 07:50:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/21/2017 10:49:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/20/2017 09:40:02 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/20/2017 09:39:54 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2017-03-20 21:39:54 PDTFATAL: the database system is starting up
Error: (03/20/2017 05:30:47 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (03/20/2017 02:35:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmware-usbarbitrator64.exe, version: 12.2.7.0, time stamp: 0x54c03130
Faulting module name: vmware-usbarbitrator64.exe, version: 12.2.7.0, time stamp: 0x54c03130
Exception code: 0xc0000005
Fault offset: 0x0000000000006102
Faulting process id: 0x26bc
Faulting application start time: 0x01d29fb45e5473e0
Faulting application path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Faulting module path: C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
Report Id: 25b054b6-0db5-11e7-98f1-ac7289af52e8
Error: (03/20/2017 05:06:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/18/2017 04:05:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
System errors:
=============
Error: (03/22/2017 07:55:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
The system cannot find the file specified.
Error: (03/22/2017 07:53:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
Error: (03/22/2017 07:43:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vmwsprrdpwks service.
Error: (03/21/2017 10:45:03 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
Error: (03/20/2017 09:42:15 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
Error: (03/20/2017 09:39:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
The system cannot find the file specified.
Error: (03/20/2017 07:44:41 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
Error: (03/20/2017 05:29:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The postgresql-8.4 - PostgreSQL Server 8.4 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (03/20/2017 05:29:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the postgresql-8.4 - PostgreSQL Server 8.4 service to connect.
Error: (03/20/2017 05:28:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
The system cannot find the file specified.
==================== Memory info ===========================
Processor: Intel® Core i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 4002.13 MB
Available physical RAM: 2383 MB
Total Virtual: 8002.44 MB
Available Virtual: 5989.19 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:97.66 GB) (Free:3.08 GB) NTFS
Drive d: (DATA) (Fixed) (Total:185.69 GB) (Free:22.75 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B2158B78)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=185.7 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================