Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Chromium malware infection? Pretty sure, but could be more...


  • Please log in to reply

#1
Webslinger64

Webslinger64

    Member

  • Member
  • PipPipPip
  • 567 posts

About ten days ago, my desktop PC's homepage was hijacked. Multiple tabs would open by themselves in the browser and each tab was an advertisement of some sort.  At the time, I did the following:

 

Ran SuperAntiSpyware and deleted found issues.

 

Ran Malwarebytes and quarantined found issues.

 

Rebooted the PC and things seemed to be back to normal.  However, as of last night the redirects started again.

 

Began working on the issues this morning. Instead of doing what I did before, I Googled the issue and found instructions for removal of web browser redirects at Bleeping Computer - link to article is here:

 

https://www.bleeping...-redirect-virus

 

Got through the first three steps of the removal process - 1) Download/install/run Rkill, 2) Ran Malwarebytes, 3) Download/install/run Emsisoft Anti-Malware.

 

Rkill didn't find any suspicious programs to terminate. Malwarebytes found two PUP infections. Emsisoft found nothing.

 

The next steps in the process was to download/install/run Zemana AntiMalware and AdwCleaner. When I tried doing so, a warning window popped up indicating there was a failure to install those programs.

 

I then found that same warning window popping up when I tried to access Speccy, RevoUninstaller, Malwarebytes, SuperAntiSpyware and other similar programs.  When pressing Control + Alt + Delete to start Task Manager, my monitor screen would go black for several minutes and the mouse arrow was locked in place.

 

Tried accessing Task Manager a second time with the same result, only this time the monitor screen stayed black and the mouse arrow was frozen.  I ended up hard booting the PC.

 

Once restarted, I was able to bring up Task Manager and terminate the process for Chromium.  That has allowed me to access websites once again and post this issue on Geeks to go.

 

Found the "Malware and Spyware Cleaning Guide" and ran FRST64.exe  Logs are posted below.

 

BTW, as I was attempting to resolve the redirect issues myself, I did find a Chromium icon in my Toolbar (looks like Chrome icon but not the same colors, which are shades of blue).

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018
Ran by Helena (administrator) on HELENA-PC (15-04-2018 09:37:23)
Running from C:\Users\Helena\Desktop
Loaded Profiles: Helena (Available Profiles: Helena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
() C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
() C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe
() C:\Windows\System32\igfxTray.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Amazon Services LLC) C:\Users\Helena\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIQDE.EXE
(Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIQDE.EXE
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(The Chromium Authors) C:\Users\Helena\AppData\Local\chromium\Application\chrome.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(The Chromium Authors) C:\Users\Helena\AppData\Local\chromium\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(The Chromium Authors) C:\Users\Helena\AppData\Local\chromium\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(The Chromium Authors) C:\Users\Helena\AppData\Local\chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\Helena\AppData\Local\chromium\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Helena\Desktop\FRST64(1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [382072 2017-01-24] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-09] (AVAST Software)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8833056 2018-04-15] (Emsisoft Ltd)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-10] (Intel Corporation)
HKLM-x32\...\Run: [D-Link D-Link DWA-121] => C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe [1079600 2013-03-19] (D-Link Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-08-14] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653280 2017-07-30] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862176 2017-07-30] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8887216 2018-04-02] (SUPERAntiSpyware)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1707632 2012-08-14] (CyberLink Corp.)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [BlueStacksFriends] => C:\Users\Helena\AppData\Local\Programs\BlueStacksFriends\BlueStacksFriends.exe --hidden
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [Amazon Music] => C:\Users\Helena\AppData\Local\Amazon Music\Amazon Music Helper.exe [3700200 2017-08-11] (Amazon Services LLC)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIQDE.EXE [418000 2016-07-13] (Seiko Epson Corporation)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIQDE.EXE [418000 2016-07-13] (Seiko Epson Corporation)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-28] (Piriform Ltd)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [Chromium] => c:\users\helena\appdata\local\chromium\application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [GoogleChromeAutoLaunch_A66BC49A035ABD82CC411CD21EDC6E48] => C:\Users\Helena\AppData\Local\chromium\Application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-01-17]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2017-12-09]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{84E3B946-060C-44A1-B082-3D7859732B3B}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{A4E4995F-30E7-4BDF-849C-4FC850F0AC69}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B23E0276-C119-4F48-B89C-E1E8E4042BBF}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3746497652-99284834-819367531-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-3746497652-99284834-819367531-1000 -> {0B4B42D6-A7FF-41B5-9E4C-7B26AD6D9226} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-14] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-14] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-12] (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-11-13] (Belarc, Inc.)

FireFox:
========
FF DefaultProfile: gsswu6vt.default-1438795000345-1514703935158
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158 [2018-04-15]
FF Homepage: Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158 -> hxxps://www.google.com/
FF Extension: (StumbleBar by StumbleUpon) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\[email protected] [2018-01-25]
FF Extension: (Honey) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\[email protected] [2018-04-05]
FF Extension: (Dark Background and Light Text) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\[email protected] [2018-02-11]
FF Extension: (Avast Online Security) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\[email protected] [2017-11-16]
FF Extension: (Save Button for Pinterest) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2018-02-18]
FF Extension: (Video DownloadHelper) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-16]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\features\{f5843961-a20a-49d3-82fe-64659248596c}\[email protected] [2018-04-03] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default [2018-03-09]
CHR Extension: (Slides) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-28]
CHR Extension: (Docs) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-29]
CHR Extension: (Google Drive) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-18]
CHR Extension: (Skype Calling) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-05-12]
CHR Extension: (YouTube) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-18]
CHR Extension: (Avast SafePrice) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-28]
CHR Extension: (Sheets) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-18]
CHR Extension: (Avast Online Security) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-28]
CHR Extension: (Gmail) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-18]
CHR Extension: (Chrome Media Router) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-28]
CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3746497652-99284834-819367531-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-09] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9357800 2018-04-15] (Emsisoft Ltd)
R2 ASRockIOMon; C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-09] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-09] (AVAST Software)
R2 D_Link_DWA-121_WPS; C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe [49152 2012-12-24] () [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2017-05-10] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-14] (SEIKO EPSON CORPORATION)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2017-01-24] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-06-08] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-01-17] (ASRock Incorporation)
S3 AsrHidFilter; C:\Windows\System32\DRIVERS\AsrHidFilter.sys [20232 2013-09-09] (ASRock Inc.)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-05-09] (ASRock Inc.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-04-09] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-09] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-09] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-09] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-09] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [227784 2018-04-09] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-04-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [147224 2018-04-12] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111352 2018-04-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-04-09] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-04-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-04-09] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-04-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-04-09] (AVAST Software)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DRTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-20] (Realtek Semiconductor Corporation )
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [142448 2018-04-15] (Emsisoft Ltd)
S0 eppdisk; C:\Windows\System32\drivers\eppdisk.sys [37064 2018-04-15] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-07] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-14] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-15] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-04-15] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-14] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-15] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-12-31] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-12-31] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-15 09:37 - 2018-04-15 09:38 - 000026489 _____ C:\Users\Helena\Desktop\FRST.txt
2018-04-15 09:36 - 2018-04-15 09:37 - 000000000 ____D C:\FRST
2018-04-15 09:35 - 2018-04-15 09:35 - 002403328 _____ (Farbar) C:\Users\Helena\Desktop\FRST64(1).exe
2018-04-15 09:23 - 2018-04-15 08:26 - 000037064 _____ (Emsisoft Ltd) C:\Windows\system32\Drivers\eppdisk.sys
2018-04-15 09:17 - 2018-04-15 09:17 - 002403328 _____ (Farbar) C:\Users\Helena\Downloads\FRST64.exe
2018-04-15 08:38 - 2018-04-15 08:38 - 007256272 _____ (Malwarebytes) C:\Users\Helena\Downloads\AdwCleaner.exe
2018-04-15 08:37 - 2018-04-15 08:37 - 006625600 _____ (Zemana Ltd. ) C:\Users\Helena\Downloads\Zemana.AntiMalware.Setup.exe
2018-04-15 08:26 - 2018-04-15 08:36 - 000000000 ____D C:\ProgramData\Emsisoft
2018-04-15 08:24 - 2018-04-15 08:24 - 000000856 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2018-04-15 08:24 - 2018-04-15 08:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2018-04-15 08:23 - 2018-04-15 09:33 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2018-04-15 08:20 - 2018-04-15 08:22 - 309750200 _____ (Emsisoft Ltd. ) C:\Users\Helena\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2018-04-15 07:22 - 2018-04-15 07:22 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Helena\Downloads\iExplore(1).exe
2018-04-15 07:20 - 2018-04-15 07:22 - 000003714 _____ C:\Users\Helena\Desktop\Rkill.txt
2018-04-15 07:20 - 2018-04-15 07:20 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Helena\Downloads\rkill.exe
2018-04-15 07:20 - 2018-04-15 07:20 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\Helena\Downloads\rkill64.exe
2018-04-14 17:08 - 2018-04-15 09:32 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-14 17:08 - 2018-04-15 09:29 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-14 17:08 - 2018-04-15 09:29 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-14 17:08 - 2018-04-14 17:08 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-14 17:08 - 2018-04-14 17:08 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-04-14 17:08 - 2018-04-14 17:08 - 000001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-14 17:08 - 2018-04-14 17:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-14 17:08 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-11 21:41 - 2018-04-11 21:46 - 000000000 ____D C:\Users\Helena\Desktop\McDonalds
2018-04-10 15:28 - 2018-04-10 15:28 - 000061754 _____ C:\Users\Helena\Downloads\2017W2.pdf
2018-04-09 16:40 - 2018-04-09 16:40 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-04-01 17:37 - 2018-04-01 17:37 - 000000000 ____D C:\Users\Helena\AppData\Local\{494C7F10-6DE4-13A8-007C-36402414CAD8}
2018-04-01 17:37 - 2018-04-01 17:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
2018-04-01 16:47 - 2018-04-01 16:47 - 000000000 ____D C:\ProgramData\ByteFence
2018-04-01 16:37 - 2018-04-01 16:37 - 011997763 _____ C:\Users\Helena\Desktop\Final Call of Arizona Highway Patrolman.mp4
2018-04-01 16:36 - 2018-04-01 16:36 - 000002259 _____ C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2018-04-01 16:36 - 2018-04-01 16:36 - 000002251 _____ C:\Users\Helena\Desktop\Chromium.lnk
2018-04-01 16:36 - 2018-04-01 16:36 - 000000000 ____D C:\Users\Helena\AppData\Local\chromium
2018-04-01 16:35 - 2018-04-02 14:40 - 000000000 ____D C:\Program Files\ByteFence
2018-04-01 16:35 - 2018-04-01 16:35 - 000001003 _____ C:\Users\Public\Desktop\ClipGrab.lnk
2018-04-01 16:35 - 2018-04-01 16:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2018-04-01 16:35 - 2018-04-01 16:35 - 000000000 ____D C:\Program Files (x86)\ClipGrab
2018-04-01 16:34 - 2018-04-01 16:34 - 022980000 _____ (Philipp Schmieder Medien ) C:\Users\Helena\Downloads\clipgrab-3.6.8-cgorg.exe
2018-03-28 17:08 - 2018-03-28 17:08 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-03-17 19:00 - 2018-04-15 09:02 - 000000911 _____ C:\Windows\Tasks\EPSON WF-4730 Series Update {750347F4-02FD-494F-8F2A-C5D63F9BF75A}.job
2018-03-17 19:00 - 2018-04-15 09:01 - 000000911 _____ C:\Windows\Tasks\EPSON WF-4730 Series Update {8FCF7EF3-8F9F-4A65-BEEB-38A1FEEF2B85}.job
2018-03-17 19:00 - 2018-03-17 19:00 - 000003978 _____ C:\Windows\System32\Tasks\EPSON WF-4730 Series Update {8FCF7EF3-8F9F-4A65-BEEB-38A1FEEF2B85}
2018-03-17 19:00 - 2018-03-17 19:00 - 000003978 _____ C:\Windows\System32\Tasks\EPSON WF-4730 Series Update {750347F4-02FD-494F-8F2A-C5D63F9BF75A}
2018-03-17 16:07 - 2018-03-17 16:07 - 000000000 ____D C:\Users\Helena\Desktop\Shopping

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-15 09:37 - 2017-12-31 01:43 - 000057919 _____ C:\Windows\ZAM.krnl.trace
2018-04-15 09:37 - 2017-12-31 01:43 - 000025884 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-04-15 09:36 - 2009-07-13 23:13 - 000786622 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-15 09:36 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2018-04-15 09:33 - 2016-11-17 21:58 - 000000000 ____D C:\Users\Helena\AppData\LocalLow\Mozilla
2018-04-15 09:32 - 2017-05-12 16:59 - 000000000 ____D C:\Users\Helena\AppData\Roaming\Skype
2018-04-15 09:28 - 2017-03-14 10:53 - 000000000 __SHD C:\Users\Helena\IntelGraphicsProfiles
2018-04-15 09:28 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-15 08:24 - 2009-07-13 22:45 - 000028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-15 08:24 - 2009-07-13 22:45 - 000028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-15 07:53 - 2015-04-10 18:23 - 000000000 ____D C:\Users\Helena\Desktop\Insightful
2018-04-14 22:54 - 2014-03-21 14:37 - 000000000 ____D C:\Users\Helena\Documents\Outlook Files
2018-04-14 21:20 - 2018-02-19 20:16 - 000000000 ____D C:\Users\Helena\Desktop\Pressman Toys
2018-04-14 17:57 - 2014-08-23 14:39 - 000000000 ____D C:\Users\Helena\Desktop\Web pictures
2018-04-14 16:11 - 2018-02-19 20:16 - 000000000 ____D C:\Users\Helena\Desktop\EZ Yogurt Maker
2018-04-12 12:41 - 2017-08-31 07:36 - 000147224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-10 17:19 - 2018-03-13 15:19 - 000004466 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-10 17:19 - 2015-10-06 21:22 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-10 17:19 - 2014-01-17 16:00 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-10 17:19 - 2014-01-17 16:00 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-10 17:19 - 2014-01-17 16:00 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-10 17:19 - 2014-01-17 15:59 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-09 16:41 - 2017-08-31 07:36 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-04-09 16:40 - 2018-01-04 20:55 - 000227784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-04-09 16:40 - 2017-11-16 15:56 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-04-09 16:40 - 2017-08-31 07:36 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-09 16:40 - 2017-08-31 07:36 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-09 16:40 - 2017-08-31 07:36 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-04-09 16:40 - 2017-08-31 07:36 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-09 16:40 - 2017-08-31 07:36 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-09 16:40 - 2017-08-31 07:35 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-09 16:40 - 2017-08-31 07:35 - 000111352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-04-07 13:55 - 2018-02-19 20:16 - 000000000 ____D C:\Users\Helena\Desktop\Hug Your Skin
2018-04-05 18:46 - 2018-01-29 20:52 - 000000000 ____D C:\Users\Helena\Desktop\Power Points
2018-04-05 16:40 - 2015-01-03 19:29 - 000000000 ____D C:\Users\Helena\Desktop\A Gal Needs
2018-04-02 21:00 - 2014-11-08 15:32 - 000000000 ____D C:\Users\Helena\Desktop\Joe Pics
2018-04-02 14:40 - 2014-01-17 16:22 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-04-02 14:01 - 2014-01-17 15:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-02 14:01 - 2009-07-13 23:08 - 000032540 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-01 16:37 - 2015-09-06 09:57 - 000661504 ___SH C:\Users\Helena\Desktop\Thumbs.db
2018-04-01 16:35 - 2017-06-30 19:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-28 17:08 - 2014-01-17 21:18 - 000000000 ____D C:\Program Files\CCleaner
2018-03-27 16:50 - 2016-07-12 21:09 - 000000000 ____D C:\Users\Helena\Desktop\Affiliate Collection
2018-03-25 09:20 - 2016-08-07 07:37 - 000000000 ____D C:\Windows\Minidump
2018-03-25 09:20 - 2013-12-18 17:52 - 000319184 ____N C:\Windows\Minidump\032518-17331-01.dmp
2018-03-24 23:06 - 2013-12-18 17:52 - 000320592 ____N C:\Windows\Minidump\032418-22292-01.dmp
2018-03-20 23:15 - 2016-07-02 14:24 - 000028612 ____H C:\Users\Helena\Desktop\~WRL3917.tmp
2018-03-20 15:35 - 2016-09-13 20:31 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-20 15:35 - 2016-09-13 20:31 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-17 19:00 - 2017-10-24 16:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

==================== Files in the root of some directories =======

2014-01-17 15:20 - 2014-01-17 15:20 - 000000000 _____ () C:\Users\Helena\AppData\Local\Driver_LOM_8161Present.flag

Some files in TEMP:
====================
2018-03-12 15:57 - 2018-03-12 15:57 - 001864256 _____ (Oracle Corporation) C:\Users\Helena\AppData\Local\Temp\jre-8u161-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-08 12:11

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Helena (15-04-2018 09:38:34)
Running from C:\Users\Helena\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-01-17 20:53:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3746497652-99284834-819367531-500 - Administrator - Disabled)
Guest (S-1-5-21-3746497652-99284834-819367531-501 - Limited - Disabled)
Helena (S-1-5-21-3746497652-99284834-819367531-1000 - Administrator - Enabled) => C:\Users\Helena
HomeGroupUser$ (S-1-5-21-3746497652-99284834-819367531-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {67773CDD-EA83-AD98-A2ED-386463EB3B0D}
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {DC16DD39-CCB9-A216-985D-0316186C71B0}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (HKLM\...\{F1EF6C33-1EAF-489E-A344-2838ECC22D47}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{73A43153-E77E-45E6-A18F-E549F8EB5664}) (Version: 2.7.1.1 - Intel) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Amazon Amazon Music) (Version: 5.6.2.1097 - Amazon Services LLC)
ASRock HDMI Switch v1.0.25 (HKLM-x32\...\ASRock HDMI Switch_is1) (Version: 1.0.25 - )
ASRock Key Master v1.0.6 (HKLM-x32\...\ASRock Key Master_is1) (Version: 1.0.6 - )
ASRock XFast RAM v3.0.2 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Belarc Advisor 8.5b (HKLM-x32\...\Belarc Advisor) (Version: 8.5.2.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
ClipGrab 3.6.8 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
CollageIt 1.9.3 (HKLM-x32\...\{D9757258-30B2-496E-86F2-84920C5858E1}_is1) (Version: 1.9.3 - PearlMountain Technology Co., Ltd)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2014 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
D-Link DWA-121 (HKLM-x32\...\{ACB879B8-19A7-4310-BD93-5D745CA6B798}) (Version:  - D-Link Corporation)
E-Hammer (HKLM-x32\...\E-Hammer1.0.0) (Version: 1.0.0 - Asus)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2018.1 - Emsisoft Ltd.)
Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.25.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
Epson WF-3720_4720_4730 Guide (HKLM-x32\...\UsersGuideEpson WF-3720_4720_4730 Guide_is1) (Version: 1.0 - Epson America, Inc.)
EPSON WF-4730 Series Printer Uninstall (HKLM\...\EPSON WF-4730 Series) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
FamilySearch Indexing 3.26.0 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.26.0 - FamilySearch)
F-Stream Tuning v2.0.39.1 (HKLM-x32\...\F-Stream Tuning_is1) (Version: 2.0.39.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4578 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{29539bc2-b48e-4b56-93e8-420e38a6d551}) (Version: 2.7.1.1 - Intel)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 1.1.87.0 - Logitech Europe S.A.)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
Qualcomm Atheros Bandwidth Control Filter Driver (HKLM\...\{ABFED5A0-7D10-4617-A816-DD2D3B85706D}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (HKLM\...\{E970CE81-6F26-4274-8E4E-5AFC000FB888}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (HKLM\...\{401FADAA-1C16-4721-9F02-19067E1A1CA8}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16432 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3746497652-99284834-819367531-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-15] (Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-15] (Cyberlink)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-01-24] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04744DCB-837E-41B1-B919-BE46BEA68B0D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-28] (Piriform Ltd)
Task: {05CD5EB4-1357-4D3C-9B4B-7360B9046F1D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-28] (Piriform Ltd)
Task: {1ECC6A56-4451-4D49-8A1D-9D59A68B8E73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.)
Task: {20924193-1A90-44BB-AF0B-752DEBEF3D79} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {3C2243FA-653F-45AC-A471-65AC640F8D7F} - System32\Tasks\EPSON WF-4730 Series Update {750347F4-02FD-494F-8F2A-C5D63F9BF75A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {4578A731-F52D-490C-B20F-9D41AF761950} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {4D7CC538-AEC6-419C-A4AB-7C6C4203C2F0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {531A62BE-92DE-4A89-A078-E89EF2BB399D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-04-14] (AVAST Software)
Task: {55DB3FF8-AE9C-4E10-BB60-5B0833CADEE2} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {5A7274C4-F097-4066-A80E-8BDEA9EB560B} - System32\Tasks\AsrKM => C:\Program Files (x86)\ASRock Utility\Key Master\AsrKM.exe
Task: {AB188C29-C9DA-405D-B004-45D323ED6CC4} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {B6CC56C8-BC3D-4725-B80F-202CD4647BC9} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-09] (AVAST Software)
Task: {DB1F25E0-D6E3-4BED-BF1C-2BB7B7EA0F44} - System32\Tasks\EPSON WF-4730 Series Update {8FCF7EF3-8F9F-4A65-BEEB-38A1FEEF2B85} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {DE5838EA-EAE7-4BAC-9199-2A79C6D63F14} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON WF-4730 Series Update {750347F4-02FD-494F-8F2A-C5D63F9BF75A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE:/EXE:{750347F4-02FD-494F-8F2A-C5D63F9BF75A} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-4730 Series Update {8FCF7EF3-8F9F-4A65-BEEB-38A1FEEF2B85}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE:/EXE:{8FCF7EF3-8F9F-4A65-BEEB-38A1FEEF2B85} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-17 15:26 - 2013-05-28 19:58 - 000454656 _____ () C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
2014-01-17 15:38 - 2012-12-24 22:08 - 000049152 _____ () C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe
2014-01-17 15:10 - 2017-01-24 20:16 - 000382072 _____ () C:\Windows\System32\igfxTray.exe
2013-08-08 16:30 - 2013-08-08 16:30 - 000283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2018-04-14 17:08 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-14 17:08 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000728792 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000920280 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000348888 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-03-14 10:43 - 2016-11-17 22:16 - 000805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2017-03-14 10:43 - 2016-11-17 22:18 - 001981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2017-03-14 10:43 - 2016-11-17 22:11 - 000247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2017-03-14 10:43 - 2016-11-17 22:10 - 000212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2017-03-14 10:43 - 2016-11-17 22:11 - 000174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2017-03-14 10:43 - 2016-11-17 22:10 - 000203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2017-03-14 10:43 - 2016-11-17 22:09 - 000206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2017-03-14 10:43 - 2016-11-17 22:09 - 000336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2017-03-14 10:43 - 2016-11-17 22:06 - 000147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2017-03-14 10:43 - 2016-11-17 22:11 - 000213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2017-03-14 10:43 - 2016-11-17 22:07 - 000229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2017-03-14 10:43 - 2016-11-17 22:08 - 000224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2017-03-14 10:43 - 2016-11-17 22:06 - 000211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2017-03-14 10:43 - 2016-11-17 22:08 - 000219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000349912 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000295640 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-04-14 07:01 - 2018-04-14 07:01 - 005817488 _____ () C:\Program Files\AVAST Software\Avast\defs\18041402\algo.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000763608 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000911064 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000969944 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000501464 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2014-01-17 19:10 - 2012-08-15 06:29 - 000807440 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2014-01-17 19:10 - 2012-08-01 04:47 - 001319024 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
2014-01-17 19:10 - 2012-08-15 06:29 - 000176656 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2018-03-09 23:35 - 2018-03-09 23:35 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000281816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2014-01-17 15:39 - 2014-01-17 15:39 - 000315392 _____ () C:\Program Files (x86)\D-Link\DWA-121 revA\ANPDApi.dll
2014-01-17 15:38 - 2013-01-18 20:21 - 000303104 _____ () C:\Program Files (x86)\D-Link\DWA-121 revA\WlanApp.dll
2014-01-17 19:10 - 2012-06-07 21:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2017-10-29 19:34 - 2017-07-21 08:26 - 000518144 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2018-04-01 16:36 - 2017-01-20 17:27 - 002246144 _____ () C:\Users\Helena\AppData\Local\chromium\Application\58.0.2988.0\libglesv2.dll
2018-04-01 16:36 - 2017-01-20 17:27 - 000079360 _____ () C:\Users\Helena\AppData\Local\chromium\Application\58.0.2988.0\libegl.dll
2014-01-17 15:17 - 2013-09-03 18:52 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2018-04-02 14:01 - 000001314 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3746497652-99284834-819367531-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{437AC30D-0F9B-43E7-9D26-C8636D8530B2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{2F2ADC61-5CCA-46C3-AF0C-968FBD6DDDC2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{E1DE450D-22E1-4515-9185-DEBB16A33A09}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{4DA3649B-B12B-4F9E-9A76-1DBDA889922D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{8A694256-2763-4166-9A98-A5A27CB75D38}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{080F6635-8C33-401D-8ED9-56E58CBE1763}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe
FirewallRules: [{CBAE2DFC-5892-40D5-8B64-429AEDD90798}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{77980433-A4CD-454B-9590-DC596FD977C5}] => (Allow) LPort=2869
FirewallRules: [{02CD281D-F5FE-4C16-BB5D-770C97885FB1}] => (Allow) LPort=1900
FirewallRules: [{0A6EDCEE-3772-4937-9259-9743EFE90218}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56591900-419A-4E7F-83C6-5B7E436A5867}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DE3875E1-1CBD-4B36-A128-98E6BE7B4277}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{42A6BA4A-0B2F-47A4-AFBE-B33EB0EFCE18}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9C573DF7-AD6D-496C-94B5-36AD74F52831}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{2D85E6BC-B7CC-4B73-BBB4-5B77121C545F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{4398F3A2-C44E-46A8-918B-588811245027}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{C1F7DDBC-9198-4C61-9BA1-250B989ABD0C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{CA3F79F9-4A3F-40EE-93C6-95AD8EE2B646}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C0F79F1B-3D4F-45AD-8477-AE98AB1A9D3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{20031123-092F-452E-BE60-71A0DE7F51DE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{ABDB47A6-1625-4321-A12F-A284E0FB870A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F4A17B77-FE1A-435C-88D7-8F0DE8CDB82F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{496EC95E-B032-49AB-85FB-E03BE7AFDB49}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{72D34638-9CF3-4AA4-921E-CC1CC979695B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2193D02B-5BE3-4E64-B7D1-1F885AD89AC7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{03288EAC-4001-49BF-9141-825ECE93EDEA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{93696BD6-5E28-4312-8B95-01D90D5CE082}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [TCP Query User{4A967B84-3D24-41EC-8B42-45D2CBC856C5}C:\users\helena\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\helena\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{A824A650-A52A-4286-A419-BA37C3185861}C:\users\helena\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\helena\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{FD841DEF-C0D2-4244-9C9C-62291C093A2D}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{328D97EB-BCF9-4A18-81AA-BB4FC23BAB94}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{C1FD0C32-3525-4EF7-9AB7-9ECFCBDBB016}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{DCE57AB0-8DCB-4C89-B394-1235CF6D7689}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{0EDA36B4-500F-4740-BF47-568D4576A1CB}C:\users\helena\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\helena\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{7C47D469-5995-453E-8AC8-FCFF8A61EBB5}C:\users\helena\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\helena\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{8DF06B75-92D7-47AE-8565-826DA6A077DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DA141B49-AD6F-473A-AAF5-AC02A28833D5}] => (Allow) C:\Users\Helena\AppData\Local\Chromium\Application\chrome.exe

==================== Restore Points =========================

21-02-2018 23:46:24 Scheduled Checkpoint
02-03-2018 01:08:59 Scheduled Checkpoint
10-03-2018 14:22:02 Scheduled Checkpoint
12-03-2018 16:15:41 Windows Update
17-03-2018 19:01:19 Installed FAX Utility
25-03-2018 01:02:37 Scheduled Checkpoint
02-04-2018 12:42:49 Scheduled Checkpoint
09-04-2018 18:26:45 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2018 09:33:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.40.0.151 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b2c

Start Time: 01d3d4ce66e7b0ae

Termination Time: 10

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id:

Error: (04/15/2018 09:29:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/15/2018 09:28:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/15/2018 08:16:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/15/2018 08:15:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/06/2018 12:24:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 59.0.2.6656, time stamp: 0x5ab530a0
Faulting module name: ntdll.dll, version: 6.1.7601.24024, time stamp: 0x5a58e571
Exception code: 0xc0000374
Fault offset: 0x00000000000bf6b2
Faulting process id: 0x1c18
Faulting application start time: 0x01d3cc7a82bc2302
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: c99fcffa-39c7-11e8-a5d0-bc5ff4e83965

Error: (04/02/2018 02:59:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/02/2018 02:41:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (04/15/2018 09:30:48 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

Error: (04/15/2018 09:29:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (04/15/2018 09:29:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (04/15/2018 09:29:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eppdisk

Error: (04/15/2018 09:28:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® System Usage Report Service SystemUsageReportSvc_QUEENCREEK service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/15/2018 09:28:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® System Usage Report Service SystemUsageReportSvc_QUEENCREEK service to connect.

Error: (04/15/2018 09:27:05 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:23:50 AM on ‎4/‎15/‎2018 was unexpected.

Error: (04/15/2018 09:23:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
===================================
Date: 2015-01-21 03:22:30.485
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{9E6BF5F3-8187-494C-8271-4EB58ED4E28C}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

CodeIntegrity:
===================================

Date: 2018-04-15 09:36:37.096
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-15 09:21:19.112
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-15 09:03:37.860
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-15 08:37:08.782
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-22 16:04:11.844
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-22 16:04:06.946
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-22 16:04:06.883
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 18:39:28.345
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\vpcvmm.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 28%
Total physical RAM: 16048.74 MB
Available physical RAM: 11473.75 MB
Total Virtual: 32095.64 MB
Available Virtual: 27511.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:757.58 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Disc) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D39C8DFD)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST



Run FRST and press Fix
A fix log will be generated please post that


Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

 


  • 0

#3
Webslinger64

Webslinger64

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 567 posts

Thank you for the reply.  Downloaded fixlist.txt as you recommended and pressed Fix to run FRST. I didn't realize it until after the scan was completed that the Addition.txt box was already checked, so the scan result below reflects that. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Helena (22-04-2018 10:39:52) Run:1
Running from C:\Users\Helena\Desktop\Virus Fix
Loaded Profiles: Helena (Available Profiles: Helena)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [Chromium] => c:\users\helena\appdata\local\chromium\application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [GoogleChromeAutoLaunch_A66BC49A035ABD82CC411CD21EDC6E48] => C:\Users\Helena\AppData\Local\chromium\Application\chrome.exe [828416 2017-01-20] (The Chromium Authors)
S3 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
Task: C:\Windows\Tasks\EPSON WF-4730 Series Update {750347F4-02FD-494F-8F2A-C5D63F9BF75A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE:/EXE:{750347F4-02FD-494F-8F2A-C5D63F9BF75A} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-4730 Series Update {8FCF7EF3-8F9F-4A65-BEEB-38A1FEEF2B85}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE:/EXE:{8FCF7EF3-8F9F-4A65-BEEB-38A1FEEF2B85} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
EmptyTemp:















*****************

"HKU\S-1-5-21-3746497652-99284834-819367531-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully
"HKU\S-1-5-21-3746497652-99284834-819367531-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A66BC49A035ABD82CC411CD21EDC6E48" => not found
"HKLM\System\CurrentControlSet\Services\BstHdAndroidSvc" => removed successfully
BstHdAndroidSvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully
AppMgmt => service removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
"HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}" => removed successfully
C:\Windows\Tasks\EPSON WF-4730 Series Update {750347F4-02FD-494F-8F2A-C5D63F9BF75A}.job => moved successfully
C:\Windows\Tasks\EPSON WF-4730 Series Update {8FCF7EF3-8F9F-4A65-BEEB-38A1FEEF2B85}.job => moved successfully

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 172019133 B
Java, Flash, Steam htmlcache => 1462 B
Windows/system/drivers => 40626865 B
Edge => 0 B
Chrome => 22547989 B
Firefox => 423754256 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Helena => 140107279 B

RecycleBin => 170438959 B
EmptyTemp: => 932.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:40:59 ====


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Please Run FRST again but this time hit the SCAN button.


  • 0

#5
Webslinger64

Webslinger64

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 567 posts

Both scan logs are posted below. BTW, each time I start FRST program a window pops up and says, "Failed to update". Not sure if that matters.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018
Ran by Helena (administrator) on HELENA-PC (22-04-2018 21:58:13)
Running from C:\Users\Helena\Desktop\Virus Fix
Loaded Profiles: Helena (Available Profiles: Helena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
() C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
() C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Amazon Services LLC) C:\Users\Helena\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIQDE.EXE
(Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIQDE.EXE
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Farbar) C:\Users\Helena\Desktop\Virus Fix\FRST64(1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [382072 2017-01-24] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-09] (AVAST Software)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8833056 2018-04-15] (Emsisoft Ltd)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-10] (Intel Corporation)
HKLM-x32\...\Run: [D-Link D-Link DWA-121] => C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe [1079600 2013-03-19] (D-Link Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-08-14] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653280 2017-07-30] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862176 2017-07-30] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8887216 2018-04-02] (SUPERAntiSpyware)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1707632 2012-08-14] (CyberLink Corp.)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [BlueStacksFriends] => C:\Users\Helena\AppData\Local\Programs\BlueStacksFriends\BlueStacksFriends.exe --hidden
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [Amazon Music] => C:\Users\Helena\AppData\Local\Amazon Music\Amazon Music Helper.exe [3700200 2017-08-11] (Amazon Services LLC)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIQDE.EXE [418000 2016-07-13] (Seiko Epson Corporation)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIQDE.EXE [418000 2016-07-13] (Seiko Epson Corporation)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-28] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-01-17]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2017-12-09]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{84E3B946-060C-44A1-B082-3D7859732B3B}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{A4E4995F-30E7-4BDF-849C-4FC850F0AC69}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B23E0276-C119-4F48-B89C-E1E8E4042BBF}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3746497652-99284834-819367531-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-3746497652-99284834-819367531-1000 -> {0B4B42D6-A7FF-41B5-9E4C-7B26AD6D9226} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-14] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-14] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-12] (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-11-13] (Belarc, Inc.)

FireFox:
========
FF DefaultProfile: gsswu6vt.default-1438795000345-1514703935158
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158 [2018-04-22]
FF Homepage: Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158 -> hxxps://www.google.com/
FF Extension: (StumbleBar by StumbleUpon) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\[email protected] [2018-01-25]
FF Extension: (Honey) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\[email protected] [2018-04-05]
FF Extension: (Dark Background and Light Text) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\[email protected] [2018-02-11]
FF Extension: (Avast Online Security) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\[email protected] [2017-11-16]
FF Extension: (Save Button for Pinterest) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2018-02-18]
FF Extension: (Video DownloadHelper) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-16]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\features\{1b89d260-4283-4720-96d5-51e16d773187}\[email protected] [2018-04-15] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default [2018-04-22]
CHR Extension: (Slides) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-28]
CHR Extension: (Docs) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-29]
CHR Extension: (Google Drive) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-18]
CHR Extension: (Skype Calling) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-05-12]
CHR Extension: (YouTube) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-18]
CHR Extension: (Avast SafePrice) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-28]
CHR Extension: (Sheets) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-18]
CHR Extension: (Avast Online Security) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-28]
CHR Extension: (Gmail) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-18]
CHR Extension: (Chrome Media Router) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-28]
CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3746497652-99284834-819367531-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-09] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9357800 2018-04-15] (Emsisoft Ltd)
R2 ASRockIOMon; C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-09] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-09] (AVAST Software)
R2 D_Link_DWA-121_WPS; C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe [49152 2012-12-24] () [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2017-05-10] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-14] (SEIKO EPSON CORPORATION)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2017-01-24] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-06-08] ()
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-01-17] (ASRock Incorporation)
S3 AsrHidFilter; C:\Windows\System32\DRIVERS\AsrHidFilter.sys [20232 2013-09-09] (ASRock Inc.)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-05-09] (ASRock Inc.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-04-09] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-09] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-09] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-09] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-09] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [227784 2018-04-09] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-04-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [147224 2018-04-12] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111352 2018-04-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-04-09] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-04-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-04-09] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-04-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-04-09] (AVAST Software)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DRTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-20] (Realtek Semiconductor Corporation )
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [142448 2018-04-15] (Emsisoft Ltd)
R0 eppdisk; C:\Windows\System32\drivers\eppdisk.sys [37064 2018-04-15] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-07] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-14] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-22] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-04-22] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-14] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-22] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-12-31] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-12-31] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-22 10:37 - 2018-04-22 21:58 - 000000000 ____D C:\Users\Helena\Desktop\Virus Fix
2018-04-16 19:21 - 2018-04-16 19:21 - 000950672 _____ C:\Users\Helena\Downloads\Fight naked! And other epic love strategies Nate Bagley TEDx.mp4
2018-04-15 19:22 - 2018-04-17 17:03 - 000000000 ____D C:\Users\Helena\Desktop\Hairstyles
2018-04-15 09:36 - 2018-04-22 21:58 - 000000000 ____D C:\FRST
2018-04-15 09:23 - 2018-04-15 08:26 - 000037064 _____ (Emsisoft Ltd) C:\Windows\system32\Drivers\eppdisk.sys
2018-04-15 09:17 - 2018-04-15 09:17 - 002403328 _____ (Farbar) C:\Users\Helena\Downloads\FRST64.exe
2018-04-15 08:38 - 2018-04-15 08:38 - 007256272 _____ (Malwarebytes) C:\Users\Helena\Downloads\AdwCleaner.exe
2018-04-15 08:37 - 2018-04-15 08:37 - 006625600 _____ (Zemana Ltd. ) C:\Users\Helena\Downloads\Zemana.AntiMalware.Setup.exe
2018-04-15 08:26 - 2018-04-15 08:36 - 000000000 ____D C:\ProgramData\Emsisoft
2018-04-15 08:24 - 2018-04-15 08:24 - 000000856 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2018-04-15 08:24 - 2018-04-15 08:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2018-04-15 08:23 - 2018-04-22 21:37 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2018-04-15 08:20 - 2018-04-15 08:22 - 309750200 _____ (Emsisoft Ltd. ) C:\Users\Helena\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2018-04-15 07:22 - 2018-04-15 07:22 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Helena\Downloads\iExplore(1).exe
2018-04-15 07:20 - 2018-04-15 07:22 - 000003714 _____ C:\Users\Helena\Desktop\Rkill.txt
2018-04-15 07:20 - 2018-04-15 07:20 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Helena\Downloads\rkill.exe
2018-04-15 07:20 - 2018-04-15 07:20 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\Helena\Downloads\rkill64.exe
2018-04-14 17:08 - 2018-04-22 10:43 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-14 17:08 - 2018-04-22 10:43 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-14 17:08 - 2018-04-22 10:43 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-14 17:08 - 2018-04-14 17:08 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-14 17:08 - 2018-04-14 17:08 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-04-14 17:08 - 2018-04-14 17:08 - 000001827 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-14 17:08 - 2018-04-14 17:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-14 17:08 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-11 21:41 - 2018-04-20 23:11 - 000000000 ____D C:\Users\Helena\Desktop\McDonalds
2018-04-10 15:28 - 2018-04-10 15:28 - 000061754 _____ C:\Users\Helena\Downloads\2017W2.pdf
2018-04-09 16:40 - 2018-04-09 16:40 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-04-01 17:37 - 2018-04-01 17:37 - 000000000 ____D C:\Users\Helena\AppData\Local\{494C7F10-6DE4-13A8-007C-36402414CAD8}
2018-04-01 17:37 - 2018-04-01 17:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
2018-04-01 16:47 - 2018-04-01 16:47 - 000000000 ____D C:\ProgramData\ByteFence
2018-04-01 16:37 - 2018-04-01 16:37 - 011997763 _____ C:\Users\Helena\Desktop\Final Call of Arizona Highway Patrolman.mp4
2018-04-01 16:36 - 2018-04-01 16:36 - 000002259 _____ C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2018-04-01 16:36 - 2018-04-01 16:36 - 000002251 _____ C:\Users\Helena\Desktop\Chromium.lnk
2018-04-01 16:36 - 2018-04-01 16:36 - 000000000 ____D C:\Users\Helena\AppData\Local\chromium
2018-04-01 16:35 - 2018-04-02 14:40 - 000000000 ____D C:\Program Files\ByteFence
2018-04-01 16:35 - 2018-04-01 16:35 - 000001003 _____ C:\Users\Public\Desktop\ClipGrab.lnk
2018-04-01 16:35 - 2018-04-01 16:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2018-04-01 16:35 - 2018-04-01 16:35 - 000000000 ____D C:\Program Files (x86)\ClipGrab
2018-04-01 16:34 - 2018-04-01 16:34 - 022980000 _____ (Philipp Schmieder Medien ) C:\Users\Helena\Downloads\clipgrab-3.6.8-cgorg.exe
2018-03-28 17:08 - 2018-03-28 17:08 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-22 21:58 - 2017-12-31 01:43 - 000175351 _____ C:\Windows\ZAM.krnl.trace
2018-04-22 21:58 - 2017-12-31 01:43 - 000148840 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-04-22 21:57 - 2016-11-17 21:58 - 000000000 ____D C:\Users\Helena\AppData\LocalLow\Mozilla
2018-04-22 10:54 - 2017-05-12 16:59 - 000000000 ____D C:\Users\Helena\AppData\Roaming\Skype
2018-04-22 10:52 - 2009-07-13 22:45 - 000028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-22 10:52 - 2009-07-13 22:45 - 000028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-22 10:49 - 2009-07-13 23:13 - 000786622 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-22 10:49 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2018-04-22 10:46 - 2015-09-06 09:57 - 000675328 ___SH C:\Users\Helena\Desktop\Thumbs.db
2018-04-22 10:45 - 2017-03-14 10:53 - 000000000 __SHD C:\Users\Helena\IntelGraphicsProfiles
2018-04-22 10:42 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-21 19:57 - 2015-04-10 18:23 - 000000000 ____D C:\Users\Helena\Desktop\Insightful
2018-04-20 18:48 - 2014-03-21 14:37 - 000000000 ____D C:\Users\Helena\Documents\Outlook Files
2018-04-20 16:47 - 2017-12-15 21:29 - 000000000 ____D C:\Users\Helena\Desktop\Sponsored Campaigns 2017
2018-04-16 22:57 - 2015-01-03 19:29 - 000000000 ____D C:\Users\Helena\Desktop\A Gal Needs
2018-04-16 16:04 - 2018-02-19 20:16 - 000000000 ____D C:\Users\Helena\Desktop\Pressman Toys
2018-04-14 16:11 - 2018-02-19 20:16 - 000000000 ____D C:\Users\Helena\Desktop\EZ Yogurt Maker
2018-04-12 12:41 - 2017-08-31 07:36 - 000147224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-10 17:19 - 2018-03-13 15:19 - 000004466 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-10 17:19 - 2015-10-06 21:22 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-10 17:19 - 2014-01-17 16:00 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-10 17:19 - 2014-01-17 16:00 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-10 17:19 - 2014-01-17 16:00 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-10 17:19 - 2014-01-17 15:59 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-09 16:41 - 2017-08-31 07:36 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-04-09 16:40 - 2018-01-04 20:55 - 000227784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-04-09 16:40 - 2017-11-16 15:56 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-04-09 16:40 - 2017-08-31 07:36 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-09 16:40 - 2017-08-31 07:36 - 000380528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-09 16:40 - 2017-08-31 07:36 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-04-09 16:40 - 2017-08-31 07:36 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-09 16:40 - 2017-08-31 07:36 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-09 16:40 - 2017-08-31 07:35 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-09 16:40 - 2017-08-31 07:35 - 000111352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-04-07 13:55 - 2018-02-19 20:16 - 000000000 ____D C:\Users\Helena\Desktop\Hug Your Skin
2018-04-05 18:46 - 2018-01-29 20:52 - 000000000 ____D C:\Users\Helena\Desktop\Power Points
2018-04-02 21:00 - 2014-11-08 15:32 - 000000000 ____D C:\Users\Helena\Desktop\Joe Pics
2018-04-02 14:40 - 2014-01-17 16:22 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-04-02 14:01 - 2014-01-17 15:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-02 14:01 - 2009-07-13 23:08 - 000032540 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-01 16:35 - 2017-06-30 19:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-28 17:08 - 2014-01-17 21:18 - 000000000 ____D C:\Program Files\CCleaner
2018-03-27 16:50 - 2016-07-12 21:09 - 000000000 ____D C:\Users\Helena\Desktop\Affiliate Collection
2018-03-25 09:20 - 2016-08-07 07:37 - 000000000 ____D C:\Windows\Minidump
2018-03-25 09:20 - 2013-12-18 17:52 - 000319184 ____N C:\Windows\Minidump\032518-17331-01.dmp
2018-03-24 23:06 - 2013-12-18 17:52 - 000320592 ____N C:\Windows\Minidump\032418-22292-01.dmp

==================== Files in the root of some directories =======

2014-01-17 15:20 - 2014-01-17 15:20 - 000000000 _____ () C:\Users\Helena\AppData\Local\Driver_LOM_8161Present.flag

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-18 00:38

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Helena (22-04-2018 21:58:45)
Running from C:\Users\Helena\Desktop\Virus Fix
Windows 7 Home Premium Service Pack 1 (X64) (2014-01-17 20:53:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3746497652-99284834-819367531-500 - Administrator - Disabled)
Guest (S-1-5-21-3746497652-99284834-819367531-501 - Limited - Disabled)
Helena (S-1-5-21-3746497652-99284834-819367531-1000 - Administrator - Enabled) => C:\Users\Helena
HomeGroupUser$ (S-1-5-21-3746497652-99284834-819367531-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {67773CDD-EA83-AD98-A2ED-386463EB3B0D}
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {DC16DD39-CCB9-A216-985D-0316186C71B0}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (HKLM\...\{F1EF6C33-1EAF-489E-A344-2838ECC22D47}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{73A43153-E77E-45E6-A18F-E549F8EB5664}) (Version: 2.7.1.1 - Intel) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Amazon Amazon Music) (Version: 5.6.2.1097 - Amazon Services LLC)
ASRock HDMI Switch v1.0.25 (HKLM-x32\...\ASRock HDMI Switch_is1) (Version: 1.0.25 - )
ASRock Key Master v1.0.6 (HKLM-x32\...\ASRock Key Master_is1) (Version: 1.0.6 - )
ASRock XFast RAM v3.0.2 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Belarc Advisor 8.5b (HKLM-x32\...\Belarc Advisor) (Version: 8.5.2.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
ClipGrab 3.6.8 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
CollageIt 1.9.3 (HKLM-x32\...\{D9757258-30B2-496E-86F2-84920C5858E1}_is1) (Version: 1.9.3 - PearlMountain Technology Co., Ltd)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2014 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
D-Link DWA-121 (HKLM-x32\...\{ACB879B8-19A7-4310-BD93-5D745CA6B798}) (Version:  - D-Link Corporation)
E-Hammer (HKLM-x32\...\E-Hammer1.0.0) (Version: 1.0.0 - Asus)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2018.1 - Emsisoft Ltd.)
Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.25.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
Epson WF-3720_4720_4730 Guide (HKLM-x32\...\UsersGuideEpson WF-3720_4720_4730 Guide_is1) (Version: 1.0 - Epson America, Inc.)
EPSON WF-4730 Series Printer Uninstall (HKLM\...\EPSON WF-4730 Series) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
FamilySearch Indexing 3.26.0 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.26.0 - FamilySearch)
F-Stream Tuning v2.0.39.1 (HKLM-x32\...\F-Stream Tuning_is1) (Version: 2.0.39.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4578 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{29539bc2-b48e-4b56-93e8-420e38a6d551}) (Version: 2.7.1.1 - Intel)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 1.1.87.0 - Logitech Europe S.A.)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
Qualcomm Atheros Bandwidth Control Filter Driver (HKLM\...\{ABFED5A0-7D10-4617-A816-DD2D3B85706D}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (HKLM\...\{E970CE81-6F26-4274-8E4E-5AFC000FB888}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (HKLM\...\{401FADAA-1C16-4721-9F02-19067E1A1CA8}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16432 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3746497652-99284834-819367531-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-15] (Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-15] (Cyberlink)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-01-24] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04744DCB-837E-41B1-B919-BE46BEA68B0D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-28] (Piriform Ltd)
Task: {05CD5EB4-1357-4D3C-9B4B-7360B9046F1D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-28] (Piriform Ltd)
Task: {1ECC6A56-4451-4D49-8A1D-9D59A68B8E73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.)
Task: {20924193-1A90-44BB-AF0B-752DEBEF3D79} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {3C2243FA-653F-45AC-A471-65AC640F8D7F} - System32\Tasks\EPSON WF-4730 Series Update {750347F4-02FD-494F-8F2A-C5D63F9BF75A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {4578A731-F52D-490C-B20F-9D41AF761950} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {4D7CC538-AEC6-419C-A4AB-7C6C4203C2F0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {531A62BE-92DE-4A89-A078-E89EF2BB399D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-04-14] (AVAST Software)
Task: {55DB3FF8-AE9C-4E10-BB60-5B0833CADEE2} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {5A7274C4-F097-4066-A80E-8BDEA9EB560B} - System32\Tasks\AsrKM => C:\Program Files (x86)\ASRock Utility\Key Master\AsrKM.exe
Task: {AB188C29-C9DA-405D-B004-45D323ED6CC4} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {B6CC56C8-BC3D-4725-B80F-202CD4647BC9} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-09] (AVAST Software)
Task: {DB1F25E0-D6E3-4BED-BF1C-2BB7B7EA0F44} - System32\Tasks\EPSON WF-4730 Series Update {8FCF7EF3-8F9F-4A65-BEEB-38A1FEEF2B85} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {DE5838EA-EAE7-4BAC-9199-2A79C6D63F14} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-01-17 15:26 - 2013-05-28 19:58 - 000454656 _____ () C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
2014-01-17 15:38 - 2012-12-24 22:08 - 000049152 _____ () C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe
2016-11-17 22:05 - 2016-11-17 22:05 - 000156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2018-04-14 17:08 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-14 17:08 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000728792 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000920280 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000348888 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000329432 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll
2017-03-14 10:43 - 2016-11-17 22:16 - 000805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2017-03-14 10:43 - 2016-11-17 22:18 - 001981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2017-03-14 10:43 - 2016-11-17 22:11 - 000247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2017-03-14 10:43 - 2016-11-17 22:10 - 000212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2017-03-14 10:43 - 2016-11-17 22:11 - 000174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2017-03-14 10:43 - 2016-11-17 22:10 - 000203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2017-03-14 10:43 - 2016-11-17 22:09 - 000206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2017-03-14 10:43 - 2016-11-17 22:09 - 000336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2017-03-14 10:43 - 2016-11-17 22:06 - 000147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2017-03-14 10:43 - 2016-11-17 22:11 - 000213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2017-03-14 10:43 - 2016-11-17 22:07 - 000229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2017-03-14 10:43 - 2016-11-17 22:08 - 000224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2017-03-14 10:43 - 2016-11-17 22:06 - 000211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2017-03-14 10:43 - 2016-11-17 22:08 - 000219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-17 15:10 - 2017-01-24 20:16 - 000382072 _____ () C:\Windows\system32\igfxTray.exe
2013-08-08 16:30 - 2013-08-08 16:30 - 000283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2018-04-09 16:40 - 2018-04-09 16:40 - 000349912 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000295640 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000763608 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000911064 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000969944 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000501464 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-04-22 10:44 - 2018-04-22 10:44 - 005817488 _____ () C:\Program Files\AVAST Software\Avast\defs\18042204\algo.dll
2018-03-09 23:35 - 2018-03-09 23:35 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000281816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2014-01-17 19:10 - 2012-08-15 06:29 - 000807440 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2014-01-17 19:10 - 2012-08-01 04:47 - 001319024 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
2014-01-17 19:10 - 2012-08-15 06:29 - 000176656 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2014-01-17 15:39 - 2014-01-17 15:39 - 000315392 _____ () C:\Program Files (x86)\D-Link\DWA-121 revA\ANPDApi.dll
2014-01-17 15:38 - 2013-01-18 20:21 - 000303104 _____ () C:\Program Files (x86)\D-Link\DWA-121 revA\WlanApp.dll
2014-01-17 19:10 - 2012-06-07 21:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-01-17 15:17 - 2013-09-03 18:52 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2018-04-02 14:01 - 000001314 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3746497652-99284834-819367531-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{437AC30D-0F9B-43E7-9D26-C8636D8530B2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{2F2ADC61-5CCA-46C3-AF0C-968FBD6DDDC2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{E1DE450D-22E1-4515-9185-DEBB16A33A09}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{4DA3649B-B12B-4F9E-9A76-1DBDA889922D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{8A694256-2763-4166-9A98-A5A27CB75D38}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{080F6635-8C33-401D-8ED9-56E58CBE1763}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe
FirewallRules: [{CBAE2DFC-5892-40D5-8B64-429AEDD90798}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{77980433-A4CD-454B-9590-DC596FD977C5}] => (Allow) LPort=2869
FirewallRules: [{02CD281D-F5FE-4C16-BB5D-770C97885FB1}] => (Allow) LPort=1900
FirewallRules: [{0A6EDCEE-3772-4937-9259-9743EFE90218}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56591900-419A-4E7F-83C6-5B7E436A5867}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DE3875E1-1CBD-4B36-A128-98E6BE7B4277}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{42A6BA4A-0B2F-47A4-AFBE-B33EB0EFCE18}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9C573DF7-AD6D-496C-94B5-36AD74F52831}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{2D85E6BC-B7CC-4B73-BBB4-5B77121C545F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{4398F3A2-C44E-46A8-918B-588811245027}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{C1F7DDBC-9198-4C61-9BA1-250B989ABD0C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{CA3F79F9-4A3F-40EE-93C6-95AD8EE2B646}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C0F79F1B-3D4F-45AD-8477-AE98AB1A9D3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{20031123-092F-452E-BE60-71A0DE7F51DE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{ABDB47A6-1625-4321-A12F-A284E0FB870A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F4A17B77-FE1A-435C-88D7-8F0DE8CDB82F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{496EC95E-B032-49AB-85FB-E03BE7AFDB49}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{72D34638-9CF3-4AA4-921E-CC1CC979695B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2193D02B-5BE3-4E64-B7D1-1F885AD89AC7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{03288EAC-4001-49BF-9141-825ECE93EDEA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{93696BD6-5E28-4312-8B95-01D90D5CE082}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [TCP Query User{4A967B84-3D24-41EC-8B42-45D2CBC856C5}C:\users\helena\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\helena\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{A824A650-A52A-4286-A419-BA37C3185861}C:\users\helena\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\helena\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{FD841DEF-C0D2-4244-9C9C-62291C093A2D}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{328D97EB-BCF9-4A18-81AA-BB4FC23BAB94}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{C1FD0C32-3525-4EF7-9AB7-9ECFCBDBB016}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{DCE57AB0-8DCB-4C89-B394-1235CF6D7689}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{0EDA36B4-500F-4740-BF47-568D4576A1CB}C:\users\helena\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\helena\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{7C47D469-5995-453E-8AC8-FCFF8A61EBB5}C:\users\helena\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\helena\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{8DF06B75-92D7-47AE-8565-826DA6A077DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DA141B49-AD6F-473A-AAF5-AC02A28833D5}] => (Allow) C:\Users\Helena\AppData\Local\Chromium\Application\chrome.exe

==================== Restore Points =========================

02-03-2018 01:08:59 Scheduled Checkpoint
10-03-2018 14:22:02 Scheduled Checkpoint
12-03-2018 16:15:41 Windows Update
17-03-2018 19:01:19 Installed FAX Utility
25-03-2018 01:02:37 Scheduled Checkpoint
02-04-2018 12:42:49 Scheduled Checkpoint
09-04-2018 18:26:45 Scheduled Checkpoint
17-04-2018 00:00:04 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2018 10:45:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/22/2018 10:43:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (04/22/2018 10:44:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (04/22/2018 10:43:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2018-04-22 19:44:23.282
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-22 18:59:58.905
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-22 18:49:45.458
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-22 18:36:16.389
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-22 18:28:59.547
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-22 10:57:12.877
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 16048.74 MB
Available physical RAM: 12546.88 MB
Total Virtual: 32095.64 MB
Available Virtual: 28677.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:757.27 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D39C8DFD)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Uninstall:

CCleaner

Emsisoft Anti-Malware 

SUPERAntiSpyware

 

I see some minidumps so let's see what they have to say:

 

Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

 

Tonight while you sleep let Avast do a boot-time scan:

 

Mute your speakers so it doesn't wake you up when Windows boots.

Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.  
When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.
 


  • 0

#7
Webslinger64

Webslinger64

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 567 posts

BlueScreenView BSOD.txt below

 

==================================================
Dump File         : 032518-17331-01.dmp
Crash Time        : 3/25/2018 1:18:16 AM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 00000000`00000003
Parameter 2       : fffffa80`10462a10
Parameter 3       : fffff800`04960428
Parameter 4       : fffffa80`1080e9c0
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+a62a0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.24024 (win7sp1_ldr.180112-0600)
Processor         : x64
Crash Address     : ntoskrnl.exe+a62a0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\032518-17331-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 319,184
Dump File Time    : 3/25/2018 9:20:09 AM
==================================================

==================================================
Dump File         : 032418-22292-01.dmp
Crash Time        : 3/24/2018 10:23:28 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 00000000`00000003
Parameter 2       : fffffa80`103b8a10
Parameter 3       : fffff800`04960428
Parameter 4       : fffffa80`0e8149b0
Caused By Driver  : kbdhid.sys
Caused By Address : kbdhid.sys+7e279b0
File Description  :
Product Name      :
Company           :
File Version      :
Processor         : x64
Crash Address     : ntoskrnl.exe+a62a0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\032418-22292-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 320,592
Dump File Time    : 3/24/2018 11:06:30 PM
==================================================

 


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

BlueScreenView shows a standard Windows file is the culprit.  Usually this is caused by overheating or bad RAM.

 

Run Speedfan to monitor your temps in real time:



http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray.

 

With nothing running, what is the highest temp you see?

Watch a video or run an anti-virus scan or play a game for 5 minutes or so.

What is now the highest temp?


  • 0

#9
Webslinger64

Webslinger64

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 567 posts

Avast log below. I will install Speedfan tonight and monitor PC temps as you suggested, then post here for your review.

 

04/23/2018 09:39
Scan of C:

Scan of *STARTUP

Number of searched folders: 57386
Number of tested files: 948831
Number of infected files: 0
 


  • 0

#10
Webslinger64

Webslinger64

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 567 posts

Sorry for the delay. Have an 89 yr. old father-in-law that lives with us. He is in the hospital.  It will be a couple more days before I can attend to this properly. Didn't want to leave you hanging.  Thanks.


  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

No hurry.  Get back to it when you can.


  • 0

#12
Webslinger64

Webslinger64

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 567 posts

In both cases, the highest temperature showing is AUX: 47° Playing video or running an Anti-virus scan didn't seem to make a difference at all.


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Nice temps.  I would run the built-in memory test or better the mem386+ test to rule out bad RAM:

https://www.howtogee...m-for-problems/


  • 0

#14
Webslinger64

Webslinger64

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 567 posts

Ran both tests and got a thumbs up on the results. RAM seems to be fine. Is there more to do to get rid of the Chromium infection? I still have a Chromium icon in my toolbar.


  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Try right clicking on the icon.  There should be an option to remove from Chrome.

 

Let's see a final FRST scan to make sure nothing has come back.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP