Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Chromium malware infection? Pretty sure, but could be more...

Started by Webslinger64 , Apr 15 2018 10:11 AM

Please log in to reply

#16
Webslinger64

Posted 10 May 2018 - 09:32 AM

Member

Topic Starter
Member
567 posts

Here you go. Posted both FRST.txt and Addition.txt that the scan produced. Also, did find a Chromium folder in Helena/AppData/Local/chromium. The Helena folder is located on her desktop.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018
Ran by Helena (administrator) on HELENA-PC (10-05-2018 09:24:25)
Running from C:\Users\Helena\Desktop\Virus Fix
Loaded Profiles: Helena (Available Profiles: Helena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
() C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Amazon Services LLC) C:\Users\Helena\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIQDE.EXE
(Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIQDE.EXE
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Helena\Desktop\Virus Fix\FRST64(1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [382072 2017-01-24] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-09] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-10] (Intel Corporation)
HKLM-x32\...\Run: [D-Link D-Link DWA-121] => C:\Program Files (x86)\D-Link\DWA-121 revA\AirNCFG.exe [1079600 2013-03-19] (D-Link Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-08-14] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653280 2017-07-30] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862176 2017-07-30] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1707632 2012-08-14] (CyberLink Corp.)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [BlueStacksFriends] => C:\Users\Helena\AppData\Local\Programs\BlueStacksFriends\BlueStacksFriends.exe --hidden
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [Amazon Music] => C:\Users\Helena\AppData\Local\Amazon Music\Amazon Music Helper.exe [3700200 2017-08-11] (Amazon Services LLC)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIQDE.EXE [418000 2016-07-13] (Seiko Epson Corporation)
HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIQDE.EXE [418000 2016-07-13] (Seiko Epson Corporation)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-01-17]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2017-12-09]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{84E3B946-060C-44A1-B082-3D7859732B3B}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{A4E4995F-30E7-4BDF-849C-4FC850F0AC69}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B23E0276-C119-4F48-B89C-E1E8E4042BBF}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3746497652-99284834-819367531-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-3746497652-99284834-819367531-1000 -> {0B4B42D6-A7FF-41B5-9E4C-7B26AD6D9226} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-02-14] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-02-14] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-12] (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-11-13] (Belarc, Inc.)

FireFox:
========
FF DefaultProfile: gsswu6vt.default-1438795000345-1514703935158
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158 [2018-05-10]
FF Homepage: Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158 -> hxxps://www.google.com/
FF Extension: (StumbleBar by StumbleUpon) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\[email protected] [2018-01-25]
FF Extension: (Honey) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\[email protected] [2018-05-03]
FF Extension: (Dark Background and Light Text) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\[email protected] [2018-02-11]
FF Extension: (Avast Online Security) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\[email protected] [2017-11-16]
FF Extension: (Save Button for Pinterest) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2018-02-18]
FF Extension: (Video DownloadHelper) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-16]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\gsswu6vt.default-1438795000345-1514703935158\features\{445ef1f4-2336-4564-82e5-427963760ff2}\[email protected] [2018-05-04] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3746497652-99284834-819367531-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Helena\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-05-09] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default [2018-04-22]
CHR Extension: (Slides) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-28]
CHR Extension: (Docs) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-29]
CHR Extension: (Google Drive) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-18]
CHR Extension: (Skype Calling) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-05-12]
CHR Extension: (YouTube) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-18]
CHR Extension: (Avast SafePrice) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-28]
CHR Extension: (Sheets) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-18]
CHR Extension: (Avast Online Security) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-28]
CHR Extension: (Gmail) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-18]
CHR Extension: (Chrome Media Router) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-28]
CHR HKLM\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3746497652-99284834-819367531-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pdpcpceofkopegffcdnffeenbfdldock] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASRockIOMon; C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-09] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-09] (AVAST Software)
R2 D_Link_DWA-121_WPS; C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe [49152 2012-12-24] () [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2017-05-10] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-14] (SEIKO EPSON CORPORATION)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2017-01-24] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-06-08] ()
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-01-17] (ASRock Incorporation)
S3 AsrHidFilter; C:\Windows\System32\DRIVERS\AsrHidFilter.sys [20232 2013-09-09] (ASRock Inc.)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-05-09] (ASRock Inc.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-04-09] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-09] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-09] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-09] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-09] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [227784 2018-04-09] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-04-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [147224 2018-04-12] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111352 2018-04-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-04-09] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-04-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-04-09] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-04-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380528 2018-04-09] (AVAST Software)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DRTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-20] (Realtek Semiconductor Corporation )
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-07] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-14] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-12-31] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-12-31] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-09 17:09 - 2018-05-09 23:28 - 000000000 ____D C:\Users\Helena\Desktop\Carilloha 3
2018-05-09 15:40 - 2018-05-09 15:40 - 000133640 _____ (Zoom Video Communications, Inc.) C:\Users\Helena\Downloads\Zoom_launcher(1).exe
2018-05-09 15:40 - 2018-05-09 15:40 - 000000000 ____D C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2018-05-08 22:16 - 2018-05-09 19:17 - 000000000 ____D C:\Users\Helena\Desktop\Real Time Pain Relief
2018-05-05 18:39 - 2018-05-05 18:39 - 000034072 _____ C:\Users\Helena\Downloads\Untitled design(2).pdf
2018-05-03 10:39 - 2018-03-30 20:09 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-05-03 10:39 - 2018-03-30 20:09 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-05-03 10:39 - 2018-03-30 20:09 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-05-03 10:39 - 2018-03-30 20:09 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-05-03 10:39 - 2018-03-30 20:09 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-05-03 10:39 - 2018-03-30 19:45 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-05-03 10:39 - 2018-03-30 19:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-05-03 10:39 - 2018-03-30 19:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-05-03 10:39 - 2018-03-30 19:38 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:12 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 19:06 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-05-03 10:39 - 2018-03-30 19:06 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-05-03 10:39 - 2018-03-30 19:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-05-03 10:39 - 2018-03-30 19:06 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-05-03 10:39 - 2018-03-30 19:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-05-03 10:39 - 2018-03-30 19:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-05-03 10:39 - 2018-03-30 19:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-05-03 10:39 - 2018-03-30 18:59 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-05-03 10:39 - 2018-03-30 18:58 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-05-03 10:39 - 2018-03-30 18:58 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-05-03 10:39 - 2018-03-30 18:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-05-03 10:39 - 2018-03-30 18:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-05-03 10:39 - 2018-03-30 18:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-05-03 10:39 - 2018-03-30 18:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-05-03 10:39 - 2018-03-30 18:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-05-03 10:39 - 2018-03-30 18:47 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-05-03 10:39 - 2018-03-30 18:47 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-05-03 10:39 - 2018-03-30 18:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 18:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 18:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 18:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-05-03 10:39 - 2018-03-30 18:47 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-05-03 10:39 - 2018-03-28 01:30 - 003225600 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-05-03 10:39 - 2018-03-23 12:50 - 000396952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-05-03 10:39 - 2018-03-23 11:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-05-03 10:39 - 2018-03-22 17:00 - 025742336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-05-03 10:39 - 2018-03-22 15:32 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-05-03 10:39 - 2018-03-22 15:32 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-05-03 10:39 - 2018-03-22 15:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-05-03 10:39 - 2018-03-22 15:19 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-05-03 10:39 - 2018-03-22 15:18 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-05-03 10:39 - 2018-03-22 15:17 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-05-03 10:39 - 2018-03-22 15:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-05-03 10:39 - 2018-03-22 15:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-05-03 10:39 - 2018-03-22 15:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-05-03 10:39 - 2018-03-22 15:15 - 005780480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-05-03 10:39 - 2018-03-22 15:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-05-03 10:39 - 2018-03-22 15:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-05-03 10:39 - 2018-03-22 15:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-05-03 10:39 - 2018-03-22 15:06 - 000794112 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-05-03 10:39 - 2018-03-22 15:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-05-03 10:39 - 2018-03-22 15:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-05-03 10:39 - 2018-03-22 15:05 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-05-03 10:39 - 2018-03-22 15:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-05-03 10:39 - 2018-03-22 14:58 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-05-03 10:39 - 2018-03-22 14:55 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-05-03 10:39 - 2018-03-22 14:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-05-03 10:39 - 2018-03-22 14:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-05-03 10:39 - 2018-03-22 14:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-05-03 10:39 - 2018-03-22 14:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-05-03 10:39 - 2018-03-22 14:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-05-03 10:39 - 2018-03-22 14:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-05-03 10:39 - 2018-03-22 14:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-05-03 10:39 - 2018-03-22 14:48 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-05-03 10:39 - 2018-03-22 14:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-05-03 10:39 - 2018-03-22 14:45 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-05-03 10:39 - 2018-03-22 14:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-05-03 10:39 - 2018-03-22 14:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-05-03 10:39 - 2018-03-22 14:44 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-05-03 10:39 - 2018-03-22 14:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-05-03 10:39 - 2018-03-22 14:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-05-03 10:39 - 2018-03-22 14:42 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-05-03 10:39 - 2018-03-22 14:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-05-03 10:39 - 2018-03-22 14:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-05-03 10:39 - 2018-03-22 14:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-05-03 10:39 - 2018-03-22 14:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-05-03 10:39 - 2018-03-22 14:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-05-03 10:39 - 2018-03-22 14:29 - 015282688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-05-03 10:39 - 2018-03-22 14:29 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-05-03 10:39 - 2018-03-22 14:29 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-05-03 10:39 - 2018-03-22 14:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-05-03 10:39 - 2018-03-22 14:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-05-03 10:39 - 2018-03-22 14:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-05-03 10:39 - 2018-03-22 14:27 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-05-03 10:39 - 2018-03-22 14:27 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-05-03 10:39 - 2018-03-22 14:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-05-03 10:39 - 2018-03-22 14:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-05-03 10:39 - 2018-03-22 14:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-05-03 10:39 - 2018-03-22 14:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-05-03 10:39 - 2018-03-22 14:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-05-03 10:39 - 2018-03-22 14:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-05-03 10:39 - 2018-03-22 14:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-05-03 10:39 - 2018-03-22 14:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-05-03 10:39 - 2018-03-22 14:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-05-03 10:39 - 2018-03-22 14:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-05-03 10:39 - 2018-03-22 14:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-05-03 10:39 - 2018-03-22 14:04 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-05-03 10:39 - 2018-03-22 13:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-05-03 10:39 - 2018-03-22 13:53 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-05-03 10:39 - 2018-03-22 13:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-05-03 10:39 - 2018-03-22 13:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-05-03 10:39 - 2018-03-14 11:14 - 000135360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-05-03 10:39 - 2018-03-14 11:09 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-05-03 10:39 - 2018-03-14 07:05 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-05-03 10:39 - 2018-03-14 07:05 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-05-03 10:39 - 2018-03-14 07:05 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-05-03 10:39 - 2018-03-14 07:05 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-05-03 10:39 - 2018-03-14 07:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-05-03 10:39 - 2018-03-14 07:05 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-05-03 10:39 - 2018-03-14 07:05 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-05-03 10:39 - 2018-03-14 07:05 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-05-03 10:39 - 2018-03-10 11:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-05-03 10:39 - 2018-03-09 12:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-05-03 10:39 - 2018-03-09 12:12 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-05-03 10:39 - 2018-03-09 12:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-05-03 10:39 - 2018-03-09 12:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-05-03 10:39 - 2018-03-09 12:12 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-05-03 10:39 - 2018-03-09 12:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-05-03 10:39 - 2018-03-09 12:07 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-05-03 10:39 - 2018-03-09 12:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-05-03 10:39 - 2018-03-09 12:07 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-05-03 10:39 - 2018-03-09 12:06 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-05-03 10:39 - 2018-03-09 12:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-05-03 10:39 - 2018-03-09 11:31 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-05-03 10:39 - 2018-03-06 12:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-05-03 10:39 - 2018-03-06 12:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-05-03 10:39 - 2018-03-06 12:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-05-03 10:39 - 2018-03-06 12:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-05-03 10:39 - 2018-03-06 12:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-05-03 10:39 - 2018-03-06 12:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-05-03 10:39 - 2018-02-21 21:28 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-05-03 10:39 - 2018-02-21 21:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-05-03 10:39 - 2018-02-18 15:34 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-05-03 10:39 - 2018-02-10 12:35 - 000367296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-05-03 10:39 - 2018-02-10 12:35 - 000334528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-05-03 10:39 - 2018-02-10 12:35 - 000185024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-05-03 10:39 - 2018-02-10 12:35 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-05-03 10:39 - 2018-02-10 12:35 - 000068288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-05-03 10:39 - 2018-02-10 12:35 - 000064192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-05-03 10:39 - 2018-02-10 12:35 - 000063168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2018-05-03 10:39 - 2018-02-10 12:35 - 000060608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-05-03 10:39 - 2018-02-10 12:35 - 000036032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2018-05-03 10:39 - 2018-02-10 12:35 - 000031936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2018-05-03 10:39 - 2018-02-10 12:35 - 000023744 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2018-05-03 10:39 - 2018-02-10 12:35 - 000020160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-05-03 10:39 - 2018-02-10 12:35 - 000015040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-05-03 10:39 - 2018-02-10 12:35 - 000012096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2018-05-03 10:39 - 2018-02-10 12:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2018-05-03 10:39 - 2018-02-10 12:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-05-03 10:39 - 2018-02-10 12:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\racpldlg.dll
2018-05-03 10:39 - 2018-02-10 12:11 - 003665920 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-05-03 10:39 - 2018-02-10 12:11 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-05-03 10:39 - 2018-02-10 12:11 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
