Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Computer slowed by long running script

  1. 2016-12-24, 17:40 #1
    Lanzo
    Lanzo is offline
    Member
    Join Date
    Oct 2009
    Posts
    49

    Default Computer slowed by long running script

    It seems whenever I go onto any popular website my computer slows up due to long running scripts and on other occasions the IE will crash.

    I have posted my logs below

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
    Ran by Lan (administrator) on DAVES-PC (24-12-2016 15:56:51)
    Running from C:\Users\Lan\Desktop
    Loaded Profiles: Lan (Available Profiles: Lan)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    () C:\Program Files (x86)\Polar\Daemon\polard.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    (Spotify Ltd) C:\Users\Lan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_23_0_0_185_ActiveX.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3200672 2010-06-30] (Dell Inc.)
    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [161088 2011-01-12] (McAfee, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1153448 2016-08-10] ()
    HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-14] (Dell)
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Polar Sync] => [X]
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Spotify Web Helper] => C:\Users\Lan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-05] (Spotify Ltd)
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Spotify] => C:\Users\Lan\AppData\Roaming\Spotify\Spotify.exe [8449136 2016-02-05] (Spotify Ltd)
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27011712 2016-10-17] (Skype Technologies S.A.)
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1191936 2015-11-19] (Polar Electro Oy)
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\system32\Macromed\Flash\FlashUtil64_23_0_0_185_ActiveX.exe [920768 2016-10-12] (Adobe Systems Incorporated)
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\MountPoints2: {649dd088-cb24-11e3-9cdc-f04da2a9f971} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\MountPoints2: {8d85bf01-e6b2-11df-a172-806e6f6e6963} - D:\setup.exe
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-02]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-02]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Lan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-04-05]
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{385AE306-F9BF-49F2-A958-F45BB9626591}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{E1B7AB1B-0F24-4615-8082-144331B555F7}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> DefaultScope {E65C161C-3701-4D20-AA6A-62F05C3F8145} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> {DFF76810-4974-4537-A87F-729407F78CEA} URL = hxxp://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> {E65C161C-3701-4D20-AA6A-62F05C3F8145} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-08-10] (Qihu 360 Software Co., Ltd.)
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-08-10] (Qihu 360 Software Co., Ltd.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
    Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
    Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-03-06] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [No File]
    FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-11]
    CHR Extension: (Google Docs) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-11]
    CHR Extension: (Google Drive) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-11]
    CHR Extension: (YouTube) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-11]
    CHR Extension: (Google Search) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-11]
    CHR Extension: (Google Sheets) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-11]
    CHR Extension: (Google Docs Offline) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-10]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-11]
    CHR Extension: (Gmail) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-11]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
    R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
    R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
    R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
    R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
    R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [914344 2016-08-10] (QIHU 360 SOFTWARE CO. LIMITED)
    R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-11-22] (IBM Corp.)
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-08-10] (360.cn)
    R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2016-08-10] (360.cn)
    R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2016-08-10] (360.cn)
    R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2016-08-10] (360.cn)
    R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-11-13] (360.cn)
    R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [391392 2016-08-10] (360.cn)
    R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [190696 2016-08-10] (360.cn)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
    S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] ()
    R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-09-19] (IBM Corp.)
    R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-11-22] (IBM Corp.)
    R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [235688 2016-11-22] (IBM Corp.)
    R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [489704 2016-11-22] (IBM Corp.)
    R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [548008 2016-11-22] (IBM Corp.)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
    S3 RT-USB; C:\Windows\System32\drivers\RT-USB64.SYS [97152 2014-05-12] (Ross-Tech LLC)
    S3 STIrUsb; C:\Windows\System32\DRIVERS\irstusb.sys [33792 2008-01-19] (SigmaTel, Inc.)
    S3 StMp3Recx64; C:\Windows\System32\Drivers\StMp3Recx64.sys [26112 2007-01-12] (Generic)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-24 15:56 - 2016-12-24 15:59 - 00022854 _____ C:\Users\Lan\Desktop\FRST.txt
    2016-12-14 18:16 - 2016-12-24 13:01 - 00000000 ____D C:\Users\Lan\AppData\Local\{6A30D30E-FA5E-477C-B904-FC1471F25540}
    2016-12-13 18:50 - 2016-12-13 18:50 - 00011082 _____ C:\Users\Lan\Documents\ON5474 hours.xlsx
    2016-12-13 18:39 - 2016-11-21 18:16 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2016-12-13 18:39 - 2016-11-21 18:16 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
    2016-12-13 18:39 - 2016-11-21 18:12 - 01462272 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2016-12-13 18:39 - 2016-11-20 16:20 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
    2016-12-13 18:39 - 2016-11-20 16:20 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
    2016-12-13 18:39 - 2016-11-20 16:20 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
    2016-12-13 18:39 - 2016-11-20 16:20 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
    2016-12-13 18:39 - 2016-11-20 16:20 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
    2016-12-13 18:39 - 2016-11-20 16:04 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
    2016-12-13 18:39 - 2016-11-20 15:58 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
    2016-12-13 18:39 - 2016-11-20 15:57 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
    2016-12-13 18:39 - 2016-11-20 15:57 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
    2016-12-13 18:39 - 2016-11-20 15:57 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
    2016-12-13 18:39 - 2016-11-20 15:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
    2016-12-13 18:39 - 2016-11-20 15:52 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
    2016-12-13 18:39 - 2016-11-20 14:07 - 00467392 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
    2016-12-13 18:39 - 2016-11-17 16:41 - 00370920 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
    2016-12-13 18:39 - 2016-11-14 23:27 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2016-12-13 18:39 - 2016-11-14 22:39 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2016-12-13 18:39 - 2016-11-12 19:48 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2016-12-13 18:39 - 2016-11-12 19:48 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2016-12-13 18:39 - 2016-11-12 19:28 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2016-12-13 18:39 - 2016-11-12 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2016-12-13 18:39 - 2016-11-12 19:26 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2016-12-13 18:39 - 2016-11-12 19:25 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2016-12-13 18:39 - 2016-11-12 19:25 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2016-12-13 18:39 - 2016-11-12 19:21 - 02896384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2016-12-13 18:39 - 2016-11-12 19:15 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2016-12-13 18:39 - 2016-11-12 19:14 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2016-12-13 18:39 - 2016-11-12 19:09 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2016-12-13 18:39 - 2016-11-12 19:08 - 25759744 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2016-12-13 18:39 - 2016-11-12 19:08 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2016-12-13 18:39 - 2016-11-12 19:08 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2016-12-13 18:39 - 2016-11-12 19:07 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2016-12-13 18:39 - 2016-11-12 19:07 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2016-12-13 18:39 - 2016-11-12 18:56 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2016-12-13 18:39 - 2016-11-12 18:53 - 06049280 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2016-12-13 18:39 - 2016-11-12 18:52 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2016-12-13 18:39 - 2016-11-12 18:47 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2016-12-13 18:39 - 2016-11-12 18:41 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2016-12-13 18:39 - 2016-11-12 18:40 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
    2016-12-13 18:39 - 2016-11-12 18:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2016-12-13 18:39 - 2016-11-12 18:34 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2016-12-13 18:39 - 2016-11-12 18:31 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2016-12-13 18:39 - 2016-11-12 18:30 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2016-12-13 18:39 - 2016-11-12 18:29 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2016-12-13 18:39 - 2016-11-12 18:29 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2016-12-13 18:39 - 2016-11-12 18:29 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2016-12-13 18:39 - 2016-11-12 18:28 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
