Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is Chrome Infected? Fire wall hits.


  • This topic is locked This topic is locked
11 replies to this topic

#1 AndyP5000

AndyP5000

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 17 May 2017 - 06:30 PM

On request I am posting here to help me resolve if I have a compromised system or if it is my Fire Wall blocking true Chrome
data? I know this is an issue for other firewalls and Chrome.
 
This post is the continuation of this one, where i've run several scans and logs are shown:
 
 
Keeping a close eye on my firewall the last three hits I had occured when I opened Chrome to its homepage, no sites visited just Chrome
browser page opened. 
 
I have some fire wall logs also for you to look at. I am not posting all the logs as lots are repeated items over a period of time,
these three grabs reflect the majority of the hits.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017
Ran by Andy (administrator) on ANDY-PC (18-05-2017 00:21:53)
Running from C:\Users\Andy\Downloads
Loaded Profiles: Andy (Available Profiles: Andy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Spotify Ltd) C:\Users\Andy\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\32\WacomDesktopCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9608224 2014-07-01] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-10] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-04-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2017-04-05] (Adobe Systems Incorporated)
HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\...\Run: [Dropbox Update] => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\...\Run: [Spotify Web Helper] => C:\Users\Andy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-24] (Spotify Ltd)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-10] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-10] (AVAST Software)
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-05-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4EF4D434-5E34-4302-8B62-D43107021B2D}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{66DC27E6-83E8-45E2-B033-A8C5F84FEDFB}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-20] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
 
FireFox:
========
FF DefaultProfile: myyia0ln.default
FF ProfilePath: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\myyia0ln.default [2017-05-15]
FF Extension: (Avast SafePrice) - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\myyia0ln.default\Extensions\sp@avast.com.xpi [2017-05-10]
FF Extension: (Avast Online Security) - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\myyia0ln.default\Extensions\wrc@avast.com.xpi [2017-05-10]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-04-12]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2009-08-17] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1187435657-1393944178-3008802676-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Andy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-31] (Citrix Online)
FF Plugin HKU\S-1-5-21-1187435657-1393944178-3008802676-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default [2017-05-18]
CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13]
CHR Extension: (Avast Online Security) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-16]
CHR Extension: (Pinterest Save Button) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
CHR HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-10] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-10] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [310496 2017-05-10] (AVAST Software)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-10] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-10] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [29432 2017-03-15] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [507928 2017-05-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-10] (AVAST Software)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [622624 2010-02-01] (Realtek Semiconductor Corporation                           )
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-18 00:21 - 2017-05-18 00:21 - 00000000 ____D C:\Users\Andy\Downloads\FRST-OlderVersion
2017-05-17 23:52 - 2017-05-17 23:52 - 00000681 _____ C:\Users\Andy\Desktop\bleepcomppost.txt
2017-05-17 19:19 - 2017-05-17 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-05-17 19:19 - 2017-05-17 19:19 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-05-17 19:15 - 2017-05-17 19:16 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Andy\Downloads\cbSetup.exe
2017-05-17 19:12 - 2017-05-17 19:12 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-16 09:05 - 2017-05-16 09:05 - 00000000 ____D C:\ProgramData\Sophos
2017-05-16 09:03 - 2017-05-16 09:03 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-05-16 09:03 - 2017-05-16 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-05-16 09:03 - 2017-05-16 09:03 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-05-16 08:59 - 2017-05-16 09:00 - 166211496 _____ (Sophos Limited) C:\Users\Andy\Downloads\Sophos Virus Removal Tool.exe
2017-05-15 22:44 - 2017-05-15 22:49 - 00205836 _____ C:\TDSSKiller.3.1.0.15_15.05.2017_22.44.44_log.txt
2017-05-15 22:44 - 2017-05-15 22:44 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Andy\Downloads\tdsskiller.exe
2017-05-15 14:10 - 2017-05-15 14:10 - 11583584 _____ (SurfRight B.V.) C:\Users\Andy\Downloads\HitmanPro_x64.exe
2017-05-15 09:10 - 2017-05-15 09:10 - 00000000 ____D C:\Program Files\HitmanPro
2017-05-15 07:42 - 2017-05-15 14:23 - 00000000 ____D C:\ProgramData\HitmanPro
2017-05-15 07:10 - 2017-05-15 07:10 - 04102600 _____ C:\Users\Andy\Downloads\AdwCleaner (1).exe
2017-05-14 22:06 - 2017-05-14 22:06 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Andy\Downloads\rkill.exe
2017-05-14 18:32 - 2017-05-14 18:32 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Andy\Downloads\esetonlinescanner_enu.exe
2017-05-14 18:32 - 2017-05-14 18:32 - 00000000 ____D C:\Users\Andy\AppData\Local\ESET
2017-05-14 10:54 - 2017-05-14 10:54 - 00852798 _____ C:\Users\Andy\Downloads\SecurityCheck.exe
2017-05-14 10:53 - 2017-05-17 22:09 - 00000000 ____D C:\Users\Andy\Desktop\Scans
2017-05-13 01:16 - 2017-05-17 23:40 - 00003351 _____ C:\Users\Andy\Desktop\talknotes.txt
2017-05-10 17:51 - 2017-04-28 02:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 17:51 - 2017-04-28 02:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-10 17:51 - 2017-04-28 02:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-10 17:51 - 2017-04-28 02:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-10 17:51 - 2017-04-28 02:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-10 17:51 - 2017-04-28 02:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-10 17:51 - 2017-04-28 02:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 17:51 - 2017-04-28 02:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-10 17:51 - 2017-04-28 02:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-10 17:51 - 2017-04-28 02:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-10 17:51 - 2017-04-28 02:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-10 17:51 - 2017-04-28 02:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 17:51 - 2017-04-28 02:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-10 17:51 - 2017-04-28 02:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-10 17:51 - 2017-04-28 02:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-10 17:51 - 2017-04-28 02:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-10 17:51 - 2017-04-28 02:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-10 17:51 - 2017-04-28 02:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-10 17:51 - 2017-04-28 02:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-10 17:51 - 2017-04-28 02:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-10 17:51 - 2017-04-28 02:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-10 17:51 - 2017-04-28 02:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-10 17:51 - 2017-04-28 02:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-10 17:51 - 2017-04-28 02:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 17:51 - 2017-04-28 02:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-10 17:51 - 2017-04-28 02:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-10 17:51 - 2017-04-28 01:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-10 17:51 - 2017-04-28 01:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-10 17:51 - 2017-04-28 01:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-10 17:51 - 2017-04-28 01:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-10 17:51 - 2017-04-28 01:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-10 17:51 - 2017-04-28 01:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-10 17:51 - 2017-04-28 01:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 17:51 - 2017-04-28 01:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 17:51 - 2017-04-28 01:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-10 17:51 - 2017-04-28 01:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-10 17:51 - 2017-04-28 01:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-10 17:51 - 2017-04-28 01:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-10 17:51 - 2017-04-28 01:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-10 17:51 - 2017-04-28 01:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-10 17:51 - 2017-04-28 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-10 17:51 - 2017-04-28 01:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 17:51 - 2017-04-28 01:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 17:51 - 2017-04-28 01:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 17:51 - 2017-04-28 01:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-10 17:51 - 2017-04-26 15:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 17:51 - 2017-04-21 16:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-10 17:51 - 2017-04-21 16:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-10 17:51 - 2017-04-20 01:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-10 17:51 - 2017-04-20 00:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-10 17:51 - 2017-04-17 16:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 17:51 - 2017-04-17 16:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 17:51 - 2017-04-17 16:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 17:51 - 2017-04-17 16:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-10 17:51 - 2017-04-17 16:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-10 17:51 - 2017-04-17 16:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 17:51 - 2017-04-17 16:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 17:51 - 2017-04-17 16:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-10 17:51 - 2017-04-17 15:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-10 17:51 - 2017-04-16 09:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-10 17:51 - 2017-04-16 09:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-10 17:51 - 2017-04-16 09:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-10 17:51 - 2017-04-16 09:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-10 17:51 - 2017-04-16 09:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-10 17:51 - 2017-04-16 09:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-10 17:51 - 2017-04-16 09:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-10 17:51 - 2017-04-16 09:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-10 17:51 - 2017-04-16 09:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-10 17:51 - 2017-04-16 09:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-10 17:51 - 2017-04-16 09:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-10 17:51 - 2017-04-16 09:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-10 17:51 - 2017-04-16 09:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-10 17:51 - 2017-04-16 09:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-10 17:51 - 2017-04-16 09:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-10 17:51 - 2017-04-16 09:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-10 17:51 - 2017-04-16 09:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-10 17:51 - 2017-04-16 09:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-10 17:51 - 2017-04-16 09:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-10 17:51 - 2017-04-16 09:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-10 17:51 - 2017-04-16 09:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-10 17:51 - 2017-04-16 09:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-10 17:51 - 2017-04-16 09:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-10 17:51 - 2017-04-16 09:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-10 17:51 - 2017-04-16 09:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-10 17:51 - 2017-04-16 08:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-10 17:51 - 2017-04-16 08:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-10 17:51 - 2017-04-16 08:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-10 17:51 - 2017-04-16 08:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-10 17:51 - 2017-04-16 08:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-10 17:51 - 2017-04-16 08:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-10 17:51 - 2017-04-16 08:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-10 17:51 - 2017-04-16 08:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-10 17:51 - 2017-04-16 08:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-10 17:51 - 2017-04-16 08:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-10 17:51 - 2017-04-16 08:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-10 17:51 - 2017-04-16 08:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-10 17:51 - 2017-04-16 08:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-10 17:51 - 2017-04-16 08:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-10 17:51 - 2017-04-16 08:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-10 17:51 - 2017-04-16 08:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-10 17:51 - 2017-04-16 08:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-10 17:51 - 2017-04-16 08:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-10 17:51 - 2017-04-16 08:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-10 17:51 - 2017-04-16 08:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-10 