Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.02.2019 Ran by SYSTEM on MININT-AQRAS0C (27-02-2019 01:42:17) Running from G:\ Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States) Boot Mode: Recovery Default: ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) ...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [178496 2018-04-19] (ESET, spol. s r.o. -> ESET) HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui ...\Run: [STO Backup Service] => C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe [184320 2009-06-30] () ...\Run: [STO Launcher Service] => C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe [381440 2009-06-30] () ...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [614400 2009-08-31] () ...\Run: [IMMON] => C:\Program Files (x86)\IM Magician\Vicamon.exe [143360 2010-09-28] (Vimisoft Studio) HKLM-x32\...\Run: [IMMONSUPPORT] => "C:\Program Files (x86)\IM Magician\vmonproc.exe" /cls=IMMAGICIAN_CAMERA_MONITOR_I /exe=Vicamon.exe ...\Run: [PaperPort PTD] => C:\Program Files (x86)\Scansoft\PaperPort\pptd40nt.exe [45108 2003-05-20] (ScanSoft, Inc.) ...\Run: [IndexSearch] => C:\Program Files (x86)\Scansoft\PaperPort\IndexSearch.exe [36864 2003-05-20] () ...\Run: [PP8 Reminder] => C:\Program Files (x86)\Scansoft\PaperPort\WebEreg\NAVBrowser.exe [729088 2003-02-27] (ScanSoft, Inc.) ...\Run: [CheckNDISPort50ac54] => C:\Program Files (x86)\3G Hostless Modem\CheckNDISPort_df.exe [468736 2014-09-20] (ZTE CORPORATION -> ) ...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\3G Hostless Modem\CancelAutoPlay_df.exe [447744 2014-09-20] (ZTE CORPORATION -> ) ...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456160 2018-11-22] (Power Software Limited -> Power Software Ltd) HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui HKU\.NET v2.0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation) HKU\.NET v2.0 Classic\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation) HKU\.NET v4.5\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation) HKU\.NET v4.5 Classic\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation) HKU\Classic .NET AppPool\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation) HKU\DefaultAppPool\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation) HKU\GuestUser\...\Run: [uTorrent] => C:\Users\GuestUser\AppData\Roaming\uTorrent\uTorrent.exe [2146496 2017-07-07] (BitTorrent Inc -> BitTorrent Inc.) HKU\Ioana\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd -> Disc Soft Ltd) HKU\Ioana\...\Run: [DellSystemDetect] => C:\Users\Ioana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [370 2013-05-25] () HKU\Ioana\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-24] (Yahoo! Inc. -> Yahoo! Inc.) HKU\MSSQL$SQLEXPRESS\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation) HKLM\...\Drivers32: [VIDC.VMnc] => C:\Windows\SysWOW64\vmnc.dll [360528 2013-02-25] (VMware, Inc. -> VMware, Inc.) HKLM\...\Drivers32: [VIDC.MPG4] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Drivers32: [VIDC.MP42] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll Startup: C:\Users\Ioana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-11-02] ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [660768 2007-12-06] (ABBYY Software House -> ABBYY (BIT Software)) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc. -> Apple Inc.) S2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-06-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) S2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2240264 2018-04-19] (ESET, spol. s r.o. -> ESET) S3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2240264 2018-04-19] (ESET, spol. s r.o. -> ESET) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation - pGFX -> Intel Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.895\McCHSvc.exe [405392 2018-12-11] (McAfee, Inc. -> McAfee, Inc.) S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62218696 2012-06-28] (Microsoft Corporation -> Microsoft Corporation) S2 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441288 2012-06-28] (Microsoft Corporation -> Microsoft Corporation) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH -> TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S2 Xerox MFP Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxServer64.exe [230912 2012-01-26] (Xerox) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [600088 2015-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-08-27] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (BoiseTest -> Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (BoiseTest -> Windows (R) Win 7 DDK provider) S3 dot4usb; C:\Windows\system32\DRIVERS\dot4usb.sys [43944 2013-06-04] (BoiseTest -> Microsoft Corporation) S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137928 2018-04-12] (ESET, spol. s r.o. -> ESET) S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15872 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET) S1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [196112 2018-04-12] (ESET, spol. s r.o. -> ESET) S1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [108320 2018-04-12] (ESET, spol. s r.o. -> ESET) S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [321992 2012-06-28] (Microsoft Corporation -> Microsoft Corporation) S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2013-08-22] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation) S0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc. -> VMware, Inc.) S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation -> Microsoft Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-24 13:20 - 2019-02-24 13:20 - 000000000 ___HD C:\$SysReset 2019-02-21 21:52 - 2019-02-24 20:27 - 000000000 ____D C:\FRST 2019-02-21 06:28 - 2019-02-26 21:09 - 144179200 _____ C:\Windows\System32\config\SOFTWARE 2019-02-21 06:28 - 2019-02-26 21:09 - 013107200 _____ C:\Windows\System32\config\SYSTEM 2019-02-21 06:28 - 2019-02-19 08:28 - 000262144 _____ C:\Windows\System32\config\SECURITY 2019-02-21 06:28 - 2019-02-19 08:28 - 000262144 _____ C:\Windows\System32\config\SAM 2019-02-21 06:28 - 2019-02-18 22:21 - 004718592 _____ C:\Windows\System32\config\DEFAULT 2019-02-19 08:29 - 2019-02-20 22:18 - 000000000 _____ C:\Recovery.txt 2019-02-12 23:20 - 2019-02-05 18:07 - 003323392 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll 2019-02-12 23:20 - 2019-02-05 17:43 - 003616768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2019-02-12 23:20 - 2019-02-05 16:53 - 002780160 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll 2019-02-12 23:20 - 2019-02-05 16:44 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2019-02-12 23:20 - 2019-01-25 17:02 - 025736192 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2019-02-12 23:20 - 2019-01-25 16:32 - 005778944 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2019-02-12 23:20 - 2019-01-25 16:27 - 020279808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2019-02-12 23:20 - 2019-01-25 15:46 - 015283712 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2019-02-12 23:20 - 2019-01-25 15:34 - 004858880 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2019-02-12 23:20 - 2019-01-25 15:34 - 004494336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2019-02-12 23:20 - 2019-01-25 15:29 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2019-02-12 23:20 - 2019-01-25 15:22 - 001556480 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2019-02-12 23:20 - 2019-01-25 15:11 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2019-02-12 23:20 - 2019-01-08 22:36 - 001901688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2019-02-12 23:20 - 2019-01-08 22:27 - 002533920 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2019-02-12 23:20 - 2019-01-08 19:34 - 001755136 _____ (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll 2019-02-12 23:19 - 2019-01-25 16:38 - 002902528 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2019-02-12 23:19 - 2019-01-25 16:36 - 000576512 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2019-02-12 23:19 - 2019-01-25 16:24 - 000790016 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2019-02-12 23:19 - 2019-01-25 16:06 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2019-02-12 23:19 - 2019-01-25 16:03 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2019-02-12 23:19 - 2019-01-25 15:57 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2019-02-12 23:19 - 2019-01-25 15:56 - 001033216 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll 2019-02-12 23:19 - 2019-01-25 15:48 - 000809472 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2019-02-12 23:19 - 2019-01-25 15:36 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2019-02-12 23:19 - 2019-01-25 15:31 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2019-02-12 23:19 - 2019-01-25 15:12 - 000800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2019-02-12 23:19 - 2019-01-25 15:08 - 001331200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2019-02-12 23:19 - 2019-01-25 15:06 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2019-02-12 23:19 - 2019-01-11 17:36 - 000058880 _____ (Microsoft Corporation) C:\Windows\System32\mf3216.dll 2019-02-12 23:19 - 2019-01-11 17:35 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll 2019-02-12 23:19 - 2019-01-11 17:18 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll 2019-02-12 23:19 - 2019-01-08 22:24 - 007371512 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2019-02-12 23:19 - 2019-01-08 19:34 - 000134656 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll 2019-02-12 23:19 - 2019-01-08 19:21 - 001493504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2019-02-12 23:19 - 2019-01-08 19:21 - 000102400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll 2019-02-12 23:19 - 2019-01-07 20:54 - 000032896 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys 2019-02-12 23:19 - 2019-01-07 17:22 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll 2019-02-12 23:19 - 2019-01-07 17:22 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll 2019-02-12 23:19 - 2019-01-05 09:48 - 004168704 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2019-02-12 23:19 - 2019-01-05 09:47 - 000684032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys 2019-02-12 23:19 - 2019-01-05 09:46 - 000243200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys 2019-02-12 23:19 - 2018-12-27 09:57 - 000805376 _____ (Microsoft Corporation) C:\Windows\System32\winhttp.dll 2019-02-12 23:19 - 2018-12-27 08:30 - 000626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll 2019-02-12 23:19 - 2018-12-08 08:01 - 000513376 _____ C:\Windows\SysWOW64\locale.nls 2019-02-12 23:19 - 2018-12-08 08:01 - 000513376 _____ C:\Windows\System32\locale.nls 2019-02-12 23:19 - 2018-12-02 02:08 - 000179712 _____ (Microsoft Corporation) C:\Windows\System32\itss.dll 2019-02-12 23:19 - 2018-12-01 08:44 - 000151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll 2019-02-12 23:19 - 2018-10-12 05:19 - 000998480 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-02-26 07:50 - 2013-08-22 07:36 - 000262144 _____ C:\Windows\System32\config\BCD-Template 2019-02-23 18:46 - 2018-12-13 06:39 - 000000000 ____D C:\ProgramData\McAfee Security Scan 2019-02-23 18:46 - 2015-08-30 23:03 - 000000000 ____D C:\Program Files (x86)\3G Hostless Modem 2019-02-23 18:46 - 2014-01-04 09:35 - 000000000 ____D C:\Users\GuestUser\AppData\Roaming\vlc 2019-02-23 18:46 - 2013-08-22 07:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-02-23 18:45 - 2013-08-22 07:36 - 000000000 __RSD C:\Windows\Media 2019-02-23 18:45 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\SysWOW64\ras 2019-02-23 18:45 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\System32\ras 2019-02-23 18:45 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\rescache 2019-02-23 18:45 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\PolicyDefinitions 2019-02-23 18:45 - 2013-08-22 05:36 - 000000000 ____D C:\Windows\System32\Sysprep 2019-02-23 18:45 - 2013-08-22 05:36 - 000000000 ____D C:\Windows\Inf 2019-02-18 22:21 - 2013-08-22 06:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-02-18 22:13 - 2015-01-18 03:16 - 000000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0331023f2e37a.job 2019-02-18 22:12 - 2014-10-17 22:31 - 000000000 __SHD C:\Users\GuestUser\IntelGraphicsProfiles 2019-02-18 08:32 - 2014-10-17 15:05 - 000000000 ____D C:\users\GuestUser 2019-02-18 08:04 - 2015-05-14 19:54 - 000000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08ec2ddae7f4b.job 2019-02-18 07:59 - 2015-09-16 06:59 - 000000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f0903c38805c.job 2019-02-18 04:35 - 2014-11-06 03:43 - 000003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2BE2ED02-709B-4182-80C2-EBBFCEA5C788} 2019-02-17 22:23 - 2014-10-17 15:05 - 000000000 ____D C:\users\DefaultAppPool 2019-02-16 08:30 - 2014-10-17 15:05 - 000000000 ____D C:\users\Ioana 2019-02-16 05:33 - 2013-05-18 08:36 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1264719983-1477980593-2100799426-1004 2019-02-16 03:27 - 2018-11-27 01:07 - 000004078 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1543309621 2019-02-14 02:22 - 2017-02-23 01:02 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2019-02-13 22:36 - 2015-01-18 03:16 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-02-13 22:23 - 2013-08-22 06:44 - 000485408 _____ C:\Windows\System32\FNTCACHE.DAT 2019-02-13 08:55 - 2013-08-22 05:25 - 000524288 ___SH C:\Windows\System32\config\BBI 2019-02-13 02:50 - 2012-07-25 23:59 - 000000000 ____D C:\Windows\CbsTemp 2019-02-13 02:40 - 2013-08-15 20:48 - 000000000 ____D C:\Windows\System32\MRT 2019-02-13 02:26 - 2013-05-22 08:08 - 129330784 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe 2019-02-12 23:26 - 2017-09-18 22:11 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2019-02-12 23:26 - 2017-09-18 22:11 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2019-02-12 23:26 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\System32\Macromed 2019-02-12 23:25 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2019-02-12 06:02 - 2014-09-23 23:17 - 001092016 _____ C:\Windows\System32\PerfStringBackup.INI 2019-02-02 12:07 - 2019-01-14 05:34 - 000835480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2019-02-02 12:07 - 2019-01-14 05:34 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== KnownDLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe [2018-04-17 22:10] - [2018-01-01 20:32] - 000571392 _____ (Microsoft Corporation) 4294D7AD504EA206A4A03DB29311B6C2 C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2019-01-12 06:42] - [2018-12-07 19:49] - 000809472 _____ (Microsoft Corporation) 3BC25B8189367964F8CEBCFAF05FB6D0 C:\Windows\System32\dnsapi.dll [2018-07-19 22:36] - [2018-06-08 09:54] - 000656384 _____ (Microsoft Corporation) C9C6033116C4F7128AC11A7096765E92 C:\Windows\SysWOW64\dnsapi.dll [2018-07-19 22:36] - [2018-06-08 08:44] - 000499200 _____ (Microsoft Corporation) E38864C62641DF22A4AFD2B6C59BD61B C:\Windows\System32\dllhost.exe [2015-03-11 22:33] - [2014-10-28 19:55] - 000019264 _____ (Microsoft Corporation) 9361355721F51E3A25DF53702D10E9DE C:\Windows\SysWOW64\dllhost.exe [2015-03-11 22:56] - [2014-10-28 19:09] - 000017216 _____ (Microsoft Corporation) CC05C14EEFF5E7813A49718BA88E59B0 C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Windows\System32\InputHost.dll IS MISSING <==== ATTENTION ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= Restore point date: 2019-02-06 04:34 Restore point date: 2019-02-13 02:23 Restore point date: 2019-02-23 19:06 ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=Y: description Windows Boot Manager locale en-us inherit {globalsettings} default {default} resumeobject {445efa0b-39de-11e9-80a4-f23211d8e3e1} displayorder {default} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {216e527c-c012-11e2-beb5-81307adeadd2} device ramdisk=[Y:]\Recovery\216e527c-c012-11e2-beb5-81307adeadd2\Winre.wim,{216e527d-c012-11e2-beb5-81307adeadd2} path \windows\system32\winload.exe description Windows Recovery Environment locale en-US inherit {bootloadersettings} displaymessage Recovery displaymessageoverride Recovery osdevice ramdisk=[Y:]\Recovery\216e527c-c012-11e2-beb5-81307adeadd2\Winre.wim,{216e527d-c012-11e2-beb5-81307adeadd2} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Windows Boot Loader ------------------- identifier {default} device partition=C: path \Windows\system32\winload.exe description Windows 8.1 locale en-us inherit {bootloadersettings} allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \Windows resumeobject {445efa0b-39de-11e9-80a4-f23211d8e3e1} nx OptIn bootmenupolicy Standard detecthal Yes Windows Boot Loader ------------------- identifier {ebf8fddf-56ac-11e4-84ac-9db82c4c7382} device ramdisk=[Y:]\Recovery\WindowsRE\Winre.wim,{ebf8fde0-56ac-11e4-84ac-9db82c4c7382} path \windows\system32\winload.exe description Windows Recovery Environment locale en-US inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[Y:]\Recovery\WindowsRE\Winre.wim,{ebf8fde0-56ac-11e4-84ac-9db82c4c7382} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Resume from Hibernate --------------------- identifier {216e527a-c012-11e2-beb5-81307adeadd2} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} recoverysequence {216e527c-c012-11e2-beb5-81307adeadd2} recoveryenabled Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Resume from Hibernate --------------------- identifier {445efa0b-39de-11e9-80a4-f23211d8e3e1} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-us inherit {resumeloadersettings} allowedinmemorysettings 0x15000075 filepath \hiberfil.sys bootmenupolicy Standard Windows Memory Tester --------------------- identifier {memdiag} device partition=Y: path \boot\memtest.exe description Windows Memory Diagnostic locale en-us inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems No Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {216e527d-c012-11e2-beb5-81307adeadd2} description Windows Recovery ramdisksdidevice partition=Y: ramdisksdipath \Recovery\216e527c-c012-11e2-beb5-81307adeadd2\boot.sdi Device options -------------- identifier {216e527e-c012-11e2-beb5-81307adeadd2} description Windows Setup ramdisksdidevice partition=C: ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi Device options -------------- identifier {ebf8fde0-56ac-11e4-84ac-9db82c4c7382} description Windows Recovery ramdisksdidevice partition=Y: ramdisksdipath \Recovery\WindowsRE\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 3971.35 MB Available physical RAM: 3181.99 MB Total Virtual: 3971.35 MB Available Virtual: 3189.42 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:199.66 GB) (Free:121.52 GB) NTFS Drive e: (Stuff) (Fixed) (Total:498.34 GB) (Free:26.57 GB) NTFS Drive f: (HRM_CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:3.34 GB) (Free:0 GB) UDF Drive g: () (Removable) (Total:7.49 GB) (Free:7.48 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.02 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.04 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 22CDD94B) Partition 1: (Not Active) - (Size=300 MB) - (Type=DE) Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=199.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=498.3 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7.5 GB) (Disk ID: 146C0B36) Partition 1: (Active) - (Size=7.5 GB) - (Type=0B) LastRegBack: 2019-02-17 22:50 ==================== End of FRST.txt ============================