PDA

View Full Version : Computer slowed by long running script



Lanzo
2016-12-24, 18:40
It seems whenever I go onto any popular website my computer slows up due to long running scripts and on other occasions the IE will crash.

I have posted my logs below

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by Lan (administrator) on DAVES-PC (24-12-2016 15:56:51)
Running from C:\Users\Lan\Desktop
Loaded Profiles: Lan (Available Profiles: Lan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\Polar\Daemon\polard.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Spotify Ltd) C:\Users\Lan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_23_0_0_185_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3200672 2010-06-30] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [161088 2011-01-12] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1153448 2016-08-10] ()
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-14] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Polar Sync] => [X]
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Spotify Web Helper] => C:\Users\Lan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-05] (Spotify Ltd)
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Spotify] => C:\Users\Lan\AppData\Roaming\Spotify\Spotify.exe [8449136 2016-02-05] (Spotify Ltd)
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27011712 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1191936 2015-11-19] (Polar Electro Oy)
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\system32\Macromed\Flash\FlashUtil64_23_0_0_185_ActiveX.exe [920768 2016-10-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\MountPoints2: {649dd088-cb24-11e3-9cdc-f04da2a9f971} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\MountPoints2: {8d85bf01-e6b2-11df-a172-806e6f6e6963} - D:\setup.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-02]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-02]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-04-05]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{385AE306-F9BF-49F2-A958-F45BB9626591}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E1B7AB1B-0F24-4615-8082-144331B555F7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> DefaultScope {E65C161C-3701-4D20-AA6A-62F05C3F8145} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> {DFF76810-4974-4537-A87F-729407F78CEA} URL = hxxp://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> {E65C161C-3701-4D20-AA6A-62F05C3F8145} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-08-10] (Qihu 360 Software Co., Ltd.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-08-10] (Qihu 360 Software Co., Ltd.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-03-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-11]
CHR Extension: (Google Docs) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-11]
CHR Extension: (Google Drive) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-11]
CHR Extension: (YouTube) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-11]
CHR Extension: (Google Search) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-11]
CHR Extension: (Google Sheets) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-11]
CHR Extension: (Google Docs Offline) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-11]
CHR Extension: (Gmail) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [914344 2016-08-10] (QIHU 360 SOFTWARE CO. LIMITED)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-11-22] (IBM Corp.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-08-10] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2016-08-10] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2016-08-10] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2016-08-10] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-11-13] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [391392 2016-08-10] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [190696 2016-08-10] (360.cn)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] ()
R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-09-19] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-11-22] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [235688 2016-11-22] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [489704 2016-11-22] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [548008 2016-11-22] (IBM Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RT-USB; C:\Windows\System32\drivers\RT-USB64.SYS [97152 2014-05-12] (Ross-Tech LLC)
S3 STIrUsb; C:\Windows\System32\DRIVERS\irstusb.sys [33792 2008-01-19] (SigmaTel, Inc.)
S3 StMp3Recx64; C:\Windows\System32\Drivers\StMp3Recx64.sys [26112 2007-01-12] (Generic)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-24 15:56 - 2016-12-24 15:59 - 00022854 _____ C:\Users\Lan\Desktop\FRST.txt
2016-12-14 18:16 - 2016-12-24 13:01 - 00000000 ____D C:\Users\Lan\AppData\Local\{6A30D30E-FA5E-477C-B904-FC1471F25540}
2016-12-13 18:50 - 2016-12-13 18:50 - 00011082 _____ C:\Users\Lan\Documents\ON5474 hours.xlsx
2016-12-13 18:39 - 2016-11-21 18:16 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-12-13 18:39 - 2016-11-21 18:16 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-12-13 18:39 - 2016-11-21 18:12 - 01462272 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-12-13 18:39 - 2016-11-20 16:20 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-12-13 18:39 - 2016-11-20 16:20 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-12-13 18:39 - 2016-11-20 16:20 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-12-13 18:39 - 2016-11-20 16:20 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2016-12-13 18:39 - 2016-11-20 16:20 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-12-13 18:39 - 2016-11-20 16:04 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-12-13 18:39 - 2016-11-20 15:58 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-12-13 18:39 - 2016-11-20 15:57 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-12-13 18:39 - 2016-11-20 15:57 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-12-13 18:39 - 2016-11-20 15:57 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-12-13 18:39 - 2016-11-20 15:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-12-13 18:39 - 2016-11-20 15:52 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-12-13 18:39 - 2016-11-20 14:07 - 00467392 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-12-13 18:39 - 2016-11-17 16:41 - 00370920 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2016-12-13 18:39 - 2016-11-14 23:27 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-12-13 18:39 - 2016-11-14 22:39 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-12-13 18:39 - 2016-11-12 19:48 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-12-13 18:39 - 2016-11-12 19:48 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-12-13 18:39 - 2016-11-12 19:28 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-12-13 18:39 - 2016-11-12 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-12-13 18:39 - 2016-11-12 19:26 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-12-13 18:39 - 2016-11-12 19:25 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-12-13 18:39 - 2016-11-12 19:25 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-12-13 18:39 - 2016-11-12 19:21 - 02896384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-12-13 18:39 - 2016-11-12 19:15 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-12-13 18:39 - 2016-11-12 19:14 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-12-13 18:39 - 2016-11-12 19:09 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-12-13 18:39 - 2016-11-12 19:08 - 25759744 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-12-13 18:39 - 2016-11-12 19:08 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-12-13 18:39 - 2016-11-12 19:08 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-12-13 18:39 - 2016-11-12 19:07 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-12-13 18:39 - 2016-11-12 19:07 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-12-13 18:39 - 2016-11-12 18:56 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-12-13 18:39 - 2016-11-12 18:53 - 06049280 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-12-13 18:39 - 2016-11-12 18:52 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-12-13 18:39 - 2016-11-12 18:47 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-12-13 18:39 - 2016-11-12 18:41 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-12-13 18:39 - 2016-11-12 18:40 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-12-13 18:39 - 2016-11-12 18:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-12-13 18:39 - 2016-11-12 18:34 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-12-13 18:39 - 2016-11-12 18:31 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-12-13 18:39 - 2016-11-12 18:30 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-12-13 18:39 - 2016-11-12 18:29 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-12-13 18:39 - 2016-11-12 18:29 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-12-13 18:39 - 2016-11-12 18:29 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-12-13 18:39 - 2016-11-12 18:28 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-12-13 18:39 - 2016-11-12 18:27 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-12-13 18:39 - 2016-11-12 18:20 - 02287616 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-12-13 18:39 - 2016-11-12 18:20 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-12-13 18:39 - 2016-11-12 18:19 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-12-13 18:39 - 2016-11-12 18:17 - 20302848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-12-13 18:39 - 2016-11-12 18:15 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-12-13 18:39 - 2016-11-12 18:14 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-12-13 18:39 - 2016-11-12 18:14 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-12-13 18:39 - 2016-11-12 18:14 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-12-13 18:39 - 2016-11-12 18:14 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-12-13 18:39 - 2016-11-12 18:11 