Im not sure my loptop has been infected please advice...
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017
Ran by DiNo (administrator) on DINO-PC (25-07-2017 18:20:15)
Running from C:\Users\DiNo\Downloads
Loaded Profiles: DiNo (Available Profiles: DiNo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Vimicro) C:\Windows\VMSnap3.exe
() C:\Windows\Domino.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-25] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-371815623-3163942107-3489479027-1000\...\MountPoints2: {e4dd7202-b4bc-11e6-aa64-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-12-12] (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{83B85271-B184-48DF-BF65-A8201BF715CB}: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{EEA3698C-129E-40E3-8CFC-2EC3466A5E51}: [NameServer] 8.8.4.4,8.8.8.8
Tcpip\..\Interfaces\{EEA3698C-129E-40E3-8CFC-2EC3466A5E51}: [DhcpNameServer] 192.168.254.254 192.168.254.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_btlrd_17_25_dopc¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCzzyC0DtC0DyC0D0AyCzytN0D0Tzu0StCzyzyyDtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0ByD0B0F0F0A0CtGyEtB0EyCtGzzyDyE0AtGtBtC0A0DtGtCzy0A0AtD0E0FyD0A0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytByD0CtAyCtByEtGyE0ByB0DtGyEyC0F0EtG0B0EtBtCtGtByBzz0E0CtB0A0DyDtA0D0D2QtN0A0LzuyE%26cr%3D2045322524%26a%3Dwny_btlrd_17_25_dopc%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-25] (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-25] (AVAST Software)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-04] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: 50x2pgiq.default-1497831639553
FF ProfilePath: C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\50x2pgiq.default-1497831639553 [2017-07-25]
FF Extension: (Firefox Hotfix) - C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\50x2pgiq.default-1497831639553\Extensions\
[email protected] [2017-06-19]
FF ProfilePath: C:\Users\DiNo\AppData\Roaming\Mozilla\Firefox\Profiles\cyfvltd1.default-1497831639553-1497831929156 [2017-06-19]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-21] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://start.roboform.com
CHR StartupUrls: Default -> "hxxp://start.roboform.com/","hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl","hxxp://vosteran.com/?f=7&a=vst_dnldastr_15_01_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0F0EtByC0BtAtDyE0A0AzyyDzztN0D0Tzu0StCtDzyyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0A0EyByEtAzytDtG0FtA0CyDtG0AyC0B0AtG0AtA0A0BtGyByDtDtD0FtCyE0Ezz0F0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0CyE0Czz0E0E0DtGzzzy0FzytGyEtC0EtDtG0A0E0EtBtG0A0FyC0F0B0B0BzyyEtCtBtD2Q&cr=1552769452&ir=","hxxps://ph.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_dnldastr_16_09¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzytD0D0EtCtDyBtDyB0EyDtN0D0Tzu0StCyDtBtAtN1L2XzutAtFtCyBtFtCtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StCyE0DtCzztDtA0FtGyDtCyD0BtG0ByDyCzytGtB0AzytCtG0FyDzzyBtDtA0BtA0E0B0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzz0B0AyCtC0BzztGyByB0EyDtGyEyDyD0AtGzztD0EyEtGtCyBzy0C0EyCzztAzy0F0BtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyDzyyE%26cr%3D787642898%26a%3Djmb_dnldastr_16_09%26os_ver%3D5.1%26os%3DWindows%2BXP&uref=chmm","hxxp://google/","hxxp://www.hohosearch.com/?mode=nnnb&ptid=amz&uid=4C0A05067EAE17E3077F62DD65286CE4&v=20160317&ts=AHEpC3AmB3QpCE..","hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tggl_16_52¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzztByBtN1L2XzutAtFtByDtFtCtFzzyEtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzytCyB0C0EyEzytGyD0CtB0DtGzyyCzzyBtGyE0EtBtBtGtCyDtDyDyByD0ByD0CtAtBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCtAyBtC%26cr%3D645584324%26a%3Dwbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_btlrd_16_50¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzztCtBtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0AyE0DtAyDtD0AtGtBtDtAtAtGtB0D0EzytGtD0F0ByEtG0AyCyEyEyE0EyC0A0DtAyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyE%26cr%3D1327159663%26a%3Dwbf_btlrd_16_50%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate","hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_03_wbf_tggl_16_52¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzyEzztN1L2XzutAtFtByDtFtCtFyDtCtN1L1Czu1M1Q1CtAtCtFtCyEtFtDtN1L1G1B1V1N2Y1L1Qzu2SyD0D0EtDtC0BzyzytGyB0FzyyCtGtCtDtByBtGtA0BtA0FtG0E0EyCyDyEtByD0CtA0F0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyE%26cr%3D178718939%26a%3Dhdr_s_17_03_wbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_04_wbf_tggl_16_52¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzyEzytN1L2XzutAtFtByDtFtCtFyDtCtN1L1Czu1M1Q1CtAtCtFtCyEtFtDtN1L1G1B1V1N2Y1L1Qzu2StBtC0AtDtAzy0C0FtGtA0F0D0AtGtAtCyEtCtGyC0C0CtAtGyEyBtB0ByC0D0EyByDyD0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyBtAtD%26cr%3D234607685%26a%3Dhdr_s_17_04_wbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