17:51 - 2017-04-16 08:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-10 17:51 - 2017-04-16 08:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-10 17:51 - 2017-04-16 08:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-10 17:51 - 2017-04-16 08:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-10 17:51 - 2017-04-16 08:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-10 17:51 - 2017-04-16 08:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-10 17:51 - 2017-04-16 08:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-10 17:51 - 2017-04-16 07:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-10 17:51 - 2017-04-16 07:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-10 17:51 - 2017-04-16 07:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-10 17:51 - 2017-04-16 07:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-10 17:51 - 2017-04-16 07:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-10 17:51 - 2017-04-16 07:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-10 17:51 - 2017-04-12 16:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 17:51 - 2017-04-12 16:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-10 17:51 - 2017-04-12 16:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-10 17:51 - 2017-04-12 16:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-10 17:51 - 2017-04-12 16:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 17:51 - 2017-04-07 16:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 17:51 - 2017-04-07 16:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 17:51 - 2017-04-07 16:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 17:51 - 2017-04-07 16:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 17:51 - 2017-04-05 15:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 17:51 - 2017-04-05 15:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 17:51 - 2017-04-05 15:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-10 17:51 - 2017-04-04 16:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-10 17:51 - 2017-04-04 16:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-10 17:51 - 2017-04-04 16:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-10 17:51 - 2017-04-04 15:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-10 17:51 - 2017-04-04 15:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-10 17:51 - 2017-03-10 17:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-10 17:51 - 2017-03-10 17:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-10 17:51 - 2017-03-10 17:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-10 17:51 - 2017-03-10 17:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-10 17:51 - 2017-03-10 16:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-10 17:51 - 2017-03-10 16:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-10 17:51 - 2017-03-10 16:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-10 17:50 - 2017-04-28 02:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-10 17:50 - 2017-04-28 02:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-10 17:50 - 2017-04-28 02:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-10 17:50 - 2017-04-28 02:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-10 17:50 - 2017-04-28 02:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-10 17:50 - 2017-04-28 02:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-10 17:50 - 2017-04-28 02:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-10 17:50 - 2017-04-28 02:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-10 17:50 - 2017-04-28 01:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-10 17:50 - 2017-04-28 01:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-10 17:50 - 2017-04-28 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-10 17:50 - 2017-04-28 01:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-10 17:50 - 2017-04-28 01:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-10 17:50 - 2017-04-28 01:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-10 17:50 - 2017-04-28 01:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-10 17:50 - 2017-04-28 01:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-10 17:50 - 2017-04-28 01:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-10 17:50 - 2017-04-28 01:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-10 17:50 - 2017-04-28 01:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-10 17:50 - 2017-04-28 01:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 17:50 - 2017-04-28 01:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-10 17:50 - 2017-04-16 10:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-10 17:50 - 2017-04-16 10:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-10 17:50 - 2017-04-16 09:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-10 17:50 - 2017-04-16 09:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-10 17:50 - 2017-04-16 09:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-10 17:50 - 2017-04-16 09:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-10 17:50 - 2017-04-16 08:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-10 17:50 - 2017-04-16 08:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-10 17:50 - 2017-04-12 16:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-10 17:50 - 2017-04-12 16:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-10 17:50 - 2017-04-12 16:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-10 17:50 - 2017-04-07 16:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-10 17:50 - 2017-03-09 17:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-10 17:50 - 2017-03-09 17:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-05-10 10:09 - 2017-05-10 10:09 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-08 09:32 - 2017-05-08 09:32 - 00000858 _____ C:\Users\Andy\Desktop\eclipsenotes.txt
2017-05-07 12:16 - 2017-05-07 18:51 - 00002506 _____ C:\Users\Andy\Desktop\puzzle notes.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-18 00:22 - 2016-10-25 23:30 - 00023821 _____ C:\Users\Andy\Downloads\FRST.txt
2017-05-18 00:21 - 2016-10-25 23:30 - 02429952 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
2017-05-18 00:21 - 2016-10-25 23:30 - 00000000 ____D C:\FRST
2017-05-18 00:19 - 2016-01-31 11:04 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1187435657-1393944178-3008802676-1000.job
2017-05-18 00:13 - 2017-03-15 02:28 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-18 00:05 - 2015-06-14 07:03 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1187435657-1393944178-3008802676-1000UA.job
2017-05-17 23:16 - 2016-01-31 11:04 - 00000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1187435657-1393944178-3008802676-1000.job
2017-05-17 22:13 - 2016-10-22 11:28 - 00000696 _____ C:\Users\Andy\Desktop\Daylies.txt
2017-05-17 19:42 - 2009-07-14 06:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-17 19:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-05-17 19:13 - 2014-07-22 14:42 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Dropbox
2017-05-17 17:25 - 2014-11-13 12:40 - 00000000 ____D C:\Users\Andy\AppData\Local\Spotify
2017-05-17 16:53 - 2014-07-07 12:57 - 00000132 _____ C:\Users\Andy\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-05-17 15:41 - 2014-11-13 12:39 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Spotify
2017-05-17 14:11 - 2009-07-14 05:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-17 14:11 - 2009-07-14 05:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-17 10:13 - 2014-07-02 16:39 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Skype
2017-05-17 10:05 - 2015-06-14 07:03 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1187435657-1393944178-3008802676-1000Core.job
2017-05-17 02:00 - 2014-07-02 16:53 - 00000000 ____D C:\Users\Andy\AppData\Local\Adobe
2017-05-16 13:35 - 2017-02-27 15:28 - 00000000 ____D C:\Users\Andy\AppData\Local\CrashDumps
2017-05-16 13:32 - 2016-10-01 11:14 - 00004737 _____ C:\Users\Andy\Desktop\timesworkedfreelance.txt
2017-05-16 12:33 - 2014-07-02 10:01 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-16 12:33 - 2014-07-02 10:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-15 10:05 - 2014-10-28 14:34 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-05-15 07:12 - 2015-04-02 10:30 - 00000000 ____D C:\AdwCleaner
2017-05-14 11:00 - 2016-01-11 16:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-13 12:20 - 2017-02-06 15:12 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EA97D9B3-933F-4937-858C-FFE66DACACF0}
2017-05-13 12:11 - 2014-07-01 16:21 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-13 12:11 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-13 09:21 - 2014-07-02 16:33 - 00158880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-13 01:09 - 2016-10-31 00:05 - 00003453 _____ C:\Users\Andy\Desktop\followups.txt
2017-05-11 14:08 - 2014-07-02 10:17 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-11 14:08 - 2014-07-02 10:17 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-11 14:08 - 2014-07-02 10:17 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-11 14:08 - 2014-07-02 10:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-11 14:08 - 2014-07-02 10:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-11 12:36 - 2017-03-17 11:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-11 12:36 - 2014-07-02 16:39 - 00000000 ____D C:\ProgramData\Skype
2017-05-11 04:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2017-05-11 03:29 - 2009-07-14 05:45 - 05161736 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-11 03:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-11 03:08 - 2014-07-02 10:04 - 00765656 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-11 03:05 - 2014-07-02 10:06 - 00000000 ____D C:\Windows\system32\MRT
2017-05-11 03:02 - 2014-07-02 10:06 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-10 10:10 - 2015-12-14 14:46 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1447432211
2017-05-10 10:09 - 2017-03-15 02:28 - 00334576 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-05-10 10:09 - 2017-03-15 02:28 - 00311808 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-05-10 10:09 - 2017-03-15 02:28 - 00190256 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-05-10 10:09 - 2017-03-15 02:28 - 00049016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-05-10 10:09 - 2016-05-02 13:20 - 00507928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-05-10 10:09 - 2014-07-02 16:33 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-10 10:09 - 2014-07-02 16:33 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-10 10:09 - 2014-07-02 16:33 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-10 10:09 - 2014-07-02 16:33 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-10 10:09 - 2014-07-02 16:33 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-10 10:09 - 2014-07-02 16:33 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-10 10:09 - 2014-07-02 16:33 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-10 10:09 - 2014-07-02 16:33 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-07 07:12 - 2016-01-31 11:04 - 00003674 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1187435657-1393944178-3008802676-1000
2017-05-07 07:12 - 2016-01-31 11:04 - 00003578 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1187435657-1393944178-3008802676-1000
2017-05-04 14:13 - 2014-12-23 17:15 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-03 10:40 - 2014-07-22 14:54 - 00000000 ___RD C:\Users\Andy\Dropbox
2017-04-28 09:24 - 2014-07-02 10:00 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 09:24 - 2014-07-02 10:00 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-21 08:00 - 2014-10-24 11:14 - 00001922 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2017-04-21 07:55 - 2014-07-18 10:28 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-20 23:11 - 2015-10-26 15:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-20 12:53 - 2014-07-02 10:16 - 00000000 ____D C:\ProgramData\Oracle
2017-04-20 12:52 - 2014-10-16 08:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-20 12:51 - 2014-10-16 08:33 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
 
==================== Files in the root of some directories =======
 
2017-02-16 13:27 - 2017-02-16 13:27 - 0000132 _____ () C:\Users\Andy\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2015-06-10 11:48 - 2015-06-10 11:48 - 0000132 _____ () C:\Users\Andy\AppData\Roaming\Adobe GIF Format CS5 Prefs
2015-03-11 16:18 - 2015-07-16 10:33 - 0000132 _____ () C:\Users\Andy\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2014-07-07 12:57 - 2017-05-17 16:53 - 0000132 _____ () C:\Users\Andy\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-07-07 12:56 - 2016-05-23 11:25 - 0000132 _____ () C:\Users\Andy\AppData\Roaming\Adobe Targa Format CS5 Prefs
2015-05-13 14:37 - 2016-04-25 15:20 - 0000033 _____ () C:\Users\Andy\AppData\Roaming\AdobeWLCMCache.dat
2015-10-14 16:18 - 2015-10-14 16:18 - 0000028 _____ () C:\Users\Andy\AppData\Roaming\kulerdata.json
2014-07-07 10:20 - 2016-10-25 15:57 - 0001456 _____ () C:\Users\Andy\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-07-14 15:08 - 2016-01-18 14:43 - 0001456 _____ () C:\Users\Andy\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-10-19 09:22 - 2016-10-19 09:22 - 0003584 _____ () C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-04 16:25 - 2017-04-04 16:25 - 0001304 _____ () C:\Users\Andy\AppData\Local\recently-used.xbel
2014-11-28 17:01 - 2016-07-28 10:29 - 0007632 _____ () C:\Users\Andy\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
2014-09-27 09:06 - 2014-09-27 09:06 - 0293344 _____ (Adobe Systems Incorporated) C:\Users\Andy\AppData\Local\Temp\AAMHelper.exe
2015-01-05 12:31 - 2013-11-25 18:30 - 0015752 _____ (Autodesk, Inc.) C:\Users\Andy\AppData\Local\Temp\AcDeltree.exe
2014-09-27 09:04 - 2012-09-20 09:10 - 1931208 _____ (Adobe Systems Incorporated) C:\Users\Andy\AppData\Local\Temp\AdobeApplicationManager.exe
2014-08-13 16:01 - 2014-08-13 16:01 - 0007224 _____ () C:\Users\Andy\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2015-09-02 17:15 - 2015-09-02 17:15 - 0310720 _____ (Lavasoft) C:\Users\Andy\AppData\Local\Temp\d0d253bc-1b00-4ec7-b361-cd42d5946689.exe
2015-12-10 04:31 - 2015-12-10 04:31 - 0071168 _____ () C:\Users\Andy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp18elbg.dll
2015-01-05 18:05 - 2015-02-04 11:00 - 1950000 _____ (Flexera Software LLC) C:\Users\Andy\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
2014-07-28 06:15 - 2014-07-28 06:15 - 0918440 _____ (Oracle Corporation) C:\Users\Andy\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
2014-09-29 18:06 - 2014-09-29 18:06 - 0937896 _____ (Oracle Corporation) C:\Users\Andy\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2016-08-18 11:53 - 2016-08-18 11:53 - 0741440 _____ (Oracle Corporation) C:\Users\Andy\AppData\Local\Temp\jre-8u101-windows-au.exe
2017-02-04 01:10 - 2017-02-04 01:10 - 0739904 _____ (Oracle Corporation) C:\Users\Andy\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-04-20 12:49 - 2017-04-20 12:49 - 0739904 _____ (Oracle Corporation) C:\Users\Andy\AppData\Local\Temp\jre-8u131-windows-au.exe
2014-12-18 18:29 - 2014-12-18 18:29 - 0641448 _____ (Oracle Corporation) C:\Users\Andy\AppData\Local\Temp\jre-8u31-windows-au.exe
2015-03-13 12:20 - 2015-03-13 12:20 - 0561576 _____ (Oracle Corporation) C:\Users\Andy\AppData\Local\Temp\jre-8u40-windows-au.exe
2015-07-18 10:05 - 2015-07-18 10:05 - 0563808 _____ (Oracle Corporation) C:\Users\Andy\AppData\Local\Temp\jre-8u51-windows-au.exe
2015-10-27 12:18 - 2015-10-27 12:18 - 0585824 _____ (Oracle Corporation) C:\Users\Andy\AppData\Local\Temp\jre-8u65-windows-au.exe
2015-11-30 10:26 - 2015-11-30 10:26 - 0585824 _____ (Oracle Corporation) C:\Users\Andy\AppData\Local\Temp\jre-8u66-windows-au.exe
2016-02-08 10:49 - 2016-02-08 10:49 - 0736352 _____ (Oracle Corporation) C:\Users\Andy\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-03-26 09:01 - 2016-03-26 09:01 - 0736320 _____ (Oracle Corporation) C:\Users\Andy\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-05-02 19:16 - 2016-05-02 19:16 - 0739904 _____ (Oracle Corporation) C:\Users\Andy\AppData\Local\Temp\jre-8u91-windows-au.exe
2010-06-14 21:43 - 2010-06-14 21:43 - 0353112 ____R (Microsoft Corporation) C:\Users\Andy\AppData\Local\Temp\MSN2E12.exe
2014-07-21 19:12 - 2014-05-20 00:10 - 1203248 _____ (NVIDIA Corporation) C:\Users\Andy\AppData\Local\Temp\nvSCPAPI.dll
2014-07-21 20:54 - 2014-05-20 00:10 - 0822216 _____ (NVIDIA Corporation) C:\Users\Andy\AppData\Local\Temp\nvStInst.exe
2015-03-03 16:26 - 2015-03-03 16:27 - 102779712 _____ (PopcornFX) C:\Users\Andy\AppData\Local\Temp\PopcornFX-Editor_Setup_v1.7.3.23804.exe
2015-10-27 12:14 - 2016-05-16 10:19 - 45198968 _____ (Skype Technologies S.A.) C:\Users\Andy\AppData\Local\Temp\SkypeSetup.exe
2013-06-14 20:11 - 2013-06-14 20:11 - 16024352 _____ () C:\Users\Andy\AppData\Local\Temp\topazfusion2_setup.exe
2014-07-01 16:42 - 2014-07-01 16:33 - 0455600 _____ (Macrovision Corporation) C:\Users\Andy\AppData\Local\Temp\_isE252.exe
2007-01-20 12:46 - 2007-01-20 12:46 - 0455600 ____R (Macrovision Corporation) C:\Users\Andy\AppData\Local\Temp\_isF20C.exe
2017-02-02 00:48 - 2017-02-02 00:48 - 0000000 _____ () C:\Users\Andy\AppData\Local\Temp\{86A23387-0E16-4BA4-843D-CEE31AA51765}-DropboxClient_19.4.12.exe
2017-04-06 18:13 - 2017-04-06 18:13 - 78004696 _____ (Dropbox, Inc.) C:\Users\Andy\AppData\Local\Temp\{9086C533-427B-4A2B-BC08-9B4A253CE40E}-DropboxClient_23.4.18.exe
2015-10-03 01:15 - 2015-10-03 01:15 - 50771064 _____ (Dropbox, Inc.) C:\Users\Andy\AppData\Local\Temp\{E815DCAC-0BC4-45AB-9271-480590C1F561}-DropboxClient_3.10.7.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-13 01:47
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by Andy (18-05-2017 00:23:05)
Running from C:\Users\Andy\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-07-01 14:47:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1187435657-1393944178-3008802676-500 - Administrator - Disabled)
Andy (S-1-5-21-1187435657-1393944178-3008802676-1000 - Administrator - Enabled) => C:\Users\Andy
Guest (S-1-5-21-1187435657-1393944178-3008802676-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1187435657-1393944178-3008802676-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.1.181 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\ILST_19_2_0) (Version: 19.2.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk)
Autodesk DirectConnect 2015 64-bit Hotfix1 (HKLM\...\Autodesk DirectConnect 2015 64-bit_9001) (Version: 9.0.56.4 - Autodesk)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Dropbox (HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\...\Dropbox) (Version: 26.4.24 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.24.1 (HKLM-x32\...\FileZilla Client) (Version: 3.24.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GoToMeeting 8.5.0.6956 (HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\...\GoToMeeting) (Version: 8.5.0.6956 - CitrixOnline)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{650AF771-456D-418F-BFC7-F6FFC9D0235C}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{FEB2C4AA-661E-483F-9626-21A8ACFD10F2}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.0 - Smith Micro)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 53.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-GB)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.2 - OBS Project)
OpenOffice 4.1.0 (HKLM-x32\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
photoFXlab (HKLM-x32\...\photoFXlab) (Version: 1.2.8 - Topaz Labs)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Sculptris Alpha 6 (HKLM-x32\...\Sculptris Alpha 6 Alpha 6) (Version: Alpha 6 - Pixologic)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spotify (HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
SpriteIlluminator (HKLM-x32\...\{7B75E002-B64A-4162-937A-F117E7C9D5DD}) (Version: 1.2.0 - code-and-web.de)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TexturePacker (HKLM\...\{16EF854E-5E03-4A72-88C8-9ADBEFFECEAD}) (Version: 3.9.1 - code-and-web.de)
Topaz Impression (HKLM\...\Topaz Impression) (Version: 1.1.0 - Topaz Labs, LLC)
Unity Web Player (HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
VSDC Free Video Editor version 5.5.0.601 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.5.0.601 - Flash-Integro LLC)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Andy\AppData\Local\Citrix\GoToMeeting\4099\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00AE8DCD-34DF-407B-82A3-1D402489B6C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {1430F8C2-D8F6-405C-8520-E28D6F2E262E} - System32\Tasks\AdobeAAMUpdater-1.0-Andy-PC-Andy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {2BDB5C05-4233-47DC-875F-3A420D3DBE4F} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2015-11-25] (Adobe Systems Incorporated)
Task: {3895E38A-B9B0-4189-B48D-B336B154E020} - System32\Tasks\G2MUploadTask-S-1-5-21-1187435657-1393944178-3008802676-1000 => C:\Users\Andy\AppData\Local\Citrix\GoToMeeting\6956\g2mupload.exe [2017-05-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {49975545-8BD8-4C15-B692-B1DFB06FFEC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4A8C8079-3A08-4DD4-BEEF-F2450BE294FA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1187435657-1393944178-3008802676-1000Core => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {5F842C0E-8AB0-4E73-A78C-3990D82D3F23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {61D04ADE-CCE5-47A0-A2DD-9D31773B939C} - System32\Tasks\SafeZone scheduled Autoupdate 1447432211 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {836B5FF8-8EED-4CD3-9C86-088DED36126F} - System32\Tasks\G2MUpdateTask-S-1-5-21-1187435657-1393944178-3008802676-1000 => C:\Users\Andy\AppData\Local\Citrix\GoToMeeting\6956\g2mupdate.exe [2017-05-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {9272E986-2673-4B4A-A405-02F5D9A61004} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1187435657-1393944178-3008802676-1000UA => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {9774D943-9846-41DF-97ED-98EA6A555E61} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {9AB83CAC-8ED3-49EB-BFAD-657FFFAC65BD} - System32\Tasks\{22FD0F56-497D-4C00-BAB9-FABFC97D8D8D} => pcalua.exe -a "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe" -c --uninstall
Task: {A37B5359-CCBC-441D-9212-A3E463B11C5C} - System32\Tasks\{06C9D515-69D3-4C6B-A003-0E88872B8524} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.85.101/en/eula
Task: {EE64A8E2-A072-43EE-AFD9-6B02A78C4CBD} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {EFC2FB2A-BA28-4840-8952-5BDCF4B02816} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {F3082D7A-E8C8-4995-9CBD-4A2C87883520} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-11] (Adobe Systems Incorporated)
Task: {FF299B72-E013-4435-B800-A665E26EAA8F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-10] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1187435657-1393944178-3008802676-1000Core.job => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1187435657-1393944178-3008802676-1000UA.job => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1187435657-1393944178-3008802676-1000.job => C:\Users\Andy\AppData\Local\Citrix\GoToMeeting\6956\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1187435657-1393944178-3008802676-1000.job => C:\Users\Andy\AppData\Local\Citrix\GoToMeeting\6956\g2mupload.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-11-14 05:23 - 2015-11-14 05:23 - 00553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-02-21 22:09 - 2017-02-21 22:09 - 00052392 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-10 10:09 - 2017-05-10 10:09 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-05-10 10:09 - 2017-05-10 10:09 - 00825960 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-05-10 10:09 - 2017-05-10 10:09 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2014-07-21 19:11 - 2015-02-04 03:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-04 00:40 - 2014-04-21 23:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-05-10 10:09 - 2017-05-10 10:09 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-10 10:09 - 2017-05-10 10:09 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-10 10:09 - 2017-05-10 10:09 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-12 12:24 - 2017-05-12 12:24 - 06032680 _____ () C:\Program Files\AVAST Software\Avast\defs\17051200\algo.dll
2017-05-10 10:09 - 2017-05-10 10:09 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-10 10:09 - 2017-05-10 10:09 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-05-16 14:31 - 2017-05-16 14:31 - 06084088 _____ () C:\Program Files\AVAST Software\Avast\defs\17051602\algo.dll
2017-05-17 13:53 - 2017-05-17 13:53 - 06084096 _____ () C:\Program Files\AVAST Software\Avast\defs\17051714\algo.dll
2017-05-18 00:20 - 2017-05-18 00:20 - 05978624 _____ () C:\Program Files\AVAST Software\Avast\defs\17051724\algo.dll
2015-01-05 11:23 - 2014-12-05 03:27 - 00055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2015-01-05 11:23 - 2014-12-05 03:27 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2017-05-10 10:09 - 2017-05-10 10:09 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-10 10:09 - 2017-05-10 10:09 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-10 10:09 - 2017-05-10 10:09 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\en_ae\AcroTray.mea
2017-05-16 12:33 - 2017-05-09 09:12 - 02864984 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-16 12:33 - 2017-05-09 09:12 - 00087384 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-05-17 19:12 - 2017-05-16 21:55 - 00871744 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-05-17 19:12 - 2017-04-26 01:38 - 00035792 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-05-17 19:12 - 2017-04-26 01:38 - 00100296 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-05-17 19:12 - 2017-04-26 01:38 - 00018888 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\select.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00019776 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00020824 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-05-17 19:12 - 2017-04-26 01:39 - 00123856 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-05-17 19:12 - 2017-04-26 01:38 - 00694224 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 01729360 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00020816 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-05-17 19:12 - 2017-04-26 01:38 - 00145864 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-05-17 19:12 - 2017-04-26 01:39 - 00019408 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-05-17 19:12 - 2017-04-26 01:38 - 00116688 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-05-17 19:12 - 2017-04-26 01:40 - 00105928 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-05-17 19:12 - 2017-05-16 22:01 - 00022864 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00060736 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00038712 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-05-17 19:12 - 2017-04-26 01:40 - 00024528 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-05-17 19:12 - 2017-04-26 01:38 - 00392656 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-05-17 19:12 - 2017-04-26 01:40 - 00020936 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-05-17 19:12 - 2017-04-26 01:40 - 00116176 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00392512 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-05-17 19:12 - 2017-04-26 01:40 - 00124880 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-05-17 19:12 - 2017-05-16 22:01 - 00026456 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-05-17 19:12 - 2017-04-26 01:40 - 00024016 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-05-17 19:12 - 2017-04-26 01:40 - 00175560 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-05-17 19:12 - 2017-04-26 01:40 - 00030160 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-05-17 19:12 - 2017-04-26 01:40 - 00043472 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-05-17 19:12 - 2017-04-26 01:40 - 00048592 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-05-17 19:12 - 2017-04-26 01:40 - 00057808 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-05-17 19:12 - 2017-04-26 01:40 - 00024016 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00246608 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00027488 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00022336 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-05-17 19:12 - 2017-05-16 22:01 - 00082264 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2017-05-17 19:12 - 2017-05-16 22:01 - 00025432 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-05-17 19:12 - 2017-04-26 01:40 - 00028616 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 01826104 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-05-17 19:12 - 2017-04-26 01:39 - 00083912 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\sip.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 01972024 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 03928896 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00171336 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00042816 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00531264 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00133432 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00224064 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00207680 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-05-17 19:12 - 2017-04-26 01:40 - 00060880 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-05-17 19:12 - 2017-05-16 22:01 - 00054608 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-05-17 19:12 - 2017-05-16 22:01 - 00022864 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-05-17 19:12 - 2017-05-16 22:01 - 00022872 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-05-17 19:12 - 2017-05-16 22:01 - 00021848 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-05-17 19:12 - 2017-05-16 22:01 - 00022872 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-05-17 19:12 - 2017-04-26 01:40 - 00349128 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-05-17 19:12 - 2017-05-16 22:01 - 00023896 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00025936 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-05-17 19:12 - 2017-04-26 01:34 - 00036296 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\librsync.dll
2017-05-17 19:12 - 2017-05-16 22:00 - 00084288 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-05-17 19:12 - 2017-05-16 22:01 - 00030536 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2017-05-17 19:12 - 2017-04-26 01:43 - 00017864 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-05-17 19:12 - 2017-04-26 01:43 - 01631184 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-05-17 19:12 - 2017-05-16 22:01 - 00026456 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00546104 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-05-17 19:12 - 2017-05-16 22:00 - 00357688 _____ () C:\Users\Andy\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\...\skype.com -> hxxps://apps.skype.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Andy\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Andy\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7044EE9D-D4AF-4FB2-95DF-3A5083C17448}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{60B5F557-0439-40C0-8034-FED7BF7C3899}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{7CD68D62-30F0-4DB5-AE21-D215F3351890}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{95605100-3EFB-494E-B238-A52691C14DF0}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{88142FF0-B206-405A-8464-CBD03ECA4D03}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8AB857E5-A908-4488-8405-5E85A9503C95}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A05BEC66-B634-4A8C-BB86-227C5711DC2E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0DBD6F42-AE25-4288-8CA6-6F26AFF0990B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7A13F0AA-F288-497C-9343-1B17C1FAA95E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6E960515-C3B8-417B-8744-0BE8F1EC20BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{053BF4EC-FE03-4445-9BD2-B924A75A3C63}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E3ECF277-9259-4CB8-BA4F-9FBBA6F26CE9}] => (Allow) C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{28D61E8D-7A34-42D7-B825-F545DC7B9824}] => (Allow) C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F0B95625-B12A-42AE-9498-CC10D4F65A4D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3C25FBC1-FD47-4A13-A724-F5E9E1A47627}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2A064AB3-43FC-4A13-90E7-0D3EF30C9AFC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8E2F75F3-5CB3-4EBF-AA66-12971D339E7F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{3D0BEFEA-6C93-418A-B809-4B7CB115FB59}C:\users\andy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\andy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BBB37CF1-DB91-4A65-AF4D-D1D7A65EC67A}C:\users\andy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\andy\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7F2F9E95-BA5C-4285-9C36-F29438F975CF}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{BA20D945-B733-44F6-808F-23DADC39875D}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{C6346811-39A9-4037-A7B7-A6645620D7E3}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [{6508B945-359B-4A64-9CD3-7D7738AA3E56}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [{58EC373C-247E-455F-B2A2-0646F5E34860}] => (Allow) C:\Users\Andy\AppData\Local\Temp\7zS2BE5\HPDiagnosticCoreUI.exe
FirewallRules: [{EE87DB04-6A6C-4D36-8FBD-CE8CD820029E}] => (Allow) C:\Users\Andy\AppData\Local\Temp\7zS2BE5\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{AB332A0D-6647-46A1-9D5D-232DDAD5A266}C:\users\andy\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\andy\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{ED48D696-A97D-4DC7-94BC-A8B85EA654BF}C:\users\andy\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\andy\appdata\local\akamai\netsession_win.exe
FirewallRules: [{D7DE6328-140A-450C-8F32-931B4B2A6E6B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7BBB953F-373D-4F2B-9C3C-FA2B167810E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{73CB5EBB-BCFC-48BB-9383-8C27E8D006B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{04C6F109-3FCC-4FC3-90D3-C5E2311802BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5D245EE2-5C3B-4350-8185-61F17099E609}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F97223DE-F61C-46BD-9DD4-8BFB97D2F350}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{86515F35-5F43-4AC6-B81A-EFA3849EF3D4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D0991D09-5F6E-4D4F-8A96-5F8FA5985899}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{3FB0BFD7-1692-4868-B664-9CE8447DC9EC}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{45BB42FF-8BCA-4286-AE75-97A2F7181B2A}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{6DB6272B-92B5-4121-B1D4-EF2F1C200417}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{E2D2D719-3E4A-4E08-81EA-16BB1FD92C1C}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{53E9EF31-EEE4-4C0C-AE3B-944643844436}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{828E573A-83FA-4E91-8FBC-D71E93B418E4}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{7E715660-4C77-4950-9959-16DB359C1ECB}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_1\SZBrowser.exe
FirewallRules: [{F96C60C0-E6EE-40B9-ACCD-32C2EBE80D8B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
04-03-2017 15:17:45 JRT Pre-Junkware Removal
12-03-2017 01:00:05 Scheduled Checkpoint
15-03-2017 02:29:13 Device Driver Package Install: Avast Network Service
15-03-2017 13:33:23 Windows Update
16-03-2017 11:57:25 JRT Pre-Junkware Removal
24-03-2017 01:00:05 Scheduled Checkpoint
31-03-2017 01:26:52 Scheduled Checkpoint
08-04-2017 02:23:23 Scheduled Checkpoint
12-04-2017 03:00:23 Windows Update
14-04-2017 11:18:55 JRT Pre-Junkware Removal
20-04-2017 15:30:21 Windows Backup
28-04-2017 00:00:08 Scheduled Checkpoint
06-05-2017 00:00:08 Scheduled Checkpoint
11-05-2017 03:00:21 Windows Update
15-05-2017 07:13:55 JRT Pre-Junkware Removal
16-05-2017 09:01:28 Installed Sophos Virus Removal Tool.
17-05-2017 20:21:56 Windows Backup
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/17/2017 03:07:17 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (05/16/2017 01:34:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Manga Studio.exe, version: 5.0.0.0, time stamp: 0x50acf1de
Faulting module name: Wintab32.dll_unloaded, version: 0.0.0.0, time stamp: 0x55d76e14
Exception code: 0xc0000005
Fault offset: 0x000007fef5449019
Faulting process id: 0x4b0
Faulting application start time: 0x01d2ce407efeaa08
Faulting application path: C:\Program Files\Smith Micro\Manga Studio 5E\Manga Studio\Manga Studio.exe
Faulting module path: Wintab32.dll
Report Id: 0551ccb3-3a34-11e7-b3e2-00064f96a728
 
Error: (05/14/2017 07:00:23 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (05/14/2017 06:30:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Andy\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (05/14/2017 06:30:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Andy\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (05/14/2017 06:30:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Andy\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (05/14/2017 06:29:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Andy\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (05/14/2017 06:29:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Andy\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (05/14/2017 06:29:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Andy\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (05/14/2017 12:29:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Andy\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
 
System errors:
=============
Error: (05/15/2017 02:12:59 PM) (Source: iaStorV) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
 
Error: (05/15/2017 07:14:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/15/2017 07:14:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/14/2017 06:34:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/14/2017 06:34:47 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Andy\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/14/2017 06:34:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/14/2017 06:34:47 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Andy\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/14/2017 06:34:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/14/2017 06:34:46 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Andy\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/14/2017 06:34:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 72%
Total physical RAM: 3063.07 MB
Available physical RAM: 828.29 MB
Total Virtual: 6124.33 MB
Available Virtual: 2661.7 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:292.87 GB) (Free:107.55 GB) NTFS
Drive d: (Data) (Fixed) (Total:303.2 GB) (Free:128.12 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1C5088BA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=303.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 

Attached Files

  • Attached File  01.jpg   137.45KB   0 downloads
  • Attached File  02.jpg   109.59KB   0 downloads
  • Attached File  03.jpg   103.94KB   0 downloads


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,923 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:17 PM

Posted 19 May 2017 - 10:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn your System Restore ON - Windows Help
https://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses
----

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Unity Web Player (HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\...\Run: [AdobeBridge] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast Online Security) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Andy\AppData\Local\Citrix\GoToMeeting\4099\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File

Windows Firewall is disabled.


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Please post the logs and let me know what problem persists.

#3 AndyP5000

AndyP5000
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 20 May 2017 - 08:37 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-05-2017
Ran by Andy (20-05-2017 14:07:25) Run:1
Running from C:\Users\Andy\Downloads
Loaded Profiles: Andy (Available Profiles: Andy)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\...\Run: [AdobeBridge] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast Online Security) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Andy\AppData\Local\Citrix\GoToMeeting\4099\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
 
Windows Firewall is disabled.
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1187435657-1393944178-3008802676-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
HKLM\System\CurrentControlSet\Services\AvastVBoxSvc => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\VBoxAswDrv => key could not remove, key could be protected
HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741} => key removed successfully
HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => key removed successfully
HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3} => key removed successfully
HKU\S-1-5-21-1187435657-1393944178-3008802676-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD} => key removed successfully
Windows Firewall is disabled. => Error: No automatic fix found for this entry.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 96470936 B
Java, Flash, Steam htmlcache => 311422520 B
Windows/system/drivers => 1010147948 B
Edge => 0 B
Chrome => 634912691 B
Firefox => 78663761 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 55326386 B
systemprofile32 => 67900 B
LocalService => 0 B
NetworkService => 59058 B
Andy => 18643159200 B
 
RecycleBin => 11790606582 B
EmptyTemp: => 30.4 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 20-05-2017 14:19:26)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\AvastVBoxSvc => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\VBoxAswDrv => key could not remove, key could be protected
 
==== End of Fixlog 14:19:27 ====
 
 
- running reportrogue now and will post once done


#4 AndyP5000

AndyP5000
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 20 May 2017 - 08:38 AM

System restore was turned off for drive D: but was enabled for C: partition



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,923 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:17 PM

Posted 20 May 2017 - 09:00 AM

Turn ON your Firewall Windows.
https://support.microsoft.com/en-us/instantanswers/c9955ad9-1239-4cb2-988c-982f851617ed/turn-windows-firewall-on-or-off

Let me know if you still have issues with this computer.

#6 AndyP5000

AndyP5000
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 20 May 2017 - 04:37 PM

RogueKiller V12.10.9.0 (x64) [May 15 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Andy [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 05/20/2017 14:35:58 (Duration : 00:38:38)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {58EC373C-247E-455F-B2A2-0646F5E34860} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Andy\AppData\Local\Temp\7zS2BE5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EE87DB04-6A6C-4D36-8FBD-CE8CD820029E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Andy\AppData\Local\Temp\7zS2BE5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {58EC373C-247E-455F-B2A2-0646F5E34860} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Andy\AppData\Local\Temp\7zS2BE5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EE87DB04-6A6C-4D36-8FBD-CE8CD820029E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Andy\AppData\Local\Temp\7zS2BE5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-22A7B2 +++++
--- User ---
[MBR] 0f88f347870b309bcec6babd60a222ea
[BSP] 561bdda16a78faec6db9beed64a537ad : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 299900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 310478 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive5: Generic- SD/MMC/MS/MSPRO USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


#7 AndyP5000

AndyP5000
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 20 May 2017 - 04:40 PM

I've tried to activate Windows firewall but Avast is keeping me from doing so.

 

From the action centre/ security then by clicking on the view firewalls tab it displays both Avast and windows firewall but the button

to turn windows firewall back on has been locked out. 

 

I can't find anyway to override it without uninstalling Avast, which seems counter intuitive.


Edited by AndyP5000, 20 May 2017 - 05:11 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,923 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:17 PM

Posted 21 May 2017 - 07:34 AM


Sorry I missed that. Avast has a Firewall active.

FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}


It's normal that the Windows Firewall is disabled in such a situation.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#9 AndyP5000

AndyP5000
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 23 May 2017 - 03:24 AM

Hmm, 

 

Ok I plugged my router cable in this morning from my PC (I don't run it wireless as it lags and drops out) and i got th prompt of 'Windows has detected an IP Conflict' I checked my firewall log to see if anything had been logged and it has. I had not turned my browser on so was not on any sites.

 

23/05/2017 09:13:14 fe80::9e97:26ff:fe48:da4a 547 fe80::1045:e424:1459:233f 546 UDP In C:\Windows\System32\svchost.exe Public Tcp/Udp In Block
23/05/2017 09:13:15 fe80::9e97:26ff:fe48:da4a 547 fe80::1045:e424:1459:233f 546 UDP In C:\Windows\System32\svchost.exe Public Tcp/Udp In Block
23/05/2017 09:13:17 fe80::9e97:26ff:fe48:da4a 547 fe80::1045:e424:1459:233f 546 UDP In C:\Windows\System32\svchost.exe Public Tcp/Udp In Block
23/05/2017 09:13:18 192.168.1.254 - 192.168.1.70 8 ICMP In Public Icmp Echo In Block
23/05/2017 09:13:19 fe80::9e97:26ff:fe48:da4a - fe80::1045:e424:1459:233f 135 ICMPv6 In Public Icmp6 Neighbor Solicit In Block
 
Why would a conflicted IP address cause firewall hits?
 
Ok I just tried unplugging my cable and placing in another router port... I got another hit on my firewall. Repeated to see if I could replicate but couldn't
 
23/05/2017 09:28:28 :: - ff02::1:ff48:da4a 135 ICMPv6 In Public Icmp6 Neighbor Solicit In Block
 
Could this be caused by faulty cable or router?
 
Ok I have managed to replicate the hits...
 
23/05/2017 09:41:53 192.168.1.254 - 192.168.1.68 8 ICMP In Public Icmp Echo In Block
23/05/2017 09:41:53 fe80::9e97:26ff:fe48:da4a - fe80::1045:e424:1459:233f 1 ICMPv6 Out Public Icmp6 Destination Unreachable Out Block
 
I turned router off, then back on again then plugged the Aethernet cable in and got the hits. plus the IP conflict prompt.

Edited by AndyP5000, 23 May 2017 - 04:18 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,923 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:17 PM

Posted 23 May 2017 - 07:37 AM

Run the RogueKiller tool and delete everything.
This should restore your settings.
===

If that fails reset your router.

Reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

Keep me posted.

#11 AndyP5000

AndyP5000
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 23 May 2017 - 12:51 PM

Ok...

 

So ran RK it found nothing

 

I reset router and changed passwords

 

I checked my firewall. 

 

23/05/2017 18:31:03 192.168.1.254 1900 192.168.1.68 60887 UDP In Public Tcp/Udp In Block
23/05/2017 18:31:03 fe80::9e97:26ff:fe48:da4a - fe80::1045:e424:1459:233f 135 ICMPv6 In Public Icmp6 Neighbor Solicit In Block
23/05/2017 18:31:04 192.168.1.64 1900 192.168.1.68 55739 UDP In Public Tcp/Udp In Block
23/05/2017 18:45:17 :: - ff02::1:ff48:da4a 135 ICMPv6 In Public Icmp6 Neighbor Solicit In Block
 
So each time I turn the router on I still get a hit! 
 
Perhaps my firm ware needs updating? You guys know a secure link for technicolor tg582n ?
 
Or its good old Avast blocking stuff it should not? 

Edited by AndyP5000, 23 May 2017 - 12:52 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,923 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:17 PM

Posted 24 May 2017 - 06:41 AM


This question should be asked in the Networking forum.
here
https://www.bleepingcomputer.com/forums/f/21/networking/
===

Before you create a new topic download and run this tool.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (MTB.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Post your Firewall setting and include the MTB.txt log for the review of an expert.

I will leave this topic open for 6 days. If you need to return please do.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users