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-12-13 18:39 - 2016-11-12 18:10 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-12-13 18:39 - 2016-11-12 18:08 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-12-13 18:39 - 2016-11-12 18:08 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-12-13 18:39 - 2016-11-12 18:03 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-12-13 18:39 - 2016-11-12 17:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-13 18:39 - 2016-11-12 17:56 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-12-13 18:39 - 2016-11-12 17:52 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-12-13 18:39 - 2016-11-12 17:51 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-12-13 18:39 - 2016-11-12 17:49 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-12-13 18:39 - 2016-11-12 17:47 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-12-13 18:39 - 2016-11-12 17:41 - 15257088 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-12-13 18:39 - 2016-11-12 17:40 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-12-13 18:39 - 2016-11-12 17:38 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-12-13 18:39 - 2016-11-12 17:37 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-12-13 18:39 - 2016-11-12 17:36 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-12-13 18:39 - 2016-11-12 17:36 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-12-13 18:39 - 2016-11-12 17:35 - 02920960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-12-13 18:39 - 2016-11-12 17:21 - 13653504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-12-13 18:39 - 2016-11-12 17:20 - 01543680 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-12-13 18:39 - 2016-11-12 17:11 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-12-13 18:39 - 2016-11-12 17:05 - 02444800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-12-13 18:39 - 2016-11-12 17:02 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-12-13 18:39 - 2016-11-12 17:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-12-13 18:39 - 2016-11-10 16:32 - 01009152 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-12-13 18:39 - 2016-11-10 16:19 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-12-13 18:39 - 2016-11-09 16:41 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-12-13 18:39 - 2016-11-09 16:33 - 03244032 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-12-13 18:39 - 2016-11-09 16:33 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-12-13 18:39 - 2016-11-09 16:33 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-12-13 18:39 - 2016-11-09 16:33 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-12-13 18:39 - 2016-11-09 16:33 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-12-13 18:39 - 2016-11-09 16:33 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-12-13 18:39 - 2016-11-09 16:17 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-12-13 18:39 - 2016-11-09 16:17 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-12-13 18:39 - 2016-11-09 16:17 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-12-13 18:39 - 2016-11-09 16:17 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-12-13 18:39 - 2016-11-09 16:17 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-12-13 18:39 - 2016-11-09 16:02 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-12-13 18:39 - 2016-11-09 15:55 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2016-12-13 18:39 - 2016-11-06 16:33 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-12-13 18:39 - 2016-11-06 16:16 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-12-13 18:39 - 2016-11-06 16:01 - 03219456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-12-13 18:39 - 2016-10-27 15:33 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2016-12-13 18:39 - 2016-10-27 15:20 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2016-12-13 18:39 - 2016-10-11 15:40 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-12-13 18:39 - 2016-10-11 15:37 - 05547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-12-13 18:39 - 2016-10-11 15:37 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-12-13 18:39 - 2016-10-11 15:34 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:24 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-12-13 18:39 - 2016-10-11 15:24 - 03944680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-12-13 18:39 - 2016-10-11 15:21 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:03 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-12-13 18:39 - 2016-10-11 15:03 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-12-13 18:39 - 2016-10-11 15:03 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-12-13 18:39 - 2016-10-11 14:59 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-12-13 18:39 - 2016-10-11 14:59 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-12-13 18:39 - 2016-10-11 14:55 - 00346112 _____ (Microsoft Corporation) C:\windows\system32\bcdedit.exe
2016-12-13 18:39 - 2016-10-11 14:55 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-12-13 18:39 - 2016-10-11 14:51 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-12-13 18:39 - 2016-10-11 14:51 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-12-13 18:39 - 2016-10-11 14:51 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-12-13 18:39 - 2016-10-11 14:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-12-13 18:39 - 2016-10-11 14:50 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 14:50 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 14:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 14:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 13:18 - 00419648 _____ C:\windows\SysWOW64\locale.nls
2016-12-13 18:39 - 2016-10-11 13:17 - 00419648 _____ C:\windows\system32\locale.nls
2016-12-13 18:39 - 2016-10-08 13:06 - 00633296 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2016-12-13 18:39 - 2016-10-04 15:31 - 01483264 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-12-13 18:39 - 2016-10-04 15:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-12-13 18:39 - 2016-10-04 15:31 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2016-12-13 18:39 - 2016-10-04 15:31 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2016-12-13 18:39 - 2016-10-04 15:13 - 01176064 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-12-13 18:39 - 2016-10-04 15:13 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-12-13 18:39 - 2016-10-04 15:13 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2016-12-13 18:39 - 2016-10-04 15:13 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2016-12-12 00:53 - 2016-12-13 18:05 - 00000000 ____D C:\Users\Lan\AppData\Local\{B77A6FFE-2B7D-475D-B219-9FE64165E743}
2016-12-08 19:09 - 2016-12-11 11:18 - 00000000 ____D C:\Users\Lan\AppData\Local\{A67962D7-ED2F-47E4-BB49-7EF3CAD07EF1}
2016-12-07 16:49 - 2016-12-07 16:49 - 00000000 ____D C:\Users\Lan\AppData\Local\{920E8BEA-6A57-41BD-941E-48A04B9E1DD9}
2016-12-05 19:58 - 2016-12-06 21:32 - 00000000 ____D C:\Users\Lan\AppData\Local\{8354D8A4-789B-48F4-9AA9-4492FDBF4A89}
2016-11-29 22:34 - 2016-11-29 22:34 - 00028352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr110_clr0400.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp110_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00030400 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\windows\system32\msvcr110_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\windows\system32\msvcp110_clr0400.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-24 15:57 - 2015-09-23 19:54 - 00000000 ____D C:\FRST
2016-12-24 15:50 - 2016-01-23 08:28 - 00000000 ____D C:\Users\Lan\AppData\Roaming\360Safe
2016-12-24 15:31 - 2016-01-02 13:24 - 15000576 _____ C:\Users\Lan\Documents\backup outlook.pst
2016-12-24 13:17 - 2010-11-02 18:10 - 01939592 _____ C:\windows\WindowsUpdate.log
2016-12-23 18:21 - 2011-09-07 17:57 - 00000000 ____D C:\Users\Lan\AppData\Roaming\Skype
2016-12-18 13:35 - 2009-07-14 04:51 - 00149612 _____ C:\windows\setupact.log
2016-12-17 13:45 - 2011-08-13 22:36 - 00003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 13:45 - 2011-08-13 22:36 - 00003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 19:52 - 2009-07-14 04:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-16 19:52 - 2009-07-14 04:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-16 19:42 - 2016-05-29 16:03 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-16 19:40 - 2009-07-14 05:13 - 00789658 _____ C:\windows\system32\PerfStringBackup.INI
2016-12-15 17:32 - 2015-01-11 16:39 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-15 17:32 - 2015-01-11 16:39 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 18:16 - 2015-11-28 10:29 - 00000000 ____D C:\Users\Lan\AppData\Local\Spotify
2016-12-14 18:15 - 2014-08-13 12:54 - 00000000 ____D C:\Users\Lan\AppData\Local\HTC MediaHub
2016-12-14 18:15 - 2012-08-10 21:02 - 00000000 ____D C:\Users\Lan\Tracing
2016-12-14 18:15 - 2010-11-02 19:18 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-12-14 18:14 - 2011-04-05 17:56 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-12-14 18:14 - 2011-04-05 17:56 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-12-14 04:39 - 2009-07-14 05:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-12-14 04:38 - 2015-11-17 22:00 - 00422000 _____ C:\windows\system32\FNTCACHE.DAT
2016-12-14 04:13 - 2011-04-05 22:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-14 04:03 - 2013-08-09 02:09 - 00000000 ____D C:\windows\system32\MRT
2016-12-14 03:45 - 2011-05-03 20:08 - 135632432 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-12-14 03:32 - 2012-10-13 21:06 - 00773968 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-12-11 20:05 - 2016-01-27 22:50 - 00000000 _RSHD C:\360SANDBOX
2016-12-05 20:02 - 2013-08-15 02:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-12-05 19:52 - 2011-04-05 22:28 - 00549058 _____ C:\windows\PFRO.log
2016-12-01 20:09 - 2009-07-14 03:20 - 00000000 ____D C:\windows\rescache
2016-11-29 21:29 - 2013-09-21 19:02 - 00034816 _____ C:\Users\Lan\Documents\Copy of Pass.xls
2016-11-29 21:02 - 2016-08-13 14:42 - 00000972 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk

==================== Files in the root of some directories =======

2016-07-21 21:49 - 2016-07-21 21:49 - 0000323 _____ () C:\Users\Lan\AppData\Local\LMIR0001.tmp_r.bat
2011-10-21 19:33 - 2011-10-21 19:33 - 0007605 _____ () C:\Users\Lan\AppData\Local\Resmon.ResmonCfg
2011-09-07 18:01 - 2011-09-07 18:01 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2014-12-31 12:22 - 2016-04-04 18:33 - 0008192 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Lan\FRST64.exe


Some files in TEMP:
====================
C:\Users\Lan\AppData\Local\Temp\2ebpuily.dll
C:\Users\Lan\AppData\Local\Temp\ACLMInstaller.exe
C:\Users\Lan\AppData\Local\Temp\Quarantine.exe
C:\Users\Lan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-12-06 17:39

==================== End of FRST.txt ============================


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by Lan (administrator) on DAVES-PC (24-12-2016 15:56:51)
Running from C:\Users\Lan\Desktop
Loaded Profiles: Lan (Available Profiles: Lan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\Polar\Daemon\polard.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Spotify Ltd) C:\Users\Lan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_23_0_0_185_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3200672 2010-06-30] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [161088 2011-01-12] (McAfee, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1153448 2016-08-10] ()
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-14] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Polar Sync] => [X]
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Spotify Web Helper] => C:\Users\Lan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-05] (Spotify Ltd)
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Spotify] => C:\Users\Lan\AppData\Roaming\Spotify\Spotify.exe [8449136 2016-02-05] (Spotify Ltd)
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27011712 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1191936 2015-11-19] (Polar Electro Oy)
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\system32\Macromed\Flash\FlashUtil64_23_0_0_185_ActiveX.exe [920768 2016-10-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\MountPoints2: {649dd088-cb24-11e3-9cdc-f04da2a9f971} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\MountPoints2: {8d85bf01-e6b2-11df-a172-806e6f6e6963} - D:\setup.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-02]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-02]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-04-05]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{385AE306-F9BF-49F2-A958-F45BB9626591}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E1B7AB1B-0F24-4615-8082-144331B555F7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2538772055-807052659-4255878346-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> DefaultScope {E65C161C-3701-4D20-AA6A-62F05C3F8145} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> {DFF76810-4974-4537-A87F-729407F78CEA} URL = hxxp://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> {E65C161C-3701-4D20-AA6A-62F05C3F8145} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-08-10] (Qihu 360 Software Co., Ltd.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-08-10] (Qihu 360 Software Co., Ltd.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-03-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-11]
CHR Extension: (Google Docs) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-11]
CHR Extension: (Google Drive) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-11]
CHR Extension: (YouTube) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-11]
CHR Extension: (Google Search) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-11]
CHR Extension: (Google Sheets) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-11]
CHR Extension: (Google Docs Offline) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-11]
CHR Extension: (Gmail) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [914344 2016-08-10] (QIHU 360 SOFTWARE CO. LIMITED)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-11-22] (IBM Corp.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-08-10] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2016-08-10] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2016-08-10] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2016-08-10] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-11-13] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [391392 2016-08-10] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [190696 2016-08-10] (360.cn)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] ()
R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-09-19] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-11-22] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [235688 2016-11-22] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [489704 2016-11-22] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [548008 2016-11-22] (IBM Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RT-USB; C:\Windows\System32\drivers\RT-USB64.SYS [97152 2014-05-12] (Ross-Tech LLC)
S3 STIrUsb; C:\Windows\System32\DRIVERS\irstusb.sys [33792 2008-01-19] (SigmaTel, Inc.)
S3 StMp3Recx64; C:\Windows\System32\Drivers\StMp3Recx64.sys [26112 2007-01-12] (Generic)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-24 15:56 - 2016-12-24 15:59 - 00022854 _____ C:\Users\Lan\Desktop\FRST.txt
2016-12-14 18:16 - 2016-12-24 13:01 - 00000000 ____D C:\Users\Lan\AppData\Local\{6A30D30E-FA5E-477C-B904-FC1471F25540}
2016-12-13 18:50 - 2016-12-13 18:50 - 00011082 _____ C:\Users\Lan\Documents\ON5474 hours.xlsx
2016-12-13 18:39 - 2016-11-21 18:16 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-12-13 18:39 - 2016-11-21 18:16 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-12-13 18:39 - 2016-11-21 18:12 - 01462272 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-12-13 18:39 - 2016-11-21 18:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-12-13 18:39 - 2016-11-20 16:20 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-12-13 18:39 - 2016-11-20 16:20 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-12-13 18:39 - 2016-11-20 16:20 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-12-13 18:39 - 2016-11-20 16:20 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2016-12-13 18:39 - 2016-11-20 16:20 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-12-13 18:39 - 2016-11-20 16:19 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-12-13 18:39 - 2016-11-20 16:04 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-12-13 18:39 - 2016-11-20 15:58 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-12-13 18:39 - 2016-11-20 15:57 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-12-13 18:39 - 2016-11-20 15:57 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-12-13 18:39 - 2016-11-20 15:57 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-12-13 18:39 - 2016-11-20 15:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-12-13 18:39 - 2016-11-20 15:52 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-12-13 18:39 - 2016-11-20 14:07 - 00467392 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-12-13 18:39 - 2016-11-17 16:41 - 00370920 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2016-12-13 18:39 - 2016-11-14 23:27 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-12-13 18:39 - 2016-11-14 22:39 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-12-13 18:39 - 2016-11-12 19:48 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-12-13 18:39 - 2016-11-12 19:48 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-12-13 18:39 - 2016-11-12 19:28 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-12-13 18:39 - 2016-11-12 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-12-13 18:39 - 2016-11-12 19:26 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-12-13 18:39 - 2016-11-12 19:25 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-12-13 18:39 - 2016-11-12 19:25 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-12-13 18:39 - 2016-11-12 19:21 - 02896384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-12-13 18:39 - 2016-11-12 19:15 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-12-13 18:39 - 2016-11-12 19:14 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-12-13 18:39 - 2016-11-12 19:09 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-12-13 18:39 - 2016-11-12 19:08 - 25759744 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-12-13 18:39 - 2016-11-12 19:08 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-12-13 18:39 - 2016-11-12 19:08 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-12-13 18:39 - 2016-11-12 19:07 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-12-13 18:39 - 2016-11-12 19:07 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-12-13 18:39 - 2016-11-12 18:56 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-12-13 18:39 - 2016-11-12 18:53 - 06049280 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-12-13 18:39 - 2016-11-12 18:52 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-12-13 18:39 - 2016-11-12 18:47 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-12-13 18:39 - 2016-11-12 18:41 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-12-13 18:39 - 2016-11-12 18:40 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-12-13 18:39 - 2016-11-12 18:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-12-13 18:39 - 2016-11-12 18:34 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-12-13 18:39 - 2016-11-12 18:31 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-12-13 18:39 - 2016-11-12 18:30 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-12-13 18:39 - 2016-11-12 18:29 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-12-13 18:39 - 2016-11-12 18:29 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-12-13 18:39 - 2016-11-12 18:29 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-12-13 18:39 - 2016-11-12 18:28 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-12-13 18:39 - 2016-11-12 18:27 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-12-13 18:39 - 2016-11-12 18:20 - 02287616 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-12-13 18:39 - 2016-11-12 18:20 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-12-13 18:39 - 2016-11-12 18:19 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-12-13 18:39 - 2016-11-12 18:17 - 20302848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-12-13 18:39 - 2016-11-12 18:15 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-12-13 18:39 - 2016-11-12 18:14 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-12-13 18:39 - 2016-11-12 18:14 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-12-13 18:39 - 2016-11-12 18:14 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-12-13 18:39 - 2016-11-12 18:14 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-12-13 18:39 - 2016-11-12 18:11 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-12-13 18:39 - 2016-11-12 18:10 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-12-13 18:39 - 2016-11-12 18:08 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-12-13 18:39 - 2016-11-12 18:08 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-12-13 18:39 - 2016-11-12 18:03 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-12-13 18:39 - 2016-11-12 17:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-13 18:39 - 2016-11-12 17:56 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-12-13 18:39 - 2016-11-12 17:52 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-12-13 18:39 - 2016-11-12 17:51 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-12-13 18:39 - 2016-11-12 17:49 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-12-13 18:39 - 2016-11-12 17:47 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-12-13 18:39 - 2016-11-12 17:41 - 15257088 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-12-13 18:39 - 2016-11-12 17:40 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-12-13 18:39 - 2016-11-12 17:38 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-12-13 18:39 - 2016-11-12 17:37 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-12-13 18:39 - 2016-11-12 17:36 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-12-13 18:39 - 2016-11-12 17:36 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-12-13 18:39 - 2016-11-12 17:35 - 02920960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-12-13 18:39 - 2016-11-12 17:21 - 13653504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-12-13 18:39 - 2016-11-12 17:20 - 01543680 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-12-13 18:39 - 2016-11-12 17:11 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-12-13 18:39 - 2016-11-12 17:05 - 02444800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-12-13 18:39 - 2016-11-12 17:02 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-12-13 18:39 - 2016-11-12 17:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-12-13 18:39 - 2016-11-10 16:32 - 01009152 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-12-13 18:39 - 2016-11-10 16:19 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-12-13 18:39 - 2016-11-09 16:41 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-12-13 18:39 - 2016-11-09 16:33 - 03244032 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-12-13 18:39 - 2016-11-09 16:33 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-12-13 18:39 - 2016-11-09 16:33 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-12-13 18:39 - 2016-11-09 16:33 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-12-13 18:39 - 2016-11-09 16:33 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-12-13 18:39 - 2016-11-09 16:33 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-12-13 18:39 - 2016-11-09 16:17 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-12-13 18:39 - 2016-11-09 16:17 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-12-13 18:39 - 2016-11-09 16:17 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-12-13 18:39 - 2016-11-09 16:17 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-12-13 18:39 - 2016-11-09 16:17 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-12-13 18:39 - 2016-11-09 16:02 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-12-13 18:39 - 2016-11-09 15:55 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2016-12-13 18:39 - 2016-11-06 16:33 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-12-13 18:39 - 2016-11-06 16:16 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-12-13 18:39 - 2016-11-06 16:01 - 03219456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-12-13 18:39 - 2016-10-27 15:33 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2016-12-13 18:39 - 2016-10-27 15:20 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2016-12-13 18:39 - 2016-10-11 15:40 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-12-13 18:39 - 2016-10-11 15:37 - 05547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-12-13 18:39 - 2016-10-11 15:37 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-12-13 18:39 - 2016-10-11 15:34 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-12-13 18:39 - 2016-10-11 15:32 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:24 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-12-13 18:39 - 2016-10-11 15:24 - 03944680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-12-13 18:39 - 2016-10-11 15:21 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 15:03 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-12-13 18:39 - 2016-10-11 15:03 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-12-13 18:39 - 2016-10-11 15:03 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-12-13 18:39 - 2016-10-11 14:59 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-12-13 18:39 - 2016-10-11 14:59 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-12-13 18:39 - 2016-10-11 14:55 - 00346112 _____ (Microsoft Corporation) C:\windows\system32\bcdedit.exe
2016-12-13 18:39 - 2016-10-11 14:55 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-12-13 18:39 - 2016-10-11 14:51 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-12-13 18:39 - 2016-10-11 14:51 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-12-13 18:39 - 2016-10-11 14:51 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-12-13 18:39 - 2016-10-11 14:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-12-13 18:39 - 2016-10-11 14:50 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 14:50 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 14:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 14:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-13 18:39 - 2016-10-11 13:18 - 00419648 _____ C:\windows\SysWOW64\locale.nls
2016-12-13 18:39 - 2016-10-11 13:17 - 00419648 _____ C:\windows\system32\locale.nls
2016-12-13 18:39 - 2016-10-08 13:06 - 00633296 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2016-12-13 18:39 - 2016-10-04 15:31 - 01483264 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-12-13 18:39 - 2016-10-04 15:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-12-13 18:39 - 2016-10-04 15:31 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2016-12-13 18:39 - 2016-10-04 15:31 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2016-12-13 18:39 - 2016-10-04 15:13 - 01176064 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-12-13 18:39 - 2016-10-04 15:13 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-12-13 18:39 - 2016-10-04 15:13 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2016-12-13 18:39 - 2016-10-04 15:13 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2016-12-12 00:53 - 2016-12-13 18:05 - 00000000 ____D C:\Users\Lan\AppData\Local\{B77A6FFE-2B7D-475D-B219-9FE64165E743}
2016-12-08 19:09 - 2016-12-11 11:18 - 00000000 ____D C:\Users\Lan\AppData\Local\{A67962D7-ED2F-47E4-BB49-7EF3CAD07EF1}
2016-12-07 16:49 - 2016-12-07 16:49 - 00000000 ____D C:\Users\Lan\AppData\Local\{920E8BEA-6A57-41BD-941E-48A04B9E1DD9}
2016-12-05 19:58 - 2016-12-06 21:32 - 00000000 ____D C:\Users\Lan\AppData\Local\{8354D8A4-789B-48F4-9AA9-4492FDBF4A89}
2016-11-29 22:34 - 2016-11-29 22:34 - 00028352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr110_clr0400.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp110_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00030400 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\windows\system32\msvcr110_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\windows\system32\msvcp110_clr0400.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-24 15:57 - 2015-09-23 19:54 - 00000000 ____D C:\FRST
2016-12-24 15:50 - 2016-01-23 08:28 - 00000000 ____D C:\Users\Lan\AppData\Roaming\360Safe
2016-12-24 15:31 - 2016-01-02 13:24 - 15000576 _____ C:\Users\Lan\Documents\backup outlook.pst
2016-12-24 13:17 - 2010-11-02 18:10 - 01939592 _____ C:\windows\WindowsUpdate.log
2016-12-23 18:21 - 2011-09-07 17:57 - 00000000 ____D C:\Users\Lan\AppData\Roaming\Skype
2016-12-18 13:35 - 2009-07-14 04:51 - 00149612 _____ C:\windows\setupact.log
2016-12-17 13:45 - 2011-08-13 22:36 - 00003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 13:45 - 2011-08-13 22:36 - 00003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 19:52 - 2009-07-14 04:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-16 19:52 - 2009-07-14 04:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-16 19:42 - 2016-05-29 16:03 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-16 19:40 - 2009-07-14 05:13 - 00789658 _____ C:\windows\system32\PerfStringBackup.INI
2016-12-15 17:32 - 2015-01-11 16:39 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-15 17:32 - 2015-01-11 16:39 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 18:16 - 2015-11-28 10:29 - 00000000 ____D C:\Users\Lan\AppData\Local\Spotify
2016-12-14 18:15 - 2014-08-13 12:54 - 00000000 ____D C:\Users\Lan\AppData\Local\HTC MediaHub
2016-12-14 18:15 - 2012-08-10 21:02 - 00000000 ____D C:\Users\Lan\Tracing
2016-12-14 18:15 - 2010-11-02 19:18 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-12-14 18:14 - 2011-04-05 17:56 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-12-14 18:14 - 2011-04-05 17:56 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-12-14 04:39 - 2009-07-14 05:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-12-14 04:38 - 2015-11-17 22:00 - 00422000 _____ C:\windows\system32\FNTCACHE.DAT
2016-12-14 04:13 - 2011-04-05 22:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-14 04:03 - 2013-08-09 02:09 - 00000000 ____D C:\windows\system32\MRT
2016-12-14 03:45 - 2011-05-03 20:08 - 135632432 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-12-14 03:32 - 2012-10-13 21:06 - 00773968 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-12-11 20:05 - 2016-01-27 22:50 - 00000000 _RSHD C:\360SANDBOX
2016-12-05 20:02 - 2013-08-15 02:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-12-05 19:52 - 2011-04-05 22:28 - 00549058 _____ C:\windows\PFRO.log
2016-12-01 20:09 - 2009-07-14 03:20 - 00000000 ____D C:\windows\rescache
2016-11-29 21:29 - 2013-09-21 19:02 - 00034816 _____ C:\Users\Lan\Documents\Copy of Pass.xls
2016-11-29 21:02 - 2016-08-13 14:42 - 00000972 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk

==================== Files in the root of some directories =======

2016-07-21 21:49 - 2016-07-21 21:49 - 0000323 _____ () C:\Users\Lan\AppData\Local\LMIR0001.tmp_r.bat
2011-10-21 19:33 - 2011-10-21 19:33 - 0007605 _____ () C:\Users\Lan\AppData\Local\Resmon.ResmonCfg
2011-09-07 18:01 - 2011-09-07 18:01 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2014-12-31 12:22 - 2016-04-04 18:33 - 0008192 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Lan\FRST64.exe


Some files in TEMP:
====================
C:\Users\Lan\AppData\Local\Temp\2ebpuily.dll
C:\Users\Lan\AppData\Local\Temp\ACLMInstaller.exe
C:\Users\Lan\AppData\Local\Temp\Quarantine.exe
C:\Users\Lan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-12-06 17:39

==================== End of FRST.txt ============================

Lanzo
2016-12-24, 18:43
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Lan (2016-12-24 16:02:14)
Running from C:\Users\Lan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-04-05 17:51:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2538772055-807052659-4255878346-500 - Administrator - Disabled)
Guest (S-1-5-21-2538772055-807052659-4255878346-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2538772055-807052659-4255878346-1002 - Limited - Enabled)
Lan (S-1-5-21-2538772055-807052659-4255878346-1000 - Administrator - Enabled) => C:\Users\Lan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Total Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 8.8.0.1020 - 360 Security Center)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 15.09 beta (x64) (HKLM\...\7-Zip) (Version: 15.09 - Igor Pavlov)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Canon MP Navigator 3.1 (HKLM-x32\...\MP Navigator 3.1) (Version: - )
Canon MP140 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.209 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}) (Version: 10.2.1.1 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 17 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150170}) (Version: 1.5.0.170 - Sun Microsystems, Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.210 - Oracle)
Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - )
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Agent (HKLM-x32\...\{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}) (Version: 4.5.0.1810 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Project 2000 (HKLM-x32\...\{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Polar Daemon (HKLM-x32\...\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}) (Version: 2.2.20000 - Polar Electro Oy)
Polar FlowSync version 2.6.2 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.6.2 - Polar Electro Oy)
Polar ProTrainer (HKLM-x32\...\{DF7DBA84-0A55-11D6-A0A6-6A7573736972}) (Version: 5.40.170 - )
Polar WebLink 2.4.15 (HKLM-x32\...\{2734FEDB-7A24-4F15-AC5C-3EC00414D4CC}) (Version: 02.50.0006 - Polar Electro Oy)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.06.02 - Dell Inc.)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Rapport (Version: 3.5.1201.94 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1609.107 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13307 - Skype Technologies S.A.)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Spotify) (Version: 1.0.21.143.g76c19bcd - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TomTom MyDrive Connect 4.1.3.2964 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.3.2964 - TomTom)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.107 - Trusteer)
VCDS Release 11.11.5 (HKLM-x32\...\VCDS Release 11.11) (Version: 11.11.5 - Ross-Tech)
VCDS Release 12.12.3 (HKLM-x32\...\VCDS Release 12.12) (Version: 12.12.3 - Ross-Tech)
VCDS Release 14.10.1 (HKLM-x32\...\VCDS Release) (Version: 14.10.1 - Ross-Tech)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Driver Package - Ross-Tech USB Driver Package (05/12/2014 2.10.00) (HKLM\...\88B02C4BD09AA7910C55C4E74BE8F036244B5CF9) (Version: 05/12/2014 2.10.00 - Ross-Tech)
Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

15-11-2016 19:42:56 Windows Update
22-11-2016 19:24:34 Windows Update
29-11-2016 20:16:03 Windows Update
05-12-2016 19:58:06 Installed Rapport
06-12-2016 14:48:02 Windows Update
09-12-2016 19:34:23 Windows Update
13-12-2016 18:19:01 Windows Update
14-12-2016 03:05:44 Windows Update
20-12-2016 18:01:38 Windows Update
23-12-2016 18:42:41 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-04-18 20:17 - 2015-04-18 20:17 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00058D66-55CE-4763-8A59-DF817A1E4B15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-24] (Google Inc.)
Task: {3BC86487-DB77-453D-B29C-8B92649DA2FA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12] (Adobe Systems Incorporated)
Task: {434D8095-0873-4CB5-A302-175165303896} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {500786ED-DB2D-4220-A32F-3E94938DCC7D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {7C6B9C37-55F8-45CF-8A8D-C73AC758E516} - System32\Tasks\{43DE22BB-00B7-4D28-A23A-FD65BC0E1F0D} => pcalua.exe -a C:\Users\Lan\Downloads\HP_Vista_SF_Ph1.exe -d C:\Users\Lan\Downloads
Task: {92496AAC-7A64-4FFC-A3DD-5E1DF03F2E03} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {96236186-C35A-481C-A062-451D9F3E765D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-24] (Google Inc.)
Task: {A8E42481-B5C5-4528-B276-20A576AB24C0} - System32\Tasks\{5378C27B-9FA0-4193-BB76-EEAC0A1A9236} => pcalua.exe -a C:\Users\Lan\Downloads\reflash_package.exe -d C:\Users\Lan\Downloads
Task: {CE6A5D90-CBC9-4B25-A024-B5CF1CD5359D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-09-12] (Microsoft Corporation)
Task: {DDC3D4FD-7E5D-4143-83A1-A061688BB09B} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
Task: {FA926F39-CF55-483E-B359-8C855DA68691} - System32\Tasks\{F5B560B3-D23C-4930-A7BA-2C8840E80C66} => Iexplore.exe http://ui.skype.com/ui/0/7.22.0.109.320/en/go/help.faq.installer?LastError=1618

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-12-12 15:20 - 2012-12-12 15:20 - 00419536 _____ () C:\Program Files (x86)\Polar\Daemon\polard.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-01-22 22:37 - 2016-08-10 10:54 - 00782248 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2010-11-02 19:18 - 2011-08-18 16:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2016-06-03 14:39 - 2014-08-06 12:42 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2016-10-13 03:07 - 2016-10-13 03:07 - 00472576 _____ () C:\windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\10b28df0c1127258f8396d1cafe0fafb\VistaBridgeLibrary.ni.dll
2010-02-09 18:34 - 2010-02-09 18:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2016-01-22 22:37 - 2016-08-10 10:54 - 01153448 _____ () C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
2015-11-15 18:21 - 2016-08-10 10:54 - 00099240 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2014-08-06 12:40 - 2014-08-06 12:40 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2016-06-03 14:37 - 2014-08-06 12:41 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-08-06 12:41 - 2014-08-06 12:41 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-08-06 12:41 - 2014-08-06 12:41 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-08-06 12:42 - 2014-08-06 12:42 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-08-06 12:44 - 2014-08-06 12:44 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-08-06 12:46 - 2014-08-06 12:46 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2011-01-12 16:05 - 2011-01-12 16:05 - 00065536 _____ () C:\Program Files (x86)\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
2012-12-12 15:20 - 2012-12-12 15:20 - 03483856 _____ () C:\Program Files (x86)\Polar\Daemon\libpolar.dll
2016-05-13 03:25 - 2016-05-13 03:25 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f82d17707ca7c6db565829eec695c9ef\IsdiInterop.ni.dll
2010-11-02 18:46 - 2010-06-08 15:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-05-29 16:01 - 2015-11-19 14:56 - 01759232 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\polar20.dll
2010-02-09 18:34 - 2010-02-09 18:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2010-02-09 18:34 - 2010-02-09 18:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 18:34 - 2010-02-09 18:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 18:34 - 2010-02-09 18:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 18:34 - 2010-02-09 18:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2011-02-06 10:32 - 2011-02-06 10:32 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7606 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2538772055-807052659-4255878346-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{58C01619-D010-4CF7-9862-BC9080BBAC8F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{51F16E58-1EF4-4388-AD75-E28025F561E3}] => (Allow) svchost.exe
FirewallRules: [{9886B251-879E-4D4B-9B12-5C0382B34EE0}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{845062F0-133E-4F09-B832-C983F672769F}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{CA6ABA4D-0A26-4F0C-8F72-CC04F2B3F5FF}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{1E35ED87-6CA5-405F-A94C-734A99DAAB28}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{0513BBFC-0B12-4509-8781-B9A4DD2061DC}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{01027AAF-CF1B-48BB-A493-BA0E6D309492}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6C958C2D-7766-4BFB-A872-EBBE54AF433E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8E2D6A18-4A9F-47E3-B2F5-90ADA27E5E38}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D0244D95-F178-4D3F-8CD7-F303E5D1A16B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{7C05826A-141E-49A9-83C2-19B268E6C5EE}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{DC99323F-411B-4879-B540-422FFEDF87F0}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{2750FEC3-B3D1-4661-8F78-C69E84B36B59}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{43CA3589-B598-40F7-A865-65D40B260A1D}] => (Allow) LPort=2869
FirewallRules: [{99ED7998-0931-4817-96AE-CF1F13349651}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{198A6C28-B18D-40B1-BAB5-0F2B103BF70B}C:\program files (x86)\sopcast\sopcast.exe] => (Block) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{ACE0470F-D7F1-4566-8630-3B313B2A40A8}C:\program files (x86)\sopcast\sopcast.exe] => (Block) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{0C643429-4BD3-40C1-B43B-528223ECDA95}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Block) C:\program files (x86)\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{773A14AC-4C1F-4A9C-ADD2-3156343169BD}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Block) C:\program files (x86)\sopcast\adv\sopadver.exe
FirewallRules: [TCP Query User{AFB694AB-8BCD-42E9-9127-CDE39F3E46A3}C:\program files (x86)\sopcast\sopcast.exe] => (Block) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{B775296F-4921-4098-892D-4A5D1C411A0B}C:\program files (x86)\sopcast\sopcast.exe] => (Block) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{6315FAC1-CE75-4BFD-A63B-F1DD2B17F79D}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{E4A0579B-FFA4-4AD6-AFA2-DCDEFEB8D904}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{E02EEEA5-6397-4727-9AC5-4DA6A55B89EA}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [TCP Query User{3A07AB1D-E093-4C6D-9AF0-6EABA60742F9}C:\users\lan\appdata\local\temp\low\633.tmp] => (Block) C:\users\lan\appdata\local\temp\low\633.tmp
FirewallRules: [UDP Query User{0CF7E7E4-56E6-4305-8185-17A7D595BC1A}C:\users\lan\appdata\local\temp\low\633.tmp] => (Block) C:\users\lan\appdata\local\temp\low\633.tmp
FirewallRules: [TCP Query User{83BF00AA-3C10-4148-BDB8-6AF30F2D16A6}C:\users\lan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{326FA079-ABD1-4EAE-9002-DAC103BFCA3A}C:\users\lan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lan\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E67AF86A-AFF2-40CB-AB10-23B8706B3A9A}C:\users\lan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C251C89C-AAE6-4826-9510-48280AA4DB9C}C:\users\lan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3464AA23-0F16-4DDB-8100-41CF568F8E9B}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{A423E34C-23F1-42F9-89A9-1F212968D606}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{FC304F46-DFBE-4666-BA56-84B5FCBB112F}] => (Allow) LPort=5354
FirewallRules: [{DB09E606-654A-4060-9B18-BB6B49DB295E}] => (Allow) LPort=5354
FirewallRules: [{DB0A8B3E-592A-4F91-9B36-200E0A644C40}] => (Allow) LPort=5354
FirewallRules: [{98F10DCD-B52C-42E1-BAFE-882D08197D23}] => (Allow) LPort=5354
FirewallRules: [{DB01C15F-9E7F-4FC0-AA22-5E7E5082E317}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{B07633EF-AB34-4F0A-B489-DB3A7875F9CC}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{123D34CA-8EEE-4032-8087-F87F4B4D5679}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{09551E85-E397-4CA5-BB7D-CDCB063EC5D8}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{A40D01A7-19C8-4E06-B896-10191C47C7FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/24/2016 03:29:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6388194

Error: (12/24/2016 03:29:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6388194

Error: (12/24/2016 03:29:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/24/2016 01:43:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5320

Error: (12/24/2016 01:43:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5320

Error: (12/24/2016 01:43:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/24/2016 01:00:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 50473640

Error: (12/24/2016 01:00:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 50473640

Error: (12/24/2016 01:00:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/24/2016 01:00:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 50467961


System errors:
=============
Error: (12/24/2016 01:22:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (12/24/2016 01:00:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (12/22/2016 11:56:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (12/17/2016 09:48:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (12/17/2016 09:48:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error:
%%1053

Error: (12/17/2016 09:48:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.

Error: (12/14/2016 06:14:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (12/14/2016 03:01:28 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}5{883FF1FC-09E1-48E5-8E54-E2469ACB0CFD}

Error: (12/11/2016 08:18:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (12/11/2016 08:08:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SBSD Security Center Service service failed to start due to the following error:
%%1053


CodeIntegrity:
===================================
Date: 2015-08-02 19:09:16.769
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-02 19:09:16.759
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-02 19:09:16.749
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-02 19:09:16.739
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-02 19:08:36.941
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-02 19:08:36.921
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-02 19:08:36.911
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-02 19:08:36.891
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-02 19:08:36.049
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-02 19:08:36.039
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 45%
Total physical RAM: 4058.36 MB
Available physical RAM: 2211.85 MB
Total Virtual: 8114.91 MB
Available Virtual: 4477.68 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:184.13 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 51ED4EC9)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Juliet
2016-12-25, 13:40
Please uninstall/remove the 2 below versions of Java, we can download and install the most current later.
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.210 - Oracle)
Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)

~~~~~~~~~~~~~~~~~~~~~~~~

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
C:\Users\Lan\AppData\Local\Temp\2ebpuily.dll
C:\Users\Lan\AppData\Local\Temp\ACLMInstaller.exe
C:\Users\Lan\AppData\Local\Temp\Quarantine.exe
C:\Users\Lan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lan\AppData\Local\Temp\sqlite3.dll
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
In order to use AdwCleaner, you have to agree the Eula:
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~~
please post
Fixlog.txt
AdwCleaner[C1].txt
JRT.txt

Lanzo
2016-12-25, 16:02
I have carried out all instructions and posted the corresponding logs as requested .

Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Lan (2016-12-25 12:46:30) Run:1
Running from C:\Users\Lan\Desktop
Loaded Profiles: Lan (Available Profiles: Lan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
C:\Users\Lan\AppData\Local\Temp\2ebpuily.dll
C:\Users\Lan\AppData\Local\Temp\ACLMInstaller.exe
C:\Users\Lan\AppData\Local\Temp\Quarantine.exe
C:\Users\Lan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lan\AppData\Local\Temp\sqlite3.dll
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
EmptyTemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2538772055-807052659-4255878346-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2 => key not found.
C:\Users\Lan\AppData\Local\Temp\2ebpuily.dll => moved successfully
C:\Users\Lan\AppData\Local\Temp\ACLMInstaller.exe => moved successfully
C:\Users\Lan\AppData\Local\Temp\Quarantine.exe => moved successfully
C:\Users\Lan\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Lan\AppData\Local\Temp\sqlite3.dll => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.

# AdwCleaner v6.041 - Logfile created 25/12/2016 at 13:13:16
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-23.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Lan - DAVES-PC
# Running from : C:\Users\Lan\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
Key Found: HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
Key Found: [x64] HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
Key Found: [x64] HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
Key Found: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found: HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found: HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2538772055-807052659-4255878346-1000\Software\AskToolbar
Key Found: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2538772055-807052659-4255878346-1000\Software\AskToolbar
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Web data] - uk.ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2155 Bytes] - [25/12/2016 13:13:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2228 Bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64
Ran by Lan (Administrator) on 25/12/2016 at 13:31:30.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 131

Failed to delete: C:\Users\Lan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVM3860J (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{0342BF93-2CB9-4876-A712-8A21B09F0F7D} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{07BB1447-0112-48C9-BBC8-C37C44FA8E7D} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{07BFC880-28A6-48AA-B7C6-4735247A2198} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{0B6EE607-6B56-4812-A6FD-E624C66A2A2E} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{0E63B980-3FC0-4B74-A94A-22845FB2ACF4} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{11A9D4EA-3F4C-4138-B2EC-3AC24A2ADC25} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{15A7F6FA-D3CD-444A-A386-F0598E7A90E0} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{16518955-9D92-49FF-A189-4F7400120F9A} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{19BE7D0C-7D41-4B67-A99B-4A4678E0B2CE} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{1B33ECC4-CE1F-4C78-8BAF-5D8437467A69} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{1BF79C73-7517-4760-B848-5E4099FEC188} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{1F3573E1-CC52-4B5A-A08A-9AF102900CF0} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{1FC803DB-0DC1-4F10-B1EE-F0B87C77C1D3} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{20F992B1-92F4-4564-8492-8D9B15C4FCDC} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{214725C4-9C59-475C-994E-7D42FEFB7A9B} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{22631A47-DFD5-4217-8085-B7D9376E00F6} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{25DC13A3-0330-4999-B2F8-EDC02C1CF04E} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{27B2C572-B12C-49A8-93CC-5E6895E3AE5A} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{283E8847-EAF9-4774-954C-E5AEB86CB92C} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{287E79B7-CE09-4C58-A698-16352977C8D6} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{28DE7FC6-E355-4105-AA9C-6E71473240A7} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{2C9ABD02-4E61-4A0B-8A15-3F6F37759C70} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{313F6502-5F66-469E-9ABF-8378E1FA4C85} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{326CFA79-B5B8-4DEF-9083-6216910E7620} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{3AC604DF-3FA3-48C4-BE5A-F912E2B27820} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{3B84C631-B7C8-4448-B9D7-814F75558F1B} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{41A2A81D-35DA-4D37-A24B-CFAFF1EEA51B} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{41D8B6A1-12A6-48C5-A265-8DD14085D9BA} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{41DF5719-BC1B-4B80-B195-4B9C5DAED220} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{429C012E-1C8C-402D-98A4-E1C3FE679B67} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{43902F0F-8471-443C-9C33-475603B9702F} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{43D18AA8-5F88-4CA3-9F37-6689B97898F1} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{4699113C-1CD9-4467-912D-1CAC0F68F1D3} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{474839F0-727D-4FA2-97DF-3FA96089A89B} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{4B614F99-0E6A-474E-95FB-DBCA9514EAE2} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{4DD58968-0C09-4DF9-BA61-3BCA127F4742} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{4EA0F32B-2A72-4703-86B4-FA3E9C210F44} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{4EEF512B-CF48-4BF4-A699-FBDE9F2CBC15} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{54B8CDA3-225E-4054-8AE6-B7B02293C769} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{55FEE43E-A784-45BF-BBF6-EDB59BF61EAB} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{5873BBAA-4392-4D22-9BF8-DFB77B60C2CC} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{5E705841-D99C-4F95-A6AB-DAE1FEE218CC} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{6314EE24-5136-4C06-BA42-FD6BCD4995C4} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{634E4E3D-0A08-4077-BF93-CF20DE7100D8} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{645B18D9-F6D5-4975-A484-89668F148FAC} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{652D3409-3577-4AF7-A8D5-A0351C740EF8} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{67952A91-6420-4229-A82B-0620C726F6F8} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{67BC2F7F-FFB9-4C32-A3B4-57CAD5A7B9FD} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{6857ABCF-8DA2-4921-AF3F-79A6265720C0} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{69CFDA3E-8D48-4133-9632-08F3E00FAF20} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{6A30D30E-FA5E-477C-B904-FC1471F25540} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{6CC2BA9F-404A-47C6-981C-7E4636FADBBB} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{6FAB28CA-6C90-43EF-A8B4-A44AFD2E7E8C} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{71FB28EA-3BCC-4F23-8256-535FEF029AB8} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{72ACF1C1-F8D3-4023-89E0-51823D78DB22} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{73840116-34AE-41AE-98E8-55CB4CF9AF85} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{759D31CD-6221-40CA-B758-C89DAB11D362} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{788B0264-98A3-450E-B185-25EC6DD78128} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{7DA8142A-1313-48DA-983B-1FF4C351B3F7} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{81A91DD2-03E5-44CB-8FEC-559EB231586A} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{81DBFFF1-342D-41AD-B71E-83D8D23F00CB} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{8354D8A4-789B-48F4-9AA9-4492FDBF4A89} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{852FDC1D-6479-4A99-8E7A-B0502F1BD1B4} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{8AA1DADE-CDD9-4481-AF63-85C2A8B3378C} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{8D0B4F92-555B-496A-B8BA-0D9D8CDE3BAB} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{920E8BEA-6A57-41BD-941E-48A04B9E1DD9} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{93B3A761-A78C-4DB1-8AA2-428F3F4016A7} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{94323366-3915-4261-AC51-B5FC693F20CA} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{94448508-C228-48B4-ABFB-E51FF512112B} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{96E03A5C-A5A5-4415-8860-145E1394C0B4} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{9BC67B21-04D6-4A66-BB10-36938B1C5C25} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{9BF43837-35E1-47DE-8F24-DD05C4EAC515} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{9FF055C7-56C4-4F1F-827E-6FCD470C0016} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{A11ABED8-9381-44FC-A70F-6A08099C5447} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{A197BD81-4F4C-4E59-8683-8E6CCA34C715} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{A33E6941-CBE6-42A7-9002-22737AB7D802} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{A64FD31C-CE7E-4DF0-9287-5116A15F29F9} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{A67962D7-ED2F-47E4-BB49-7EF3CAD07EF1} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{A74970A6-B445-4AEF-8582-42844BF241EC} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{B035A38B-892D-454D-AB75-5D10F363D56E} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{B132531A-5FE8-48BC-B6B1-8CE7631ADDA4} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{B2C197AF-F0E9-426A-AD0E-D18B9F5CA951} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{B77A6FFE-2B7D-475D-B219-9FE64165E743} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{BC568AFA-E182-48C9-9640-AE6600AF5910} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{BCCA6BEC-2582-42C4-AB76-E77F6E146315} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{BE1FF944-202B-4652-BE4A-8CD40E110F25} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{C24F8260-D648-418E-86DF-94170309321F} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{C2FE20D9-3627-4070-A558-F5C445D60361} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{C34884F2-9CB7-46CA-BFFA-735FEAEDD523} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{C5160A13-8110-4F9D-838A-D461B2A3378D} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{C5D39CE4-A9FD-468D-AB47-AF7DB5DF51D3} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{C5DB0006-F8BB-4BA8-A54D-9027610FFF28} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{C7C3FB02-2395-4372-B753-A3C808E33CC4} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{C96CA6D9-C372-4664-863F-2BEFBC176383} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{D11144ED-111B-4969-8A91-DE5AA8774EB4} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{D1279633-2846-4B0C-9B44-0B9134874BCE} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{D2C67167-030D-4369-96AC-19CF9437C320} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{D392362E-A873-42BD-96DF-C135828DD027} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{D657044D-AB4B-4BCA-8920-231CA1CAF460} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{D7EEF638-4F9D-4177-8D2D-1F07D3D5CD45} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{D8315318-49C2-4B8F-BC65-66FA8FC0B4E1} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{D83E3114-4186-4892-A4EC-045831E44A24} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{DDDCE913-7866-461A-B5F7-5D4E94733230} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{E27CC48B-C4DF-4CA5-9642-517E93531EB2} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{E3FB859A-0D9E-4306-84B0-96317A236FAF} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{EE93DD33-2D48-4DE3-BC98-0C0F5509E27E} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{F1F30DD7-EA6B-4504-8B3E-596188D52FC0} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{F2F33F52-A188-40F2-BB2D-8E713AB06CC7} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{F7A7D71A-FED3-45A7-8F5A-51F55F5CA098} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{FC814065-670F-4808-AC6D-5636A0A92661} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{FF735FB3-1EB6-45A8-8E51-CD2C2DE2B700} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\{FFAD7357-4D95-4569-B173-4547C3624C09} (Empty Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5EJCYKFM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXGYZRG1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVNQX6GN (Temporary Internet Files Folder)
Successfully deleted: C:\windows\system32\REN9D87.tmp (File)
Successfully deleted: C:\windows\system32\REN9D88.tmp (File)
Successfully deleted: C:\windows\system32\REN9D98.tmp (File)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5EJCYKFM (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXGYZRG1 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVM3860J (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVNQX6GN (Temporary Internet Files Folder)
Successfully deleted: C:\windows\SysWOW64\RENC8AC.tmp (File)
Successfully deleted: C:\windows\SysWOW64\RENC8AD.tmp (File)
Successfully deleted: C:\windows\SysWOW64\RENC8BD.tmp (File)
Successfully deleted: C:\windows\SysWOW64\REND1A2.tmp (File)
Successfully deleted: C:\windows\SysWOW64\REND1C3.tmp (File)
Successfully deleted: C:\windows\SysWOW64\REND1D3.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho4027.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho8AE4.tmp (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/12/2016 at 13:44:52.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet
2016-12-26, 13:09
Did you allow AdwCleaner to delete/quarantine what it found?

Since you already have Malwarebytes Anti-Malware on board, lets update and run a fresh scan.

Open Malwarebytes Anti-Malware

*]On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.

Lanzo
2016-12-26, 15:00
Hi,

yes, I did allow AdwCleaner to delete files.



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 26/12/2016
Scan Time: 12:29
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.12.26.02
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336921
Time Elapsed: 26 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Juliet
2016-12-26, 22:09
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it.
From there, click on the Extract button to extract the program in the EEK folder;
Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program.
Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;

If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;

Save the log on your desktop, then open it, and copy/paste its content in your next reply;



Please post this log
How is your computer now?

Lanzo
2016-12-27, 16:18
Hi,

the computer is running much better,

thank you.

Emsisoft Emergency Kit - Version 12.0
Last update: 27/12/2016 13:44:25
User account: DAVES-PC\Lan
Computer name: DAVES-PC
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 27/12/2016 13:48:30

Scanned 79835
Found 0

Scan end: 27/12/2016 14:05:23
Scan time: 0:16:53

Juliet
2016-12-27, 19:24
I think your good to go!


Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

*************


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.



Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.

Lanzo
2016-12-27, 21:48
Thank you so much for your help.

I have made a small donation to support you and the team and to keep this site going.


Lanzo

Juliet
2016-12-28, 13:04
We're glad to help :)

Juliet
2016-12-30, 05:48
Glad we could help. :)

Since this issue appears resolved ... this Topic is closed.