2018-05-03 10:39 - 2018-02-10 12:11 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-05-03 10:39 - 2018-02-10 11:36 - 000108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msra.exe
2018-05-03 10:39 - 2018-02-10 11:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdchange.exe
2018-05-03 10:39 - 2018-02-10 11:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2018-05-03 10:39 - 2018-02-10 11:26 - 000653312 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-05-03 10:39 - 2018-02-10 11:26 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2018-05-03 10:39 - 2018-02-10 11:25 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
2018-05-03 10:39 - 2018-02-10 11:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2018-05-03 10:39 - 2018-02-10 11:25 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2018-05-03 10:39 - 2018-02-02 12:40 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-05-03 10:39 - 2018-02-02 12:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-05-03 10:39 - 2018-02-02 12:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2018-05-03 10:39 - 2018-02-02 12:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2018-05-03 10:39 - 2018-02-02 12:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-05-03 10:39 - 2018-02-02 12:16 - 003246080 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-05-03 10:39 - 2018-02-02 12:16 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-05-03 10:39 - 2018-02-02 12:16 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-05-03 10:39 - 2018-02-02 12:14 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-05-03 10:39 - 2018-02-02 12:14 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-05-03 10:39 - 2018-02-02 11:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2018-05-03 10:39 - 2018-02-02 11:36 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-05-03 10:39 - 2018-01-25 08:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-05-03 10:39 - 2018-01-25 08:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-05-03 10:39 - 2018-01-15 13:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-05-03 10:39 - 2018-01-15 13:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-05-03 10:39 - 2018-01-12 10:40 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2018-05-03 10:39 - 2018-01-12 10:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2018-04-30 21:43 - 2018-04-30 21:43 - 000035451 _____ C:\Users\Helena\Downloads\blogspotZTqWemailsubscribers.csv
2018-04-27 16:30 - 2018-05-08 22:17 - 000000000 ____D C:\Users\Helena\Desktop\PrAna Clothing
2018-04-26 21:09 - 2018-04-26 21:21 - 000000000 ____D C:\Users\Helena\Desktop\SenseofStyleTop5
2018-04-26 20:08 - 2018-04-26 21:21 - 000000000 ____D C:\Users\Helena\Desktop\Skirt Cents of Style
2018-04-25 22:40 - 2018-04-25 22:40 - 000000000 ____D C:\Users\Helena\Desktop\B & W Apothecary
2018-04-23 17:18 - 2018-04-23 17:18 - 000950672 _____ C:\Users\Helena\Downloads\Fight naked! And other epic love strategies Nate Bagley TEDx(1).mp4
2018-04-23 11:47 - 2018-05-02 08:53 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2018-04-23 11:47 - 2018-04-23 11:47 - 000001039 _____ C:\Users\Helena\Desktop\SpeedFan (2).lnk
2018-04-23 11:47 - 2018-04-23 11:47 - 000001003 _____ C:\Users\Helena\Desktop\SpeedFan.lnk
2018-04-23 11:47 - 2018-04-23 11:47 - 000000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2018-04-23 11:47 - 2018-04-23 11:47 - 000000000 ____D C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2018-04-23 11:46 - 2018-04-23 11:46 - 003086696 _____ C:\Users\Helena\Downloads\instspeedfan452 (1).exe
2018-04-23 09:16 - 2018-04-23 09:16 - 000001327 _____ C:\Users\Helena\Desktop\BlueScreenView.lnk
2018-04-23 09:15 - 2018-04-23 09:15 - 000141864 _____ C:\Users\Helena\Downloads\bluescreenview_setup.exe
2018-04-23 09:15 - 2018-04-23 09:15 - 000000000 ____D C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2018-04-23 09:15 - 2018-04-23 09:15 - 000000000 ____D C:\Program Files (x86)\NirSoft
2018-04-22 10:37 - 2018-04-22 21:58 - 000000000 ____D C:\Users\Helena\Desktop\Virus Fix
2018-04-16 19:21 - 2018-04-16 19:21 - 000950672 _____ C:\Users\Helena\Downloads\Fight naked! And other epic love strategies Nate Bagley TEDx.mp4
2018-04-15 19:22 - 2018-04-17 17:03 - 000000000 ____D C:\Users\Helena\Desktop\Hairstyles
2018-04-15 09:36 - 2018-05-10 09:24 - 000000000 ____D C:\FRST
2018-04-15 09:17 - 2018-04-15 09:17 - 002403328 _____ (Farbar) C:\Users\Helena\Downloads\FRST64.exe
2018-04-15 08:38 - 2018-04-15 08:38 - 007256272 _____ (Malwarebytes) C:\Users\Helena\Downloads\AdwCleaner.exe
2018-04-15 08:37 - 2018-04-15 08:37 - 006625600 _____ (Zemana Ltd. ) C:\Users\Helena\Downloads\Zemana.AntiMalware.Setup.exe
2018-04-15 08:20 - 2018-04-15 08:22 - 309750200 _____ (Emsisoft Ltd. ) C:\Users\Helena\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2018-04-15 07:22 - 2018-04-15 07:22 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Helena\Downloads\iExplore(1).exe
2018-04-15 07:20 - 2018-04-15 07:22 - 000003714 _____ C:\Users\Helena\Desktop\Rkill.txt
2018-04-15 07:20 - 2018-04-15 07:20 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Helena\Downloads\rkill.exe
2018-04-15 07:20 - 2018-04-15 07:20 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\Helena\Downloads\rkill64.exe
2018-04-14 17:08 - 2018-04-23 11:52 - 000001988 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-14 17:08 - 2018-04-14 17:08 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-14 17:08 - 2018-04-14 17:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-14 17:08 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-10 15:28 - 2018-04-10 15:28 - 000061754 _____ C:\Users\Helena\Downloads\2017W2.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-10 09:24 - 2017-12-31 01:43 - 001536630 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-05-10 09:24 - 2017-12-31 01:43 - 001494897 _____ C:\Windows\ZAM.krnl.trace
2018-05-10 09:23 - 2016-11-17 21:58 - 000000000 ____D C:\Users\Helena\AppData\LocalLow\Mozilla
2018-05-10 09:21 - 2014-03-21 14:37 - 000000000 ____D C:\Users\Helena\Documents\Outlook Files
2018-05-10 07:54 - 2017-05-12 16:59 - 000000000 ____D C:\Users\Helena\AppData\Roaming\Skype
2018-05-10 05:00 - 2009-07-13 22:45 - 000028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-10 05:00 - 2009-07-13 22:45 - 000028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-09 18:37 - 2017-12-15 21:29 - 000000000 ____D C:\Users\Helena\Desktop\Sponsored Campaigns 2017
2018-05-09 15:40 - 2015-09-16 16:00 - 000000000 ____D C:\Users\Helena\AppData\Roaming\Zoom
2018-05-09 14:35 - 2017-06-30 19:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-09 14:35 - 2014-01-17 15:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-08 22:10 - 2015-03-30 18:54 - 000000000 ____D C:\Users\Helena\Desktop\Giveaways
2018-05-08 21:19 - 2018-03-13 15:19 - 000004466 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-08 21:19 - 2015-10-06 21:22 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-05-08 21:19 - 2014-01-17 16:00 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-08 21:19 - 2014-01-17 16:00 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-08 21:19 - 2014-01-17 16:00 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-05-08 21:19 - 2014-01-17 15:59 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-04 07:53 - 2009-07-13 23:13 - 000786622 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-04 07:53 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2018-05-04 07:51 - 2017-03-14 10:53 - 000000000 __SHD C:\Users\Helena\IntelGraphicsProfiles
2018-05-04 07:46 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-03 21:12 - 2015-01-03 19:29 - 000000000 ____D C:\Users\Helena\Desktop\A Gal Needs
2018-05-03 13:15 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\rescache
2018-05-03 12:20 - 2009-07-13 22:45 - 000448696 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-03 12:18 - 2015-04-15 03:26 - 000000000 ____D C:\Windows\system32\appraiser
2018-05-03 10:51 - 2014-01-18 11:51 - 000000000 ____D C:\Windows\system32\MRT
2018-05-03 10:48 - 2017-10-29 19:47 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-03 10:48 - 2014-01-18 11:51 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-03 10:43 - 2014-01-17 15:23 - 000780998 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-02 08:47 - 2014-02-01 23:20 - 000133120 ___SH C:\Users\Helena\Thumbs.db
2018-05-02 08:45 - 2015-09-06 09:57 - 000732160 ___SH C:\Users\Helena\Desktop\Thumbs.db
2018-04-27 19:11 - 2016-09-13 20:31 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-27 19:11 - 2016-09-13 20:31 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-27 16:29 - 2018-01-29 20:52 - 000000000 ____D C:\Users\Helena\Desktop\Power Points
2018-04-23 22:56 - 2015-04-10 18:23 - 000000000 ____D C:\Users\Helena\Desktop\Insightful
2018-04-23 09:13 - 2014-01-17 16:22 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-04-12 12:41 - 2017-08-31 07:36 - 000147224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

==================== Files in the root of some directories =======

2014-01-17 15:20 - 2014-01-17 15:20 - 000000000 _____ () C:\Users\Helena\AppData\Local\Driver_LOM_8161Present.flag

Some files in TEMP:
====================
2018-04-23 11:47 - 2018-05-02 08:53 - 000192512 _____ () C:\Users\Helena\AppData\Local\Temp\sfamcc00001.dll
2015-02-10 11:56 - 2015-02-10 11:56 - 000105984 _____ () C:\Users\Helena\AppData\Local\Temp\sfextra.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-08 00:33

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Helena (10-05-2018 09:25:37)
Running from C:\Users\Helena\Desktop\Virus Fix
Windows 7 Home Premium Service Pack 1 (X64) (2014-01-17 20:53:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3746497652-99284834-819367531-500 - Administrator - Disabled)
Guest (S-1-5-21-3746497652-99284834-819367531-501 - Limited - Disabled)
Helena (S-1-5-21-3746497652-99284834-819367531-1000 - Administrator - Enabled) => C:\Users\Helena
HomeGroupUser$ (S-1-5-21-3746497652-99284834-819367531-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (HKLM\...\{F1EF6C33-1EAF-489E-A344-2838ECC22D47}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{73A43153-E77E-45E6-A18F-E549F8EB5664}) (Version: 2.7.1.1 - Intel) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\Amazon Amazon Music) (Version: 5.6.2.1097 - Amazon Services LLC)
ASRock HDMI Switch v1.0.25 (HKLM-x32\...\ASRock HDMI Switch_is1) (Version: 1.0.25 - )
ASRock Key Master v1.0.6 (HKLM-x32\...\ASRock Key Master_is1) (Version: 1.0.6 - )
ASRock XFast RAM v3.0.2 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Belarc Advisor 8.5b (HKLM-x32\...\Belarc Advisor) (Version: 8.5.2.0 - Belarc Inc.)
ClipGrab 3.6.8 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
CollageIt 1.9.3 (HKLM-x32\...\{D9757258-30B2-496E-86F2-84920C5858E1}_is1) (Version: 1.9.3 - PearlMountain Technology Co., Ltd)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2014 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
D-Link DWA-121 (HKLM-x32\...\{ACB879B8-19A7-4310-BD93-5D745CA6B798}) (Version: - D-Link Corporation)
E-Hammer (HKLM-x32\...\E-Hammer1.0.0) (Version: 1.0.0 - Asus)
Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.25.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
Epson WF-3720_4720_4730 Guide (HKLM-x32\...\UsersGuideEpson WF-3720_4720_4730 Guide_is1) (Version: 1.0 - Epson America, Inc.)
EPSON WF-4730 Series Printer Uninstall (HKLM\...\EPSON WF-4730 Series) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
FamilySearch Indexing 3.26.0 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.26.0 - FamilySearch)
F-Stream Tuning v2.0.39.1 (HKLM-x32\...\F-Stream Tuning_is1) (Version: 2.0.39.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4578 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{29539bc2-b48e-4b56-93e8-420e38a6d551}) (Version: 2.7.1.1 - Intel)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 1.1.87.0 - Logitech Europe S.A.)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 60.0 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0 (x64 en-US)) (Version: 60.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.0.6697 - Mozilla)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
Qualcomm Atheros Bandwidth Control Filter Driver (HKLM\...\{ABFED5A0-7D10-4617-A816-DD2D3B85706D}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (HKLM\...\{E970CE81-6F26-4274-8E4E-5AFC000FB888}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (HKLM\...\{401FADAA-1C16-4721-9F02-19067E1A1CA8}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16432 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-3746497652-99284834-819367531-1000\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3746497652-99284834-819367531-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-15] (Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-15] (Cyberlink)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL -> No File
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-01-24] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-09] (AVAST Software)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL -> No File
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1ECC6A56-4451-4D49-8A1D-9D59A68B8E73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.)
Task: {20924193-1A90-44BB-AF0B-752DEBEF3D79} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {3C2243FA-653F-45AC-A471-65AC640F8D7F} - System32\Tasks\EPSON WF-4730 Series Update {750347F4-02FD-494F-8F2A-C5D63F9BF75A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {4578A731-F52D-490C-B20F-9D41AF761950} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {4D7CC538-AEC6-419C-A4AB-7C6C4203C2F0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {531A62BE-92DE-4A89-A078-E89EF2BB399D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-04-14] (AVAST Software)
Task: {55DB3FF8-AE9C-4E10-BB60-5B0833CADEE2} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {5A7274C4-F097-4066-A80E-8BDEA9EB560B} - System32\Tasks\AsrKM => C:\Program Files (x86)\ASRock Utility\Key Master\AsrKM.exe
Task: {AB188C29-C9DA-405D-B004-45D323ED6CC4} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {B6CC56C8-BC3D-4725-B80F-202CD4647BC9} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-09] (AVAST Software)
Task: {DB1F25E0-D6E3-4BED-BF1C-2BB7B7EA0F44} - System32\Tasks\EPSON WF-4730 Series Update {8FCF7EF3-8F9F-4A65-BEEB-38A1FEEF2B85} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {DE5838EA-EAE7-4BAC-9199-2A79C6D63F14} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-01-17 15:26 - 2013-05-28 19:58 - 000454656 _____ () C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
2014-01-17 15:38 - 2012-12-24 22:08 - 000049152 _____ () C:\Program Files (x86)\D-Link\DWA-121 revA\ANIWConnService.exe
2016-11-17 22:05 - 2016-11-17 22:05 - 000156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2018-04-14 17:08 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000728792 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000920280 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000348888 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000329432 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll
2017-03-14 10:43 - 2016-11-17 22:16 - 000805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2017-03-14 10:43 - 2016-11-17 22:18 - 001981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2017-03-14 10:43 - 2016-11-17 22:11 - 000247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2017-03-14 10:43 - 2016-11-17 22:10 - 000212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2017-03-14 10:43 - 2016-11-17 22:11 - 000174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2017-03-14 10:43 - 2016-11-17 22:10 - 000203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2017-03-14 10:43 - 2016-11-17 22:09 - 000206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2017-03-14 10:43 - 2016-11-17 22:09 - 000336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2017-03-14 10:43 - 2016-11-17 22:06 - 000147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2017-03-14 10:43 - 2016-11-17 22:11 - 000213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2017-03-14 10:43 - 2016-11-17 22:07 - 000229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2017-03-14 10:43 - 2016-11-17 22:08 - 000224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2017-03-14 10:43 - 2016-11-17 22:06 - 000211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2017-03-14 10:43 - 2016-11-17 22:08 - 000219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-17 15:10 - 2017-01-24 20:16 - 000382072 _____ () C:\Windows\System32\igfxTray.exe
2013-08-08 16:30 - 2013-08-08 16:30 - 000283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2018-04-09 16:40 - 2018-04-09 16:40 - 000349912 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000295640 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000763608 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000911064 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000969944 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000501464 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-05-10 07:57 - 2018-05-10 07:57 - 005855888 _____ () C:\Program Files\AVAST Software\Avast\defs\18051002\algo.dll
2014-01-17 15:17 - 2013-09-03 18:52 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-01-17 19:10 - 2012-08-15 06:29 - 000807440 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2014-01-17 19:10 - 2012-08-01 04:47 - 001319024 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
2014-01-17 19:10 - 2012-08-15 06:29 - 000176656 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2018-03-09 23:35 - 2018-03-09 23:35 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-04-09 16:40 - 2018-04-09 16:40 - 000281816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-09-26 22:22 - 2017-09-26 22:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 008801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-17 15:39 - 2014-01-17 15:39 - 000315392 _____ () C:\Program Files (x86)\D-Link\DWA-121 revA\ANPDApi.dll
2014-01-17 15:38 - 2013-01-18 20:21 - 000303104 _____ () C:\Program Files (x86)\D-Link\DWA-121 revA\WlanApp.dll
2014-01-17 19:10 - 2012-06-07 21:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-07-16 01:33 - 2015-07-16 01:33 - 000196776 _____ () C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL
2015-11-11 03:42 - 2015-11-11 03:42 - 001045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2018-04-02 14:01 - 000001314 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3746497652-99284834-819367531-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{437AC30D-0F9B-43E7-9D26-C8636D8530B2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{2F2ADC61-5CCA-46C3-AF0C-968FBD6DDDC2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{E1DE450D-22E1-4515-9185-DEBB16A33A09}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{4DA3649B-B12B-4F9E-9A76-1DBDA889922D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{8A694256-2763-4166-9A98-A5A27CB75D38}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{080F6635-8C33-401D-8ED9-56E58CBE1763}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe
FirewallRules: [{CBAE2DFC-5892-40D5-8B64-429AEDD90798}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{77980433-A4CD-454B-9590-DC596FD977C5}] => (Allow) LPort=2869
FirewallRules: [{02CD281D-F5FE-4C16-BB5D-770C97885FB1}] => (Allow) LPort=1900
FirewallRules: [{0A6EDCEE-3772-4937-9259-9743EFE90218}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56591900-419A-4E7F-83C6-5B7E436A5867}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DE3875E1-1CBD-4B36-A128-98E6BE7B4277}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{42A6BA4A-0B2F-47A4-AFBE-B33EB0EFCE18}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9C573DF7-AD6D-496C-94B5-36AD74F52831}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{2D85E6BC-B7CC-4B73-BBB4-5B77121C545F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{4398F3A2-C44E-46A8-918B-588811245027}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{C1F7DDBC-9198-4C61-9BA1-250B989ABD0C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{CA3F79F9-4A3F-40EE-93C6-95AD8EE2B646}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C0F79F1B-3D4F-45AD-8477-AE98AB1A9D3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{20031123-092F-452E-BE60-71A0DE7F51DE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{ABDB47A6-1625-4321-A12F-A284E0FB870A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F4A17B77-FE1A-435C-88D7-8F0DE8CDB82F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{496EC95E-B032-49AB-85FB-E03BE7AFDB49}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{72D34638-9CF3-4AA4-921E-CC1CC979695B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2193D02B-5BE3-4E64-B7D1-1F885AD89AC7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{03288EAC-4001-49BF-9141-825ECE93EDEA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{93696BD6-5E28-4312-8B95-01D90D5CE082}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [TCP Query User{4A967B84-3D24-41EC-8B42-45D2CBC856C5}C:\users\helena\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\helena\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{A824A650-A52A-4286-A419-BA37C3185861}C:\users\helena\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\helena\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{FD841DEF-C0D2-4244-9C9C-62291C093A2D}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{328D97EB-BCF9-4A18-81AA-BB4FC23BAB94}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{C1FD0C32-3525-4EF7-9AB7-9ECFCBDBB016}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{DCE57AB0-8DCB-4C89-B394-1235CF6D7689}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{0EDA36B4-500F-4740-BF47-568D4576A1CB}C:\users\helena\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\helena\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{7C47D469-5995-453E-8AC8-FCFF8A61EBB5}C:\users\helena\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\helena\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{DA141B49-AD6F-473A-AAF5-AC02A28833D5}] => (Allow) C:\Users\Helena\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{AAB1F27F-C954-4409-B8D8-5BEDD60306CD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-03-2018 16:15:41 Windows Update
17-03-2018 19:01:19 Installed FAX Utility
25-03-2018 01:02:37 Scheduled Checkpoint
02-04-2018 12:42:49 Scheduled Checkpoint
09-04-2018 18:26:45 Scheduled Checkpoint
17-04-2018 00:00:04 Scheduled Checkpoint
24-04-2018 00:36:16 Scheduled Checkpoint
02-05-2018 00:00:00 Scheduled Checkpoint
03-05-2018 10:40:16 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/09/2018 10:07:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 60.0.0.6697, time stamp: 0x5aeb2d9d
Faulting module name: ntdll.dll, version: 6.1.7601.24094, time stamp: 0x5abee643
Exception code: 0xc0000374
Fault offset: 0x00000000000bf6b2
Faulting process id: 0x188c
Faulting application start time: 0x01d3e7d5482d4108
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: b072fc19-5407-11e8-ae10-bc5ff4e83965

Error: (05/05/2018 11:36:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 59.0.3.6691, time stamp: 0x5ae3b806
Faulting module name: ntdll.dll, version: 6.1.7601.24094, time stamp: 0x5abee643
Exception code: 0xc0000374
Fault offset: 0x00000000000bf6b2
Faulting process id: 0x1a68
Faulting application start time: 0x01d3e3af9f1321c8
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 6f664a8c-50ef-11e8-ae10-bc5ff4e83965

Error: (05/04/2018 07:51:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/04/2018 07:47:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/03/2018 12:42:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/03/2018 12:20:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/03/2018 10:29:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/03/2018 10:24:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (05/09/2018 02:17:14 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/08/2018 02:07:13 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/07/2018 01:57:11 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/06/2018 10:40:09 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer HAL-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A4E4995F-30E7-4BDF-849C-4FC850F0AC69}.
The master browser is stopping or an election is being forced.

Error: (05/06/2018 01:47:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/05/2018 01:37:18 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/04/2018 01:27:17 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (05/04/2018 07:48:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================

Date: 2018-04-23 09:00:40.344
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-23 08:44:01.405
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-22 19:44:23.282
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-22 18:59:58.905
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-22 18:49:45.458
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-22 18:36:16.389
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-22 18:28:59.547
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-22 10:57:12.877
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 26%
Total physical RAM: 16048.74 MB
Available physical RAM: 11861.74 MB
Total Virtual: 32095.64 MB
Available Virtual: 27934.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:751.86 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D39C8DFD)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#17
RKinner

Posted 10 May 2018 - 05:44 PM

Malware Expert

Expert
24,625 posts

I don't see Chromium except as a firewall rule. You can put chromium in the FRST search box and then hit Search Files then repeat for Search Registry

#18
Webslinger64

Posted 17 May 2018 - 06:42 AM

Member

Topic Starter
Member
567 posts

Search Files produced zero results for Chromium. However, Search Registry show the following results:

Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Helena (17-05-2018 06:37:56)
Running from C:\Users\Helena\Desktop\Virus Fix
Boot Mode: Normal

================== Search Registry: "Chromium" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds]
"ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithProgIds]
"ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgIDs]
"ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids]
"ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds]
"ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids]
"ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds]
"ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds]
"ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ]
""="Chromium HTML Document"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ\DefaultIcon]
""="C:\Users\Helena\AppData\Local\Chromium\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ\shell\open\command]
""=""C:\Users\Helena\AppData\Local\Chromium\Application\chrome.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ]
""="Chromium"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities]
"ApplicationDescription"="Chromium is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Chromium."
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities]
"ApplicationIcon"="C:\Users\Helena\AppData\Local\Chromium\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities]
"ApplicationName"="Chromium"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\FileAssociations]
".htm"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\FileAssociations]
".html"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\FileAssociations]
".pdf"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\FileAssociations]
".shtml"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\FileAssociations]
".svg"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\FileAssociations]
".xht"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\FileAssociations]
".xhtml"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\FileAssociations]
".webp"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\Startmenu]
"StartMenuInternet"="Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\URLAssociations]
"ftp"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\URLAssociations]
"http"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\URLAssociations]
"https"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\URLAssociations]
"irc"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\URLAssociations]
"mailto"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\URLAssociations]
"mms"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\URLAssociations]
"news"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\URLAssociations]
"nntp"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\URLAssociations]
"sms"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\URLAssociations]
"smsto"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\URLAssociations]
"tel"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\URLAssociations]
"urn"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities\URLAssociations]
"webcal"="ChromiumHTM.XIUDBZPT5X6VOEWSOD4EYYR3VQ"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\DefaultIcon]
""="C:\Users\Helena\AppData\Local\Chromium\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\InstallInfo]
"ReinstallCommand"=""C:\Users\Helena\AppData\Local\Chromium\Application\chrome.exe" --make-default-browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\InstallInfo]
"HideIconsCommand"=""C:\Users\Helena\AppData\Local\Chromium\Application\chrome.exe" --hide-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\InstallInfo]
"ShowIconsCommand"=""C:\Users\Helena\AppData\Local\Chromium\Application\chrome.exe" --show-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\shell\open\command]
""=""C:\Users\Helena\AppData\Local\Chromium\Application\chrome.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ"="Software\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications]
"Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ"="Software\Clients\StartMenuInternet\Chromium.XIUDBZPT5X6VOEWSOD4EYYR3VQ\Capabilities"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DA141B49-AD6F-473A-AAF5-AC02A28833D5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Helena\AppData\Local\Chromium\Application\chrome.exe|Name=Chromium (mDNS-In)|Desc=Inbound rule for Chromium to allow mDNS traffic.|EmbedCtxt=Chromium|"
[HKEY_USERS\S-1-5-21-3746497652-99284834-819367531-1000\Software\AVAST Software\Avast]
"rect_v8_DIALOG_CHROMIUM"="0x700200002A01000010050000E6020000"
[HKEY_USERS\S-1-5-21-3746497652-99284834-819367531-1000\Software\AVAST Software\Avast]
"rect_v8_APPSTORE_CHROMIUM"="0xC7010000B7000000B905000059030000"
[HKEY_USERS\S-1-5-21-3746497652-99284834-819367531-1000\Software\Chromium]
[HKEY_USERS\S-1-5-21-3746497652-99284834-819367531-1000\Software\Chromium]
"UninstallString"="C:\Users\Helena\AppData\Local\Chromium\Application\58.0.2988.0\Installer\setup.exe"
[HKEY_USERS\S-1-5-21-3746497652-99284834-819367531-1000\Software\Chromium]
"name"="Chromium"
[HKEY_USERS\S-1-5-21-3746497652-99284834-819367531-1000\Software\Chromium]
"InstallerSuccessLaunchCmdLine"=""C:\Users\Helena\AppData\Local\Chromium\Application\chrome.exe""
[HKEY_USERS\S-1-5-21-3746497652-99284834-819367531-1000\Software\Chromium\Commands\on-os-upgrade]
"CommandLine"=""C:\Users\Helena\AppData\Local\Chromium\Application\58.0.2988.0\Installer\setup.exe" --on-os-upgrade --verbose-logging"
[HKEY_USERS\S-1-5-21-3746497652-99284834-819367531-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Helena\AppData\Local\Chromium\Application\chrome.exe"="Chromium"

====== End of Search ======

#19
RKinner

Posted 18 May 2018 - 05:14 AM

Malware Expert

Expert
24,625 posts

Get Regseeker:

http://www.hoverdesk.net/download.php

The downloads are at the bottom. I would use the top one where it says RegSeeker Portable/Setup : From FossHub website
(It works for Win 10 too even tho it doesn't say.)
That now takes you to:
https://www.fosshub.com/RegSeeker.html

Where we need to click on
Download RegSeeker Portable

(If they still offer it as an optional download We do not want the Babylon toolbar!)

Download and Save (right click and Open Folder) then right click and Extract All. Extract. This will create a folder Regseeker47. Double click on it and you will see a folder regeseeker. Double click on it and inside it will be the regseeker.exe which you need to right click on and Run As Administrator. (If Windows Smart Screen blocks it from running, click on More Info then Run Anyway.

Select Registry.

Select Find in Registry.

In the Search For: box type: Chromium

Hit Search.

When it finishes, select them all by clicking on the first one then scrolling to the bottom. Hold down the Shift key and click on the bottom entry. Now go back and hold down the CTRL and click on any with the Avast. This should deselect them. In the right upper corner click on the three bars then on Delete Selected.

That should remove all of the Chromiums. You might want to verify that there is no folder:

C:\Users\Helena\AppData\Local\Chromium

This is a hidden location so you may need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

If you find it remove it.

#20
Webslinger64

Posted 25 May 2018 - 09:15 AM

Member

Topic Starter
Member
567 posts

Followed instructions, but ran into a glitch it seems. After running Regseeker, the search results show multiple Chromium instances in the registry. I select all, then locate the entries with Avast in them - I deselect those - then use the Delete Selected option in the three bars menu. When clicking that option, a pop window asks, "Delete all selected items?". I click "OK", which then pops up another window message that says, "Backup Name:" with a "Find in registry (date) and (time)". When I press "OK" on that message window, nothing happens. All of the search results that Regseeker found with Chromium in them remain, as do the AVAST results I deselected. So, nothing gets deleted.

Edit: Posted pics below that might help. Discovered when I closed Regseeker program, then opened it and reran the search, almost all of the Chromium instances it found the first time were gone. Not sure why the program wouldn't just show them having disappeared after I deleted them in the first place. However, there are a few instances of Chromium results that remain that are not associated with Avast.

Also, in the last pic I posted of that PC's Registry Editor under HKEY_CURRENT_USER the first and third folders in the tree look alien to me. Compared that tree to a partner PC on another desk and didn't find those same weird looking folders. Are those legit?

Attached Thumbnails

Edited by Webslinger64, 25 May 2018 - 09:48 AM.

#21
RKinner

Posted 25 May 2018 - 01:53 PM

Malware Expert

Expert
24,625 posts

I just tried Regseeker and it seems to be working OK. Did you do a second Find in the Registry? Did it find anything? It's possible that it's a glitch in FRST. I know when you have something unchecked in msconfig then check it FRST doesn't seem to notice the change. Perhaps this is the same thing? If Regseeker finds them again then find the backup file it made and right click and Edit then Copy and Paste it into a Reply.

The odd entries in the registry seem to be harmless. I have several similar ones but if you look at them they do not refer to any files or have much at all in them. Suspect they may be used by some trial software to tell when the trial expires. I have deleted one of them and nothing important seems to have stopped working.