_05_wbf_tggl_16_52¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzyCtDtN1L2XzutAtFtByCtFyEtFyDtDtN1L1Czu1M1Q1CtAtCtFtCyEtFtDtN1L1G1B1V1N2Y1L1Qzu2SyEtA0FtC0F0CzzyDtGyD0EyBzztGtBtC0BtAtGtAtByDyCtGtAtA0B0AyCtDtB0FtB0C0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytCzz%26cr%3D893137133%26a%3Dhdr_s_17_05_wbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_06_wbf_tggl_16_52¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzyCzztN1L2XzutAtFtByCtFyEtFyDtDtN1L1Czu1M1Q1CtAtCtFtCyEtFtDtN1L1G1B1V1N2Y1L1Qzu2SyB0Azy0E0DtBtD0FtGtAyEtAyCtGzzyC0BtBtGyD0CyB0EtG0FyE0D0ByE0Bzy0CtAzzyE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyE%26cr%3D1011583167%26a%3Dhdr_s_17_06_wbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_09_wbf_tggl_16_52¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzzzyCtN1L2XzutAtFtByBtFtCtFyDtBtN1L1Czu1M1Q1CtAtBtFtAtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0F0CyEtC0Czz0CtGyCyC0EyDtGyDyByD0DtGtCzytD0BtG0C0FtB0FtD0Dzz0F0C0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyE%26cr%3D2098982897%26a%3Dhdr_s_17_09_wbf_tggl_16_52%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_10¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtAyD0A0E0B0F0DtAtCyDtBtB0BtN0D0Tzu0StCzzzyyCtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEyC0A0E0BtA0FtGtCzyzytAtG0CtDzztBtGyCzz0E0BtGzz0E0A0ByDyBzz0AyBzyyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzyyE0FzzyBtAyBtG0AtD0C0AtGyEtAzztCtGzyzzyCzytG0AtDtAyC0C0A0A0DtC0FtAtA2QtN0A0LzuyE%26cr%3D1457629812%26a%3Dwncy_btrnt_17_10%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&uref=chmm","hxxp://www.trotux.com/?z=a81dae9f3d8cc766334f320g6z8t9e0w3gdgao6z9m&from=icb&uid=WDCXWD3200BEVT-22ZCT0_WD-WX70A59J8743J8743&type=hp","hxxp://www.youndoo.com/?z=7c430dd2dc797958bade6e1g9zatbe6q6g1g5wft9q&from=bcn&uid=WDCXWD3200BEVT-22ZCT0_WD-WX70A59J8743J8743&type=hp"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default [2017-07-25]
CHR Extension: (Google Slides) - C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-21]
CHR Extension: (Google Docs) - C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-21]
CHR Extension: (Google Sheets) - C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-21]
CHR Extension: (Google Docs Offline) - C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-21]
CHR Extension: (Chrome Media Router) - C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-21]
CHR Profile: C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-24]
CHR Profile: C:\Users\DiNo\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-03]
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fdbpcigaolookbahgdofnimidinicfid] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-25] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-25] (AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-07-25] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-07-25] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-07-25] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-07-25] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146696 2017-07-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-25] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-25] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-25] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-25] (AVAST Software)
S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [308096 2007-06-23] (Vimicro Corporation)
S3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-25 18:20 - 2017-07-25 18:21 - 00019674 _____ C:\Users\DiNo\Downloads\FRST.txt
2017-07-25 18:19 - 2017-07-25 18:20 - 00000000 ____D C:\FRST
2017-07-25 18:14 - 2017-07-25 18:14 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-25 18:13 - 2017-07-25 18:13 - 00000000 ____D C:\Users\DiNo\AppData\Roaming\AVAST Software
2017-07-25 18:12 - 2017-07-25 18:14 - 02382336 _____ (Farbar) C:\Users\DiNo\Downloads\FRST64.exe
2017-07-25 18:12 - 2017-07-25 18:12 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-07-25 18:12 - 2017-07-25 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-07-25 18:11 - 2017-07-25 18:12 - 00146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-07-25 18:11 - 2017-07-25 18:11 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-25 18:11 - 2017-07-25 18:10 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150097752749803
2017-07-25 18:11 - 2017-07-25 18:10 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-25 18:11 - 2017-07-25 18:10 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-25 18:10 - 2017-07-25 18:10 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-25 17:28 - 2017-07-25 17:28 - 00000017 _____ C:\Users\DiNo\AppData\Local\resmon.resmoncfg
2017-07-25 17:12 - 2017-07-25 17:12 - 00000000 ____D C:\Program Files\AVAST Software
2017-07-25 17:01 - 2017-07-25 17:05 - 06948656 _____ (AVAST Software) C:\Users\DiNo\Downloads\avast_free_antivirus_setup_online.exe
2017-07-25 01:31 - 2017-07-25 01:31 - 00002924 _____ C:\Windows\System32\Tasks\{2264F74B-1BE9-47DD-A0E7-BCD7FB7BF85E}
2017-07-25 01:30 - 2017-07-25 01:30 - 00002924 _____ C:\Windows\System32\Tasks\{5C5FABB7-A226-4158-A279-D13645A124F8}
2017-07-25 01:15 - 2017-07-25 01:15 - 00000000 ____D C:\ProgramData\UniqueId
2017-07-25 01:10 - 2017-07-25 01:51 - 00000000 ____D C:\Users\DiNo\Downloads\New folder
2017-07-25 01:07 - 2017-07-25 01:20 - 00000048 _____ C:\Users\DiNo\AppData\Roaming\pidloc.txt
2017-07-25 01:07 - 2017-07-25 01:20 - 00000004 _____ C:\Users\DiNo\AppData\Roaming\pid.txt
2017-07-25 01:07 - 2017-07-21 19:42 - 00526848 _____ C:\Users\DiNo\AppData\Roaming\Windows Update.exe
2017-07-24 19:07 - 2017-07-25 16:59 - 00000000 ____D C:\Users\DiNo\Downloads\Brabus
2017-07-24 19:01 - 2017-07-24 22:11 - 00691712 _____ C:\Users\DiNo\Downloads\carbon-b-style.xls
2017-07-23 06:20 - 2017-07-23 09:09 - 00000000 ____D C:\Users\DiNo\Downloads\dmc
2017-07-22 14:18 - 2017-07-22 14:18 - 00814606 _____ C:\Users\DiNo\Downloads\W463 G-Klasse_Mopf_Prospekt_11-2011.pdf
2017-07-22 09:10 - 2017-07-24 13:10 - 00000000 ____D C:\Users\DiNo\Downloads\lorinser
2017-07-22 06:50 - 2017-07-22 06:50 - 00631320 _____ C:\Users\DiNo\Downloads\Preisliste-G-Klasse_W463-04.04.2014.pdf
2017-07-21 20:38 - 2017-07-21 20:38 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-21 20:38 - 2017-07-21 20:38 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-21 20:35 - 2017-07-21 20:35 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-21 20:35 - 2017-07-21 20:35 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-21 20:33 - 2017-07-21 20:33 - 01130328 _____ (Google Inc.) C:\Users\DiNo\Downloads\ChromeSetup.exe
2017-07-21 20:13 - 2017-06-30 11:32 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-21 20:13 - 2017-06-30 10:39 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-21 20:13 - 2017-06-30 10:38 - 01363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-21 20:13 - 2017-06-29 13:23 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-21 20:13 - 2017-06-29 13:23 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-21 20:13 - 2017-06-29 13:05 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-21 20:13 - 2017-06-29 12:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-21 20:13 - 2017-06-29 12:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-21 20:13 - 2017-06-29 12:52 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-21 20:13 - 2017-06-29 12:48 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-21 20:13 - 2017-06-29 12:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-21 20:13 - 2017-06-29 12:46 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-21 20:13 - 2017-06-29 12:46 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-21 20:13 - 2017-06-29 12:43 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-21 20:13 - 2017-06-29 12:28 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-21 20:13 - 2017-06-29 12:24 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-21 20:13 - 2017-06-13 06:29 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-21 20:13 - 2017-06-13 06:29 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-21 20:13 - 2017-06-13 06:29 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-21 20:13 - 2017-06-13 06:28 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-21 20:13 - 2017-06-13 06:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-21 20:13 - 2017-06-13 06:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-21 20:13 - 2017-06-13 06:06 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-21 20:13 - 2017-06-13 06:06 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-21 20:13 - 2017-06-13 06:06 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-21 20:13 - 2017-06-10 23:39 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-21 20:13 - 2017-06-06 23:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-21 20:12 - 2017-07-06 12:56 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2017-07-21 20:12 - 2017-06-30 12:15 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 02319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 02058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-21 20:12 - 2017-06-30 10:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-21 20:12 - 2017-06-30 10:40 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-21 20:12 - 2017-06-30 10:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-21 20:12 - 2017-06-30 10:39 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-21 20:12 - 2017-06-30 10:38 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-21 20:12 - 2017-06-30 10:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-21 20:12 - 2017-06-30 10:27 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-21 20:12 - 2017-06-30 10:27 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-21 20:12 - 2017-06-30 10:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-21 20:12 - 2017-06-30 10:26 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-21 20:12 - 2017-06-29 14:27 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-21 20:12 - 2017-06-29 14:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-21 20:12 - 2017-06-29 14:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-21 20:12 - 2017-06-29 14:04 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-21 20:12 - 2017-06-29 14:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-21 20:12 - 2017-06-29 14:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-21 20:12 - 2017-06-29 14:02 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-21 20:12 - 2017-06-29 14:02 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-21 20:12 - 2017-06-29 14:02 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-21 20:12 - 2017-06-29 13:55 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-21 20:12 - 2017-06-29 13:54 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-21 20:12 - 2017-06-29 13:51 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-21 20:12 - 2017-06-29 13:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-21 20:12 - 2017-06-29 13:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-21 20:12 - 2017-06-29 13:50 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-21 20:12 - 2017-06-29 13:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-21 20:12 - 2017-06-29 13:44 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-21 20:12 - 2017-06-29 13:43 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-21 20:12 - 2017-06-29 13:39 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-21 20:12 - 2017-06-29 13:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-21 20:12 - 2017-06-29 13:31 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-21 20:12 - 2017-06-29 13:31 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-21 20:12 - 2017-06-29 13:30 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-21 20:12 - 2017-06-29 13:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-21 20:12 - 2017-06-29 13:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-21 20:12 - 2017-06-29 13:23 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-21 20:12 - 2017-06-29 13:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-21 20:12 - 2017-06-29 13:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-21 20:12 - 2017-06-29 13:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-21 20:12 - 2017-06-29 13:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-21 20:12 - 2017-06-29 13:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-21 20:12 - 2017-06-29 13:19 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-21 20:12 - 2017-06-29 13:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-21 20:12 - 2017-06-29 13:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-21 20:12 - 2017-06-29 13:14 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-21 20:12 - 2017-06-29 13:13 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-21 20:12 - 2017-06-29 13:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-21 20:12 - 2017-06-29 13:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-21 20:12 - 2017-06-29 13:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-21 20:12 - 2017-06-29 13:09 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-21 20:12 - 2017-06-29 13:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-21 20:12 - 2017-06-29 13:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-21 20:12 - 2017-06-29 13:07 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-21 20:12 - 2017-06-29 13:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-21 20:12 - 2017-06-29 13:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-21 20:12 - 2017-06-29 13:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-21 20:12 - 2017-06-29 12:58 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-21 20:12 - 2017-06-29 12:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-21 20:12 - 2017-06-29 12:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-21 20:12 - 2017-06-29 12:53 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-21 20:12 - 2017-06-29 12:41 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-21 20:12 - 2017-06-29 12:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-21 20:12 - 2017-06-29 12:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-21 20:12 - 2017-06-22 22:58 - 03223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-21 20:12 - 2017-06-16 04:23 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-21 20:12 - 2017-06-13 06:54 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-21 20:12 - 2017-06-13 06:54 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-21 20:12 - 2017-06-13 06:54 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-21 20:12 - 2017-06-13 06:49 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 01363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-21 20:12 - 2017-06-13 06:49 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-21 20:12 - 2017-06-13 06:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-21 20:12 - 2017-06-13 06:29 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-21 20:12 - 2017-06-13 06:29 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-21 20:12 - 2017-06-13 06:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-21 20:12 - 2017-06-13 06:29 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-21 20:12 - 2017-06-13 06:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-21 20:12 - 2017-06-13 06:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-21 20:12 - 2017-06-13 06:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-21 20:12 - 2017-06-13 06:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-21 20:12 - 2017-06-13 06:14 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-21 20:12 - 2017-06-13 06:14 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-21 20:12 - 2017-06-13 06:12 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-21 20:12 - 2017-06-13 06:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-21 20:12 - 2017-06-13 06:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-21 20:12 - 2017-06-13 06:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-21 20:12 - 2017-06-13 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-21 20:12 - 2017-06-13 06:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-21 20:12 - 2017-06-10 23:59 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-21 20:12 - 2017-06-09 23:33 - 01680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-21 20:12 - 2017-06-06 23:30 - 01867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-21 20:12 - 2017-05-30 12:56 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-21 20:12 - 2017-05-30 12:56 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-21 20:12 - 2017-05-30 12:56 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-21 20:12 - 2017-05-21 12:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-21 20:12 - 2017-05-21 12:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-21 20:12 - 2017-05-16 23:35 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-21 20:12 - 2017-05-16 23:35 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-21 20:12 - 2017-05-16 23:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-21 19:31 - 2017-05-03 23:34 - 00094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-21 19:31 - 2017-05-03 23:29 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-21 19:31 - 2017-05-03 21:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-21 19:31 - 2017-03-23 10:06 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-07-21 14:20 - 2017-07-24 22:55 - 00001355 _____ C:\Users\DiNo\Downloads\gwagen.txt
2017-07-21 12:26 - 2017-07-21 12:26 - 01674852 _____ C:\Users\DiNo\Downloads\ubp_forms.zip
2017-07-17 12:24 - 2017-07-24 12:49 - 00000942 _____ C:\Users\DiNo\Desktop\novitec.txt
2017-07-07 17:00 - 2017-07-07 17:00 - 00462824 _____ C:\Windows\Minidump\070717-38282-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-25 18:14 - 2009-07-14 12:45 - 00017488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-25 18:14 - 2009-07-14 12:45 - 00017488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-25 18:10 - 2017-02-02 11:35 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-25 18:07 - 2016-12-18 08:43 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FB1E8505-2514-419D-B450-EAAEC9838F5F}
2017-07-25 16:58 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-25 15:45 - 2016-12-09 18:51 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-25 15:44 - 2016-12-09 18:51 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-25 07:14 - 2016-12-18 20:20 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2017-07-24 22:01 - 2016-11-28 09:23 - 00000000 ____D C:\Users\DiNo\Documents\Youcam
2017-07-23 17:50 - 2016-12-05 11:45 - 00000000 ____D C:\Users\DiNo\AppData\LocalLow\Mozilla
2017-07-22 19:34 - 2009-07-14 13:08 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-22 13:00 - 2009-07-14 13:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-22 13:00 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2017-07-22 12:32 - 2009-07-14 12:45 - 00412264 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-22 04:20 - 2016-11-28 00:53 - 00000000 ____D C:\Users\DiNo\AppData\Local\Google
2017-07-21 20:37 - 2016-11-28 00:53 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-21 20:25 - 2017-04-23 12:56 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-07-21 19:52 - 2017-04-02 20:22 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-21 19:51 - 2016-11-28 02:12 - 00000000 ____D C:\Windows\system32\MRT
2017-07-21 19:46 - 2016-12-10 23:17 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-21 19:20 - 2017-06-19 08:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-21 19:20 - 2017-06-19 08:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-13 17:50 - 2016-12-20 19:10 - 00000000 ____D C:\Users\DiNo\AppData\Roaming\vlc
2017-07-07 17:00 - 2016-12-05 12:53 - 00000000 ____D C:\Windows\Minidump
2017-07-07 17:00 - 2016-12-05 12:52 - 330026592 _____ C:\Windows\MEMORY.DMP
2017-07-06 07:40 - 2016-12-18 11:05 - 00000000 ____D C:\Users\DiNo\AppData\Roaming\Skype
2017-06-25 03:19 - 2017-06-19 09:07 - 00000000 ____D C:\Program Files (x86)\BitLord
2017-06-25 03:19 - 2017-03-14 10:32 - 00000000 ____D C:\Users\DiNo\AppData\Roaming\PhotoScape
2017-06-25 03:19 - 2017-03-05 13:10 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-25 03:19 - 2017-01-15 17:47 - 00000000 __RHD C:\MSOCache
2017-06-25 03:19 - 2009-07-14 15:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-06-25 03:19 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2017-06-25 03:19 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration
==================== Files in the root of some directories =======
2017-03-14 10:31 - 2017-03-14 10:46 - 4096000 _____ () C:\Program Files (x86)\GUTB167.tmp
2017-05-09 14:16 - 2017-05-09 14:18 - 7649280 _____ () C:\Program Files (x86)\GUTDD6.tmp
2017-07-25 01:07 - 2017-07-25 01:20 - 0000004 _____ () C:\Users\DiNo\AppData\Roaming\pid.txt
2017-07-25 01:07 - 2017-07-25 01:20 - 0000048 _____ () C:\Users\DiNo\AppData\Roaming\pidloc.txt
2017-07-25 01:07 - 2017-07-21 19:42 - 0526848 _____ () C:\Users\DiNo\AppData\Roaming\Windows Update.exe
2017-05-24 18:37 - 2017-05-24 18:37 - 0003584 _____ () C:\Users\DiNo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-25 17:28 - 2017-07-25 17:28 - 0000017 _____ () C:\Users\DiNo\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
2012-04-04 12:50 - 2012-04-04 12:50 - 0216064 _____ () C:\Users\DiNo\AppData\Local\Temp\gcapi_dll.dll
2012-11-19 13:14 - 2012-11-19 13:14 - 0012800 _____ () C:\Users\DiNo\AppData\Local\Temp\gdapi.dll
2013-06-25 01:19 - 2013-06-25 01:19 - 2380752 _____ (Mooii) C:\Users\DiNo\AppData\Local\Temp\GoogleSetup.exe
2013-04-30 19:30 - 2013-04-30 19:30 - 0763232 _____ (Google Inc.) C:\Users\DiNo\AppData\Local\Temp\GoogleUpdateSetup_latest.exe
2011-11-21 15:25 - 2011-11-21 15:25 - 0073408 _____ () C:\Users\DiNo\AppData\Local\Temp\gtapi_signed.dll
2013-06-24 22:50 - 2013-06-24 22:50 - 0052800 _____ (Mooii) C:\Users\DiNo\AppData\Local\Temp\GTGCAPI.exe
2017-06-19 07:58 - 2017-06-19 07:58 - 1638344 _____ (Temibosafo ) C:\Users\DiNo\AppData\Local\Temp\ICReinstall_BitlordSetup_VASVcl.exe
2013-04-30 03:32 - 2013-04-30 03:32 - 0782808 _____ (Google Inc.) C:\Users\DiNo\AppData\Local\Temp\Mooii_GDrive.exe
2013-06-19 20:45 - 2013-06-19 20:45 - 0782520 _____ () C:\Users\DiNo\AppData\Local\Temp\Mooii_Photoscape_Chrome_New.exe
2013-04-30 03:32 - 2013-04-30 03:32 - 0782288 _____ (Google Inc.) C:\Users\DiNo\AppData\Local\Temp\Mooii_Toolbar_Omaha.exe
2007-11-07 00:19 - 2007-11-07 00:19 - 0655872 _____ (Microsoft Corporation) C:\Users\DiNo\AppData\Local\Temp\msvcr90.dll
2017-06-17 13:29 - 2017-07-06 07:40 - 58684896 _____ (Skype Technologies S.A.) C:\Users\DiNo\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-25 05:26
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017
Ran by DiNo (25-07-2017 18:22:42)
Running from C:\Users\DiNo\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-11-27 16:02:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-371815623-3163942107-3489479027-500 - Administrator - Disabled)
DiNo (S-1-5-21-371815623-3163942107-3489479027-1000 - Administrator - Enabled) => C:\Users\DiNo
Guest (S-1-5-21-371815623-3163942107-3489479027-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-371815623-3163942107-3489479027-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
A4 TECH PC Camera H (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}) (Version: - )
A4 TECH PC Camera H (HKLM-x32\...\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}) (Version: 2007.11.12 - A4 TECH)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated)
UnZipper 1.0.0 (HKLM-x32\...\UnZipper) (Version: 1.0.0 - UnZipper)
Upwork version 4.2.153.0 (HKLM-x32\...\{F8678797-5A4B-43CF-88D0-EEF67DB3B55E}_is1) (Version: 4.2.153.0 - Upwork, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-25] (AVAST Software)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-25] (AVAST Software)
ContextMenuHandlers01: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} => -> No File
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-25] (AVAST Software)
ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers04: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers04: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} => -> No File
ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-03-26] (Intel Corporation)
ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-25] (AVAST Software)
ContextMenuHandlers06: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07837914-2D87-4080-B4AE-C3A755964AC5} - System32\Tasks\{73699240-2671-4D92-BC7A-B8B462C3F904} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Task: {08CA8891-A27E-40FB-AA01-4B5511020C32} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-25] (AVAST Software)
Task: {09F8EED9-3F66-487E-A528-1D90D5C35FCA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-01] (AVAST Software)
Task: {0A203B3A-574E-4A5C-BA59-E7A93DDA37C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-21] (Google Inc.)
Task: {1B493E77-8301-4461-8D87-2277CB35015F} - System32\Tasks\{7BC72065-8783-4469-AF58-27FA527C304B} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Alwil Software\Avast5\aswRunDll.exe" -c "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Task: {8A6C6F06-9C83-40B9-A3D5-F370A6345E13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-21] (Google Inc.)
Task: {ADCEAB3F-9684-4814-BCC7-EDF7B3E05A30} - System32\Tasks\{5C5FABB7-A226-4158-A279-D13645A124F8} => C:\Users\DiNo\Downloads\W2W.exe
Task: {B7564E6F-0C10-4033-B1D9-409B2E855F50} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05] (CyberLink)
Task: {D5EDD994-5A1C-4077-8E38-4440845FFB99} - System32\Tasks\{2636AC76-8A2F-4C1A-8552-B30D753A0524} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Task: {D7E70BA3-FC27-4293-8947-03C61797DCE8} - System32\Tasks\{2264F74B-1BE9-47DD-A0E7-BCD7FB7BF85E} => C:\Users\DiNo\Downloads\W2W.exe
Task: {F34477A7-94AA-4159-AB69-CB4CDF311FFE} - System32\Tasks\{2C72FD5A-CD62-401B-B78E-550AEA7379BB} => C:\Windows\system32\pcalua.exe -a C:\Users\DiNo\AppData\Local\Roblox\Versions\version-934c86ec4aa148f0\RobloxPlayerLauncher.exe -c -uninstall
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\DiNo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\396b803340084593\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
==================== Loaded Modules (Whitelisted) ==============
2016-12-05 12:25 - 2006-07-04 14:16 - 00049152 _____ () C:\Windows\Domino.exe
2016-11-28 00:15 - 2010-08-23 15:46 - 01068032 _____ () C:\Windows\system32\vmprp332x64.ax
2017-07-21 20:38 - 2017-06-23 11:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-07-21 20:38 - 2017-06-23 11:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2016-11-28 00:12 - 2011-02-18 08:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-25 18:11 - 2017-07-25 18:11 - 05884160 _____ () C:\Program Files\AVAST Software\Avast\defs\17071601\algo.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 01065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-25 18:10 - 2017-07-25 18:10 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 10:34 - 2016-12-09 19:22 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-371815623-3163942107-3489479027-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DiNo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.4.4 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: 332BigDog => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
MSCONFIG\startupreg: Domino => C:\Windows\Domino.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Upwork => C:\Program Files (x86)\Upwork\upwork.exe
MSCONFIG\startupreg: VMSnap3 => C:\Windows\VMSnap3.exe
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{DAE807A8-2E58-4420-8C45-68ABE51B6CD8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{063BEFAC-ED68-49BC-875B-FD4218CE972A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{144DDB73-00A6-42A8-97ED-F5F57FD15342}C:\users\dino\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dino\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{5B56E5F4-8B33-45A4-A195-AE75EA7978D7}C:\users\dino\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dino\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [TCP Query User{63D38F68-26AD-4871-972D-0DA76FB5D6E2}C:\users\dino\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dino\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{741E4BCD-45AC-46C5-B883-9C486A65F19D}C:\users\dino\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dino\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{406C5E28-4448-4BEE-BAF5-9FDEDDFC8FCD}] => (Allow) C:\Program Files (x86)\Upwork\upwork.exe
FirewallRules: [{B6CD8B94-4971-43E3-9400-C1F0A9799C8C}] => (Allow) C:\Program Files (x86)\Upwork\upwork.exe
FirewallRules: [{B6404E43-7955-4697-9A0A-6B9FB82E3331}] => (Allow) C:\Program Files (x86)\Upwork\upwork.exe
FirewallRules: [{D77003D6-E460-4EB3-871D-66C24DDCF98E}] => (Allow) C:\Program Files (x86)\Upwork\upwork.exe
FirewallRules: [{DD2209C0-DBAF-4636-94FC-6AFCCC616519}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4B8FA033-B9CD-436B-8F8F-49656371B670}] => (Allow) C:\Users\DiNo\Downloads\New folder\W2W.exe
FirewallRules: [{27B005C5-2564-4DB9-AD4D-115FABAAFAB1}] => (Allow) C:\Users\DiNo\Downloads\New folder\W2W.exe
FirewallRules: [{ADC7496A-21CD-4C94-8EA0-AC061B8ADBE2}] => (Allow) C:\Users\DiNo\Downloads\New folder\W2W.exe
FirewallRules: [{014204D2-B56B-4420-B117-47978AF80B59}] => (Allow) C:\Users\DiNo\Downloads\New folder\W2W.exe
==================== Restore Points =========================
21-07-2017 19:16:09 Windows Update
21-07-2017 19:44:12 Windows Update
21-07-2017 20:15:35 Windows Update
22-07-2017 12:10:48 Windows Update
22-07-2017 12:50:09 Windows Update
22-07-2017 14:43:02 Windows Update
23-07-2017 19:01:29 Windows Backup
24-07-2017 10:51:27 avast! Free Antivirus Setup
25-07-2017 01:13:46 avast! Free Antivirus Setup
25-07-2017 07:12:32 avast! Free Antivirus Setup
25-07-2017 16:53:48 avast! Free Antivirus Setup
==================== Faulty Device Manager Devices =============
Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/25/2017 06:12:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (07/25/2017 05:00:33 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
Error: (07/25/2017 04:56:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 59.0.3071.115, time stamp: 0x594c442d
Faulting module name: ntdll.dll, version: 6.1.7601.23807, time stamp: 0x5915fdce
Exception code: 0xc0000374
Fault offset: 0x00000000000bf3e2
Faulting process id: 0xcb8
Faulting application start time: 0x01d30523dc105ead
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 1b26bab7-7117-11e7-b597-6427378066f6
Error: (07/25/2017 03:33:42 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
Error: (07/25/2017 06:41:20 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
Error: (07/25/2017 01:21:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
Error: (07/25/2017 01:16:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 59.0.3071.115, time stamp: 0x594c442d
Faulting module name: ntdll.dll, version: 6.1.7601.23807, time stamp: 0x5915fdce
Exception code: 0xc0000374
Fault offset: 0x00000000000bf3e2
Faulting process id: 0x11c4
Faulting application start time: 0x01d304a0a0421563
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: de6f055d-7093-11e7-a9be-6427378066f6
Error: (07/25/2017 12:16:58 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
Error: (07/25/2017 12:14:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhost.exe, version: 6.1.7601.18010, time stamp: 0x50aee9f3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000007757000a
Faulting process id: 0x5f8
Faulting application start time: 0x01d30497e1cf1fe3
Faulting application path: C:\Windows\system32\taskhost.exe
Faulting module path: unknown
Report Id: 2a9a5b74-708b-11e7-a9be-6427378066f6
Error: (07/24/2017 12:06:21 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x8000ffff.
System errors:
=============
Error: (07/25/2017 06:22:51 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
Error: (07/25/2017 05:48:56 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
CodeIntegrity:
===================================
Date: 2016-12-05 12:21:06.974
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbVM303.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-05 12:21:06.958
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbVM303.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Celeron® CPU B800 @ 1.50GHz
Percentage of memory in use: 67%
Total physical RAM: 1991.86 MB
Available physical RAM: 645.09 MB
Total Virtual: 3983.72 MB
Available Virtual: 2482.25 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:147.36 GB) (Free:90.23 GB) NTFS
Drive d: () (Fixed) (Total:150.63 GB) (Free:64.87 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=147.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================