Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avira Scanner crashes without scanning anything


  • This topic is locked This topic is locked
1 reply to this topic

#1 eClySe

eClySe

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:08 PM

Posted 04 July 2016 - 08:34 AM

I had Avira Free Antivirus for a year now and it was working fine until now.

 

Avira is still on as far as i know. Real-Time protection also works, although with slight differences. I tried doing an EICAR virus test to verify this. Instead of Avira giving me a pop-up about a detection, Avira didn't. However, I wasn't able to open the EICAR text file anymore, so I assumed that Avira was blocking it. The problem is with the scanner. Whenever I start a system scan, the scanner opens and runs for a while, although it's not scanning. I can pause the scan and resume it fine as long as the scanning process hasn't started yet. But before it actually starts scanning, the Scanner just crashes. I did this a few times with the same result. I'm not sure when this started since most of the time, I just let Avira do a regular scan and I never tried manually starting a scan.

 

My PC is an ASUS Model X555L running Windows 8.1, in case it's needed.

 

Thank you for helping.

 

I first posted this problem here -> http://www.bleepingcomputer.com/forums/t/618781/avira-scanner-crashes-right-after-starting-up/

and I was told to post it here instead.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by John (administrator) on ECLYSE (04-07-2016 21:22:15)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
(BitTorrent Inc.) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(BitTorrent Inc.) C:\Users\John\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(BitTorrent Inc.) C:\Users\John\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5020\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.7575\Battle.net.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7575\Battle.net Helper.exe
() C:\Program Files (x86)\Garena Plus\bbtalk\BBTalk.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7575\Battle.net Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-18] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-03-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-06-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-04] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9856352 2016-07-01] ()
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\...\Run: [uTorrent] => C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-20] (BitTorrent Inc.)
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-15] (Valve Corporation)
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd)
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\...\MountPoints2: {0bf0faf4-fedf-11e5-82a8-3010b3a90935} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\...\MountPoints2: {3d00ada7-c0a6-11e5-8298-3010b3a90935} - "G:\Setup.exe" 
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\...\MountPoints2: {d1b86e6d-23cb-11e6-82af-3010b3a90935} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-10-10]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ASUS\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe [2015-12-29] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{048399ED-ECB6-4B95-BC35-A46E935C7BC3}: [DhcpNameServer] 192.168.32.1
Tcpip\..\Interfaces\{CC242DEB-BBBD-4CDC-8447-FB9D8820C2FC}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1802426354-685773147-3862697081-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-29] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-29] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-29] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-29] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\iz6snha0.default
FF SelectedSearchEngine: Search Provided by Yahoo
FF DefaultSearchEngine: Search Provided by Yahoo
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_ir_16_19&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAzztB0CyE0AtB0E0DtB0AtCzy0FtAtDtN0D0Tzu0StCyDzyyCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0ByD0A0B0CyDzytGtCyByCyEtG0AtA0B0BtGtAtCyBtCtG0B0CyDtCtD0A0D0E0BtAzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DyEyEzztC0A0FtGtAzztC0FtGyEtA0FtDtG0AzztDyEtG0Czz0D0Ezyzz0DzytD0AtB0B2QtN0A0LzuyE%26cr%3D348728159%26a%3Dwncy_ir_16_19%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BSingle%2BLanguage
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-23] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-03-24] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-03-23] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1802426354-685773147-3862697081-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-02-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\iz6snha0.default\Extensions\abs@avira.com [2016-07-03]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.sweet-page.com/?type=hp&ts=1417298729&from=cor&uid=3219913727_198259_081521DB","hxxp://www.luckysearches.com/?type=hp&ts=1429271296&from=2sq&uid=ST1000LM024XHN-M101MBB_S32XJ9AF930157"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (From Dust) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2015-05-13]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-05-27]
CHR Extension: (Avira Browser Safety) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-06-24]
CHR Extension: (Chain Reaction) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa [2015-05-13]
CHR Extension: (AdBlock) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-30]
CHR Extension: (Creatures & Castles) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpeacgpdnhofhebmincihdelcemhagd [2015-05-13]
CHR Extension: (Marvel Comics) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2015-05-13]
CHR Extension: (Into The Mist) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2015-05-13]
CHR Extension: (Pocket Legends) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp [2015-05-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-13]
CHR Extension: (Canvas Rider) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-05-13]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [302680 2016-06-01] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\ASUS\Bluetooth Software\btwdins.exe [977664 2014-06-04] (Broadcom Corporation.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-18] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-18] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-18] (Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-03-24] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-18] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-03] (Intel® Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-10-24] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-03-24] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-03-24] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-03-24] (NVIDIA Corporation)
R2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2015-04-16] () [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-04-01] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146712 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-04-04] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7546544 2014-10-10] (Broadcom Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-18] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-18] (Intel Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-01-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-01-22] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-24] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-22] (NVIDIA Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
R3 gkernel; \??\C:\Users\John\AppData\Local\Temp\gkernel.sys [X]
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
U0 msahci; system32\drivers\msahci.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-04 21:22 - 2016-07-04 21:22 - 00025395 _____ C:\Users\John\Desktop\FRST.txt
2016-07-04 21:22 - 2016-07-04 21:22 - 00000000 ____D C:\FRST
2016-07-04 21:20 - 2016-07-04 21:21 - 02390016 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2016-07-04 13:14 - 2016-07-04 13:15 - 00381176 _____ C:\Windows\Minidump\070416-214890-01.dmp
2016-07-04 12:54 - 2016-04-04 17:07 - 00146712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-07-04 12:54 - 2016-04-04 17:07 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-07-04 12:54 - 2016-04-04 17:07 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-07-04 12:54 - 2016-04-04 17:07 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-07-04 12:30 - 2016-07-04 12:54 - 00000000 ____D C:\Program Files (x86)\Avira
2016-07-04 12:21 - 2016-07-04 12:23 - 00265678 _____ C:\Windows\ntbtlog.txt
2016-07-04 12:14 - 2016-07-04 13:51 - 00000000 ____D C:\Users\John\AppData\LocalLow\uTorrent
2016-07-04 12:07 - 2016-07-04 12:08 - 02975136 _____ (Avira Operations GmbH & Co. KG) C:\Users\John\Downloads\avira_registry_cleaner_en.exe
2016-07-03 18:08 - 2016-07-03 18:28 - 00000000 ____D C:\Users\John\AppData\Roaming\WizardWars
2016-07-03 14:41 - 2016-07-03 14:41 - 00000000 ____D C:\Users\John\AppData\Roaming\Avira
2016-07-03 12:48 - 2016-07-04 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-07-03 12:48 - 2016-07-03 13:34 - 00000000 ____D C:\ProgramData\Avira
2016-07-03 12:36 - 2016-06-15 01:13 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-03 12:36 - 2016-06-15 01:13 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-03 11:09 - 2016-05-29 15:08 - 22361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-07-03 11:09 - 2016-05-29 02:31 - 19788688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-07-03 11:09 - 2016-05-19 07:18 - 00563024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-03 11:09 - 2016-05-19 07:18 - 00397232 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-03 11:09 - 2016-05-19 07:16 - 00178016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-03 11:09 - 2016-05-19 06:28 - 00340880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-07-03 11:09 - 2016-05-19 05:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2016-07-03 11:09 - 2016-05-19 05:33 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-07-03 11:09 - 2016-05-19 05:15 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2016-07-03 11:09 - 2016-05-19 04:59 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-07-03 11:09 - 2016-05-19 04:56 - 01291776 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2016-07-03 11:09 - 2016-05-19 04:33 - 01060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2016-07-03 11:09 - 2016-05-19 04:28 - 02635264 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2016-07-03 11:09 - 2016-05-19 04:16 - 02317824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2016-07-03 11:09 - 2016-05-15 04:26 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-07-03 11:09 - 2016-05-14 13:19 - 07446360 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-03 11:09 - 2016-05-14 13:19 - 01134768 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-07-03 11:09 - 2016-05-14 07:08 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-07-03 11:09 - 2016-05-14 07:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2016-07-03 11:09 - 2016-05-14 07:08 - 00032512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2016-07-03 11:09 - 2016-05-14 06:24 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-07-03 11:09 - 2016-05-14 05:42 - 03667968 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-07-03 11:09 - 2016-05-14 05:30 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-07-03 11:09 - 2016-05-14 05:29 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-07-03 11:09 - 2016-05-14 05:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-07-03 11:09 - 2016-05-14 05:27 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-07-03 11:09 - 2016-05-14 05:26 - 02230784 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-07-03 11:09 - 2016-05-14 05:26 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-07-03 11:09 - 2016-05-14 05:18 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-07-03 11:09 - 2016-05-14 05:18 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-07-03 11:09 - 2016-05-14 05:16 - 00727040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-07-03 11:09 - 2016-05-14 05:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-07-03 11:09 - 2016-05-13 02:36 - 00034600 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountBroker.exe
2016-07-03 11:09 - 2016-05-13 01:39 - 00030984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountBroker.exe
2016-07-03 11:09 - 2016-05-13 01:37 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc63.sys
2016-07-03 11:09 - 2016-05-11 10:24 - 00107984 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-07-03 11:09 - 2016-05-11 10:24 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-07-03 11:09 - 2016-05-07 05:59 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2016-07-03 11:09 - 2016-05-07 01:13 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-07-03 11:09 - 2016-05-06 02:28 - 01661072 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-07-03 11:09 - 2016-05-06 01:39 - 01212256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-07-03 11:09 - 2016-05-06 01:18 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-07-03 11:09 - 2016-05-06 01:02 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-07-03 11:09 - 2016-05-06 00:37 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-07-03 11:09 - 2016-05-06 00:34 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-07-03 11:09 - 2016-05-06 00:29 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-07-03 11:09 - 2016-05-05 23:28 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-07-03 11:09 - 2016-05-05 23:16 - 02464768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-07-03 11:09 - 2016-04-16 21:56 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-07-03 11:09 - 2016-04-12 23:46 - 14467584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-07-03 11:09 - 2016-04-12 23:30 - 12879872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-07-03 11:09 - 2016-04-10 13:35 - 00551256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-07-03 11:09 - 2016-04-10 06:15 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2016-07-03 11:09 - 2016-04-10 06:14 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Geolocation.dll
2016-07-03 11:09 - 2016-04-10 06:10 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-07-03 11:09 - 2016-04-10 06:09 - 00754176 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2016-07-03 11:09 - 2016-04-10 06:02 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2016-07-03 11:09 - 2016-04-10 05:59 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Geolocation.dll
2016-07-03 11:09 - 2016-04-10 05:59 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2016-07-03 11:09 - 2016-04-10 05:56 - 00543232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2016-07-03 11:09 - 2016-04-10 05:55 - 00881152 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-07-03 11:09 - 2016-04-10 05:52 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2016-07-03 11:09 - 2016-04-08 00:34 - 00987136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-03 11:09 - 2016-04-08 00:06 - 00927744 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2016-07-03 11:09 - 2016-04-07 23:36 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-07-03 11:09 - 2016-04-07 05:21 - 00114528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2016-07-03 11:09 - 2016-04-07 02:20 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-07-03 11:09 - 2016-04-07 02:17 - 18825216 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-07-03 11:09 - 2016-04-07 00:25 - 15158272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-07-03 11:09 - 2016-04-06 06:37 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2016-07-03 11:09 - 2016-04-02 21:58 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2016-07-03 11:09 - 2016-04-02 01:40 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2016-07-03 11:09 - 2016-04-02 01:00 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-07-03 11:09 - 2016-04-02 00:53 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2016-07-03 11:09 - 2016-04-02 00:50 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-07-03 11:09 - 2016-04-02 00:41 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-07-03 11:09 - 2016-02-05 00:57 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll
2016-07-03 11:09 - 2016-02-05 00:49 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2016-07-03 11:09 - 2016-02-05 00:39 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2016-07-03 11:01 - 2016-07-03 11:02 - 04657056 _____ (Avira Operations GmbH & Co. KG) C:\Users\John\Downloads\avira_en_av_57787fb2c4cc9__ws.exe
2016-07-02 23:03 - 2016-07-02 23:03 - 00000000 ____D C:\Program Files (x86)\ESET
2016-07-02 22:47 - 2016-07-02 22:47 - 00000000 ____D C:\Users\John\AppData\LocalLow\Temp
2016-07-02 22:46 - 2016-07-02 22:48 - 00000000 ____D C:\Users\John\Documents\Visual Studio 2015
2016-07-02 21:05 - 2016-07-02 21:05 - 00000000 ____D C:\Users\John\AppData\Local\ESET
2016-07-02 15:44 - 2016-07-02 15:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-02 06:17 - 2016-07-02 06:17 - 00007605 _____ C:\Users\John\AppData\Local\Resmon.ResmonCfg
2016-06-30 20:45 - 2016-06-30 20:45 - 00000000 ____D C:\Users\John\AppData\Local\Colossal Order
2016-06-30 10:10 - 2016-06-30 15:56 - 00000000 ____D C:\Users\John\Downloads\Cities.Skylines.Snowfall-CODEX
2016-06-30 09:58 - 2016-06-30 09:58 - 00018650 _____ C:\Users\John\Downloads\Cities.Skylines.Snowfall-CODEX.torrent
2016-06-29 01:17 - 2016-05-22 01:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-29 01:17 - 2016-05-22 00:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-29 01:17 - 2016-05-21 06:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-29 01:17 - 2016-05-21 06:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-29 01:17 - 2016-05-21 06:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-29 01:17 - 2016-05-21 05:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-29 01:17 - 2016-05-21 05:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-29 01:17 - 2016-05-21 05:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-29 01:17 - 2016-05-21 05:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-29 01:17 - 2016-05-21 05:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-29 01:17 - 2016-05-21 05:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-29 01:17 - 2016-05-21 05:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-29 01:17 - 2016-05-21 05:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-29 01:17 - 2016-05-21 05:25 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-06-29 01:17 - 2016-05-21 05:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-29 01:17 - 2016-05-21 05:21 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-06-29 01:17 - 2016-05-21 05:19 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-06-29 01:17 - 2016-05-21 05:16 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-06-29 01:17 - 2016-05-21 05:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-29 01:17 - 2016-05-21 05:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-29 01:17 - 2016-05-21 05:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-29 01:17 - 2016-05-21 05:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-29 01:17 - 2016-05-21 05:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-29 01:17 - 2016-05-21 05:09 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-29 01:17 - 2016-05-21 05:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-29 01:17 - 2016-05-21 05:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-29 01:17 - 2016-05-21 05:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-29 01:17 - 2016-05-21 04:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-29 01:17 - 2016-05-21 04:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-29 01:17 - 2016-05-21 04:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-29 01:17 - 2016-05-21 04:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-29 01:17 - 2016-05-21 04:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-29 01:17 - 2016-05-21 04:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-29 01:17 - 2016-05-13 02:38 - 00135336 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-29 01:17 - 2016-05-13 01:43 - 00115704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-29 01:17 - 2016-05-13 00:17 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-29 01:17 - 2016-05-13 00:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-29 01:17 - 2016-05-13 00:07 - 01360896 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-29 01:17 - 2016-05-12 23:59 - 00398848 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-29 01:17 - 2016-05-12 23:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-29 01:17 - 2016-05-12 23:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-29 01:17 - 2016-05-06 23:45 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-29 01:17 - 2016-05-06 23:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-29 01:16 - 2016-06-04 01:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-06-29 01:16 - 2016-06-03 21:38 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-29 01:16 - 2016-06-03 01:51 - 00050352 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-29 01:16 - 2016-05-29 23:04 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-29 01:16 - 2016-05-29 23:04 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-29 01:16 - 2016-05-29 23:04 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-29 01:16 - 2016-05-29 23:04 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-29 01:16 - 2016-05-29 23:04 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-29 01:16 - 2016-05-29 23:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-29 01:16 - 2016-05-18 13:31 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-29 01:16 - 2016-05-18 13:31 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-29 01:16 - 2016-05-15 04:01 - 00363104 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-29 01:16 - 2016-05-15 04:01 - 00320720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-29 01:16 - 2016-05-14 07:09 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-29 01:16 - 2016-05-14 07:07 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-29 01:16 - 2016-05-14 07:07 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-29 01:16 - 2016-05-14 07:07 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-29 01:16 - 2016-05-14 07:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-29 01:16 - 2016-05-14 07:04 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-29 01:16 - 2016-05-14 06:19 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-29 01:16 - 2016-05-14 05:58 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-29 01:16 - 2016-05-14 05:45 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-29 01:16 - 2016-05-14 05:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-29 01:16 - 2016-05-14 05:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-29 01:16 - 2016-05-10 05:35 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-06-29 01:16 - 2016-05-10 04:56 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-06-29 01:16 - 2016-05-10 04:45 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-29 01:16 - 2016-05-10 04:23 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-29 01:11 - 2016-05-19 07:15 - 01379040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-29 01:11 - 2016-05-19 04:35 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-28 12:02 - 2016-07-03 21:59 - 00000000 ___RD C:\Users\John\Desktop\ 
2016-06-17 17:35 - 2016-06-17 17:35 - 00000701 _____ C:\Users\John\Downloads\Invisible.zip
2016-06-12 09:05 - 2016-06-12 09:05 - 00000000 ____D C:\Users\John\Documents\Bluetooth Exchange Folder
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-04 21:22 - 2015-04-15 18:22 - 00000000 ____D C:\Users\John\AppData\Roaming\uTorrent
2016-07-04 21:18 - 2015-07-01 20:15 - 00000000 ____D C:\Users\John\AppData\Local\Battle.net
2016-07-04 20:43 - 2015-04-13 03:54 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-04 20:28 - 2016-05-15 23:28 - 00000280 _____ C:\Windows\Tasks\{5D7664AA-C128-C3F0-4DB4-6D70CB005FD9}.job
2016-07-04 19:45 - 2015-04-15 19:54 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-04 18:01 - 2015-04-15 20:52 - 00000000 ____D C:\Users\John\AppData\Roaming\vlc
2016-07-04 14:57 - 2016-02-21 22:04 - 00003476 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2016-07-04 14:57 - 2015-07-01 20:15 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-07-04 13:54 - 2015-04-13 05:30 - 00000000 ____D C:\Users\John\AppData\Roaming\GarenaPlus
2016-07-04 13:54 - 2015-04-13 05:29 - 00000000 ____D C:\ProgramData\GarenaMessenger
2016-07-04 13:50 - 2015-04-13 03:53 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-04 13:14 - 2015-05-14 11:00 - 00000000 ____D C:\Windows\Minidump
2016-07-04 13:14 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-04 13:00 - 2014-10-10 07:43 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1802426354-685773147-3862697081-1001
2016-07-03 13:41 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf
2016-07-03 12:48 - 2015-04-13 04:41 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-03 12:47 - 2015-04-13 05:29 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2016-07-03 12:35 - 2013-08-22 22:44 - 00483920 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-03 12:34 - 2015-07-31 09:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-03 12:34 - 2015-07-31 09:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-03 12:30 - 2015-04-20 23:11 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-03 12:30 - 2015-04-20 03:04 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-03 12:30 - 2015-04-20 03:04 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-03 12:30 - 2014-05-24 10:51 - 00000000 ____D C:\Windows\SysWOW64\id-ID
2016-07-03 12:30 - 2014-05-24 10:51 - 00000000 ____D C:\Windows\system32\id-ID
2016-07-03 12:30 - 2014-05-24 10:50 - 00000000 ____D C:\Windows\SysWOW64\vi-VN
2016-07-03 12:30 - 2014-05-24 10:50 - 00000000 ____D C:\Windows\system32\vi-VN
2016-07-03 12:30 - 2014-05-24 10:49 - 00000000 ____D C:\Windows\SysWOW64\hi-IN
2016-07-03 12:30 - 2014-05-24 10:49 - 00000000 ____D C:\Windows\system32\hi-IN
2016-07-03 12:29 - 2013-08-22 23:36 - 00000000 ___RD C:\Windows\ToastData
2016-07-03 12:28 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
2016-07-03 11:35 - 2015-04-17 21:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-07-03 11:31 - 2015-07-31 09:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-03 11:21 - 2013-08-22 21:25 - 00000199 _____ C:\Windows\win.ini
2016-07-03 11:16 - 2015-04-16 22:26 - 00000000 ____D C:\Windows\system32\MRT
2016-07-03 11:11 - 2015-04-20 23:08 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-03 11:02 - 2015-05-02 12:55 - 00000825 _____ C:\Users\John\Downloads\what.txt
2016-07-03 10:25 - 2015-04-22 15:54 - 00451584 ___SH C:\Users\John\Downloads\Thumbs.db
2016-07-02 23:11 - 2015-04-15 18:32 - 00000000 ___DC C:\Users\John\AppData\Local\MigWiz
2016-07-02 23:02 - 2015-04-17 16:53 - 00000000 ____D C:\Users\John\AppData\Roaming\DAEMON Tools Lite
2016-07-02 23:01 - 2016-01-22 09:52 - 00000000 ____D C:\Users\John\AppData\Local\CrashDumps
2016-07-02 21:02 - 2014-10-10 07:37 - 00000000 ____D C:\Users\John
2016-07-02 16:28 - 2016-05-16 00:28 - 00000156 _____ C:\Users\John\AppData\Roaming\WB.CFG
2016-07-02 06:37 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2016-07-02 06:36 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-02 06:02 - 2015-06-20 01:05 - 00000000 ____D C:\Users\John\Documents\School
2016-06-30 20:31 - 2015-11-14 14:14 - 00000000 ____D C:\Games
2016-06-30 10:08 - 2016-04-13 19:39 - 00000000 ____D C:\Users\John\Downloads\Ringtone
2016-06-30 10:05 - 2016-04-25 03:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
2016-06-30 10:05 - 2016-04-25 03:12 - 00000063 _____ C:\Windows\SIERRA.INI
2016-06-30 10:05 - 2015-11-29 09:55 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2016-06-30 10:05 - 2014-10-10 09:26 - 00000000 ____D C:\Users\John\AppData\Local\Deployment
2016-06-30 10:05 - 2014-10-10 07:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-30 10:03 - 2015-04-24 15:26 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-06-30 09:59 - 2016-01-31 17:27 - 00000000 ____D C:\Users\John\AppData\Roaming\.minecraft
2016-06-30 09:48 - 2016-01-31 17:10 - 02463506 _____ () C:\Users\John\Downloads\TLauncher-MCL.exe
2016-06-30 00:43 - 2015-07-01 20:25 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-06-19 11:49 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\NDF
2016-06-18 06:07 - 2015-04-13 04:02 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 17:35 - 2015-06-06 17:04 - 00000000 ____D C:\Users\John\Downloads\Invisible
2016-06-17 14:01 - 2014-03-18 17:53 - 00913806 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-16 04:40 - 2015-04-27 12:39 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-15 15:52 - 2015-04-26 00:57 - 00000000 ____D C:\Users\John\Documents\Prototype
2016-06-15 14:51 - 2015-04-24 05:41 - 00000000 ____D C:\Users\John\Documents\My Games
2016-06-04 00:08 - 2016-05-15 23:31 - 00000000 ____D C:\Users\John\AppData\Local\JDownloader v2.0
 
==================== Files in the root of some directories =======
 
2015-04-15 19:57 - 2016-05-27 20:18 - 0045270 _____ () C:\Users\John\AppData\Roaming\room_v3.dat
2016-05-16 00:28 - 2016-07-02 16:28 - 0000156 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2016-07-02 06:17 - 2016-07-02 06:17 - 0007605 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2014-10-10 07:09 - 2014-10-10 07:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-24 10:27 - 2012-09-07 19:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-05-24 10:27 - 2009-07-22 18:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-24 10:27 - 2012-09-07 19:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\Windows\Tasks\{5D7664AA-C128-C3F0-4DB4-6D70CB005FD9}.job
 
 
Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\avgnt.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\SIntf16.dll
C:\Windows\SysWOW64\SIntf32.dll
C:\Windows\SysWOW64\SIntfNT.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-11 05:44
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:08 AM

Posted 04 July 2016 - 08:39 AM

Duplicate the topic will be locked.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users