    2016-12-13 18:39 - 2016-11-12 18:27 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2016-12-13 18:39 - 2016-11-12 18:20 - 02287616 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2016-12-13 18:39 - 2016-11-12 18:20 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2016-12-13 18:39 - 2016-11-12 18:19 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2016-12-13 18:39 - 2016-11-12 18:17 - 20302848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2016-12-13 18:39 - 2016-11-12 18:15 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2016-12-13 18:39 - 2016-11-12 18:14 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2016-12-13 18:39 - 2016-11-12 18:14 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2016-12-13 18:39 - 2016-11-12 18:14 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2016-12-13 18:39 - 2016-11-12 18:14 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2016-12-13 18:39 - 2016-11-12 18:11 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2016-12-13 18:39 - 2016-11-12 18:10 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2016-12-13 18:39 - 2016-11-12 18:08 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2016-12-13 18:39 - 2016-11-12 18:08 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2016-12-13 18:39 - 2016-11-12 18:03 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2016-12-13 18:39 - 2016-11-12 17:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-12-13 18:39 - 2016-11-12 17:56 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
    2016-12-13 18:39 - 2016-11-12 17:52 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2016-12-13 18:39 - 2016-11-12 17:51 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2016-12-13 18:39 - 2016-11-12 17:49 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2016-12-13 18:39 - 2016-11-12 17:47 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
    2016-12-13 18:39 - 2016-11-12 17:41 - 15257088 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2016-12-13 18:39 - 2016-11-12 17:40 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
    2016-12-13 18:39 - 2016-11-12 17:38 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2016-12-13 18:39 - 2016-11-12 17:37 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2016-12-13 18:39 - 2016-11-12 17:36 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2016-12-13 18:39 - 2016-11-12 17:36 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2016-12-13 18:39 - 2016-11-12 17:35 - 02920960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2016-12-13 18:39 - 2016-11-12 17:21 - 13653504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2016-12-13 18:39 - 2016-11-12 17:20 - 01543680 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2016-12-13 18:39 - 2016-11-12 17:11 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2016-12-13 18:39 - 2016-11-12 17:05 - 02444800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2016-12-13 18:39 - 2016-11-12 17:02 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2016-12-13 18:39 - 2016-11-12 17:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2016-12-13 18:39 - 2016-11-10 16:32 - 01009152 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
    2016-12-13 18:39 - 2016-11-10 16:19 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
    2016-12-13 18:39 - 2016-11-09 16:41 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
    2016-12-13 18:39 - 2016-11-09 16:33 - 03244032 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2016-12-13 18:39 - 2016-11-09 16:33 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2016-12-13 18:39 - 2016-11-09 16:33 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
    2016-12-13 18:39 - 2016-11-09 16:33 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
    2016-12-13 18:39 - 2016-11-09 16:33 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
    2016-12-13 18:39 - 2016-11-09 16:33 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
    2016-12-13 18:39 - 2016-11-09 16:17 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2016-12-13 18:39 - 2016-11-09 16:17 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
    2016-12-13 18:39 - 2016-11-09 16:17 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
    2016-12-13 18:39 - 2016-11-09 16:17 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
    2016-12-13 18:39 - 2016-11-09 16:17 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
    2016-12-13 18:39 - 2016-11-09 16:02 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
    2016-12-13 18:39 - 2016-11-09 15:55 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
    2016-12-13 18:39 - 2016-11-06 16:33 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
    2016-12-13 18:39 - 2016-11-06 16:16 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
    2016-12-13 18:39 - 2016-11-06 16:01 - 03219456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2016-12-13 18:39 - 2016-10-27 15:33 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
    2016-12-13 18:39 - 2016-10-27 15:20 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
    2016-12-13 18:39 - 2016-10-11 15:40 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
    2016-12-13 18:39 - 2016-10-11 15:37 - 05547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2016-12-13 18:39 - 2016-10-11 15:37 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
    2016-12-13 18:39 - 2016-10-11 15:34 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:24 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
    2016-12-13 18:39 - 2016-10-11 15:24 - 03944680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
    2016-12-13 18:39 - 2016-10-11 15:21 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:03 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
    2016-12-13 18:39 - 2016-10-11 15:03 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
    2016-12-13 18:39 - 2016-10-11 15:03 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
    2016-12-13 18:39 - 2016-10-11 14:59 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
    2016-12-13 18:39 - 2016-10-11 14:59 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
    2016-12-13 18:39 - 2016-10-11 14:55 - 00346112 _____ (Microsoft Corporation) C:\windows\system32\bcdedit.exe
    2016-12-13 18:39 - 2016-10-11 14:55 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
    2016-12-13 18:39 - 2016-10-11 14:51 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
    2016-12-13 18:39 - 2016-10-11 14:51 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
    2016-12-13 18:39 - 2016-10-11 14:51 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
    2016-12-13 18:39 - 2016-10-11 14:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
    2016-12-13 18:39 - 2016-10-11 14:50 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 14:50 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 14:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 14:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 13:18 - 00419648 _____ C:\windows\SysWOW64\locale.nls
    2016-12-13 18:39 - 2016-10-11 13:17 - 00419648 _____ C:\windows\system32\locale.nls
    2016-12-13 18:39 - 2016-10-08 13:06 - 00633296 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
    2016-12-13 18:39 - 2016-10-04 15:31 - 01483264 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
    2016-12-13 18:39 - 2016-10-04 15:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
    2016-12-13 18:39 - 2016-10-04 15:31 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
    2016-12-13 18:39 - 2016-10-04 15:31 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
    2016-12-13 18:39 - 2016-10-04 15:13 - 01176064 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
    2016-12-13 18:39 - 2016-10-04 15:13 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
    2016-12-13 18:39 - 2016-10-04 15:13 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
    2016-12-13 18:39 - 2016-10-04 15:13 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
    2016-12-12 00:53 - 2016-12-13 18:05 - 00000000 ____D C:\Users\Lan\AppData\Local\{B77A6FFE-2B7D-475D-B219-9FE64165E743}
    2016-12-08 19:09 - 2016-12-11 11:18 - 00000000 ____D C:\Users\Lan\AppData\Local\{A67962D7-ED2F-47E4-BB49-7EF3CAD07EF1}
    2016-12-07 16:49 - 2016-12-07 16:49 - 00000000 ____D C:\Users\Lan\AppData\Local\{920E8BEA-6A57-41BD-941E-48A04B9E1DD9}
    2016-12-05 19:58 - 2016-12-06 21:32 - 00000000 ____D C:\Users\Lan\AppData\Local\{8354D8A4-789B-48F4-9AA9-4492FDBF4A89}
    2016-11-29 22:34 - 2016-11-29 22:34 - 00028352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
    2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr110_clr0400.dll
    2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll
    2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp110_clr0400.dll
    2016-11-29 22:27 - 2016-11-29 22:27 - 00030400 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
    2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\windows\system32\msvcr110_clr0400.dll
    2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll
    2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\windows\system32\msvcp110_clr0400.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-24 15:57 - 2015-09-23 19:54 - 00000000 ____D C:\FRST
    2016-12-24 15:50 - 2016-01-23 08:28 - 00000000 ____D C:\Users\Lan\AppData\Roaming\360Safe
    2016-12-24 15:31 - 2016-01-02 13:24 - 15000576 _____ C:\Users\Lan\Documents\backup outlook.pst
    2016-12-24 13:17 - 2010-11-02 18:10 - 01939592 _____ C:\windows\WindowsUpdate.log
    2016-12-23 18:21 - 2011-09-07 17:57 - 00000000 ____D C:\Users\Lan\AppData\Roaming\Skype
    2016-12-18 13:35 - 2009-07-14 04:51 - 00149612 _____ C:\windows\setupact.log
    2016-12-17 13:45 - 2011-08-13 22:36 - 00003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-12-17 13:45 - 2011-08-13 22:36 - 00003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-12-16 19:52 - 2009-07-14 04:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-12-16 19:52 - 2009-07-14 04:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-12-16 19:42 - 2016-05-29 16:03 - 00000000 ____D C:\ProgramData\boost_interprocess
    2016-12-16 19:40 - 2009-07-14 05:13 - 00789658 _____ C:\windows\system32\PerfStringBackup.INI
    2016-12-15 17:32 - 2015-01-11 16:39 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-12-15 17:32 - 2015-01-11 16:39 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-12-14 18:16 - 2015-11-28 10:29 - 00000000 ____D C:\Users\Lan\AppData\Local\Spotify
    2016-12-14 18:15 - 2014-08-13 12:54 - 00000000 ____D C:\Users\Lan\AppData\Local\HTC MediaHub
    2016-12-14 18:15 - 2012-08-10 21:02 - 00000000 ____D C:\Users\Lan\Tracing
    2016-12-14 18:15 - 2010-11-02 19:18 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2016-12-14 18:14 - 2011-04-05 17:56 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2016-12-14 18:14 - 2011-04-05 17:56 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2016-12-14 04:39 - 2009-07-14 05:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2016-12-14 04:38 - 2015-11-17 22:00 - 00422000 _____ C:\windows\system32\FNTCACHE.DAT
    2016-12-14 04:13 - 2011-04-05 22:04 - 00000000 ____D C:\ProgramData\Microsoft Help
    2016-12-14 04:03 - 2013-08-09 02:09 - 00000000 ____D C:\windows\system32\MRT
    2016-12-14 03:45 - 2011-05-03 20:08 - 135632432 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
    2016-12-14 03:32 - 2012-10-13 21:06 - 00773968 _____ C:\windows\SysWOW64\PerfStringBackup.INI
    2016-12-11 20:05 - 2016-01-27 22:50 - 00000000 _RSHD C:\360SANDBOX
    2016-12-05 20:02 - 2013-08-15 02:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
    2016-12-05 19:52 - 2011-04-05 22:28 - 00549058 _____ C:\windows\PFRO.log
    2016-12-01 20:09 - 2009-07-14 03:20 - 00000000 ____D C:\windows\rescache
    2016-11-29 21:29 - 2013-09-21 19:02 - 00034816 _____ C:\Users\Lan\Documents\Copy of Pass.xls
    2016-11-29 21:02 - 2016-08-13 14:42 - 00000972 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk

    ==================== Files in the root of some directories =======

    2016-07-21 21:49 - 2016-07-21 21:49 - 0000323 _____ () C:\Users\Lan\AppData\Local\LMIR0001.tmp_r.bat
    2011-10-21 19:33 - 2011-10-21 19:33 - 0007605 _____ () C:\Users\Lan\AppData\Local\Resmon.ResmonCfg
    2011-09-07 18:01 - 2011-09-07 18:01 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2014-12-31 12:22 - 2016-04-04 18:33 - 0008192 _____ () C:\ProgramData\hpzinstall.log

    Files to move or delete:
    ====================
    C:\Users\Lan\FRST64.exe


    Some files in TEMP:
    ====================
    C:\Users\Lan\AppData\Local\Temp\2ebpuily.dll
    C:\Users\Lan\AppData\Local\Temp\ACLMInstaller.exe
    C:\Users\Lan\AppData\Local\Temp\Quarantine.exe
    C:\Users\Lan\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Lan\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\SysWOW64\wininit.exe => File is digitally signed
    C:\windows\explorer.exe => File is digitally signed
    C:\windows\SysWOW64\explorer.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\SysWOW64\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\SysWOW64\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\SysWOW64\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-12-06 17:39

    ==================== End of FRST.txt ============================


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
    Ran by Lan (administrator) on DAVES-PC (24-12-2016 15:56:51)
    Running from C:\Users\Lan\Desktop
    Loaded Profiles: Lan (Available Profiles: Lan)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    () C:\Program Files (x86)\Polar\Daemon\polard.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    (Spotify Ltd) C:\Users\Lan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_23_0_0_185_ActiveX.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3200672 2010-06-30] (Dell Inc.)
    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [161088 2011-01-12] (McAfee, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1153448 2016-08-10] ()
    HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-14] (Dell)
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Polar Sync] => [X]
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Spotify Web Helper] => C:\Users\Lan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-05] (Spotify Ltd)
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Spotify] => C:\Users\Lan\AppData\Roaming\Spotify\Spotify.exe [8449136 2016-02-05] (Spotify Ltd)
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27011712 2016-10-17] (Skype Technologies S.A.)
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1191936 2015-11-19] (Polar Electro Oy)
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\system32\Macromed\Flash\FlashUtil64_23_0_0_185_ActiveX.exe [920768 2016-10-12] (Adobe Systems Incorporated)
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\MountPoints2: {649dd088-cb24-11e3-9cdc-f04da2a9f971} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\MountPoints2: {8d85bf01-e6b2-11df-a172-806e6f6e6963} - D:\setup.exe
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-02]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-02]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Lan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-04-05]
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{385AE306-F9BF-49F2-A958-F45BB9626591}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{E1B7AB1B-0F24-4615-8082-144331B555F7}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> DefaultScope {E65C161C-3701-4D20-AA6A-62F05C3F8145} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> {DFF76810-4974-4537-A87F-729407F78CEA} URL = hxxp://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> {E65C161C-3701-4D20-AA6A-62F05C3F8145} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-08-10] (Qihu 360 Software Co., Ltd.)
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-08-10] (Qihu 360 Software Co., Ltd.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
    Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
    Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-06] (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-03-06] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [No File]
    FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-11]
    CHR Extension: (Google Docs) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-11]
    CHR Extension: (Google Drive) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-11]
    CHR Extension: (YouTube) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-11]
    CHR Extension: (Google Search) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-11]
    CHR Extension: (Google Sheets) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-11]
    CHR Extension: (Google Docs Offline) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-10]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-11]
    CHR Extension: (Gmail) - C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-11]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
    R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
    R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
    R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
    R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
    R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [914344 2016-08-10] (QIHU 360 SOFTWARE CO. LIMITED)
    R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-11-22] (IBM Corp.)
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-08-10] (360.cn)
    R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2016-08-10] (360.cn)
    R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2016-08-10] (360.cn)
    R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2016-08-10] (360.cn)
    R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-11-13] (360.cn)
    R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [391392 2016-08-10] (360.cn)
    R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [190696 2016-08-10] (360.cn)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
    S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] ()
    R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-09-19] (IBM Corp.)
    R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-11-22] (IBM Corp.)
    R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [235688 2016-11-22] (IBM Corp.)
    R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [489704 2016-11-22] (IBM Corp.)
    R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [548008 2016-11-22] (IBM Corp.)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
    S3 RT-USB; C:\Windows\System32\drivers\RT-USB64.SYS [97152 2014-05-12] (Ross-Tech LLC)
    S3 STIrUsb; C:\Windows\System32\DRIVERS\irstusb.sys [33792 2008-01-19] (SigmaTel, Inc.)
    S3 StMp3Recx64; C:\Windows\System32\Drivers\StMp3Recx64.sys [26112 2007-01-12] (Generic)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-24 15:56 - 2016-12-24 15:59 - 00022854 _____ C:\Users\Lan\Desktop\FRST.txt
    2016-12-14 18:16 - 2016-12-24 13:01 - 00000000 ____D C:\Users\Lan\AppData\Local\{6A30D30E-FA5E-477C-B904-FC1471F25540}
    2016-12-13 18:50 - 2016-12-13 18:50 - 00011082 _____ C:\Users\Lan\Documents\ON5474 hours.xlsx
    2016-12-13 18:39 - 2016-11-21 18:16 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2016-12-13 18:39 - 2016-11-21 18:16 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
    2016-12-13 18:39 - 2016-11-21 18:12 - 01462272 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
    2016-12-13 18:39 - 2016-11-21 18:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2016-12-13 18:39 - 2016-11-20 16:20 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
    2016-12-13 18:39 - 2016-11-20 16:20 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
    2016-12-13 18:39 - 2016-11-20 16:20 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
    2016-12-13 18:39 - 2016-11-20 16:20 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
    2016-12-13 18:39 - 2016-11-20 16:20 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2016-12-13 18:39 - 2016-11-20 16:19 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
    2016-12-13 18:39 - 2016-11-20 16:04 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
    2016-12-13 18:39 - 2016-11-20 15:58 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
    2016-12-13 18:39 - 2016-11-20 15:57 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
    2016-12-13 18:39 - 2016-11-20 15:57 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
    2016-12-13 18:39 - 2016-11-20 15:57 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
    2016-12-13 18:39 - 2016-11-20 15:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
    2016-12-13 18:39 - 2016-11-20 15:52 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
    2016-12-13 18:39 - 2016-11-20 14:07 - 00467392 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
    2016-12-13 18:39 - 2016-11-17 16:41 - 00370920 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
    2016-12-13 18:39 - 2016-11-14 23:27 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2016-12-13 18:39 - 2016-11-14 22:39 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2016-12-13 18:39 - 2016-11-12 19:48 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2016-12-13 18:39 - 2016-11-12 19:48 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2016-12-13 18:39 - 2016-11-12 19:28 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2016-12-13 18:39 - 2016-11-12 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2016-12-13 18:39 - 2016-11-12 19:26 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2016-12-13 18:39 - 2016-11-12 19:25 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2016-12-13 18:39 - 2016-11-12 19:25 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2016-12-13 18:39 - 2016-11-12 19:21 - 02896384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2016-12-13 18:39 - 2016-11-12 19:15 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2016-12-13 18:39 - 2016-11-12 19:14 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2016-12-13 18:39 - 2016-11-12 19:09 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2016-12-13 18:39 - 2016-11-12 19:08 - 25759744 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2016-12-13 18:39 - 2016-11-12 19:08 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2016-12-13 18:39 - 2016-11-12 19:08 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2016-12-13 18:39 - 2016-11-12 19:07 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2016-12-13 18:39 - 2016-11-12 19:07 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2016-12-13 18:39 - 2016-11-12 18:56 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2016-12-13 18:39 - 2016-11-12 18:53 - 06049280 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2016-12-13 18:39 - 2016-11-12 18:52 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2016-12-13 18:39 - 2016-11-12 18:47 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2016-12-13 18:39 - 2016-11-12 18:41 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2016-12-13 18:39 - 2016-11-12 18:40 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
    2016-12-13 18:39 - 2016-11-12 18:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2016-12-13 18:39 - 2016-11-12 18:34 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2016-12-13 18:39 - 2016-11-12 18:31 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2016-12-13 18:39 - 2016-11-12 18:30 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2016-12-13 18:39 - 2016-11-12 18:29 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2016-12-13 18:39 - 2016-11-12 18:29 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2016-12-13 18:39 - 2016-11-12 18:29 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2016-12-13 18:39 - 2016-11-12 18:28 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
    2016-12-13 18:39 - 2016-11-12 18:27 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2016-12-13 18:39 - 2016-11-12 18:20 - 02287616 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2016-12-13 18:39 - 2016-11-12 18:20 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2016-12-13 18:39 - 2016-11-12 18:19 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2016-12-13 18:39 - 2016-11-12 18:17 - 20302848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2016-12-13 18:39 - 2016-11-12 18:15 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2016-12-13 18:39 - 2016-11-12 18:14 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2016-12-13 18:39 - 2016-11-12 18:14 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2016-12-13 18:39 - 2016-11-12 18:14 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2016-12-13 18:39 - 2016-11-12 18:14 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2016-12-13 18:39 - 2016-11-12 18:11 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2016-12-13 18:39 - 2016-11-12 18:10 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2016-12-13 18:39 - 2016-11-12 18:08 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2016-12-13 18:39 - 2016-11-12 18:08 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2016-12-13 18:39 - 2016-11-12 18:03 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2016-12-13 18:39 - 2016-11-12 17:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-12-13 18:39 - 2016-11-12 17:56 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
    2016-12-13 18:39 - 2016-11-12 17:52 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2016-12-13 18:39 - 2016-11-12 17:51 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2016-12-13 18:39 - 2016-11-12 17:49 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2016-12-13 18:39 - 2016-11-12 17:47 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
    2016-12-13 18:39 - 2016-11-12 17:41 - 15257088 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2016-12-13 18:39 - 2016-11-12 17:40 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
    2016-12-13 18:39 - 2016-11-12 17:38 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2016-12-13 18:39 - 2016-11-12 17:37 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2016-12-13 18:39 - 2016-11-12 17:36 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2016-12-13 18:39 - 2016-11-12 17:36 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2016-12-13 18:39 - 2016-11-12 17:35 - 02920960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2016-12-13 18:39 - 2016-11-12 17:21 - 13653504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2016-12-13 18:39 - 2016-11-12 17:20 - 01543680 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2016-12-13 18:39 - 2016-11-12 17:11 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2016-12-13 18:39 - 2016-11-12 17:05 - 02444800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2016-12-13 18:39 - 2016-11-12 17:02 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2016-12-13 18:39 - 2016-11-12 17:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2016-12-13 18:39 - 2016-11-10 16:32 - 01009152 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
    2016-12-13 18:39 - 2016-11-10 16:19 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
    2016-12-13 18:39 - 2016-11-09 16:41 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
    2016-12-13 18:39 - 2016-11-09 16:33 - 03244032 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2016-12-13 18:39 - 2016-11-09 16:33 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2016-12-13 18:39 - 2016-11-09 16:33 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
    2016-12-13 18:39 - 2016-11-09 16:33 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
    2016-12-13 18:39 - 2016-11-09 16:33 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
    2016-12-13 18:39 - 2016-11-09 16:33 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
    2016-12-13 18:39 - 2016-11-09 16:17 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2016-12-13 18:39 - 2016-11-09 16:17 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
    2016-12-13 18:39 - 2016-11-09 16:17 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
    2016-12-13 18:39 - 2016-11-09 16:17 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
    2016-12-13 18:39 - 2016-11-09 16:17 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
    2016-12-13 18:39 - 2016-11-09 16:02 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
    2016-12-13 18:39 - 2016-11-09 15:55 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
    2016-12-13 18:39 - 2016-11-06 16:33 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
    2016-12-13 18:39 - 2016-11-06 16:16 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
    2016-12-13 18:39 - 2016-11-06 16:01 - 03219456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2016-12-13 18:39 - 2016-10-27 15:33 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
    2016-12-13 18:39 - 2016-10-27 15:20 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
    2016-12-13 18:39 - 2016-10-11 15:40 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
    2016-12-13 18:39 - 2016-10-11 15:37 - 05547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2016-12-13 18:39 - 2016-10-11 15:37 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
    2016-12-13 18:39 - 2016-10-11 15:34 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
    2016-12-13 18:39 - 2016-10-11 15:32 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:24 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
    2016-12-13 18:39 - 2016-10-11 15:24 - 03944680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
    2016-12-13 18:39 - 2016-10-11 15:21 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 15:03 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
    2016-12-13 18:39 - 2016-10-11 15:03 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
    2016-12-13 18:39 - 2016-10-11 15:03 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
    2016-12-13 18:39 - 2016-10-11 14:59 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
    2016-12-13 18:39 - 2016-10-11 14:59 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
    2016-12-13 18:39 - 2016-10-11 14:55 - 00346112 _____ (Microsoft Corporation) C:\windows\system32\bcdedit.exe
    2016-12-13 18:39 - 2016-10-11 14:55 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
    2016-12-13 18:39 - 2016-10-11 14:51 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
    2016-12-13 18:39 - 2016-10-11 14:51 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
    2016-12-13 18:39 - 2016-10-11 14:51 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
    2016-12-13 18:39 - 2016-10-11 14:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
    2016-12-13 18:39 - 2016-10-11 14:50 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 14:50 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 14:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 14:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-12-13 18:39 - 2016-10-11 13:18 - 00419648 _____ C:\windows\SysWOW64\locale.nls
    2016-12-13 18:39 - 2016-10-11 13:17 - 00419648 _____ C:\windows\system32\locale.nls
    2016-12-13 18:39 - 2016-10-08 13:06 - 00633296 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
    2016-12-13 18:39 - 2016-10-04 15:31 - 01483264 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
    2016-12-13 18:39 - 2016-10-04 15:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
    2016-12-13 18:39 - 2016-10-04 15:31 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
    2016-12-13 18:39 - 2016-10-04 15:31 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
    2016-12-13 18:39 - 2016-10-04 15:13 - 01176064 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
    2016-12-13 18:39 - 2016-10-04 15:13 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
    2016-12-13 18:39 - 2016-10-04 15:13 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
    2016-12-13 18:39 - 2016-10-04 15:13 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
    2016-12-12 00:53 - 2016-12-13 18:05 - 00000000 ____D C:\Users\Lan\AppData\Local\{B77A6FFE-2B7D-475D-B219-9FE64165E743}
    2016-12-08 19:09 - 2016-12-11 11:18 - 00000000 ____D C:\Users\Lan\AppData\Local\{A67962D7-ED2F-47E4-BB49-7EF3CAD07EF1}
    2016-12-07 16:49 - 2016-12-07 16:49 - 00000000 ____D C:\Users\Lan\AppData\Local\{920E8BEA-6A57-41BD-941E-48A04B9E1DD9}
    2016-12-05 19:58 - 2016-12-06 21:32 - 00000000 ____D C:\Users\Lan\AppData\Local\{8354D8A4-789B-48F4-9AA9-4492FDBF4A89}
    2016-11-29 22:34 - 2016-11-29 22:34 - 00028352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
    2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr110_clr0400.dll
    2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll
    2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp110_clr0400.dll
    2016-11-29 22:27 - 2016-11-29 22:27 - 00030400 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
    2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\windows\system32\msvcr110_clr0400.dll
    2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll
    2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:\windows\system32\msvcp110_clr0400.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-24 15:57 - 2015-09-23 19:54 - 00000000 ____D C:\FRST
    2016-12-24 15:50 - 2016-01-23 08:28 - 00000000 ____D C:\Users\Lan\AppData\Roaming\360Safe
    2016-12-24 15:31 - 2016-01-02 13:24 - 15000576 _____ C:\Users\Lan\Documents\backup outlook.pst
    2016-12-24 13:17 - 2010-11-02 18:10 - 01939592 _____ C:\windows\WindowsUpdate.log
    2016-12-23 18:21 - 2011-09-07 17:57 - 00000000 ____D C:\Users\Lan\AppData\Roaming\Skype
    2016-12-18 13:35 - 2009-07-14 04:51 - 00149612 _____ C:\windows\setupact.log
    2016-12-17 13:45 - 2011-08-13 22:36 - 00003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-12-17 13:45 - 2011-08-13 22:36 - 00003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-12-16 19:52 - 2009-07-14 04:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-12-16 19:52 - 2009-07-14 04:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-12-16 19:42 - 2016-05-29 16:03 - 00000000 ____D C:\ProgramData\boost_interprocess
    2016-12-16 19:40 - 2009-07-14 05:13 - 00789658 _____ C:\windows\system32\PerfStringBackup.INI
    2016-12-15 17:32 - 2015-01-11 16:39 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-12-15 17:32 - 2015-01-11 16:39 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-12-14 18:16 - 2015-11-28 10:29 - 00000000 ____D C:\Users\Lan\AppData\Local\Spotify
    2016-12-14 18:15 - 2014-08-13 12:54 - 00000000 ____D C:\Users\Lan\AppData\Local\HTC MediaHub
    2016-12-14 18:15 - 2012-08-10 21:02 - 00000000 ____D C:\Users\Lan\Tracing
    2016-12-14 18:15 - 2010-11-02 19:18 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2016-12-14 18:14 - 2011-04-05 17:56 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2016-12-14 18:14 - 2011-04-05 17:56 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2016-12-14 04:39 - 2009-07-14 05:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2016-12-14 04:38 - 2015-11-17 22:00 - 00422000 _____ C:\windows\system32\FNTCACHE.DAT
    2016-12-14 04:13 - 2011-04-05 22:04 - 00000000 ____D C:\ProgramData\Microsoft Help
    2016-12-14 04:03 - 2013-08-09 02:09 - 00000000 ____D C:\windows\system32\MRT
    2016-12-14 03:45 - 2011-05-03 20:08 - 135632432 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
    2016-12-14 03:32 - 2012-10-13 21:06 - 00773968 _____ C:\windows\SysWOW64\PerfStringBackup.INI
    2016-12-11 20:05 - 2016-01-27 22:50 - 00000000 _RSHD C:\360SANDBOX
    2016-12-05 20:02 - 2013-08-15 02:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
    2016-12-05 19:52 - 2011-04-05 22:28 - 00549058 _____ C:\windows\PFRO.log
    2016-12-01 20:09 - 2009-07-14 03:20 - 00000000 ____D C:\windows\rescache
    2016-11-29 21:29 - 2013-09-21 19:02 - 00034816 _____ C:\Users\Lan\Documents\Copy of Pass.xls
    2016-11-29 21:02 - 2016-08-13 14:42 - 00000972 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk

    ==================== Files in the root of some directories =======

    2016-07-21 21:49 - 2016-07-21 21:49 - 0000323 _____ () C:\Users\Lan\AppData\Local\LMIR0001.tmp_r.bat
    2011-10-21 19:33 - 2011-10-21 19:33 - 0007605 _____ () C:\Users\Lan\AppData\Local\Resmon.ResmonCfg
    2011-09-07 18:01 - 2011-09-07 18:01 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2014-12-31 12:22 - 2016-04-04 18:33 - 0008192 _____ () C:\ProgramData\hpzinstall.log

    Files to move or delete:
    ====================
    C:\Users\Lan\FRST64.exe


    Some files in TEMP:
    ====================
    C:\Users\Lan\AppData\Local\Temp\2ebpuily.dll
    C:\Users\Lan\AppData\Local\Temp\ACLMInstaller.exe
    C:\Users\Lan\AppData\Local\Temp\Quarantine.exe
    C:\Users\Lan\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Lan\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\SysWOW64\wininit.exe => File is digitally signed
    C:\windows\explorer.exe => File is digitally signed
    C:\windows\SysWOW64\explorer.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\SysWOW64\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\SysWOW64\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\SysWOW64\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-12-06 17:39

    ==================== End of FRST.txt ============================
  2. 2016-12-24, 17:43 #2
    Lanzo
    Lanzo is offline
    Member
    Join Date
    Oct 2009
    Posts
    49

    Default

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
    Ran by Lan (2016-12-24 16:02:14)
    Running from C:\Users\Lan\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2011-04-05 17:51:59)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2538772055-807052659-4255878346-500 - Administrator - Disabled)
    Guest (S-1-5-21-2538772055-807052659-4255878346-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2538772055-807052659-4255878346-1002 - Limited - Enabled)
    Lan (S-1-5-21-2538772055-807052659-4255878346-1000 - Administrator - Enabled) => C:\Users\Lan

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: 360 Total Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
    AS: 360 Total Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 8.8.0.1020 - 360 Security Center)
    64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
    7-Zip 15.09 beta (x64) (HKLM\...\7-Zip) (Version: 15.09 - Igor Pavlov)
    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    Apple Application Support (HKLM-x32\...\{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
    Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
    Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
    Canon MP Navigator 3.1 (HKLM-x32\...\MP Navigator 3.1) (Version: - )
    Canon MP140 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series) (Version: - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
    Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
    Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)
    Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.209 - ALPS ELECTRIC CO., LTD.)
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
    Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
    HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
    HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
    HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
    IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
    iTunes (HKLM\...\{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}) (Version: 10.2.1.1 - Apple Inc.)
    J2SE Runtime Environment 5.0 Update 17 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150170}) (Version: 1.5.0.170 - Sun Microsystems, Inc.)
    Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.210 - Oracle)
    Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - )
    Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
    LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    McAfee Agent (HKLM-x32\...\{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}) (Version: 4.5.0.1810 - McAfee, Inc.)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Project 2000 (HKLM-x32\...\{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}) (Version: 9.00.3821 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Polar Daemon (HKLM-x32\...\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}) (Version: 2.2.20000 - Polar Electro Oy)
    Polar FlowSync version 2.6.2 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.6.2 - Polar Electro Oy)
    Polar ProTrainer (HKLM-x32\...\{DF7DBA84-0A55-11D6-A0A6-6A7573736972}) (Version: 5.40.170 - )
    Polar WebLink 2.4.15 (HKLM-x32\...\{2734FEDB-7A24-4F15-AC5C-3EC00414D4CC}) (Version: 02.50.0006 - Polar Electro Oy)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.06.02 - Dell Inc.)
    QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
    Rapport (Version: 3.5.1201.94 - Trusteer) Hidden
    Rapport (x32 Version: 3.5.1609.107 - Trusteer) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
    Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13307 - Skype Technologies S.A.)
    Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Spotify (HKU\S-1-5-21-2538772055-807052659-4255878346-1000\...\Spotify) (Version: 1.0.21.143.g76c19bcd - Spotify AB)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)
    TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
    TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
    TomTom MyDrive Connect 4.1.3.2964 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.3.2964 - TomTom)
    Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.107 - Trusteer)
    VCDS Release 11.11.5 (HKLM-x32\...\VCDS Release 11.11) (Version: 11.11.5 - Ross-Tech)
    VCDS Release 12.12.3 (HKLM-x32\...\VCDS Release 12.12) (Version: 12.12.3 - Ross-Tech)
    VCDS Release 14.10.1 (HKLM-x32\...\VCDS Release) (Version: 14.10.1 - Ross-Tech)
    Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
    WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
    Windows Driver Package - Ross-Tech USB Driver Package (05/12/2014 2.10.00) (HKLM\...\88B02C4BD09AA7910C55C4E74BE8F036244B5CF9) (Version: 05/12/2014 2.10.00 - Ross-Tech)
    Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    15-11-2016 19:42:56 Windows Update
    22-11-2016 19:24:34 Windows Update
    29-11-2016 20:16:03 Windows Update
    05-12-2016 19:58:06 Installed Rapport
    06-12-2016 14:48:02 Windows Update
    09-12-2016 19:34:23 Windows Update
    13-12-2016 18:19:01 Windows Update
    14-12-2016 03:05:44 Windows Update
    20-12-2016 18:01:38 Windows Update
    23-12-2016 18:42:41 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-04-18 20:17 - 2015-04-18 20:17 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00058D66-55CE-4763-8A59-DF817A1E4B15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-24] (Google Inc.)
    Task: {3BC86487-DB77-453D-B29C-8B92649DA2FA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12] (Adobe Systems Incorporated)
    Task: {434D8095-0873-4CB5-A302-175165303896} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    Task: {500786ED-DB2D-4220-A32F-3E94938DCC7D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
    Task: {7C6B9C37-55F8-45CF-8A8D-C73AC758E516} - System32\Tasks\{43DE22BB-00B7-4D28-A23A-FD65BC0E1F0D} => pcalua.exe -a C:\Users\Lan\Downloads\HP_Vista_SF_Ph1.exe -d C:\Users\Lan\Downloads
    Task: {92496AAC-7A64-4FFC-A3DD-5E1DF03F2E03} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {96236186-C35A-481C-A062-451D9F3E765D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-24] (Google Inc.)
    Task: {A8E42481-B5C5-4528-B276-20A576AB24C0} - System32\Tasks\{5378C27B-9FA0-4193-BB76-EEAC0A1A9236} => pcalua.exe -a C:\Users\Lan\Downloads\reflash_package.exe -d C:\Users\Lan\Downloads
    Task: {CE6A5D90-CBC9-4B25-A024-B5CF1CD5359D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-09-12] (Microsoft Corporation)
    Task: {DDC3D4FD-7E5D-4143-83A1-A061688BB09B} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
    Task: {FA926F39-CF55-483E-B359-8C855DA68691} - System32\Tasks\{F5B560B3-D23C-4930-A7BA-2C8840E80C66} => Iexplore.exe http://ui.skype.com/ui/0/7.22.0.109....LastError=1618

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    2012-12-12 15:20 - 2012-12-12 15:20 - 00419536 _____ () C:\Program Files (x86)\Polar\Daemon\polard.exe
    2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2016-01-22 22:37 - 2016-08-10 10:54 - 00782248 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
    2010-11-02 19:18 - 2011-08-18 16:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    2016-06-03 14:39 - 2014-08-06 12:42 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
    2016-10-13 03:07 - 2016-10-13 03:07 - 00472576 _____ () C:\windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\10b28df0c1127258f8396d1cafe0fafb\VistaBridgeLibrary.ni.dll
    2010-02-09 18:34 - 2010-02-09 18:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    2016-01-22 22:37 - 2016-08-10 10:54 - 01153448 _____ () C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
    2015-11-15 18:21 - 2016-08-10 10:54 - 00099240 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
    2014-08-06 12:40 - 2014-08-06 12:40 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
    2016-06-03 14:37 - 2014-08-06 12:41 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
    2014-08-06 12:41 - 2014-08-06 12:41 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
    2014-08-06 12:41 - 2014-08-06 12:41 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
    2014-08-06 12:42 - 2014-08-06 12:42 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
    2014-08-06 12:44 - 2014-08-06 12:44 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
    2014-08-06 12:46 - 2014-08-06 12:46 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
    2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
    2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
    2011-01-12 16:05 - 2011-01-12 16:05 - 00065536 _____ () C:\Program Files (x86)\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
    2012-12-12 15:20 - 2012-12-12 15:20 - 03483856 _____ () C:\Program Files (x86)\Polar\Daemon\libpolar.dll
    2016-05-13 03:25 - 2016-05-13 03:25 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f82d17707ca7c6db565829eec695c9ef\IsdiInterop.ni.dll
    2010-11-02 18:46 - 2010-06-08 15:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2016-05-29 16:01 - 2015-11-19 14:56 - 01759232 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\polar20.dll
    2010-02-09 18:34 - 2010-02-09 18:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
    2010-02-09 18:34 - 2010-02-09 18:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
    2010-02-09 18:34 - 2010-02-09 18:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
    2010-02-09 18:34 - 2010-02-09 18:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
    2010-02-09 18:34 - 2010-02-09 18:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
    2011-02-06 10:32 - 2011-02-06 10:32 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7606 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2538772055-807052659-4255878346-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{58C01619-D010-4CF7-9862-BC9080BBAC8F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{51F16E58-1EF4-4388-AD75-E28025F561E3}] => (Allow) svchost.exe
    FirewallRules: [{9886B251-879E-4D4B-9B12-5C0382B34EE0}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{845062F0-133E-4F09-B832-C983F672769F}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
    FirewallRules: [{CA6ABA4D-0A26-4F0C-8F72-CC04F2B3F5FF}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
    FirewallRules: [{1E35ED87-6CA5-405F-A94C-734A99DAAB28}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{0513BBFC-0B12-4509-8781-B9A4DD2061DC}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{01027AAF-CF1B-48BB-A493-BA0E6D309492}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{6C958C2D-7766-4BFB-A872-EBBE54AF433E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{8E2D6A18-4A9F-47E3-B2F5-90ADA27E5E38}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{D0244D95-F178-4D3F-8CD7-F303E5D1A16B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{7C05826A-141E-49A9-83C2-19B268E6C5EE}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    FirewallRules: [{DC99323F-411B-4879-B540-422FFEDF87F0}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    FirewallRules: [{2750FEC3-B3D1-4661-8F78-C69E84B36B59}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{43CA3589-B598-40F7-A865-65D40B260A1D}] => (Allow) LPort=2869
    FirewallRules: [{99ED7998-0931-4817-96AE-CF1F13349651}] => (Allow) LPort=1900
    FirewallRules: [TCP Query User{198A6C28-B18D-40B1-BAB5-0F2B103BF70B}C:\program files (x86)\sopcast\sopcast.exe] => (Block) C:\program files (x86)\sopcast\sopcast.exe
    FirewallRules: [UDP Query User{ACE0470F-D7F1-4566-8630-3B313B2A40A8}C:\program files (x86)\sopcast\sopcast.exe] => (Block) C:\program files (x86)\sopcast\sopcast.exe
    FirewallRules: [TCP Query User{0C643429-4BD3-40C1-B43B-528223ECDA95}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Block) C:\program files (x86)\sopcast\adv\sopadver.exe
    FirewallRules: [UDP Query User{773A14AC-4C1F-4A9C-ADD2-3156343169BD}C:\program files (x86)\sopcast\adv\sopadver.exe] => (Block) C:\program files (x86)\sopcast\adv\sopadver.exe
    FirewallRules: [TCP Query User{AFB694AB-8BCD-42E9-9127-CDE39F3E46A3}C:\program files (x86)\sopcast\sopcast.exe] => (Block) C:\program files (x86)\sopcast\sopcast.exe
    FirewallRules: [UDP Query User{B775296F-4921-4098-892D-4A5D1C411A0B}C:\program files (x86)\sopcast\sopcast.exe] => (Block) C:\program files (x86)\sopcast\sopcast.exe
    FirewallRules: [{6315FAC1-CE75-4BFD-A63B-F1DD2B17F79D}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    FirewallRules: [{E4A0579B-FFA4-4AD6-AFA2-DCDEFEB8D904}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    FirewallRules: [{E02EEEA5-6397-4727-9AC5-4DA6A55B89EA}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
    FirewallRules: [TCP Query User{3A07AB1D-E093-4C6D-9AF0-6EABA60742F9}C:\users\lan\appdata\local\temp\low\633.tmp] => (Block) C:\users\lan\appdata\local\temp\low\633.tmp
    FirewallRules: [UDP Query User{0CF7E7E4-56E6-4305-8185-17A7D595BC1A}C:\users\lan\appdata\local\temp\low\633.tmp] => (Block) C:\users\lan\appdata\local\temp\low\633.tmp
    FirewallRules: [TCP Query User{83BF00AA-3C10-4148-BDB8-6AF30F2D16A6}C:\users\lan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{326FA079-ABD1-4EAE-9002-DAC103BFCA3A}C:\users\lan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\lan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{E67AF86A-AFF2-40CB-AB10-23B8706B3A9A}C:\users\lan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{C251C89C-AAE6-4826-9510-48280AA4DB9C}C:\users\lan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\lan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{3464AA23-0F16-4DDB-8100-41CF568F8E9B}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
    FirewallRules: [{A423E34C-23F1-42F9-89A9-1F212968D606}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
    FirewallRules: [{FC304F46-DFBE-4666-BA56-84B5FCBB112F}] => (Allow) LPort=5354
    FirewallRules: [{DB09E606-654A-4060-9B18-BB6B49DB295E}] => (Allow) LPort=5354
    FirewallRules: [{DB0A8B3E-592A-4F91-9B36-200E0A644C40}] => (Allow) LPort=5354
    FirewallRules: [{98F10DCD-B52C-42E1-BAFE-882D08197D23}] => (Allow) LPort=5354
    FirewallRules: [{DB01C15F-9E7F-4FC0-AA22-5E7E5082E317}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
    FirewallRules: [{B07633EF-AB34-4F0A-B489-DB3A7875F9CC}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
    FirewallRules: [{123D34CA-8EEE-4032-8087-F87F4B4D5679}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
    FirewallRules: [{09551E85-E397-4CA5-BB7D-CDCB063EC5D8}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
    FirewallRules: [{A40D01A7-19C8-4E06-B896-10191C47C7FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/24/2016 03:29:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6388194

    Error: (12/24/2016 03:29:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6388194

    Error: (12/24/2016 03:29:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/24/2016 01:43:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 5320

    Error: (12/24/2016 01:43:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 5320

    Error: (12/24/2016 01:43:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/24/2016 01:00:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 50473640

    Error: (12/24/2016 01:00:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 50473640

    Error: (12/24/2016 01:00:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/24/2016 01:00:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 50467961


    System errors:
    =============
    Error: (12/24/2016 01:22:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 20.

    Error: (12/24/2016 01:00:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

    Error: (12/22/2016 11:56:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

    Error: (12/17/2016 09:48:05 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

    Error: (12/17/2016 09:48:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Volume Shadow Copy service failed to start due to the following error:
    %%1053

    Error: (12/17/2016 09:48:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.

    Error: (12/14/2016 06:14:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    Error: (12/14/2016 03:01:28 AM) (Source: DCOM) (EventID: 10000) (User: )
    Description: C:\windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}5{883FF1FC-09E1-48E5-8E54-E2469ACB0CFD}

    Error: (12/11/2016 08:18:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 20.

    Error: (12/11/2016 08:08:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SBSD Security Center Service service failed to start due to the following error:
    %%1053


    CodeIntegrity:
    ===================================
    Date: 2015-08-02 19:09:16.769
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 19:09:16.759
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 19:09:16.749
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 19:09:16.739
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 19:08:36.941
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 19:08:36.921
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 19:08:36.911
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 19:08:36.891
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 19:08:36.049
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-08-02 19:08:36.039
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
    Percentage of memory in use: 45%
    Total physical RAM: 4058.36 MB
    Available physical RAM: 2211.85 MB
    Total Virtual: 8114.91 MB
    Available Virtual: 4477.68 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:184.13 GB) NTFS ==>[system with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 51ED4EC9)
    Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
    Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
  3. 2016-12-25, 12:40 #3
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Please uninstall/remove the 2 below versions of Java, we can download and install the most current later.
    Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.210 - Oracle)
    Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)

    ~~~~~~~~~~~~~~~~~~~~~~~~

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CreateRestorePoint:
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [No File]
    FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
    C:\Users\Lan\AppData\Local\Temp\2ebpuily.dll
    C:\Users\Lan\AppData\Local\Temp\ACLMInstaller.exe
    C:\Users\Lan\AppData\Local\Temp\Quarantine.exe
    C:\Users\Lan\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Lan\AppData\Local\Temp\sqlite3.dll
    HKLM-x32\...\Run: [] => [X]
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    EmptyTemp:
    Hosts:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
      In order to use AdwCleaner, you have to agree the Eula:
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Please download Junkware Removal Tool
    or from here http://downloads.malwarebytes.org/file/jrt
    to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ~~~
    please post
    Fixlog.txt
    AdwCleaner[C1].txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  4. 2016-12-25, 15:02 #4
    Lanzo
    Lanzo is offline
    Member
    Join Date
    Oct 2009
    Posts
    49

    Default

    I have carried out all instructions and posted the corresponding logs as requested .

    Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
    Ran by Lan (2016-12-25 12:46:30) Run:1
    Running from C:\Users\Lan\Desktop
    Loaded Profiles: Lan (Available Profiles: Lan)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2538772055-807052659-4255878346-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [No File]
    FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
    C:\Users\Lan\AppData\Local\Temp\2ebpuily.dll
    C:\Users\Lan\AppData\Local\Temp\ACLMInstaller.exe
    C:\Users\Lan\AppData\Local\Temp\Quarantine.exe
    C:\Users\Lan\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Lan\AppData\Local\Temp\sqlite3.dll
    HKLM-x32\...\Run: [] => [X]
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    EmptyTemp:
    Hosts:
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    "HKU\S-1-5-21-2538772055-807052659-4255878346-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin => key not found.
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2 => key not found.
    C:\Users\Lan\AppData\Local\Temp\2ebpuily.dll => moved successfully
    C:\Users\Lan\AppData\Local\Temp\ACLMInstaller.exe => moved successfully
    C:\Users\Lan\AppData\Local\Temp\Quarantine.exe => moved successfully
    C:\Users\Lan\AppData\Local\Temp\SkypeSetup.exe => moved successfully
    C:\Users\Lan\AppData\Local\Temp\sqlite3.dll => moved successfully
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
    "C:\Windows\System32\Drivers\etc\hosts" => Could not move.
    Could not restore Hosts.

    # AdwCleaner v6.041 - Logfile created 25/12/2016 at 13:13:16
    # Updated on 16/12/2016 by Malwarebytes
    # Database : 2016-12-23.1 [Server]
    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : Lan - DAVES-PC
    # Running from : C:\Users\Lan\Desktop\AdwCleaner.exe
    # Mode: Scan
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    No malicious services found.


    ***** [ Folders ] *****

    No malicious folders found.


    ***** [ Files ] *****

    No malicious files found.


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    No malicious task found.


    ***** [ Registry ] *****

    Key Found: HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
    Key Found: HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
    Key Found: [x64] HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
    Key Found: [x64] HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
    Key Found: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found: HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found: HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2538772055-807052659-4255878346-1000\Software\AskToolbar
    Key Found: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2538772055-807052659-4255878346-1000\Software\AskToolbar
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
    Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024


    ***** [ Web browsers ] *****

    No malicious Firefox based browser items found.
    Chrome pref Found: [C:\Users\Lan\AppData\Local\Google\Chrome\User Data\Default\Web data] - uk.ask.com

    *************************

    C:\AdwCleaner\AdwCleaner[S0].txt - [2155 Bytes] - [25/12/2016 13:13:16]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2228 Bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.0 (12.05.2016)
    Operating System: Windows 7 Home Premium x64
    Ran by Lan (Administrator) on 25/12/2016 at 13:31:30.90
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 131

    Failed to delete: C:\Users\Lan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVM3860J (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{0342BF93-2CB9-4876-A712-8A21B09F0F7D} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{07BB1447-0112-48C9-BBC8-C37C44FA8E7D} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{07BFC880-28A6-48AA-B7C6-4735247A2198} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{0B6EE607-6B56-4812-A6FD-E624C66A2A2E} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{0E63B980-3FC0-4B74-A94A-22845FB2ACF4} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{11A9D4EA-3F4C-4138-B2EC-3AC24A2ADC25} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{15A7F6FA-D3CD-444A-A386-F0598E7A90E0} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{16518955-9D92-49FF-A189-4F7400120F9A} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{19BE7D0C-7D41-4B67-A99B-4A4678E0B2CE} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{1B33ECC4-CE1F-4C78-8BAF-5D8437467A69} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{1BF79C73-7517-4760-B848-5E4099FEC188} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{1F3573E1-CC52-4B5A-A08A-9AF102900CF0} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{1FC803DB-0DC1-4F10-B1EE-F0B87C77C1D3} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{20F992B1-92F4-4564-8492-8D9B15C4FCDC} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{214725C4-9C59-475C-994E-7D42FEFB7A9B} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{22631A47-DFD5-4217-8085-B7D9376E00F6} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{25DC13A3-0330-4999-B2F8-EDC02C1CF04E} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{27B2C572-B12C-49A8-93CC-5E6895E3AE5A} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{283E8847-EAF9-4774-954C-E5AEB86CB92C} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{287E79B7-CE09-4C58-A698-16352977C8D6} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{28DE7FC6-E355-4105-AA9C-6E71473240A7} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{2C9ABD02-4E61-4A0B-8A15-3F6F37759C70} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{313F6502-5F66-469E-9ABF-8378E1FA4C85} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{326CFA79-B5B8-4DEF-9083-6216910E7620} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{3AC604DF-3FA3-48C4-BE5A-F912E2B27820} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{3B84C631-B7C8-4448-B9D7-814F75558F1B} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{41A2A81D-35DA-4D37-A24B-CFAFF1EEA51B} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{41D8B6A1-12A6-48C5-A265-8DD14085D9BA} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{41DF5719-BC1B-4B80-B195-4B9C5DAED220} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{429C012E-1C8C-402D-98A4-E1C3FE679B67} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{43902F0F-8471-443C-9C33-475603B9702F} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{43D18AA8-5F88-4CA3-9F37-6689B97898F1} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{4699113C-1CD9-4467-912D-1CAC0F68F1D3} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{474839F0-727D-4FA2-97DF-3FA96089A89B} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{4B614F99-0E6A-474E-95FB-DBCA9514EAE2} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{4DD58968-0C09-4DF9-BA61-3BCA127F4742} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{4EA0F32B-2A72-4703-86B4-FA3E9C210F44} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{4EEF512B-CF48-4BF4-A699-FBDE9F2CBC15} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{54B8CDA3-225E-4054-8AE6-B7B02293C769} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{55FEE43E-A784-45BF-BBF6-EDB59BF61EAB} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{5873BBAA-4392-4D22-9BF8-DFB77B60C2CC} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{5E705841-D99C-4F95-A6AB-DAE1FEE218CC} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{6314EE24-5136-4C06-BA42-FD6BCD4995C4} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{634E4E3D-0A08-4077-BF93-CF20DE7100D8} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{645B18D9-F6D5-4975-A484-89668F148FAC} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{652D3409-3577-4AF7-A8D5-A0351C740EF8} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{67952A91-6420-4229-A82B-0620C726F6F8} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{67BC2F7F-FFB9-4C32-A3B4-57CAD5A7B9FD} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{6857ABCF-8DA2-4921-AF3F-79A6265720C0} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{69CFDA3E-8D48-4133-9632-08F3E00FAF20} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{6A30D30E-FA5E-477C-B904-FC1471F25540} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{6CC2BA9F-404A-47C6-981C-7E4636FADBBB} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{6FAB28CA-6C90-43EF-A8B4-A44AFD2E7E8C} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{71FB28EA-3BCC-4F23-8256-535FEF029AB8} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{72ACF1C1-F8D3-4023-89E0-51823D78DB22} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{73840116-34AE-41AE-98E8-55CB4CF9AF85} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{759D31CD-6221-40CA-B758-C89DAB11D362} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{788B0264-98A3-450E-B185-25EC6DD78128} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{7DA8142A-1313-48DA-983B-1FF4C351B3F7} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{81A91DD2-03E5-44CB-8FEC-559EB231586A} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{81DBFFF1-342D-41AD-B71E-83D8D23F00CB} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{8354D8A4-789B-48F4-9AA9-4492FDBF4A89} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{852FDC1D-6479-4A99-8E7A-B0502F1BD1B4} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{8AA1DADE-CDD9-4481-AF63-85C2A8B3378C} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{8D0B4F92-555B-496A-B8BA-0D9D8CDE3BAB} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{920E8BEA-6A57-41BD-941E-48A04B9E1DD9} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{93B3A761-A78C-4DB1-8AA2-428F3F4016A7} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{94323366-3915-4261-AC51-B5FC693F20CA} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{94448508-C228-48B4-ABFB-E51FF512112B} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{96E03A5C-A5A5-4415-8860-145E1394C0B4} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{9BC67B21-04D6-4A66-BB10-36938B1C5C25} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{9BF43837-35E1-47DE-8F24-DD05C4EAC515} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{9FF055C7-56C4-4F1F-827E-6FCD470C0016} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{A11ABED8-9381-44FC-A70F-6A08099C5447} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{A197BD81-4F4C-4E59-8683-8E6CCA34C715} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{A33E6941-CBE6-42A7-9002-22737AB7D802} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{A64FD31C-CE7E-4DF0-9287-5116A15F29F9} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{A67962D7-ED2F-47E4-BB49-7EF3CAD07EF1} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{A74970A6-B445-4AEF-8582-42844BF241EC} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{B035A38B-892D-454D-AB75-5D10F363D56E} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{B132531A-5FE8-48BC-B6B1-8CE7631ADDA4} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{B2C197AF-F0E9-426A-AD0E-D18B9F5CA951} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{B77A6FFE-2B7D-475D-B219-9FE64165E743} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{BC568AFA-E182-48C9-9640-AE6600AF5910} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{BCCA6BEC-2582-42C4-AB76-E77F6E146315} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{BE1FF944-202B-4652-BE4A-8CD40E110F25} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{C24F8260-D648-418E-86DF-94170309321F} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{C2FE20D9-3627-4070-A558-F5C445D60361} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{C34884F2-9CB7-46CA-BFFA-735FEAEDD523} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{C5160A13-8110-4F9D-838A-D461B2A3378D} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{C5D39CE4-A9FD-468D-AB47-AF7DB5DF51D3} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{C5DB0006-F8BB-4BA8-A54D-9027610FFF28} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{C7C3FB02-2395-4372-B753-A3C808E33CC4} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{C96CA6D9-C372-4664-863F-2BEFBC176383} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{D11144ED-111B-4969-8A91-DE5AA8774EB4} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{D1279633-2846-4B0C-9B44-0B9134874BCE} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{D2C67167-030D-4369-96AC-19CF9437C320} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{D392362E-A873-42BD-96DF-C135828DD027} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{D657044D-AB4B-4BCA-8920-231CA1CAF460} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{D7EEF638-4F9D-4177-8D2D-1F07D3D5CD45} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{D8315318-49C2-4B8F-BC65-66FA8FC0B4E1} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{D83E3114-4186-4892-A4EC-045831E44A24} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{DDDCE913-7866-461A-B5F7-5D4E94733230} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{E27CC48B-C4DF-4CA5-9642-517E93531EB2} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{E3FB859A-0D9E-4306-84B0-96317A236FAF} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{EE93DD33-2D48-4DE3-BC98-0C0F5509E27E} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{F1F30DD7-EA6B-4504-8B3E-596188D52FC0} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{F2F33F52-A188-40F2-BB2D-8E713AB06CC7} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{F7A7D71A-FED3-45A7-8F5A-51F55F5CA098} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{FC814065-670F-4808-AC6D-5636A0A92661} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{FF735FB3-1EB6-45A8-8E51-CD2C2DE2B700} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\{FFAD7357-4D95-4569-B173-4547C3624C09} (Empty Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5EJCYKFM (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXGYZRG1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Lan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVNQX6GN (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\system32\REN9D87.tmp (File)
    Successfully deleted: C:\windows\system32\REN9D88.tmp (File)
    Successfully deleted: C:\windows\system32\REN9D98.tmp (File)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5EJCYKFM (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXGYZRG1 (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVM3860J (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVNQX6GN (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\SysWOW64\RENC8AC.tmp (File)
    Successfully deleted: C:\windows\SysWOW64\RENC8AD.tmp (File)
    Successfully deleted: C:\windows\SysWOW64\RENC8BD.tmp (File)
    Successfully deleted: C:\windows\SysWOW64\REND1A2.tmp (File)
    Successfully deleted: C:\windows\SysWOW64\REND1C3.tmp (File)
    Successfully deleted: C:\windows\SysWOW64\REND1D3.tmp (File)
    Successfully deleted: C:\windows\SysWOW64\sho4027.tmp (File)
    Successfully deleted: C:\windows\SysWOW64\sho8AE4.tmp (File)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 25/12/2016 at 13:44:52.55
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  5. 2016-12-26, 12:09 #5
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Did you allow AdwCleaner to delete/quarantine what it found?

    Since you already have Malwarebytes Anti-Malware on board, lets update and run a fresh scan.

    Open Malwarebytes Anti-Malware
    • *]On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
    • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
    • Upon completion of the scan (or after the reboot), click the History tab.
    • Click Application Logs, followed by the first Scan Log.
    • Click Export,followed by Copy to Clipboard. Paste the log in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  6. 2016-12-26, 14:00 #6
    Lanzo
    Lanzo is offline
    Member
    Join Date
    Oct 2009
    Posts
    49

    Default

    Hi,

    yes, I did allow AdwCleaner to delete files.



    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 26/12/2016
    Scan Time: 12:29
    Logfile:
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.12.26.02
    Rootkit Database: v2016.11.20.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Lan

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 336921
    Time Elapsed: 26 min, 39 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
  7. 2016-12-26, 21:09 #7
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it.
      From there, click on the Extract button to extract the program in the EEK folder;
    • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program.
      Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;



    Please post this log
    How is your computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  8. 2016-12-27, 15:18 #8
    Lanzo
    Lanzo is offline
    Member
    Join Date
    Oct 2009
    Posts
    49

    Default

    Hi,

    the computer is running much better,

    thank you.

    Emsisoft Emergency Kit - Version 12.0
    Last update: 27/12/2016 13:44:25
    User account: DAVES-PC\Lan
    Computer name: DAVES-PC
    OS version: Windows 7x64 Service Pack 1

    Scan settings:

    Scan type: Malware Scan
    Objects: Rootkits, Memory, Traces, Files

    Detect PUPs: On
    Scan archives: Off
    ADS Scan: On
    File extension filter: Off
    Direct disk access: Off

    Scan start: 27/12/2016 13:48:30

    Scanned 79835
    Found 0

    Scan end: 27/12/2016 14:05:23
    Scan time: 0:16:53
  9. 2016-12-27, 18:24 #9
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I think your good to go!

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete      ).

    *************


    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secunia PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
    • Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.


    Want to help others? Join the ClassRoom and learn how.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  10. 2016-12-27, 20:48 #10
    Lanzo
    Lanzo is offline
    Member
    Join Date
    Oct 2009
    Posts
    49

    Default

    Thank you so much for your help.

    I have made a small donation to support you and the team and to keep this site going.


    Lanzo
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules