Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected with Unwanted Websites and WordFence [Solved]

Started by Jackpine , Dec 30 2018 11:00 AM

  • This topic is locked This topic is locked

#46
Jackpine
Posted 20 January 2019 - 09:44 PM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.01.2019
Ran by Amanda (administrator) on AMANDA-HP (20-01-2019 22:41:14)
Running from C:\Users\Amanda\Desktop
Loaded Profiles: Amanda (Available Profiles: Amanda)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-10-01] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [308656 2019-01-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [308656 2019-01-04] (AVG Technologies CZ, s.r.o.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG)
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( )
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] ()
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\system32\l3codecp.acm [182272 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [126976 2015-10-24] ()
HKLM\...\Drivers32-x32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project)
HKLM\...\Drivers32-x32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( )
HKLM\...\Drivers32-x32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] ()
HKLM\...\Drivers32-x32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler)
HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32-x32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] ()
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}] -> msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2011-09-20] (Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] -> C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll [2011-09-20] (Broadcom Corporation.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9955086B-673D-4CF2-9BDF-346645A0F1B5}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON/4
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON/4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {25E212C1-69E6-4924-90D3-CD7783E644F9} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3956403641-1016103790-1991301254-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)

FireFox:
========
FF DefaultProfile: cjf2nppd.default-1547470643528
FF ProfilePath: C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\cjf2nppd.default-1547470643528 [2019-01-20]
FF Extension: (Adblock Plus) - C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\cjf2nppd.default-1547470643528\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-01-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2018-03-15] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-12-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-12-04] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [357872 2019-01-04] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7882752 2019-01-04] (AVG Technologies CZ, s.r.o.)
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3987152 2017-05-27] (Paramount Software UK Ltd)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37160 2019-01-04] (AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [203336 2019-01-04] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [223616 2019-01-14] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [196632 2019-01-04] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgblog.sys [320744 2019-01-04] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [58008 2019-01-04] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [46432 2019-01-04] (AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42336 2019-01-04] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [166840 2019-01-18] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [111848 2019-01-04] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [87992 2019-01-04] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1033904 2019-01-04] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [474504 2019-01-04] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [217912 2019-01-04] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [380000 2019-01-04] (AVG Technologies CZ, s.r.o.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2019-01-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 mrcbt; C:\Windows\System32\drivers\mrcbt.sys [73928 2018-03-28] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-20 22:41 - 2019-01-20 22:42 - 000017101 _____ C:\Users\Amanda\Desktop\FRST.txt
2019-01-20 16:29 - 2019-01-20 16:29 - 000000000 ____D C:\Users\Amanda\AppData\Local\ElevatedDiagnostics
2019-01-20 14:01 - 2019-01-20 14:01 - 000000000 ____D C:\Windows\CheckSur
2019-01-20 13:51 - 2019-01-20 13:59 - 564744309 _____ C:\Users\Amanda\Desktop\Windows6.1-KB947821-v34-x64.msu
2019-01-19 15:52 - 2019-01-20 14:35 - 000000000 ____D C:\SFCFix
2019-01-19 15:44 - 2019-01-20 14:35 - 000000000 ____D C:\Users\Amanda\AppData\Local\niemiro
2019-01-19 15:44 - 2019-01-19 15:44 - 002347008 _____ (niemiro) C:\Users\Amanda\Desktop\SFCFix.exe
2019-01-18 16:04 - 2019-01-18 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2019-01-18 16:04 - 2019-01-18 16:04 - 000000000 ____D C:\Program Files (x86)\ERUNT
2019-01-18 15:31 - 2019-01-10 19:49 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-01-18 15:31 - 2019-01-10 19:49 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-01-18 15:31 - 2019-01-10 19:47 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-01-18 15:31 - 2019-01-10 19:47 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-01-18 15:31 - 2019-01-10 19:47 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-01-18 15:31 - 2019-01-10 19:46 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-01-18 15:31 - 2019-01-10 19:34 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-01-18 15:31 - 2019-01-10 19:34 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-01-18 15:31 - 2019-01-10 19:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-01-18 15:31 - 2018-12-28 18:42 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-01-18 15:31 - 2018-12-28 17:52 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-01-18 15:31 - 2018-12-28 15:03 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-01-18 15:31 - 2018-12-28 15:02 - 005552360 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-01-18 15:31 - 2018-12-28 15:02 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-01-18 15:31 - 2018-12-28 15:02 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-01-18 15:31 - 2018-12-28 15:02 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-01-18 15:31 - 2018-12-28 15:01 - 001664360 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000876032 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:51 - 004055272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-01-18 15:31 - 2018-12-28 14:51 - 003960552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-01-18 15:31 - 2018-12-28 14:50 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000582144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:34 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-01-18 15:31 - 2018-12-28 14:34 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-01-18 15:31 - 2018-12-28 14:34 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-01-18 15:31 - 2018-12-28 14:34 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-01-18 15:31 - 2018-12-28 14:32 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2019-01-18 15:31 - 2018-12-28 14:31 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-01-18 15:31 - 2018-12-28 14:31 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-01-18 15:31 - 2018-12-28 14:31 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-01-18 15:31 - 2018-12-28 14:30 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-01-18 15:31 - 2018-12-28 14:28 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-01-18 15:31 - 2018-12-28 14:28 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-01-18 15:31 - 2018-12-28 14:28 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-01-18 15:31 - 2018-12-28 14:27 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-01-18 15:31 - 2018-12-28 14:27 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-01-18 15:31 - 2018-12-28 14:27 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-01-18 15:31 - 2018-12-28 14:27 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-01-18 15:31 - 2018-12-28 14:27 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-01-18 15:31 - 2018-12-28 14:27 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-01-18 15:31 - 2018-12-28 14:27 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-01-18 15:31 - 2018-12-28 14:27 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-01-18 15:31 - 2018-12-28 14:27 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-01-18 15:31 - 2018-12-28 14:26 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-01-18 15:31 - 2018-12-28 14:26 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 14:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-01-18 15:31 - 2018-12-28 13:09 - 000419608 _____ C:\Windows\SysWOW64\locale.nls
2019-01-18 15:31 - 2018-12-28 13:09 - 000419608 _____ C:\Windows\system32\locale.nls
2019-01-18 15:31 - 2018-12-27 19:01 - 025738240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-01-18 15:31 - 2018-12-27 18:50 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-01-18 15:31 - 2018-12-27 18:50 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-01-18 15:31 - 2018-12-27 18:38 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-01-18 15:31 - 2018-12-27 18:37 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-01-18 15:31 - 2018-12-27 18:36 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-01-18 15:31 - 2018-12-27 18:36 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-01-18 15:31 - 2018-12-27 18:36 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-01-18 15:31 - 2018-12-27 18:36 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-01-18 15:31 - 2018-12-27 18:31 - 005778944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-01-18 15:31 - 2018-12-27 18:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-01-18 15:31 - 2018-12-27 18:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-01-18 15:31 - 2018-12-27 18:26 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-01-18 15:31 - 2018-12-27 18:25 - 020279808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-01-18 15:31 - 2018-12-27 18:25 - 000790016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-01-18 15:31 - 2018-12-27 18:25 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-01-18 15:31 - 2018-12-27 18:25 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-01-18 15:31 - 2018-12-27 18:24 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-01-18 15:31 - 2018-12-27 18:17 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-01-18 15:31 - 2018-12-27 18:17 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-01-18 15:31 - 2018-12-27 18:14 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-01-18 15:31 - 2018-12-27 18:07 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-01-18 15:31 - 2018-12-27 18:07 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-01-18 15:31 - 2018-12-27 18:06 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-01-18 15:31 - 2018-12-27 18:05 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-01-18 15:31 - 2018-12-27 18:05 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-01-18 15:31 - 2018-12-27 18:04 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-01-18 15:31 - 2018-12-27 18:04 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-01-18 15:31 - 2018-12-27 18:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-01-18 15:31 - 2018-12-27 18:03 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-01-18 15:31 - 2018-12-27 18:03 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-01-18 15:31 - 2018-12-27 18:02 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-01-18 15:31 - 2018-12-27 18:01 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-01-18 15:31 - 2018-12-27 17:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-01-18 15:31 - 2018-12-27 17:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-01-18 15:31 - 2018-12-27 17:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-01-18 15:31 - 2018-12-27 17:56 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-01-18 15:31 - 2018-12-27 17:55 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-01-18 15:31 - 2018-12-27 17:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-01-18 15:31 - 2018-12-27 17:55 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-01-18 15:31 - 2018-12-27 17:50 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-01-18 15:31 - 2018-12-27 17:48 - 015284224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-01-18 15:31 - 2018-12-27 17:48 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-01-18 15:31 - 2018-12-27 17:48 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-01-18 15:31 - 2018-12-27 17:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-01-18 15:31 - 2018-12-27 17:46 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-01-18 15:31 - 2018-12-27 17:45 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-01-18 15:31 - 2018-12-27 17:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-01-18 15:31 - 2018-12-27 17:42 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-01-18 15:31 - 2018-12-27 17:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-01-18 15:31 - 2018-12-27 17:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-01-18 15:31 - 2018-12-27 17:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-01-18 15:31 - 2018-12-27 17:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-01-18 15:31 - 2018-12-27 17:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-01-18 15:31 - 2018-12-27 17:33 - 004860416 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-01-18 15:31 - 2018-12-27 17:33 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-01-18 15:31 - 2018-12-27 17:31 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-01-18 15:31 - 2018-12-27 17:29 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-01-18 15:31 - 2018-12-27 17:29 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-01-18 15:31 - 2018-12-27 17:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-01-18 15:31 - 2018-12-27 17:28 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-01-18 15:31 - 2018-12-27 17:22 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-01-18 15:31 - 2018-12-27 17:11 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-01-18 15:31 - 2018-12-27 17:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-01-18 15:31 - 2018-12-27 17:07 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-01-18 15:31 - 2018-12-27 17:06 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-01-18 15:31 - 2018-12-07 22:08 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2019-01-18 15:31 - 2018-12-07 22:08 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2019-01-18 15:31 - 2018-12-07 22:08 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2019-01-18 15:31 - 2018-12-07 22:08 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2019-01-18 15:31 - 2018-12-07 22:08 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2019-01-18 15:31 - 2018-12-07 22:08 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2019-01-18 15:31 - 2018-12-07 21:56 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2019-01-18 15:31 - 2018-12-07 21:56 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2019-01-18 15:31 - 2018-12-07 21:56 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2019-01-18 15:31 - 2018-12-07 21:47 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2019-01-18 15:31 - 2018-12-07 21:47 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2019-01-18 15:31 - 2018-12-07 21:47 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2019-01-18 15:31 - 2018-12-07 21:41 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2019-01-18 15:31 - 2018-12-07 21:41 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2019-01-18 15:31 - 2018-12-07 21:41 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2019-01-18 15:31 - 2018-12-07 10:33 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-01-18 15:31 - 2018-12-04 11:07 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2019-01-18 15:31 - 2018-12-04 11:07 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2019-01-18 15:31 - 2018-12-04 10:55 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2019-01-18 15:31 - 2018-12-04 10:55 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2019-01-18 15:31 - 2018-12-02 11:06 - 000687616 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000998480 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000918408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000066000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000063936 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000021968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000020944 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000019408 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000017872 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000017856 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000017360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000017352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000016336 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000015824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000015808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000015296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000014312 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000014272 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000013768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000013760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000013760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000013264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000012752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000012736 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000012264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000012240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000012240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000012240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000012232 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000012224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000012224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000012024 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000011752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000011728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000011728 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000011712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000011712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000011712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000011712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000011712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000011712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000011512 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000011216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000011216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000011216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2019-01-18 15:31 - 2018-10-12 08:05 - 000011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2019-01-16 16:04 - 2019-01-16 16:04 - 000899584 _____ (Farbar) C:\Users\Amanda\Desktop\FSS.exe
2019-01-16 14:41 - 2019-01-16 14:41 - 000757746 _____ C:\Users\Amanda\Documents\Joelene Reference Letter.pdf
2019-01-16 13:19 - 2019-01-16 13:19 - 000000245 _____ C:\Users\Amanda\Desktop\Contents Sale.URL
2019-01-14 12:42 - 2019-01-14 12:42 - 000223616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2019-01-14 07:50 - 2019-01-14 07:50 - 007320272 _____ (Malwarebytes) C:\Users\Amanda\Desktop\adwcleaner_7.2.6.0.exe
2019-01-12 15:39 - 2019-01-12 15:39 - 000000000 ____D C:\ProgramData\Emsisoft
2019-01-10 21:04 - 2019-01-10 21:04 - 000002306 _____ C:\Users\Amanda\Desktop\Beyond - Star Descendant Collectors.lnk
2019-01-10 21:03 - 2019-01-10 21:03 - 000000000 ____D C:\Program Files (x86)\Games
2019-01-07 15:20 - 2019-01-07 15:20 - 000000267 _____ C:\Users\Amanda\Desktop\G2G Forum.URL
2019-01-04 08:42 - 2019-01-04 08:41 - 000361392 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2019-01-04 08:42 - 2019-01-04 08:41 - 000320744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblog.sys
2019-01-04 08:42 - 2019-01-04 08:41 - 000196632 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2019-01-04 08:42 - 2019-01-04 08:41 - 000058008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2019-01-04 08:42 - 2019-01-04 08:41 - 000037160 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2019-01-03 18:31 - 2019-01-19 17:59 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2019-01-03 09:10 - 2019-01-03 09:10 - 048344608 _____ (Microsoft Corporation) C:\Users\Amanda\Desktop\Windows-KB890830-x64-V5.67.exe
2019-01-01 11:17 - 2019-01-01 11:17 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\AVG
2019-01-01 11:17 - 2019-01-01 11:17 - 000000000 ____D C:\Users\Amanda\AppData\Local\Avg
2019-01-01 11:17 - 2019-01-01 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2019-01-01 11:16 - 2019-01-19 17:59 - 000003904 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2019-01-01 11:16 - 2019-01-18 15:08 - 000166840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 001033904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000474504 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000380000 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000217912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000203336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000111848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000087992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000046432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2019-01-01 11:16 - 2019-01-04 08:41 - 000042336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2019-01-01 11:16 - 2019-01-01 11:16 - 000000000 ____D C:\Windows\System32\Tasks\AVG
2019-01-01 11:16 - 2019-01-01 11:16 - 000000000 ____D C:\Program Files\Common Files\AVG
2019-01-01 11:15 - 2019-01-01 11:15 - 000000000 ____D C:\Program Files\AVG
2019-01-01 11:14 - 2019-01-01 15:01 - 000000000 ____D C:\ProgramData\AVG
2018-12-31 10:01 - 2018-12-31 10:02 - 000206070 _____ C:\TDSSKiller.3.1.0.25_31.12.2018_10.01.41_log.txt
2018-12-31 10:01 - 2018-12-31 10:01 - 000000366 _____ C:\TDSSKiller.3.1.0.24_31.12.2018_10.01.05_log.txt
2018-12-30 11:38 - 2019-01-02 16:23 - 000000000 ____D C:\Program Files\Common Files\AV
2018-12-30 09:26 - 2019-01-20 09:39 - 002428416 _____ (Farbar) C:\Users\Amanda\Desktop\FRST64.exe
2018-12-27 13:30 - 2019-01-19 17:59 - 000003206 _____ C:\Windows\System32\Tasks\{B2859790-1CBC-48FC-B2DF-BED06E883DB7}

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-20 22:41 - 2018-05-16 20:49 - 000000000 ____D C:\FRST
2019-01-20 21:38 - 2018-03-14 21:02 - 000000000 ____D C:\Users\Amanda\AppData\LocalLow\Mozilla
2019-01-20 21:32 - 2018-03-14 21:11 - 000000000 ____D C:\Users\Amanda\AppData\Local\ClassicShell
2019-01-20 20:11 - 2018-03-14 20:29 - 000003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F52EBCF6-B655-4260-897D-6C56F659BD58}
2019-01-20 18:42 - 2018-04-09 13:43 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2019-01-20 16:54 - 2018-03-28 16:24 - 000000000 ____D C:\Games Downloaded
2019-01-20 16:35 - 2009-07-13 23:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-20 16:35 - 2009-07-13 23:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-20 16:21 - 2018-03-15 09:39 - 000000000 ____D C:\Windows\system32\MRT
2019-01-20 16:19 - 2018-03-15 09:39 - 132790320 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-01-20 13:47 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-19 20:14 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2019-01-19 18:51 - 2018-03-15 14:23 - 000000336 _____ C:\Windows\Tasks\HPCeeScheduleForAmanda.job
2019-01-19 18:50 - 2018-03-17 15:56 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\uTorrent
2019-01-19 17:59 - 2018-12-08 21:18 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-01-19 17:59 - 2018-12-08 21:18 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-01-19 17:59 - 2018-05-06 19:50 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-01-19 17:59 - 2018-04-30 19:02 - 000003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-01-19 17:59 - 2018-04-30 15:27 - 000003616 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-01-19 17:59 - 2018-04-30 15:27 - 000003370 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-01-19 17:59 - 2018-04-06 14:52 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-01-19 17:59 - 2018-04-06 14:52 - 000002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-01-19 17:59 - 2018-04-05 11:49 - 000004466 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-01-19 17:59 - 2018-03-15 14:23 - 000003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAmanda
2019-01-19 17:59 - 2018-03-14 21:38 - 000003136 _____ C:\Windows\System32\Tasks\klcp_update
2019-01-18 17:19 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-18 17:19 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-01-18 17:04 - 2018-07-13 11:03 - 000000000 ____D C:\Users\Amanda\Documents\Bob OlympiaFinancial
2019-01-18 16:16 - 2018-03-15 09:49 - 000766100 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-01-15 16:26 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2019-01-14 13:59 - 2018-04-10 09:39 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\MPC-HC
2019-01-12 09:44 - 2018-03-14 21:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-01-12 09:44 - 2018-03-14 21:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-01-10 21:04 - 2018-09-19 20:55 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\Mad Head Games
2019-01-10 10:21 - 2018-04-16 12:44 - 000000000 ____D C:\ProgramData\RedFox
2019-01-10 08:56 - 2018-09-23 08:36 - 000313366 _____ C:\Users\Amanda\Desktop\WindowsUpdate.diagcab
2019-01-09 14:46 - 2018-04-14 19:10 - 000000000 ____D C:\AdwCleaner
2019-01-09 08:15 - 2009-07-14 00:08 - 000032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-01-08 20:58 - 2018-07-01 09:39 - 000000000 ____D C:\Users\Amanda\Documents\Mom Menus
2019-01-05 18:27 - 2018-05-06 19:49 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-02 14:44 - 2018-05-07 13:48 - 000000233 _____ C:\Users\Amanda\Desktop\Cinematik.URL
2018-12-30 09:54 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\Help
2018-12-28 12:57 - 2018-03-15 15:55 - 000000000 ____D C:\Users\Amanda\AppData\Local\CrashDumps
2018-12-28 12:33 - 2018-03-14 20:26 - 000000000 ____D C:\Users\Amanda
2018-12-28 12:32 - 2018-10-29 14:26 - 000000000 ____D C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mahjong Epic 2
2018-12-28 12:32 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2018-12-28 11:42 - 2018-10-20 13:37 - 000000000 ____D C:\Users\Amanda\AppData\Local\Google
2018-12-25 08:51 - 2018-04-06 14:52 - 000000000 ____D C:\Program Files\CCleaner
2018-12-24 13:06 - 2018-11-02 11:02 - 000000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories =======

2018-09-14 14:25 - 2018-09-14 14:44 - 044858529 _____ () C:\Program Files (x86)\MahJong.Suite.2015.v12.0.rar
2018-04-18 11:24 - 2018-04-18 11:24 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_122435.txt
2018-04-18 11:28 - 2018-04-18 11:28 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_122827.txt
2018-04-18 14:03 - 2018-04-18 14:03 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_150359.txt
2018-04-18 14:09 - 2018-04-18 14:09 - 000000000 _____ () C:\Users\Amanda\AppData\Roaming\log_041818_150955.txt
2018-04-10 08:19 - 2018-04-10 08:19 - 000007667 _____ () C:\Users\Amanda\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-13 09:42

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.01.2019
Ran by Amanda (20-01-2019 22:42:20)
Running from C:\Users\Amanda\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2018-03-15 01:26:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3956403641-1016103790-1991301254-500 - Administrator - Disabled)
Amanda (S-1-5-21-3956403641-1016103790-1991301254-1000 - Administrator - Enabled) => C:\Users\Amanda
Guest (S-1-5-21-3956403641-1016103790-1991301254-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3956403641-1016103790-1991301254-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.183.10 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.1.3075 - AVG Technologies)
Beyond Star Descendant Collectors 1.00 (HKLM-x32\...\Beyond Star Descendant Collectors 1.00) (Version: 1.00 - Games)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.2300 - Broadcom Corporation)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.2300 - Broadcom Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.00 - Canon Inc.)
Canon MG5700 series On-screen Manual (HKLM-x32\...\Canon MG5700 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth Pro (HKLM\...\{E466DA1C-39B7-4FA7-98F5-3B7910976C3D}) (Version: 7.3.2.5495 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{F09C4BE3-9935-4457-A936-69D3C574E351}) (Version: 1.5.1.0 - HP Inc)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel® Computing Improvement Program (HKLM\...\{F6B5BD59-21F0-47F8-A6C6-63BAEB1A6569}) (Version: 2.1.03720 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
K-Lite Mega Codec Pack 14.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.3.0 - KLCP)
Macrium Reflect Server Edition (HKLM\...\{49157BD6-B5D3-4DBB-98C8-A604D4332D9B}) (Version: 7.0.2187 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Server Edition (HKLM\...\MacriumReflect) (Version: 7.0 - Paramount Software (UK) Ltd.)
Mahjong Epic 2 (HKLM-x32\...\Mahjong Epic 21.1) (Version: 1.1 - Foxy Games)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 64.0.2 (x64 en-US)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.842 - Raxco Software Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sudoku Works (HKLM-x32\...\{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}) (Version: 1.0 - Oak Systems)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-01-04] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-05-27] (Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2017-05-27] (Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-08-09] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-01-04] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03941A70-4158-4900-8D36-8F597CD87A6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-08] (Google Inc.)
Task: {20FCFF64-00DD-401D-B1AE-BB1FD97DC929} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {3FFF6A91-3416-4527-85E7-C8676FC6B608} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-03-15] (Hewlett-Packard Company)
Task: {430E6E3F-AD4A-4913-83CD-C2BE5A226333} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {4905C002-F590-4680-86A0-5BE5EB439202} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-12-10] (Piriform Software Ltd)
Task: {510F5F28-A804-486C-8788-646341D85963} - System32\Tasks\HPCeeScheduleForAmanda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {58FD8687-A1F3-4CED-BFDE-DD71224F3616} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {5C119B90-A340-4B24-8FD2-5B85872ED0C7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-12-04] (Adobe Systems Incorporated)
Task: {85006378-4CFB-47BB-8A7E-F3CC7A44AD4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-03-15] (Hewlett-Packard Company)
Task: {9DF6E07E-92B7-43C0-B9BC-5D13950CADB4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-12-10] (Piriform Ltd)
Task: {AEC6D5B8-E058-4CCB-90BB-3CFA2D8EA1B4} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2019-01-04] (AVG Technologies CZ, s.r.o.)
Task: {B22AF7EA-67F5-45E8-84D4-8AAE462B59D6} - System32\Tasks\{B2859790-1CBC-48FC-B2DF-BED06E883DB7} => C:\Windows\system32\pcalua.exe -a C:\Downloads\installer_x86-x64_89006\Installer_x86-x64_89006.exe -d C:\Downloads\installer_x86-x64_89006
Task: {BCC2C7F2-FB3D-480A-8D73-4136010BFF28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2013-02-19] (Hewlett-Packard)
Task: {CE06BBC7-8750-4BAB-8EA6-7CFD9DAAA460} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {DA92ED9A-F28D-4472-A96B-59809B015955} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-08] (Google Inc.)
Task: {DE495F0A-E470-43AB-8A28-875990DDC93C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {E1965C9E-3865-4D70-8D4E-5C7C11653368} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {E487927D-AB5A-482F-9AD0-13974F682CB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2018-02-12] (Microsoft)
Task: {E7AF0378-02B1-48AE-B600-C1ADBD2E42C8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {FE0A8B75-AB27-45BE-A930-582338E20769} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2019-01-16] (AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForAmanda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":
WMI:subscription\__EventFilter->BVTFilter:
WMI:subscription\CommandLineEventConsumer->BVTConsumer:

==================== Loaded Modules (Whitelisted) ==============

2019-01-04 08:41 - 2019-01-04 08:41 - 000662960 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2019-01-04 08:41 - 2019-01-04 08:41 - 000550832 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
2019-01-04 08:41 - 2019-01-04 08:41 - 001967536 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2019-01-20 13:49 - 2019-01-20 13:49 - 006937800 _____ () C:\Program Files\AVG\Antivirus\defs\19012004\algo64.dll
2011-08-09 10:44 - 2011-08-09 10:44 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2019-01-04 08:41 - 2019-01-04 08:41 - 093696960 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2019-01-19 19:23 - 2019-01-19 19:23 - 000172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9a75144c68e4801c7a7c9afe0e69e28f\IsdiInterop.ni.dll
2018-03-14 21:19 - 2011-05-20 12:05 - 000059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-09 13:42 - 2018-04-09 13:42 - 000000143 ____R C:\Windows\system32\drivers\etc\hosts

127.0.0.1                   keystone.mwbsys.com
127.0.0.1                   sirius.mwbsys.com
127.0.0.1                   bactem.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files\Broadcom\Broadcom 802.11\Driver;;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Broadcom\WHL\;C:\Program Files\Broadcom\WHL\syswow64;C:\Program Files\Broadcom\WHL\SysWow64\;C:\Program Files\Broadcom\WHL\SysWow64\syswow64;C:\Program Files (x86)\Intel\Services\IPT\
HKU\S-1-5-21-3956403641-1016103790-1991301254-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KMService.lnk => C:\Windows\pss\KMService.lnk.CommonStartup
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: Reflect UI => C:\Program Files\Macrium\Common\ReflectUI.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{98B44A3A-A17A-47E5-ABDB-F1798C77AD44}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{5943820C-A840-4247-8DD5-5142C5020FF5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{0C736896-C1B9-4853-B4A5-77860361B3A8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{5989919C-1183-43C8-88B8-0A1A33B2BA2A}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
FirewallRules: [{5BFE4BC2-21AB-47BE-922A-041ED5B9C7F7}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
FirewallRules: [{14C51BDB-5C59-40F2-8CD5-805177EB6BFD}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{DF89369F-FE8A-43AB-BF45-B844BF6ACD05}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{3B890484-52B9-445E-9B59-E0FBD05E4B1B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{2A9980C4-D766-46DF-A58A-1054ACDC1F84}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{9ED67588-1049-42F2-88CE-A4355EA89C0B}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies CZ, s.r.o.)
FirewallRules: [{83FDEEBF-24CD-427F-B00C-FAC797B268B8}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe (AVG Technologies CZ, s.r.o.)

==================== Restore Points =========================

19-01-2019 00:20:08 Scheduled Checkpoint
19-01-2019 18:49:11 Windows Modules Installer
19-01-2019 19:07:26 Windows Update
20-01-2019 14:00:45 Windows Update
20-01-2019 16:18:46 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2019 01:48:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/20/2019 09:22:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/19/2019 06:52:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/19/2019 06:52:06 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.EnterpriseServices, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=x86" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (01/18/2019 03:56:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/18/2019 03:33:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service ESET Firewall Helper since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (01/18/2019 03:00:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/18/2019 07:25:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (01/20/2019 03:48:20 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{84515f45-27fb-11e8-9f78-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{718F4187-7AB0-44AD-84DA-E039CEC18465}

Error: (01/20/2019 01:50:24 PM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x80070006'. If possible, reinstall Windows Media Player.

Error: (01/20/2019 01:49:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/20/2019 01:47:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {06622D85-6856-4460-8DE1-A81921B41C4B} did not register with DCOM within the required timeout.

Error: (01/20/2019 01:47:19 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE

Error: (01/20/2019 09:24:22 AM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x80070006'. If possible, reinstall Windows Media Player.

Error: (01/20/2019 09:23:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/20/2019 09:21:25 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE


CodeIntegrity:
===================================

Date: 2018-12-02 00:03:52.082
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod01D6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-12-02 00:03:51.739
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod01D6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-12-02 00:03:51.458
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod01D6.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-11-18 00:45:37.392
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_64\14406\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-11-18 00:45:37.033
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_64\14406\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-11-18 00:45:36.752
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\Modules\em023_64\14406\em023_64.dll.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-11-05 14:22:16.019
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod6CDC.dll.nup.raw because the set of per-page image hashes could not be found on the system.

Date: 2018-11-05 14:22:15.691
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Security\Updfiles\base_nonnups\nod6CDC.dll.nup.raw because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 47%
Total physical RAM: 6091.86 MB
Available physical RAM: 3207.08 MB
Total Virtual: 12181.86 MB
Available Virtual: 9430.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:905.46 GB) (Free:497.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:21.89 GB) (Free:2.33 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.95 GB) FAT32

\\?\Volume{84515f44-27fb-11e8-9f78-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A65C9874)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=905.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End of Addition.txt ============================


  • 0

Advertisements

#47
JSntgRvr
Posted 20 January 2019 - 10:37 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

The logs are clear, congratulations. :)

 

I guess we're done here. Take a look at these suggestions:
 
Windows Updates
 
Keeping Windows up to date is one of the first steps in having a safe and secure system.

Keeping your programs up-to-date
 
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:


As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.
 
Other recommendations
 
It's your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.
Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

Best regards. :)

 


  • 0

#48
Jackpine
Posted 21 January 2019 - 06:42 AM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

Thank you very much for your help.

 

I will read through the links you provided.


  • 0

#49
JSntgRvr
Posted 21 January 2019 - 10:56 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
You are welcome. :)
  • 0

#50
JSntgRvr
Posted 28 January 2019 - 08:51 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP