May I have a check up please

tallin · July 17, 2016, 06:00:51 AM

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-17 15:52 - 2016-07-17 15:52 - 00025043 _____ C:\Users\user\Desktop\FRST.txt
2016-07-16 04:48 - 2016-07-17 15:52 - 00000000 ____D C:\FRST
2016-07-16 04:44 - 2016-07-17 03:57 - 02391040 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-07-13 14:35 - 2016-06-11 16:57 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-07-13 14:35 - 2016-06-11 14:48 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-07-13 14:35 - 2016-06-11 07:38 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-07-13 14:35 - 2016-06-11 07:38 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-07-13 14:35 - 2016-06-11 07:20 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-07-13 14:35 - 2016-06-11 07:19 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-07-13 14:35 - 2016-06-11 07:19 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-07-13 14:35 - 2016-06-11 07:18 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-07-13 14:35 - 2016-06-11 07:18 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-07-13 14:35 - 2016-06-11 07:17 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-07-13 14:35 - 2016-06-11 07:10 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-07-13 14:35 - 2016-06-11 07:08 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-07-13 14:35 - 2016-06-11 07:05 - 25814016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-07-13 14:35 - 2016-06-11 07:04 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-07-13 14:35 - 2016-06-11 07:03 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-07-13 14:35 - 2016-06-11 07:03 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-07-13 14:35 - 2016-06-11 07:02 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-07-13 14:35 - 2016-06-11 07:02 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-07-13 14:35 - 2016-06-11 06:53 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-07-13 14:35 - 2016-06-11 06:50 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-07-13 14:35 - 2016-06-11 06:49 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-07-13 14:35 - 2016-06-11 06:40 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-07-13 14:35 - 2016-06-11 06:38 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-07-13 14:35 - 2016-06-11 06:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-07-13 14:35 - 2016-06-11 06:34 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-07-13 14:35 - 2016-06-11 06:31 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-07-13 14:35 - 2016-06-11 06:28 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-07-13 14:35 - 2016-06-11 06:15 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-07-13 14:35 - 2016-06-11 06:13 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-07-13 14:35 - 2016-06-11 06:12 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-07-13 14:35 - 2016-06-11 06:11 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-07-13 14:35 - 2016-06-11 06:10 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-07-13 14:35 - 2016-06-11 05:45 - 15409664 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-07-13 14:35 - 2016-06-11 05:44 - 02869248 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-07-13 14:35 - 2016-06-11 05:30 - 01550848 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-07-13 14:35 - 2016-06-11 05:21 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-07-13 14:35 - 2016-06-11 05:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-07-13 14:35 - 2016-06-11 04:54 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-07-13 14:35 - 2016-06-11 04:53 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-07-13 14:35 - 2016-06-11 04:53 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-07-13 14:35 - 2016-06-11 04:53 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-07-13 14:35 - 2016-06-11 04:52 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-07-13 14:35 - 2016-06-11 04:47 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-07-13 14:35 - 2016-06-11 04:46 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-07-13 14:35 - 2016-06-11 04:45 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-07-13 14:35 - 2016-06-11 04:42 - 20348928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-07-13 14:35 - 2016-06-11 04:42 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-07-13 14:35 - 2016-06-11 04:41 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-07-13 14:35 - 2016-06-11 04:41 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-07-13 14:35 - 2016-06-11 04:41 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-07-13 14:35 - 2016-06-11 04:32 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-07-13 14:35 - 2016-06-11 04:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-13 14:35 - 2016-06-11 04:26 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-07-13 14:35 - 2016-06-11 04:24 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-07-13 14:35 - 2016-06-11 04:23 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-07-13 14:35 - 2016-06-11 04:21 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-07-13 14:35 - 2016-06-11 04:19 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-07-13 14:35 - 2016-06-11 04:14 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-07-13 14:35 - 2016-06-11 04:12 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-07-13 14:35 - 2016-06-11 04:10 - 00692736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-07-13 14:35 - 2016-06-11 04:09 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-07-13 14:35 - 2016-06-11 04:09 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-07-13 14:35 - 2016-06-11 03:58 - 13806080 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-07-13 14:35 - 2016-06-11 03:45 - 02392576 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-07-13 14:35 - 2016-06-11 03:42 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-07-13 14:35 - 2016-06-11 03:41 - 01315840 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00970240 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00344576 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00166400 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\inetppui.dll
2016-07-13 14:33 - 2016-06-26 05:54 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2016-07-13 14:33 - 2016-06-26 05:53 - 00297472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.dll
2016-07-13 14:33 - 2016-06-26 05:53 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\ntprint.exe
2016-07-13 14:33 - 2016-06-26 05:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wpnpinst.exe
2016-07-13 14:33 - 2016-06-26 05:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.exe
2016-07-13 14:33 - 2016-06-15 01:03 - 03217408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-07-08 08:25 - 2016-07-08 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-07-08 08:12 - 2016-07-08 08:12 - 13677800 _____ (Google) C:\Users\user\Downloads\picasa.exe.EXE
2016-07-07 07:01 - 2016-06-26 10:35 - 00041704 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-07-07 07:01 - 2016-06-26 10:27 - 01208320 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-07-07 07:01 - 2016-06-22 23:06 - 00268800 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 01490432 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00294912 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00219136 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-07-07 03:48 - 2016-07-07 19:17 - 00000000 ____D C:\Users\user\Desktop\Tax 2016
2016-07-02 13:16 - 2016-07-02 13:16 - 00000207 _____ C:\windows\tweaking.com-regbackup-LAPTOP-Windows-7-Home-Premium-(64-bit).dat
2016-06-23 18:50 - 2016-05-17 09:22 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-06-23 18:50 - 2016-05-17 09:19 - 05546216 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-06-23 18:50 - 2016-05-17 09:19 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-06-23 18:50 - 2016-05-17 09:19 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-06-23 18:50 - 2016-05-17 09:19 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-06-23 18:50 - 2016-05-17 09:18 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-06-23 18:50 - 2016-05-17 09:18 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-06-23 18:50 - 2016-05-17 09:17 - 01732888 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-06-23 18:50 - 2016-05-17 09:16 - 01314136 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 07:23 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-06-23 18:50 - 2016-05-17 07:23 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-06-23 18:50 - 2016-05-17 07:23 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-06-23 18:50 - 2016-05-17 07:23 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-06-23 18:50 - 2016-05-17 07:19 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-06-23 18:50 - 2016-05-17 07:19 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-06-23 18:50 - 2016-05-17 07:16 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-06-23 18:50 - 2016-05-17 07:15 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-06-23 18:50 - 2016-05-17 07:15 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-06-23 18:50 - 2016-05-17 07:14 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-06-23 18:50 - 2016-05-17 07:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-06-23 18:50 - 2016-05-17 07:14 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-06-23 18:50 - 2016-05-17 07:10 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-06-23 18:50 - 2016-05-17 07:10 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-06-23 18:50 - 2016-05-17 07:10 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-06-23 18:50 - 2016-05-17 07:10 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-06-23 18:50 - 2016-05-17 07:09 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-06-23 18:50 - 2016-05-17 07:09 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 07:09 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 07:09 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 07:09 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-06-23 18:50 - 2016-05-14 08:09 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-06-23 18:50 - 2016-05-14 08:09 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-06-23 18:50 - 2016-05-14 08:09 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-06-23 18:50 - 2016-05-14 08:07 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-06-23 18:50 - 2016-05-14 07:55 - 02607104 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-06-23 18:50 - 2016-05-14 07:53 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-06-23 18:50 - 2016-05-14 07:53 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-06-23 18:50 - 2016-05-14 07:52 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-06-23 18:50 - 2016-05-14 07:52 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-06-23 18:50 - 2016-05-14 07:52 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-06-23 18:50 - 2016-05-14 07:52 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-06-23 18:50 - 2016-05-14 07:50 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-06-23 18:50 - 2016-05-14 07:38 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-06-23 18:50 - 2016-05-14 07:38 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-06-23 18:50 - 2016-05-14 07:38 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-06-23 18:50 - 2016-05-14 07:38 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-06-23 18:50 - 2016-05-13 03:14 - 00862208 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-06-23 18:50 - 2016-05-13 03:14 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-06-23 18:50 - 2016-05-13 01:18 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-06-23 18:50 - 2016-05-13 01:18 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2016-06-23 18:50 - 2016-05-13 01:18 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-06-23 18:50 - 2016-05-05 03:21 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-06-23 18:50 - 2016-05-05 03:17 - 03244032 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-06-23 18:50 - 2016-05-05 03:16 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-06-23 18:50 - 2016-05-05 03:16 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-06-23 18:50 - 2016-05-05 01:04 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-06-23 18:50 - 2016-05-05 00:55 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-17 15:52 - 2016-04-21 10:41 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000UA.job
2016-07-17 15:39 - 2009-07-14 14:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-17 15:39 - 2009-07-14 14:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-17 15:29 - 2016-01-20 06:18 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-07-17 14:53 - 2012-10-11 11:10 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-17 11:01 - 2015-04-17 19:26 - 00000892 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-17 10:48 - 2016-03-26 16:43 - 00000000 ____D C:\Program Files\Java
2016-07-17 10:48 - 2013-09-12 07:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-17 10:47 - 2015-08-21 11:11 - 00000000 ____D C:\Users\user\.oracle_jre_usage
2016-07-17 08:53 - 2012-10-11 11:10 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-17 08:52 - 2016-04-21 10:41 - 00000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000Core.job
2016-07-17 08:43 - 2014-10-29 14:19 - 01509634 _____ C:\IFRToolLog.txt
2016-07-17 08:41 - 2015-01-05 17:49 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-07-17 08:39 - 2009-07-14 13:20 - 00000000 ____D C:\windows\inf
2016-07-17 08:37 - 2012-10-11 10:33 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-07-17 08:37 - 2009-07-14 15:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-17 08:36 - 2012-11-21 03:51 - 00000000 ____D C:\windows\pss
2016-07-17 07:34 - 2015-07-21 17:47 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-07-17 07:34 - 2012-10-11 19:53 - 00000000 ____D C:\ProgramData\TEMP
2016-07-17 07:34 - 2012-10-11 19:53 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-07-17 07:34 - 2009-07-14 13:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2016-07-17 07:33 - 2009-07-14 13:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2016-07-17 07:11 - 2014-03-25 07:33 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-17 04:38 - 2013-12-11 16:54 - 00000000 ____D C:\AdwCleaner
2016-07-17 04:19 - 2012-11-15 11:43 - 10444800 ___SH C:\Users\user\Desktop\Thumbs.db
2016-07-17 03:57 - 2013-11-25 13:19 - 00000000 ____D C:\Users\user\AppData\LocalLow\Temp
2016-07-16 18:28 - 2012-10-11 10:33 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-07-16 09:02 - 2014-03-11 12:43 - 00000000 ____D C:\Users\user\AppData\Local\DoNotTrackPlus
2016-07-15 06:30 - 2016-01-20 06:18 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-07-15 06:29 - 2013-07-25 08:19 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-07-15 06:29 - 2013-07-25 08:19 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-13 16:24 - 2009-07-14 13:20 - 00000000 ____D C:\windows\rescache
2016-07-13 15:11 - 2009-07-14 14:45 - 00295232 _____ C:\windows\system32\FNTCACHE.DAT
2016-07-13 14:48 - 2013-07-11 14:55 - 00000000 ____D C:\windows\system32\MRT
2016-07-13 14:38 - 2012-10-10 18:41 - 144749672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-07-13 14:27 - 2012-10-11 08:54 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-07-13 03:30 - 2015-04-17 19:26 - 00003880 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-07-13 03:13 - 2012-04-10 13:56 - 00000000 ____D C:\windows\system32\Macromed
2016-07-13 03:12 - 2012-04-10 13:56 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-07-11 12:42 - 2015-03-16 20:10 - 00000000 ____D C:\Users\user\Desktop\This and that
2016-07-08 08:25 - 2012-10-11 11:10 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-08 08:05 - 2014-04-07 15:00 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-07-07 19:01 - 2014-04-19 07:09 - 00001276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-07-07 19:01 - 2012-10-18 09:05 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-07-07 19:01 - 2012-10-11 11:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-07-07 19:01 - 2012-10-11 11:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-07-07 19:00 - 2012-10-11 11:14 - 00001429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-07-07 07:03 - 2014-12-11 10:29 - 00000000 ____D C:\windows\system32\appraiser
2016-07-07 07:03 - 2010-11-21 17:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-02 13:26 - 2012-10-11 16:15 - 00000000 ___RD C:\Users\user\Desktop\Short Cuts
2016-07-02 10:04 - 2012-11-14 07:40 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-06-25 05:06 - 2013-03-19 18:28 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-23 19:05 - 2009-07-14 15:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-23 18:57 - 2009-07-14 15:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2016-06-23 18:54 - 2015-08-12 06:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-23 18:54 - 2015-08-12 06:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 18:45 - 2015-08-12 06:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-17 08:08 - 2014-09-28 06:00 - 00000000 ____D C:\Users\user\AppData\Local\Adobe

==================== Files in the root of some directories =======

2012-10-14 08:43 - 2011-12-22 12:45 - 0076407 _____ () C:\Users\user\AppData\Roaming\Smiley.ico
2012-10-14 17:32 - 2012-11-11 17:44 - 0007597 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2015-03-31 07:08 - 2015-03-31 07:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-10-30 16:01 - 2014-04-05 13:49 - 0000931 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-17 00:51

==================== End of FRST.txt ============================

tallin · July 17, 2016, 06:02:58 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2016
Ran by user (2016-07-17 15:52:53)
Running from C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-10 07:49:11)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2559403254-2449595015-3183726934-500 - Administrator - Disabled)
Guest (S-1-5-21-2559403254-2449595015-3183726934-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2559403254-2449595015-3183726934-1003 - Limited - Enabled)
user (S-1-5-21-2559403254-2449595015-3183726934-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 50.14.22.465 - Comodo)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Do Not Track Me Add-on 2.2.9.1112 (HKLM-x32\...\Do Not Track Me Add-on_is1) (Version: 2.2.9.1112 - Abine Inc)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Foxit PhantomPDF Standard (HKLM-x32\...\{86848256-DF08-4F3D-A32D-37151AA16510}) (Version: 7.3.4.311 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
Foxit Reader Packages (HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Foxit Reader Packages) (Version: - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
IntelÂ® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.161.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.2 (HKLM-x32\...\{4E96CB8B-444E-4EA3-8EF4-26060B0B411F}) (Version: 4.12.9782 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Secunia PSI (3.0.0.11003) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11003 - Secunia)
SIW 2011 Home Edition (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1206 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.2 - Synaptics Incorporated)
System Explorer 4.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 2.1.17.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}) (Version: 8.0.43 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Peak Shift Control (HKLM\...\{73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}) (Version: 3.00.07.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00B81717-4B73-40D8-84CD-BB9C86857B1A} - System32\Tasks\{F3E4F16A-D512-4304-BE19-62E7AA42FE46} => C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
Task: {1310ABB3-FF79-4E9F-A734-E027B77AD2AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {197FBE8E-2345-4ED5-B15E-55E3C99FADDD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-04] (AVAST Software)
Task: {243BC1F2-EB92-457D-982C-13601923A5DD} - System32\Tasks\{2118880F-9654-4B8C-AB4D-21FDB1C5F292} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {2A37F4BA-0FCF-4761-8574-90481ACE2ACF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {30D798D8-348A-448D-B75F-E83444ED9FDD} - System32\Tasks\{AACEF16D-EF56-4E96-B096-36796F4B3375} => pcalua.exe -a C:\Users\user\Desktop\wlsetup-web.exe -d C:\Users\user\Desktop
Task: {389E72CD-9DD9-48A7-A05E-D82F688BA666} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {3A647352-A29C-49B2-8116-B0CBB911DFB5} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {43C8DDA7-9DA6-4D95-9EF0-E279D3E50AAF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {45EB5BF9-A8CB-40B3-A17E-21F503AA4240} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {54F33FC6-C628-4590-8647-7947A34DEFEB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-21] (Google Inc.)
Task: {58E5BF72-48C0-457A-9AFD-FE3BC385AAAE} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {63618FC2-6A49-4233-8883-B5174876840E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7341B2F9-7F63-4705-9239-3F901CFCD18C} - System32\Tasks\Tweaking.com - Registry Backup => C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe [2016-03-25] (Tweaking.com)
Task: {750D3CCE-15F5-46B0-9B92-F0F5BFE685AC} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {8F980367-A9EE-47F1-AABC-C87FD6A6B13E} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-10-25] (TOSHIBA CORPORATION)
Task: {8FDF50BE-BB79-40C0-9715-493CE17D2755} - System32\Tasks\{55A79A95-530B-49BA-A056-FD3986009EE5} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter
Task: {A0F4DB5E-206E-4F85-90A7-64B0E6520141} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-21] (Google Inc.)
Task: {B614A8C7-FF73-4ED0-A207-7EEDE7691EFC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {E19CAA86-61D7-4075-990E-0E560C4B53A1} - System32\Tasks\{ED6C20F3-F753-47C5-B805-60852A68CEF8} => pcalua.exe -a D:\setup.exe -d D:\
Task: {E51B898C-84B7-4192-A43F-5C34821EC09E} - System32\Tasks\SafeZone scheduled Autoupdate 1458718366 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {E633EE81-866A-4282-A95C-D7975F739FF8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-11] (Piriform Ltd)
Task: {E6A088DB-4C9F-45C0-8B9F-D675584552B0} - System32\Tasks\{91939A97-7A8A-4899-B4CA-7D73102E5D3B} => pcalua.exe -a C:\Users\user\AppData\Local\Temp\jre-8u25-windows-au.exe -d "C:\Program Files\Java\jre1.8.0_20\bin" -c /installmethod=jau-m FAMILYUPGRADE=1
Task: {F86E91F9-D73E-41B9-A0D0-B774F1C7ED43} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Web Applications\www.timeanddate.com\http_80\The Personal World Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.timeanddate.com/worldclock/personal.html
ShortcutWithArgument: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Web Applications\www.thefreedictionary.com\http_80\assumption - definition of assumption by the Free Online Dictionary, Thesaurus and Encyclopedia..lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.thefreedictionary.com/assumption
ShortcutWithArgument: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Web Applications\update.filehippo.com\http_80\FileHippo.com - Download Free Software.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://update.filehippo.com/update/check/709de7ab-30df-453d-9cb5-0ec937344e6d
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\The Personal World Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.timeanddate.com/worldclock/personal.html
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) ==============

2010-07-15 14:44 - 2010-07-15 14:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-03-27 10:33 - 2012-03-27 10:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-05-04 16:22 - 2016-05-04 16:22 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-04 16:22 - 2016-05-04 16:22 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-16 21:03 - 2016-07-16 21:03 - 03000832 _____ () C:\Program Files\AVAST Software\Avast\defs\16071600\algo.dll
2016-05-04 16:22 - 2016-05-04 16:22 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-04 16:22 - 2016-05-04 16:22 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-05 18:30 - 2015-12-05 18:30 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-31 21:35 - 2014-03-31 21:35 - 00033472 _____ () C:\Program Files (x86)\Windows Live\Shared\en\uxctlloc.dll.mui
2014-03-31 21:35 - 2014-03-31 21:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2016-06-25 05:06 - 2016-06-24 01:08 - 01747784 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libglesv2.dll
2016-06-25 05:06 - 2016-06-24 01:07 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE trusted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\softpedia.com -> hxxp://www.softpedia.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12684 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2015-10-30 12:54 - 00451995 ____R C:\windows\system32\Drivers\etc\hosts

127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   www.10sek.com
127.0.0.1   10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   www.123fporn.info
127.0.0.1   123fporn.info
127.0.0.1   123haustiereundmehr.com
127.0.0.1   www.123haustiereundmehr.com
127.0.0.1   123moviedownload.com
127.0.0.1   www.123moviedownload.com

There are 15496 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GFNEXSrv => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: Secunia PSI Agent => 3
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SystemExplorerHelpService => 3
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: Unchecky => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2BA18A62-CEFF-4BE0-90E8-0AADF096D109}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{3CC15EAE-67BA-4543-B642-30435F713B23}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{0AECBFC6-EAC3-4255-9019-3DC633CAE867}] => (Allow) C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{8C874EF3-1F5C-41FD-9218-EB5E6463C60D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{107D03F2-739E-4E4B-9A4E-DFE0359F2B89}C:\program files (x86)\rarmaradio\rarmaradio.exe] => (Allow) C:\program files (x86)\rarmaradio\rarmaradio.exe
FirewallRules: [UDP Query User{221E8199-7ABE-4289-AF6A-5C0D0B6E825A}C:\program files (x86)\rarmaradio\rarmaradio.exe] => (Allow) C:\program files (x86)\rarmaradio\rarmaradio.exe
FirewallRules: [TCP Query User{AD82F37F-0101-4510-92AF-F3FC95107A5A}C:\users\user\appdata\roaming\raimaradiopro\raimatv.exe] => (Allow) C:\users\user\appdata\roaming\raimaradiopro\raimatv.exe
FirewallRules: [UDP Query User{D7CADF78-4BFB-4E43-9348-C698FF694C2C}C:\users\user\appdata\roaming\raimaradiopro\raimatv.exe] => (Allow) C:\users\user\appdata\roaming\raimaradiopro\raimatv.exe
FirewallRules: [{43B05A9C-E171-4573-BD27-A8CD11BFB8A1}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{A480D89A-6C6B-48D2-97F6-F140EC0F739D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{469139F9-AA94-4F3C-816A-97E8F331E293}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{3319ADFA-30F8-440C-B6CF-D8C660ABA862}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E82DC193-6164-4E45-8223-2675E7313A46}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{72E843B5-F6DB-4461-9183-8590548C52E3}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{50211898-132A-41CA-BF7E-4DB2F612D057}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{9EE54DD1-71DE-4BA0-B65D-6E2249EF8342}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{5ABDFAB2-FDC0-4F6E-AF92-25AED5C3AB8F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A0498104-90FE-42C8-AD08-698A7781CF17}] => (Allow) LPort=2869
FirewallRules: [{C309F082-44A7-4487-B2F2-593A3730161A}] => (Allow) LPort=1900
FirewallRules: [{A9F632C1-E4C6-46F8-90F7-346D74D1D56E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7A2A78EE-3640-4EE0-AF4A-60EB54C26274}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{292F8B50-70F7-4315-B89E-90F9063C4CCA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8BE303B5-7A8B-44B9-BF11-3195601039B8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4EE6634C-AD85-4970-A3E4-558B8937EC12}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Users\user\AppData\Local\Temp\KB141735488.exe] => Enabled:Microsoft Office

==================== Restore Points =========================

07-07-2016 07:01:13 Windows Update
07-07-2016 18:57:02 Installed DirectX
07-07-2016 18:57:19 Installed DirectX
07-07-2016 18:58:09 Installed DirectX
10-07-2016 19:00:00 Windows Backup
13-07-2016 14:35:46 Windows Update
17-07-2016 03:57:21 Restore Point Created by FRST
17-07-2016 04:54:08 JRT Pre-Junkware Removal
17-07-2016 10:47:21 Removed Java 8 Update 77 (64-bit)
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2016 08:41:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CNQMUPDT.EXE, version: 2.2.1.0, time stamp: 0x517a49ec
Faulting module name: CNMDWLD.DLL, version: 1.0.0.0, time stamp: 0x4f5eedc8
Exception code: 0xc0000005
Fault offset: 0x000023c6
Faulting process id: 0x1758
Faulting application start time: 0xCNQMUPDT.EXE0
Faulting application path: CNQMUPDT.EXE1
Faulting module path: CNQMUPDT.EXE2
Report Id: CNQMUPDT.EXE3

Error: (07/17/2016 08:40:30 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (07/17/2016 08:40:30 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (07/17/2016 08:39:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2016 08:38:45 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/17/2016 08:38:45 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/17/2016 08:38:45 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/17/2016 08:38:45 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (07/17/2016 08:38:42 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/17/2016 08:38:42 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

System errors:
=============
Error: (07/17/2016 08:46:20 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/17/2016 08:46:20 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/17/2016 08:39:41 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143 = There are no more endpoints available from the endpoint mapper.
.

Error: (07/17/2016 08:39:18 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056 = An instance of the service is already running.

Error: (07/17/2016 08:38:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/17/2016 08:38:45 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (07/17/2016 06:05:12 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/17/2016 05:57:51 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143 = There are no more endpoints available from the endpoint mapper.
.

Error: (07/17/2016 05:55:51 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (07/17/2016 04:48:47 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU B820 @ 1.70GHz
Percentage of memory in use: 28%
Total physical RAM: 10129.8 MB
Available physical RAM: 7269 MB
Total Virtual: 20257.79 MB
Available Virtual: 17324.09 MB

==================== Drives ================================

Drive c: (S3A9565D003) (Fixed) (Total:283.99 GB) (Free:213.28 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (KINGSTON) (Removable) (Total:59.4 GB) (Free:49.8 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 60A7FE5A)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.6 GB) - (Type=17)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 59.4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=59.4 GB) - (Type=0C)

==================== End of Addition.txt ============================

Corrine · July 17, 2016, 02:04:22 PM

Curiously, the log still shows many items disabled in msconfig.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Open Notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the entire contents of the code box below into Notepad.

Code Select


start
CreateRestorePoint:
CloseProcesses:
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.400.25) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 8 U40) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.400.25) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 8 U40) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.400.25) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 8 U40) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-07] (IObit)
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
EmptyTemp:
end

Click Format and ensure Wordwrap is unchecked.
Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
- Please post the log in your next reply.

tallin · July 17, 2016, 08:36:25 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-07-2016 03
Ran by user (2016-07-18 06:22:23) Run:2
Running from C:\Users\user\Desktop\FRST-OlderVersion
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.400.25) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 8 U40) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.400.25) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 8 U40) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.400.25) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 8 U40) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-07] (IObit)
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.4" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll => not found.
C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => not found.
LiveUpdateSvc => service removed successfully
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe => moved successfully
AvastVBoxSvc => service could not remove

The system needed a reboot.

==== End of Fixlog 06:22:36 ====

Corrine · July 18, 2016, 01:30:31 PM

After that "check up" and all those steps, how is your computer?

tallin · July 18, 2016, 06:18:07 PM

Firstly thank you for all your time spent with my "Check up" over the past days.

I have attached a snap of msconfig showing Dropbox unchecked. I do not have it installed so why would it be showing there.

When I click on, for instance the link in your reply email to reply, I get a black screen but only with Chrome browser, not with IE. If I cut and paste the link into Chrome, it loads as normal. This is not a new thing, it was happening before I asked for a check up from LanzDown forum. Chrome is my default browser. This has only happened recently and was one of the minor items that prompted me to ask for the checkup.

Other than the above, I do not see a differents in this computers performance.

kind regards,

Corrine · July 18, 2016, 07:10:40 PM

I get it now! In order for me to remove the "AppData" for Dropbox, you need to check the box and enable it. Then, with fresh FRST logs, I it can be removed.

Your screen copy also explains why all the other items are still showing in the log as being in msconfig. You need to click on each tab and enable all. That is the only way FRST can access the files for removal.

I also noticed in your last log that you used "FRST-OlderVersion". If you want me to remove the Dropbox and other appropriate entries, it would probably be a good idea if you ran Delfix and downloaded a fresh copy of FRST. The reason I'm suggesting Delfix is that it will pick up any files that you might miss. The following steps are needed to do that:

Please download Delfix from here.

Ensure the following boxes are checked:

Remove disinfection tools
Create registry backup
Purge system restore
Click Run

The program will run for a few moments and then notepad will open with a log.

tallin · July 18, 2016, 10:13:29 PM

I also found and forgot to mention when clicking on an email address in a Chrome web ink, I get the message in the attachment posted below.

I am not privy to how important it is to clear msconfig of the entries showing, but have taken your advice and am posting the following logs after disabling all entries with in msconfig.

Thank you once again for your efforts.

~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2016
Ran by user (administrator) on LAPTOP (19-07-2016 07:59:05)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NiceKit) C:\Users\user\Downloads\SnapaShotzip\SnapaShot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-28] (AVAST Software)
HKLM-x32\...\Run: [WinPatrol [FREE Edition]] => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
Winlogon\Notify\igfxcui:
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-04-21] (Google Inc.)
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-11] (Piriform Ltd)
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-04] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3DFA4C0A-DDE3-4AA0-8577-F92CC6E96077}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B2689B5E-9B37-4FD0-81B4-050F4739F1C5}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F6F9C116-0ABB-46B0-B0D0-52FD082C9CF4}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Do Not Track Me -> {6E45F3E8-2683-4824-A6BE-08108022FB36} -> C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll [2013-11-12] (Abine Inc)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-15] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-11-04] (<TOSHIBA>)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-11] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-15] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-11] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-11-04] (<TOSHIBA>)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2559403254-2449595015-3183726934-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2559403254-2449595015-3183726934-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-04]

Chrome:
=======
CHR HomePage: Profile 3 -> hxxp://www.dailymail.co.uk/news/article-2382096/Incredible-footage-reveals-French-World-War-Two-prisoners-secretly-filmed-life-POW-camp-tiny-camera-hidden-hollowed-dictionary.html
CHR StartupUrls: Profile 3 -> "hxxps://www.google.com.au/","","hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN02437379718666-1025&toolbarId=base&affiliateId=1025&Lan=en&utid=b46df7100000000000000015af128eec","hxxp://blank/","hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=dc13809e8dc1445a862174a9bdc9df7d&tu=10GXy009z2B0Ca0&sku=&tstsId=&ver=&","hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=en&gu=dc13809e8dc1445a862174a9bdc9df7d&tu=10GXy00Bs2C01g0&sku=&tstsId=&ver=&"
CHR DefaultSearchURL: Profile 3 -> hxxp://www.google.com.au/search?q={searchTerms}&rls=com.microsoft:{language}&rlz=1I7GGIT_en
CHR DefaultSearchKeyword: Profile 3 -> google.com.au__
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\pdf.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (IntelÂ® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (IntelÂ® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 8.0.400.25) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 8 U40) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Translate) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-17]
CHR Extension: (Simple Drag & Drop Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aiifonoffdkfmmiadigmjhoameijkdbb [2015-06-24]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-06-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-01]
CHR Extension: (YoWindow Free Weather) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fanogbnclpilemkifpjeglokomebpnef [2016-03-26]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-09]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-05]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2016-06-17]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-04] (AVAST Software)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2001592 2016-06-03] (Comodo)
S4 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-22] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-22] (Intel Corporation)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1572056 2015-12-01] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [839384 2015-12-01] (Secunia)
S4 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-12-01] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-26] ()
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

tallin · July 18, 2016, 10:15:18 PM

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-19 07:59 - 2016-07-19 07:59 - 00024685 _____ C:\Users\user\Desktop\FRST.txt
2016-07-19 07:58 - 2016-07-19 07:59 - 00000000 ____D C:\FRST
2016-07-19 07:57 - 2016-07-19 07:57 - 02391552 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-07-19 07:54 - 2016-07-19 07:55 - 00001849 _____ C:\DelFix.txt
2016-07-19 07:54 - 2016-07-19 07:54 - 00000000 ____D C:\windows\ERUNT
2016-07-13 14:35 - 2016-06-11 16:57 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-07-13 14:35 - 2016-06-11 14:48 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-07-13 14:35 - 2016-06-11 07:38 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-07-13 14:35 - 2016-06-11 07:38 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-07-13 14:35 - 2016-06-11 07:20 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-07-13 14:35 - 2016-06-11 07:19 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-07-13 14:35 - 2016-06-11 07:19 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-07-13 14:35 - 2016-06-11 07:18 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-07-13 14:35 - 2016-06-11 07:18 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-07-13 14:35 - 2016-06-11 07:17 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-07-13 14:35 - 2016-06-11 07:10 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-07-13 14:35 - 2016-06-11 07:08 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-07-13 14:35 - 2016-06-11 07:05 - 25814016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-07-13 14:35 - 2016-06-11 07:04 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-07-13 14:35 - 2016-06-11 07:03 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-07-13 14:35 - 2016-06-11 07:03 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-07-13 14:35 - 2016-06-11 07:02 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-07-13 14:35 - 2016-06-11 07:02 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-07-13 14:35 - 2016-06-11 06:53 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-07-13 14:35 - 2016-06-11 06:50 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-07-13 14:35 - 2016-06-11 06:49 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-07-13 14:35 - 2016-06-11 06:40 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-07-13 14:35 - 2016-06-11 06:38 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-07-13 14:35 - 2016-06-11 06:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-07-13 14:35 - 2016-06-11 06:34 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-07-13 14:35 - 2016-06-11 06:31 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-07-13 14:35 - 2016-06-11 06:28 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-07-13 14:35 - 2016-06-11 06:15 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-07-13 14:35 - 2016-06-11 06:13 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-07-13 14:35 - 2016-06-11 06:12 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-07-13 14:35 - 2016-06-11 06:11 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-07-13 14:35 - 2016-06-11 06:10 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-07-13 14:35 - 2016-06-11 05:45 - 15409664 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-07-13 14:35 - 2016-06-11 05:44 - 02869248 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-07-13 14:35 - 2016-06-11 05:30 - 01550848 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-07-13 14:35 - 2016-06-11 05:21 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-07-13 14:35 - 2016-06-11 05:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-07-13 14:35 - 2016-06-11 04:54 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-07-13 14:35 - 2016-06-11 04:53 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-07-13 14:35 - 2016-06-11 04:53 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-07-13 14:35 - 2016-06-11 04:53 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-07-13 14:35 - 2016-06-11 04:52 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-07-13 14:35 - 2016-06-11 04:47 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-07-13 14:35 - 2016-06-11 04:46 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-07-13 14:35 - 2016-06-11 04:45 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-07-13 14:35 - 2016-06-11 04:42 - 20348928 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-07-13 14:35 - 2016-06-11 04:42 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-07-13 14:35 - 2016-06-11 04:41 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-07-13 14:35 - 2016-06-11 04:41 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-07-13 14:35 - 2016-06-11 04:41 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-07-13 14:35 - 2016-06-11 04:32 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-07-13 14:35 - 2016-06-11 04:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-13 14:35 - 2016-06-11 04:26 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-07-13 14:35 - 2016-06-11 04:24 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-07-13 14:35 - 2016-06-11 04:23 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-07-13 14:35 - 2016-06-11 04:21 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-07-13 14:35 - 2016-06-11 04:19 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-07-13 14:35 - 2016-06-11 04:14 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-07-13 14:35 - 2016-06-11 04:12 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-07-13 14:35 - 2016-06-11 04:10 - 00692736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-07-13 14:35 - 2016-06-11 04:09 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-07-13 14:35 - 2016-06-11 04:09 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-07-13 14:35 - 2016-06-11 03:58 - 13806080 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-07-13 14:35 - 2016-06-11 03:45 - 02392576 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-07-13 14:35 - 2016-06-11 03:42 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-07-13 14:35 - 2016-06-11 03:41 - 01315840 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00970240 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00344576 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00166400 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2016-07-13 14:33 - 2016-06-26 10:27 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\inetppui.dll
2016-07-13 14:33 - 2016-06-26 05:54 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2016-07-13 14:33 - 2016-06-26 05:53 - 00297472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.dll
2016-07-13 14:33 - 2016-06-26 05:53 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\ntprint.exe
2016-07-13 14:33 - 2016-06-26 05:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wpnpinst.exe
2016-07-13 14:33 - 2016-06-26 05:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.exe
2016-07-13 14:33 - 2016-06-15 01:03 - 03217408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-07-08 08:25 - 2016-07-08 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-07-08 08:12 - 2016-07-08 08:12 - 13677800 _____ (Google) C:\Users\user\Downloads\picasa.exe.EXE
2016-07-07 07:01 - 2016-06-26 10:35 - 00041704 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-07-07 07:01 - 2016-06-26 10:27 - 01208320 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-07-07 07:01 - 2016-06-22 23:06 - 00268800 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 01490432 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00294912 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00219136 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-07-07 07:01 - 2016-06-18 04:24 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-07-07 03:48 - 2016-07-07 19:17 - 00000000 ____D C:\Users\user\Desktop\Tax 2016
2016-07-02 13:16 - 2016-07-02 13:16 - 00000207 _____ C:\windows\tweaking.com-regbackup-LAPTOP-Windows-7-Home-Premium-(64-bit).dat
2016-06-23 18:50 - 2016-05-17 09:22 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-06-23 18:50 - 2016-05-17 09:19 - 05546216 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-06-23 18:50 - 2016-05-17 09:19 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-06-23 18:50 - 2016-05-17 09:19 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-06-23 18:50 - 2016-05-17 09:19 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-06-23 18:50 - 2016-05-17 09:18 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-06-23 18:50 - 2016-05-17 09:18 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-06-23 18:50 - 2016-05-17 09:17 - 01732888 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-06-23 18:50 - 2016-05-17 09:16 - 01314136 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 09:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 07:23 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-06-23 18:50 - 2016-05-17 07:23 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-06-23 18:50 - 2016-05-17 07:23 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-06-23 18:50 - 2016-05-17 07:23 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-06-23 18:50 - 2016-05-17 07:19 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-06-23 18:50 - 2016-05-17 07:19 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-06-23 18:50 - 2016-05-17 07:16 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-06-23 18:50 - 2016-05-17 07:15 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-06-23 18:50 - 2016-05-17 07:15 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-06-23 18:50 - 2016-05-17 07:14 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-06-23 18:50 - 2016-05-17 07:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-06-23 18:50 - 2016-05-17 07:14 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-06-23 18:50 - 2016-05-17 07:10 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-06-23 18:50 - 2016-05-17 07:10 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-06-23 18:50 - 2016-05-17 07:10 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-06-23 18:50 - 2016-05-17 07:10 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-06-23 18:50 - 2016-05-17 07:09 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-06-23 18:50 - 2016-05-17 07:09 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 07:09 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 07:09 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-06-23 18:50 - 2016-05-17 07:09 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-06-23 18:50 - 2016-05-14 08:09 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-06-23 18:50 - 2016-05-14 08:09 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-06-23 18:50 - 2016-05-14 08:09 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-06-23 18:50 - 2016-05-14 08:07 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-06-23 18:50 - 2016-05-14 07:55 - 02607104 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-06-23 18:50 - 2016-05-14 07:53 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-06-23 18:50 - 2016-05-14 07:53 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-06-23 18:50 - 2016-05-14 07:52 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-06-23 18:50 - 2016-05-14 07:52 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-06-23 18:50 - 2016-05-14 07:52 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-06-23 18:50 - 2016-05-14 07:52 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-06-23 18:50 - 2016-05-14 07:50 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-06-23 18:50 - 2016-05-14 07:38 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-06-23 18:50 - 2016-05-14 07:38 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-06-23 18:50 - 2016-05-14 07:38 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-06-23 18:50 - 2016-05-14 07:38 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-06-23 18:50 - 2016-05-13 03:14 - 00862208 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-06-23 18:50 - 2016-05-13 03:14 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-06-23 18:50 - 2016-05-13 01:18 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-06-23 18:50 - 2016-05-13 01:18 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2016-06-23 18:50 - 2016-05-13 01:18 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-06-23 18:50 - 2016-05-05 03:21 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-06-23 18:50 - 2016-05-05 03:17 - 03244032 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-06-23 18:50 - 2016-05-05 03:17 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-06-23 18:50 - 2016-05-05 03:16 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-06-23 18:50 - 2016-05-05 03:16 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-06-23 18:50 - 2016-05-05 01:04 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-06-23 18:50 - 2016-05-05 00:55 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-19 07:54 - 2013-01-08 09:01 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2016-07-19 07:53 - 2012-10-11 11:10 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-19 07:52 - 2016-04-21 10:41 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000UA.job
2016-07-19 07:29 - 2016-01-20 06:18 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-07-19 07:24 - 2009-07-14 14:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-19 07:24 - 2009-07-14 14:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-19 04:02 - 2012-11-15 11:43 - 10467840 ___SH C:\Users\user\Desktop\Thumbs.db
2016-07-18 18:31 - 2014-10-29 14:19 - 01515754 _____ C:\IFRToolLog.txt
2016-07-18 18:28 - 2012-10-11 10:33 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-07-18 10:55 - 2012-10-11 19:53 - 00000000 ____D C:\ProgramData\TEMP
2016-07-18 10:55 - 2012-10-11 19:53 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-07-18 10:53 - 2014-03-25 07:33 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-18 10:51 - 2015-01-05 17:49 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-07-18 10:51 - 2009-07-14 13:20 - 00000000 ____D C:\windows\inf
2016-07-18 08:53 - 2012-10-11 11:10 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-18 08:52 - 2016-04-21 10:41 - 00000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000Core.job
2016-07-18 06:24 - 2012-10-11 10:33 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-07-18 06:24 - 2009-07-14 15:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-17 11:01 - 2015-04-17 19:26 - 00000892 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-17 10:48 - 2016-03-26 16:43 - 00000000 ____D C:\Program Files\Java
2016-07-17 10:48 - 2013-09-12 07:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-17 10:47 - 2015-08-21 11:11 - 00000000 ____D C:\Users\user\.oracle_jre_usage
2016-07-17 08:36 - 2012-11-21 03:51 - 00000000 ____D C:\windows\pss
2016-07-17 07:34 - 2015-07-21 17:47 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-07-17 07:34 - 2009-07-14 13:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2016-07-17 07:33 - 2009-07-14 13:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2016-07-17 03:57 - 2013-11-25 13:19 - 00000000 ____D C:\Users\user\AppData\LocalLow\Temp
2016-07-16 09:02 - 2014-03-11 12:43 - 00000000 ____D C:\Users\user\AppData\Local\DoNotTrackPlus
2016-07-15 06:30 - 2016-01-20 06:18 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-07-15 06:29 - 2013-07-25 08:19 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-07-15 06:29 - 2013-07-25 08:19 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-13 16:24 - 2009-07-14 13:20 - 00000000 ____D C:\windows\rescache
2016-07-13 15:11 - 2009-07-14 14:45 - 00295232 _____ C:\windows\system32\FNTCACHE.DAT
2016-07-13 14:48 - 2013-07-11 14:55 - 00000000 ____D C:\windows\system32\MRT
2016-07-13 14:38 - 2012-10-10 18:41 - 144749672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-07-13 14:27 - 2012-10-11 08:54 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-07-13 03:30 - 2015-04-17 19:26 - 00003880 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-07-13 03:13 - 2012-04-10 13:56 - 00000000 ____D C:\windows\system32\Macromed
2016-07-13 03:12 - 2012-04-10 13:56 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-07-11 12:42 - 2015-03-16 20:10 - 00000000 ____D C:\Users\user\Desktop\This and that
2016-07-08 08:25 - 2012-10-11 11:10 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-08 08:05 - 2014-04-07 15:00 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-07-07 19:01 - 2014-04-19 07:09 - 00001276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-07-07 19:01 - 2012-10-18 09:05 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-07-07 19:01 - 2012-10-11 11:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-07-07 19:01 - 2012-10-11 11:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-07-07 19:00 - 2012-10-11 11:14 - 00001429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-07-07 07:03 - 2014-12-11 10:29 - 00000000 ____D C:\windows\system32\appraiser
2016-07-07 07:03 - 2010-11-21 17:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-02 13:26 - 2012-10-11 16:15 - 00000000 ___RD C:\Users\user\Desktop\Short Cuts
2016-07-02 10:04 - 2012-11-14 07:40 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-06-25 05:06 - 2013-03-19 18:28 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-23 19:05 - 2009-07-14 15:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-23 18:57 - 2009-07-14 15:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2016-06-23 18:54 - 2015-08-12 06:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-23 18:54 - 2015-08-12 06:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 18:45 - 2015-08-12 06:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2012-10-14 08:43 - 2011-12-22 12:45 - 0076407 _____ () C:\Users\user\AppData\Roaming\Smiley.ico
2012-10-14 17:32 - 2012-11-11 17:44 - 0007597 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2015-03-31 07:08 - 2015-03-31 07:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-10-30 16:01 - 2014-04-05 13:49 - 0000931 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-17 00:51

==================== End of FRST.txt ==================

tallin · July 18, 2016, 10:16:49 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2016
Ran by user (2016-07-19 07:59:36)
Running from C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-10 07:49:11)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2559403254-2449595015-3183726934-500 - Administrator - Disabled)
Guest (S-1-5-21-2559403254-2449595015-3183726934-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2559403254-2449595015-3183726934-1003 - Limited - Enabled)
user (S-1-5-21-2559403254-2449595015-3183726934-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 50.14.22.465 - Comodo)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Do Not Track Me Add-on 2.2.9.1112 (HKLM-x32\...\Do Not Track Me Add-on_is1) (Version: 2.2.9.1112 - Abine Inc)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Foxit PhantomPDF Standard (HKLM-x32\...\{86848256-DF08-4F3D-A32D-37151AA16510}) (Version: 7.3.4.311 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
Foxit Reader Packages (HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\Foxit Reader Packages) (Version: - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
IntelÂ® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.161.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.2 (HKLM-x32\...\{4E96CB8B-444E-4EA3-8EF4-26060B0B411F}) (Version: 4.12.9782 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Secunia PSI (3.0.0.11003) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11003 - Secunia)
SIW 2011 Home Edition (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1206 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.2 - Synaptics Incorporated)
System Explorer 4.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 2.1.17.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}) (Version: 8.0.43 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Peak Shift Control (HKLM\...\{73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}) (Version: 3.00.07.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00B81717-4B73-40D8-84CD-BB9C86857B1A} - System32\Tasks\{F3E4F16A-D512-4304-BE19-62E7AA42FE46} => C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
Task: {1310ABB3-FF79-4E9F-A734-E027B77AD2AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {197FBE8E-2345-4ED5-B15E-55E3C99FADDD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-04] (AVAST Software)
Task: {243BC1F2-EB92-457D-982C-13601923A5DD} - System32\Tasks\{2118880F-9654-4B8C-AB4D-21FDB1C5F292} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {2A37F4BA-0FCF-4761-8574-90481ACE2ACF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {30D798D8-348A-448D-B75F-E83444ED9FDD} - System32\Tasks\{AACEF16D-EF56-4E96-B096-36796F4B3375} => pcalua.exe -a C:\Users\user\Desktop\wlsetup-web.exe -d C:\Users\user\Desktop
Task: {389E72CD-9DD9-48A7-A05E-D82F688BA666} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {3A647352-A29C-49B2-8116-B0CBB911DFB5} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {43C8DDA7-9DA6-4D95-9EF0-E279D3E50AAF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {45EB5BF9-A8CB-40B3-A17E-21F503AA4240} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {54F33FC6-C628-4590-8647-7947A34DEFEB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-21] (Google Inc.)
Task: {58E5BF72-48C0-457A-9AFD-FE3BC385AAAE} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {63618FC2-6A49-4233-8883-B5174876840E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7341B2F9-7F63-4705-9239-3F901CFCD18C} - System32\Tasks\Tweaking.com - Registry Backup => C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe [2016-03-25] (Tweaking.com)
Task: {750D3CCE-15F5-46B0-9B92-F0F5BFE685AC} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {8F980367-A9EE-47F1-AABC-C87FD6A6B13E} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-10-25] (TOSHIBA CORPORATION)
Task: {8FDF50BE-BB79-40C0-9715-493CE17D2755} - System32\Tasks\{55A79A95-530B-49BA-A056-FD3986009EE5} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter
Task: {A0F4DB5E-206E-4F85-90A7-64B0E6520141} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-21] (Google Inc.)
Task: {B614A8C7-FF73-4ED0-A207-7EEDE7691EFC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {E19CAA86-61D7-4075-990E-0E560C4B53A1} - System32\Tasks\{ED6C20F3-F753-47C5-B805-60852A68CEF8} => pcalua.exe -a D:\setup.exe -d D:\
Task: {E51B898C-84B7-4192-A43F-5C34821EC09E} - System32\Tasks\SafeZone scheduled Autoupdate 1458718366 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {E633EE81-866A-4282-A95C-D7975F739FF8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-11] (Piriform Ltd)
Task: {E6A088DB-4C9F-45C0-8B9F-D675584552B0} - System32\Tasks\{91939A97-7A8A-4899-B4CA-7D73102E5D3B} => pcalua.exe -a C:\Users\user\AppData\Local\Temp\jre-8u25-windows-au.exe -d "C:\Program Files\Java\jre1.8.0_20\bin" -c /installmethod=jau-m FAMILYUPGRADE=1
Task: {F86E91F9-D73E-41B9-A0D0-B774F1C7ED43} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2559403254-2449595015-3183726934-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Web Applications\www.timeanddate.com\http_80\The Personal World Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.timeanddate.com/worldclock/personal.html
ShortcutWithArgument: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Web Applications\www.thefreedictionary.com\http_80\assumption - definition of assumption by the Free Online Dictionary, Thesaurus and Encyclopedia..lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.thefreedictionary.com/assumption
ShortcutWithArgument: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 3\Web Applications\update.filehippo.com\http_80\FileHippo.com - Download Free Software.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://update.filehippo.com/update/check/709de7ab-30df-453d-9cb5-0ec937344e6d
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\The Personal World Clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.timeanddate.com/worldclock/personal.html
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) ==============

2010-07-15 14:44 - 2010-07-15 14:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-05-04 16:22 - 2016-05-04 16:22 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-04 16:22 - 2016-05-04 16:22 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-17 20:39 - 2016-07-17 20:39 - 03000832 _____ () C:\Program Files\AVAST Software\Avast\defs\16071700\algo.dll
2016-05-04 16:22 - 2016-05-04 16:22 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-04 16:22 - 2016-05-04 16:22 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-19 06:27 - 2016-07-19 06:27 - 03000832 _____ () C:\Program Files\AVAST Software\Avast\defs\16071801\algo.dll
2015-12-05 18:30 - 2015-12-05 18:30 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-31 21:35 - 2014-03-31 21:35 - 00033472 _____ () C:\Program Files (x86)\Windows Live\Shared\en\uxctlloc.dll.mui
2014-03-31 21:35 - 2014-03-31 21:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2016-06-25 05:06 - 2016-06-24 01:08 - 01747784 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libglesv2.dll
2016-06-25 05:06 - 2016-06-24 01:07 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE trusted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\softpedia.com -> hxxp://www.softpedia.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12684 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2015-10-30 12:54 - 00451995 ____R C:\windows\system32\Drivers\etc\hosts

127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   www.10sek.com
127.0.0.1   10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   www.123fporn.info
127.0.0.1   123fporn.info
127.0.0.1   123haustiereundmehr.com
127.0.0.1   www.123haustiereundmehr.com
127.0.0.1   123moviedownload.com
127.0.0.1   www.123moviedownload.com

There are 15496 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2559403254-2449595015-3183726934-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GFNEXSrv => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: Secunia PSI Agent => 3
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SystemExplorerHelpService => 3
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: Unchecky => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2BA18A62-CEFF-4BE0-90E8-0AADF096D109}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{3CC15EAE-67BA-4543-B642-30435F713B23}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{0AECBFC6-EAC3-4255-9019-3DC633CAE867}] => (Allow) C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{8C874EF3-1F5C-41FD-9218-EB5E6463C60D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{107D03F2-739E-4E4B-9A4E-DFE0359F2B89}C:\program files (x86)\rarmaradio\rarmaradio.exe] => (Allow) C:\program files (x86)\rarmaradio\rarmaradio.exe
FirewallRules: [UDP Query User{221E8199-7ABE-4289-AF6A-5C0D0B6E825A}C:\program files (x86)\rarmaradio\rarmaradio.exe] => (Allow) C:\program files (x86)\rarmaradio\rarmaradio.exe
FirewallRules: [TCP Query User{AD82F37F-0101-4510-92AF-F3FC95107A5A}C:\users\user\appdata\roaming\raimaradiopro\raimatv.exe] => (Allow) C:\users\user\appdata\roaming\raimaradiopro\raimatv.exe
FirewallRules: [UDP Query User{D7CADF78-4BFB-4E43-9348-C698FF694C2C}C:\users\user\appdata\roaming\raimaradiopro\raimatv.exe] => (Allow) C:\users\user\appdata\roaming\raimaradiopro\raimatv.exe
FirewallRules: [{43B05A9C-E171-4573-BD27-A8CD11BFB8A1}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{A480D89A-6C6B-48D2-97F6-F140EC0F739D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{469139F9-AA94-4F3C-816A-97E8F331E293}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{3319ADFA-30F8-440C-B6CF-D8C660ABA862}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E82DC193-6164-4E45-8223-2675E7313A46}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{72E843B5-F6DB-4461-9183-8590548C52E3}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{50211898-132A-41CA-BF7E-4DB2F612D057}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{9EE54DD1-71DE-4BA0-B65D-6E2249EF8342}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{5ABDFAB2-FDC0-4F6E-AF92-25AED5C3AB8F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A0498104-90FE-42C8-AD08-698A7781CF17}] => (Allow) LPort=2869
FirewallRules: [{C309F082-44A7-4487-B2F2-593A3730161A}] => (Allow) LPort=1900
FirewallRules: [{A9F632C1-E4C6-46F8-90F7-346D74D1D56E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7A2A78EE-3640-4EE0-AF4A-60EB54C26274}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{292F8B50-70F7-4315-B89E-90F9063C4CCA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8BE303B5-7A8B-44B9-BF11-3195601039B8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4EE6634C-AD85-4970-A3E4-558B8937EC12}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Users\user\AppData\Local\Temp\KB141735488.exe] => Enabled:Microsoft Office

==================== Restore Points =========================

19-07-2016 07:55:31 End of disinfection
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2016 06:24:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2016 06:22:23 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {95a54f7e-58c3-4aba-8393-4af4d5e6f5a5}

Error: (07/17/2016 08:41:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CNQMUPDT.EXE, version: 2.2.1.0, time stamp: 0x517a49ec
Faulting module name: CNMDWLD.DLL, version: 1.0.0.0, time stamp: 0x4f5eedc8
Exception code: 0xc0000005
Fault offset: 0x000023c6
Faulting process id: 0x1758
Faulting application start time: 0xCNQMUPDT.EXE0
Faulting application path: CNQMUPDT.EXE1
Faulting module path: CNQMUPDT.EXE2
Report Id: CNQMUPDT.EXE3

Error: (07/17/2016 08:40:30 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (07/17/2016 08:40:30 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: Cannot start service TMachInfo on computer '.'.

Error: (07/17/2016 08:39:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/17/2016 08:38:45 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/17/2016 08:38:45 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/17/2016 08:38:45 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/17/2016 08:38:45 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   Element not found. (HRESULT : 0x80070490) (0x80070490)

System errors:
=============
Error: (07/18/2016 06:32:53 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (07/18/2016 06:25:48 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143 = There are no more endpoints available from the endpoint mapper.
.

Error: (07/18/2016 06:23:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069 = The service did not start due to a logon failure.

Error: (07/18/2016 06:23:06 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50 = The request is not supported.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/18/2016 06:23:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069 = The service did not start due to a logon failure.

Error: (07/18/2016 06:23:06 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50 = The request is not supported.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/18/2016 06:22:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/18/2016 06:22:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/18/2016 06:22:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/18/2016 06:22:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU B820 @ 1.70GHz
Percentage of memory in use: 32%
Total physical RAM: 10129.8 MB
Available physical RAM: 6795.42 MB
Total Virtual: 20257.79 MB
Available Virtual: 16784.29 MB

==================== Drives ================================

Drive c: (S3A9565D003) (Fixed) (Total:283.99 GB) (Free:220.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (KINGSTON) (Removable) (Total:59.4 GB) (Free:49.79 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 60A7FE5A)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.6 GB) - (Type=17)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 59.4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=59.4 GB) - (Type=0C)

==================== End of Addition.txt ============================

tallin · July 18, 2016, 10:19:22 PM

# DelFix v1.013 - Logfile created 19/07/2016 at 07:54:54
# Updated 17/04/2016 by Xplode
# Username : user - LAPTOP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis
Deleted : C:\ComboFix.txt
Deleted : C:\Log_Backup.txt
Deleted : C:\Log_Vss.txt
Deleted : C:\Users\user\Desktop\Addition.txt
Deleted : C:\Users\user\Desktop\FRST64.exe
Deleted : C:\Users\user\Downloads\FRST64.exe
Deleted : C:\windows\grep.exe
Deleted : C:\windows\PEV.exe
Deleted : C:\windows\NIRCMD.exe
Deleted : C:\windows\MBR.exe
Deleted : C:\windows\SED.exe
Deleted : C:\windows\SWREG.exe
Deleted : C:\windows\SWSC.exe
Deleted : C:\windows\SWXCACLS.exe
Deleted : C:\windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #565 [Installed DirectX | 07/07/2016 08:57:02]
Deleted : RP #566 [Installed DirectX | 07/07/2016 08:57:19]
Deleted : RP #567 [Installed DirectX | 07/07/2016 08:58:09]
Deleted : RP #568 [Windows Backup | 07/10/2016 09:00:00]
Deleted : RP #569 [Windows Update | 07/13/2016 04:35:46]
Deleted : RP #571 [Restore Point Created by FRST | 07/16/2016 17:57:21]
Deleted : RP #572 [JRT Pre-Junkware Removal | 07/16/2016 18:54:08]
Deleted : RP #573 [Removed Java 8 Update 77 (64-bit) | 07/17/2016 00:47:21]
Deleted : RP #574 [Windows Backup | 07/17/2016 09:00:00]
Deleted : RP #576 [Restore Point Created by FRST | 07/17/2016 20:22:23]

New restore point created !

########## - EOF - ##########

Corrine · July 18, 2016, 10:38:41 PM

Glad you ran that since you had ComboFix still on the computer and it hasn't been updated in some time.

tallin · July 24, 2016, 06:04:32 PM

:) I am guessing that I am now clear of whatever was wrong with my computer. For your attention, time, and efforts Corrine I am most grateful.

Thank you.

kind regards,

Corrine · July 25, 2016, 12:02:33 AM

Since you had just wanted a checkup and there wasn't anything really malicious, you can continue on as you are or, should you wish to give it a try, we can do a follow-up (whenever) on the rest of the items in msconfig, as I explained earlier by clicking on each tab in msconfig shown in the image you posted at http://www.landzdown.com/analysis-and-malware-removal/may-i-have-a-check-up-please/msg187264/#msg187264 and enabling all.

Quote from: Corrine on July 18, 2016, 07:10:40 PM
Your screen copy also explains why all the other items are still showing in the log as being in msconfig. You need to click on each tab and enable all. That is the only way FRST can access the files for removal.

I also noticed in your last log that you used "FRST-OlderVersion". If you want me to remove the Dropbox and other appropriate entries, it would probably be a good idea if you ran Delfix and downloaded a fresh copy of FRST. The reason I'm suggesting Delfix is that it will pick up any files that you might miss.

tallin · July 25, 2016, 02:23:03 AM

Thank you for the content of your reply, I am really glad there was nothing really malicious.

From the information in your reply I am guessing there is no danger in continuing on as I am now. My computer is running well, in fact it is running the same as it was when I first posted "May I have a check up please". It had been so long since I had had a check up with Nutnworks sadly long since closed, that was the reason I chose Landzdown forum for this checkup.

If you feel I MUST send further logs as suggested and run Delfix once again it would be a new start as all software pertaining to this checkup has been deleted from my desktop.

With ref. to using an old version of FRST, I used the link from "Log Posting Instructions > Logs requested".

I will await your advice regarding staying as I am, or starting all over again with new downloads and postings..

kind regards,