Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.01.2019
Ran by miran (administrator) on LAPTOP-F78QGAI8 (22-01-2019 11:05:36)
Running from C:\Users\miran\Desktop
Loaded Profiles: miran (Available Profiles: defaultuser0 & miran)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_svc.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe
(Luminati Networks Ltd.) C:\Program Files\Hola\app\net_updater64.exe
(Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.16.3.21\nsWscSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.242\WsAppService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
(Luminati Networks Ltd.) C:\Program Files\Hola\app\luminati\net_svc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.16.3.21\NortonSecurity.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.16.3.21\NortonSecurity.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Viber Media S.Ã  r.l.) C:\Users\miran\AppData\Local\Viber\Viber.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.895\SSScheduler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\OEM\Preload\FubTool\FubTool.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(SweetLabs, Inc) C:\Users\miran\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
() C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-09-09] (Realtek Semiconductor)
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2506176 2018-12-25] (Hola Networks Ltd.) <==== ATTENTION
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-981184571-1764792196-677826942-1001\...\Run: [Viber] => C:\Users\miran\AppData\Local\Viber\Viber.exe [37099592 2019-01-17] (Viber Media S.Ã  r.l.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-19] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-12-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.895\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 193.162.153.164 194.239.134.83
Tcpip\..\Interfaces\{7e8a7625-0120-4d94-8336-7c39188d4c17}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{f41a2273-7973-4eb5-b50a-cecc9af78f99}: [DhcpNameServer] 193.162.153.164 194.239.134.83

Internet Explorer:
==================
HKU\S-1-5-21-981184571-1764792196-677826942-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-981184571-1764792196-677826942-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-981184571-1764792196-677826942-1001 -> DefaultScope {2DDA7B00-45EB-41AB-92BB-D99693FE4D23} URL = 
SearchScopes: HKU\S-1-5-21-981184571-1764792196-677826942-1001 -> {307A1560-844D-4B83-9E57-8191E25671FB} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-13] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-13] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-13] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-13] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-13] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 2xmop49c.default
FF ProfilePath: C:\Users\miran\AppData\Roaming\Mozilla\Firefox\Profiles\2xmop49c.default [2019-01-22]
FF Extension: (Amazon Assistant for Firefox) - C:\Users\miran\AppData\Roaming\Mozilla\Firefox\Profiles\2xmop49c.default\Extensions\abb-acer@amazon.com [2017-04-24] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Users\miran\AppData\Roaming\Mozilla\Firefox\Profiles\2xmop49c.default\Extensions\langpack-en-US@firefox.mozilla.org [2017-04-24] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Users\miran\AppData\Roaming\Mozilla\Firefox\Profiles\2xmop49c.default\Extensions\partnerdefaults@mozilla.com [2017-04-24] [Legacy]
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com [2017-04-25] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-en-US@firefox.mozilla.org [2017-04-25] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\partnerdefaults@mozilla.com [2017-04-25] [Legacy]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-11] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-981184571-1764792196-677826942-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\miran\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.bing.com/?FORM=SLBRDF&PC=SL09"
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?FORM=SLBRDF&PC=SL10&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}
CHR Profile: C:\Users\miran\AppData\Local\Google\Chrome\User Data\Default [2019-01-22]
CHR Extension: (Slides) - C:\Users\miran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Docs) - C:\Users\miran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\miran\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-24]
CHR Extension: (YouTube) - C:\Users\miran\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\miran\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-11-21]
CHR Extension: (Adobe Acrobat) - C:\Users\miran\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-12-02]
CHR Extension: (Sheets) - C:\Users\miran\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\miran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\miran\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-01-21]
CHR Extension: (Norton Identity Safe) - C:\Users\miran\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-04-24]
CHR Extension: (Grammarly for Chrome) - C:\Users\miran\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\miran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-09]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\miran\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2018-12-05]
CHR Extension: (Gmail) - C:\Users\miran\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\miran\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-23]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.16.3.21\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-08-31] (Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619816 2019-01-04] (Microsoft Corporation)
S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane, Inc.)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-05-26] (Intel Corporation)
R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [20642240 2018-12-25] (Hola Networks Ltd.) <==== ATTENTION
R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [20630464 2018-11-30] (Hola Networks Ltd.) <==== ATTENTION
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-06-29] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887784 2015-09-03] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
R2 luminati_net_updater_win_hola_org; C:\Program Files\Hola\app\net_updater64.exe [2038704 2019-01-16] (Luminati Networks Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.895\McCHSvc.exe [405392 2018-12-11] (McAfee, Inc.)
R2 NortonSecurity; C:\Program Files (x86)\Norton Security\Engine\22.16.3.21\NortonSecurity.exe [328648 2018-12-12] (Symantec Corporation)
R2 nsWscSvc; C:\Program Files (x86)\Norton Security\Engine\22.16.3.21\nsWscSvc.exe [915712 2018-12-12] (Symantec Corporation)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [441136 2016-09-13] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [482608 2016-09-13] (Acer Incorporated)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191768 2018-11-07] (Qualcomm Technologies Inc.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [277080 2017-04-28] (Synaptics Incorporated)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [295840 2016-05-28] (acer)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-11] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-11] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.242\WsAppService.exe [495720 2018-08-29] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\BASHDefs\20181016.001\BHDrvx64.sys [1925104 2018-10-16] (Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\ccSetx64.sys [189152 2018-12-12] (Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [47096 2015-05-26] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43000 2015-05-26] (Intel Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515776 2018-10-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153280 2018-12-23] (Symantec Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-05-26] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes)
R3 iauarte; C:\WINDOWS\System32\drivers\iauarte.sys [112640 2015-06-03] (Intel(R) Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\IPSDefs\20181019.061\IDSvia64.sys [1305072 2018-10-19] (Symantec Corporation)
R3 IecRadioSwitch; C:\WINDOWS\System32\drivers\IecRadioSwitch.sys [22528 2016-09-30] (Inventec Radio Switch Service)
R3 IecRadioSwitch; C:\Windows\SysWOW64\drivers\IecRadioSwitch.sys [22008 2015-06-15] (Inventec Radio Switch Service)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7393264 2016-06-29] (Intel Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-01-22] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [126624 2019-01-22] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72536 2019-01-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-01-22] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [113016 2019-01-22] (Malwarebytes)
R1 MpKsl77994a8d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2311DA68-58A4-49F3-9A84-D518AC2D8687}\MpKsl77994a8d.sys [58120 2019-01-21] (Microsoft Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-10-27] (Realsil Semiconductor Corporation)
S3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSP64.SYS [855256 2018-12-12] (Symantec Corporation)
R3 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SRTSPX64.SYS [49880 2018-12-12] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SYMEFASI64.SYS [1969328 2018-12-12] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\SymELAM.sys [25744 2018-12-12] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-07-15] (Symantec Corporation)
S4 SymEvnt; C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\SymPlatform\SymEvnt.sys [114256 2018-09-27] (Symantec Corporation)
R3 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\Ironx64.SYS [308416 2018-12-12] (Symantec Corporation)
R3 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\symnets.sys [567024 2018-12-12] (Symantec Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66136 2017-04-28] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-15] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-11] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11] (Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1610030.015\wpCtrlDrv.sys [1011056 2018-12-12] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-22 11:05 - 2019-01-22 11:06 - 000023505 _____ C:\Users\miran\Desktop\FRST.txt
2019-01-22 11:05 - 2019-01-22 11:05 - 000000000 ____D C:\FRST
2019-01-22 11:04 - 2019-01-22 11:04 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-01-22 11:02 - 2019-01-22 11:02 - 002428416 _____ (Farbar) C:\Users\miran\Downloads\FRST64.exe
2019-01-22 11:02 - 2019-01-22 11:02 - 002428416 _____ (Farbar) C:\Users\miran\Desktop\FRST64.exe
2019-01-22 11:02 - 2019-01-21 14:38 - 157594920 _____ (AO Kaspersky Lab) C:\Users\miran\Desktop\KVRT.exe
2019-01-22 10:32 - 2019-01-22 10:32 - 000000000 ____D C:\Users\miran\AppData\Local\mbamtray
2019-01-22 10:32 - 2019-01-22 10:32 - 000000000 ____D C:\Users\miran\AppData\Local\mbam
2019-01-22 10:31 - 2019-01-22 10:34 - 000113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-01-22 10:31 - 2019-01-22 10:31 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-01-22 10:31 - 2019-01-22 10:31 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-01-22 10:31 - 2019-01-22 10:31 - 000126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-01-22 10:31 - 2019-01-22 10:31 - 000072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-01-22 10:30 - 2019-01-22 10:30 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-22 10:30 - 2019-01-22 10:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-22 10:30 - 2019-01-22 10:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-22 10:30 - 2019-01-22 10:30 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-22 10:30 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-01-22 10:26 - 2019-01-22 10:27 - 082482456 _____ (Malwarebytes ) C:\Users\miran\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.519-1.0.8888.exe
2019-01-22 10:25 - 2019-01-22 10:25 - 000085600 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\81264146.sys
2019-01-21 14:38 - 2019-01-21 14:39 - 157594920 _____ (AO Kaspersky Lab) C:\Users\miran\Downloads\KVRT (1).exe
2019-01-21 14:38 - 2019-01-21 14:39 - 000000000 ____D C:\KVRT_Data
2019-01-21 14:37 - 2019-01-21 14:38 - 157594920 _____ (AO Kaspersky Lab) C:\Users\miran\Downloads\KVRT.exe
2019-01-21 14:04 - 2019-01-21 14:36 - 000000000 ____D C:\Users\miran\Doctor Web
2019-01-21 14:04 - 2019-01-21 14:04 - 000000000 ____D C:\ProgramData\Doctor Web
2019-01-21 13:58 - 2019-01-21 14:01 - 183339160 _____ C:\Users\miran\Downloads\yfw9g8sw.exe
2019-01-21 00:26 - 2019-01-21 00:26 - 007657592 _____ (ESET spol. s r.o.) C:\Users\miran\Downloads\esetonlinescanner_enu (1).exe
2019-01-21 00:26 - 2019-01-21 00:26 - 000000000 ____D C:\Users\miran\AppData\Local\ESET
2019-01-21 00:25 - 2019-01-21 00:25 - 007657592 _____ (ESET spol. s r.o.) C:\Users\miran\Downloads\esetonlinescanner_enu.exe
2019-01-21 00:10 - 2019-01-21 00:10 - 000000000 ____D C:\Users\miran\AppData\Local\Viber
2019-01-19 10:55 - 2019-01-21 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-01-19 10:55 - 2019-01-19 10:55 - 000002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-01-19 10:55 - 2019-01-19 10:55 - 000002496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-01-19 10:55 - 2019-01-19 10:55 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-01-19 10:55 - 2019-01-19 10:55 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-01-19 10:55 - 2019-01-19 10:55 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-01-19 10:55 - 2019-01-19 10:55 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-01-19 10:55 - 2019-01-19 10:55 - 000002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-01-17 22:18 - 2019-01-17 22:18 - 000003388 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-01-17 22:17 - 2019-01-17 22:17 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-01-17 21:42 - 2019-01-17 21:42 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-981184571-1764792196-677826942-1001
2019-01-15 09:41 - 2019-01-16 01:26 - 000000444 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2019-01-13 12:18 - 2019-01-13 17:35 - 000000000 ____D C:\Users\miran\AppData\Roaming\Klennet
2019-01-13 12:18 - 2019-01-13 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klennet Carver
2019-01-13 12:18 - 2019-01-13 12:18 - 000000000 ____D C:\Program Files\Klennet
2019-01-13 12:15 - 2019-01-13 12:15 - 001199456 _____ (www.klennet.com ) C:\Users\miran\Downloads\klennet-carver-setup (1).exe
2019-01-13 12:14 - 2019-01-13 12:15 - 001199456 _____ (www.klennet.com ) C:\Users\miran\Downloads\klennet-carver-setup.exe
2019-01-13 12:07 - 2019-01-13 12:07 - 000000000 ____D C:\Users\miran\Downloads\testdisk-7.1-WIP.win64
2019-01-13 12:06 - 2019-01-13 12:06 - 022251425 _____ C:\Users\miran\Downloads\testdisk-7.1-WIP.win64.zip
2019-01-13 11:39 - 2019-01-13 11:39 - 018400646 _____ C:\Users\miran\OneDrive\Documents\ZAR Image recovery.Recovery
2019-01-13 10:46 - 2019-01-13 11:37 - 000000000 ____D C:\Program Files\ZAR
2019-01-13 10:46 - 2019-01-13 10:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZAR
2019-01-13 10:45 - 2019-01-13 10:45 - 004955992 _____ (www.z-a-recovery.com ) C:\Users\miran\Downloads\zarXsetup.exe
2019-01-10 17:49 - 2019-01-21 14:35 - 000000000 ____D C:\Users\miran\OneDrive\Documents\ViberDownloads
2019-01-09 23:39 - 2019-01-09 23:39 - 000594439 _____ C:\Users\miran\Downloads\diskdigger.zip
2019-01-09 23:20 - 2019-01-13 12:44 - 000000000 ____D C:\Users\miran\Desktop\Recover
2019-01-09 22:42 - 2017-09-27 17:29 - 000000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config
2019-01-09 22:41 - 2019-01-09 22:43 - 000000000 ____D C:\ProgramData\Wondershare
2019-01-09 22:41 - 2019-01-09 22:41 - 000001360 _____ C:\Users\Public\Desktop\Wondershare Recoverit.lnk
2019-01-09 22:41 - 2019-01-09 22:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2019-01-09 22:41 - 2019-01-09 22:41 - 000000000 ____D C:\Program Files (x86)\Wondershare
2019-01-09 22:17 - 2019-01-09 22:17 - 000000000 ____D C:\Users\miran\AppData\Roaming\R-TT
2019-01-09 22:14 - 2019-01-09 22:17 - 000000000 ____D C:\Users\miran\OneDrive\Documents\R-TT
2019-01-09 11:21 - 2019-01-01 14:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-09 11:21 - 2019-01-01 14:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-09 11:21 - 2019-01-01 14:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-09 11:21 - 2019-01-01 14:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-09 11:21 - 2019-01-01 14:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-09 11:21 - 2019-01-01 14:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-09 11:21 - 2019-01-01 14:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-09 11:21 - 2019-01-01 14:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-09 11:21 - 2019-01-01 14:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-09 11:21 - 2019-01-01 14:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-09 11:21 - 2019-01-01 08:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-09 11:21 - 2019-01-01 08:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-09 11:21 - 2019-01-01 08:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-09 11:21 - 2019-01-01 08:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-09 11:21 - 2019-01-01 08:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-09 11:21 - 2019-01-01 08:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-09 11:21 - 2019-01-01 08:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-09 11:21 - 2019-01-01 08:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-09 11:21 - 2019-01-01 08:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-09 11:21 - 2019-01-01 08:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-09 11:21 - 2019-01-01 08:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-09 11:21 - 2019-01-01 08:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-09 11:21 - 2019-01-01 08:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-09 11:21 - 2019-01-01 08:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-09 11:21 - 2019-01-01 08:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-09 11:21 - 2019-01-01 08:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-09 11:21 - 2019-01-01 08:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-09 11:21 - 2019-01-01 08:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-09 11:21 - 2019-01-01 08:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-09 11:21 - 2019-01-01 08:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-09 11:21 - 2019-01-01 07:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-09 11:21 - 2019-01-01 07:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-09 11:21 - 2019-01-01 07:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-09 11:21 - 2019-01-01 07:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-09 11:21 - 2019-01-01 07:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-09 11:21 - 2019-01-01 07:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-09 11:21 - 2019-01-01 07:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-09 11:21 - 2019-01-01 07:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-09 11:21 - 2019-01-01 07:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-09 11:21 - 2019-01-01 07:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-09 11:21 - 2019-01-01 07:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-09 11:21 - 2019-01-01 07:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-09 11:21 - 2019-01-01 07:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-09 11:21 - 2019-01-01 07:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-09 11:21 - 2019-01-01 07:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-09 11:21 - 2019-01-01 07:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-09 11:21 - 2019-01-01 07:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-09 11:21 - 2019-01-01 07:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-09 11:21 - 2019-01-01 07:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-09 11:21 - 2019-01-01 07:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-09 11:21 - 2019-01-01 07:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-09 11:21 - 2019-01-01 07:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-09 11:21 - 2019-01-01 07:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-09 11:21 - 2019-01-01 07:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-09 11:21 - 2019-01-01 07:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-09 11:21 - 2019-01-01 07:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-09 11:21 - 2019-01-01 07:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-09 11:21 - 2019-01-01 07:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-09 11:21 - 2019-01-01 07:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-09 11:21 - 2019-01-01 07:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-09 11:21 - 2019-01-01 07:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-09 11:21 - 2019-01-01 07:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-09 11:21 - 2019-01-01 07:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-09 11:21 - 2019-01-01 07:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-09 11:21 - 2019-01-01 07:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-09 11:21 - 2019-01-01 07:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-09 11:21 - 2019-01-01 07:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-09 11:21 - 2019-01-01 07:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-09 11:21 - 2019-01-01 07:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-09 11:21 - 2019-01-01 07:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-09 11:21 - 2019-01-01 07:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-09 11:21 - 2019-01-01 07:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-09 11:21 - 2019-01-01 07:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-09 11:21 - 2019-01-01 07:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-09 11:21 - 2019-01-01 07:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-09 11:21 - 2019-01-01 07:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-09 11:21 - 2019-01-01 07:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-09 11:21 - 2019-01-01 07:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-09 11:21 - 2019-01-01 07:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-09 11:21 - 2019-01-01 07:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-09 11:21 - 2019-01-01 07:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-09 11:21 - 2019-01-01 07:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-09 11:21 - 2019-01-01 07:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-09 11:21 - 2019-01-01 07:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-09 11:21 - 2019-01-01 07:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-09 11:21 - 2019-01-01 06:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-09 11:21 - 2018-12-19 05:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-07 20:04 - 2019-01-07 22:33 - 001849951 _____ C:\Users\miran\Desktop\ME V2.pdf
2018-12-27 11:27 - 2018-12-27 11:27 - 000000199 _____ C:\Users\miran\Desktop\Crossout.url
2018-12-27 11:27 - 2018-12-27 11:27 - 000000199 _____ C:\Users\miran\AppData\Roaming\Microsoft\Windows\Start Menu\- World Of Warships.url
2018-12-27 11:27 - 2018-12-27 11:27 - 000000198 _____ C:\Users\miran\AppData\Roaming\Microsoft\Windows\Start Menu\- World Of Tanks.url
2018-12-27 11:27 - 2018-12-27 11:27 - 000000197 _____ C:\Users\miran\Desktop\World Of Warships.url
2018-12-27 11:27 - 2018-12-27 11:27 - 000000197 _____ C:\Users\miran\AppData\Roaming\Microsoft\Windows\Start Menu\- Погода.url
2018-12-27 11:27 - 2018-12-27 11:27 - 000000196 _____ C:\Users\miran\Desktop\World Of Tanks.url
2018-12-27 11:27 - 2018-12-27 11:27 - 000000195 _____ C:\Users\miran\Desktop\Погода.url
2018-12-27 11:26 - 2018-12-27 11:26 - 000000204 _____ C:\Users\miran\AppData\Roaming\Microsoft\Windows\Start Menu\- Королевская битва.url
2018-12-27 11:26 - 2018-12-27 11:26 - 000000202 _____ C:\Users\miran\Desktop\Королевская битва.url
2018-12-27 11:26 - 2018-12-27 11:26 - 000000201 _____ C:\Users\miran\AppData\Roaming\Microsoft\Windows\Start Menu\- Викинги. Война кланов.url
2018-12-27 11:26 - 2018-12-27 11:26 - 000000199 _____ C:\Users\miran\Desktop\Викинги. Война кланов.url

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-22 11:07 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-01-22 10:30 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-01-22 10:30 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-01-22 10:27 - 2018-06-04 21:48 - 000000000 ____D C:\Users\miran\AppData\Local\Host App Service
2019-01-22 10:25 - 2018-06-04 22:01 - 000003508 _____ C:\WINDOWS\System32\Tasks\DashlaneUpgradeCheck
2019-01-22 10:23 - 2017-09-11 10:48 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-01-22 10:23 - 2017-04-24 20:10 - 000000000 __SHD C:\Users\miran\IntelGraphicsProfiles
2019-01-22 01:05 - 2018-06-04 21:48 - 000000000 ____D C:\Users\miran
2019-01-22 01:03 - 2018-11-02 18:36 - 000000000 ____D C:\Users\miran\AppData\Local\Bluestacks
2019-01-22 01:03 - 2018-11-02 18:36 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2019-01-22 01:03 - 2018-06-04 21:59 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-22 01:03 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-22 01:02 - 2018-10-22 08:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2019-01-22 00:54 - 2018-06-04 22:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-22 00:54 - 2018-06-04 21:44 - 000405120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-01-22 00:54 - 2018-06-04 21:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-22 00:54 - 2017-11-05 20:31 - 000000000 ____D C:\Users\miran\AppData\Local\OneClick
2019-01-21 19:21 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-01-21 14:56 - 2017-02-18 20:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-01-21 12:27 - 2018-04-30 17:48 - 000001031 _____ C:\Users\miran\Desktop\Viber.lnk
2019-01-21 01:11 - 2018-04-30 17:48 - 000000000 ____D C:\Users\miran\AppData\Roaming\ViberPC
2019-01-21 00:04 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-01-19 11:04 - 2017-05-01 07:34 - 000000000 ____D C:\Program Files\Common Files\AV
2019-01-19 10:45 - 2018-11-16 19:26 - 000000000 ____D C:\Program Files\rempl
2019-01-17 22:18 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-01-17 22:18 - 2018-02-26 10:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2019-01-17 21:42 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-01-13 17:40 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-10 17:49 - 2018-11-03 13:25 - 000000000 ____D C:\Users\miran\AppData\Local\D3DSCache
2019-01-10 17:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-01-10 17:46 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-01-10 10:27 - 2017-12-11 19:42 - 000000000 ____D C:\Users\miran\AppData\Local\Packages
2019-01-09 21:59 - 2018-02-21 10:52 - 000000000 ___RD C:\Users\miran\Downloads\2414FC7A.Viber_p61zvh252yqyr!Viber.Universal
2019-01-09 11:32 - 2017-04-27 15:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-01-09 11:28 - 2017-04-27 15:39 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-01-07 23:01 - 2018-11-26 23:13 - 001434996 _____ C:\Users\miran\Desktop\MB.pdf
2019-01-05 11:01 - 2018-06-04 22:01 - 000005404 _____ C:\WINDOWS\System32\Tasks\Software Update Application
2019-01-05 11:00 - 2018-06-04 22:01 - 000003778 _____ C:\WINDOWS\System32\Tasks\ACC
2019-01-05 11:00 - 2018-06-04 22:01 - 000003060 _____ C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
2019-01-05 10:56 - 2017-02-18 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2019-01-04 16:31 - 2017-12-02 12:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-02 20:41 - 2018-04-12 00:41 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-01-02 20:41 - 2018-04-12 00:41 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-12-29 10:47 - 2018-12-15 21:20 - 000000000 ____D C:\ProgramData\McAfee Security Scan

==================== Files in the root of some directories =======

2018-11-02 18:30 - 2018-11-02 18:34 - 000001232 _____ () C:\Users\miran\AppData\Roaming\droid4xinstaller.log

Files to move or delete:
====================
C:\Program Files\Hola\app\hola.exe


Some files in TEMP:
====================
2019-01-22 01:03 - 2018-04-26 23:09 - 000824864 _____ (BlueStack Systems, Inc.) C:\Users\miran\AppData\Local\Temp\BlueStacksClientUninstaller.exe
2019-01-22 01:03 - 2018-04-26 23:08 - 000421368 _____ (CodeTitans) C:\Users\miran\AppData\Local\Temp\JSON.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-04 21:44

==================== End of FRST.txt ============================