Author Topic: Another infected computer  (Read 2535 times)

0 Members and 1 Guest are viewing this topic.

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1527
  • Happy July 13th!
    • View Profile
Another infected computer
« on: June 23, 2018, 08:52:51 AM »
This is a friend's computer. I made some ordinary user's cleaning last year, but it seems now that it needs an expert's hand to find itself again.

These are the FRST logs:

FRST log (PART I)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Rodoula (administrator) on NICROD (23-06-2018 12:28:05)
Running from C:\Users\Rodoula\Desktop
Loaded Profiles: Rodoula (Available Profiles: Rodoula)
Platform: Windows 10 Home Version 1803 17134.81 (X64) Language: Greek (Greece)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Integral\IntegralCrawler.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Rodoula\AppData\Local\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Rodoula\AppData\Local\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6839952 2014-10-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3414196017-733389354-2935765532-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3414196017-733389354-2935765532-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-08] (Ruiware)
HKU\S-1-5-21-3414196017-733389354-2935765532-1001\...\Run: [Google Update] => C:\Users\Rodoula\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.)
HKU\S-1-5-21-3414196017-733389354-2935765532-1001\...\RunOnce: [Uninstall 18.065.0329.0002\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rodoula\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64"
HKU\S-1-5-21-3414196017-733389354-2935765532-1001\...\RunOnce: [Uninstall 18.065.0329.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rodoula\AppData\Local\Microsoft\OneDrive\18.065.0329.0002"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6942086f-0ff7-4045-914f-fcdd1e88d71f}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{9c788798-6e50-42b9-9664-c6a77b4b0b36}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQALL13/23
HKU\S-1-5-21-3414196017-733389354-2935765532-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQALL13/23
SearchScopes: HKLM -> {21C9CF5C-D0AD-40E0-AD55-C33DF40F6E8D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://gr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://gr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKU\S-1-5-21-3414196017-733389354-2935765532-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://gr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)

FireFox:
========
FF DefaultProfile: glun30nm.default
FF ProfilePath: C:\Users\Rodoula\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\glun30nm.default [2018-06-20]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\glun30nm.default -> hxxp://www.google.com
FF Extension: (Adblock Latitude) - C:\Users\Rodoula\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\glun30nm.default\Extensions\adblocklatitude@addons.palemoon.org.xpi [2018-04-10] [Legacy] [not signed]
FF Extension: (Youtube MP3 Podcaster) - C:\Users\Rodoula\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\glun30nm.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2017-06-23] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-22] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-22] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin HKU\S-1-5-21-3414196017-733389354-2935765532-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Rodoula\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-3414196017-733389354-2935765532-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Rodoula\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Rodoula\AppData\Local\Google\Chrome\User Data\Default [2018-06-23]
CHR Extension: (Docs) - C:\Users\Rodoula\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-14]
CHR Extension: (AVG Secure Search) - C:\Users\Rodoula\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-10-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rodoula\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-14]
CHR Extension: (Chrome Media Router) - C:\Users\Rodoula\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-07]
CHR Profile: C:\Users\Rodoula\AppData\Local\Google\Chrome\User Data\System Profile [2016-09-12]
CHR HKU\S-1-5-21-3414196017-733389354-2935765532-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Integral Crawler; C:\Program Files\Integral\IntegralCrawler.exe [3919224 2013-03-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-05-31] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-05-31] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-11] (Malwarebytes)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2018-04-12] (MediaTek Inc.)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-29] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-05-31] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313384 2018-05-31] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-31] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34960 2018-02-02] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-23 12:28 - 2018-06-23 12:29 - 000018553 _____ C:\Users\Rodoula\Desktop\FRST.txt
2018-06-23 12:27 - 2018-06-23 12:28 - 000000000 ____D C:\FRST
2018-06-23 12:25 - 2018-06-23 12:25 - 002412544 _____ (Farbar) C:\Users\Rodoula\Desktop\FRST64.exe
2018-06-23 12:19 - 2018-06-23 12:20 - 001773056 _____ (Farbar) C:\Users\Rodoula\Desktop\FRST.exe
2018-06-20 14:29 - 2018-06-20 14:29 - 004040172 _____ C:\Users\Rodoula\Downloads\christmas-after-party-escape (1).swf
2018-06-20 14:28 - 2018-06-20 14:28 - 004040172 _____ C:\Users\Rodoula\Downloads\Unconfirmed 276316.crdownload
2018-06-20 14:23 - 2018-06-20 14:24 - 040552456 _____ C:\Users\Rodoula\Downloads\(HQ) Seasons Of Love (Ζήσε με αγάπη) - RENT - New Video Clip (Σφεντόνα 2010-11).mp4
2018-06-11 20:40 - 2018-06-11 21:17 - 000136986 _____ C:\Users\Rodoula\Downloads\tf16410086.xlsx
2018-06-11 14:57 - 2018-06-11 14:57 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-06-11 14:56 - 2018-06-11 14:56 - 000001417 _____ C:\Users\Rodoula\Desktop\Microsoft Edge.lnk
2018-06-11 04:16 - 2018-06-13 18:48 - 000000000 ____D C:\Users\Rodoula\AppData\Local\PlaceholderTileLogoFolder
2018-06-11 02:22 - 2018-06-22 06:03 - 000000000 ____D C:\Windows.old
2018-06-11 02:15 - 2018-06-11 02:15 - 000000020 ___SH C:\Users\Rodoula\ntuser.ini
2018-06-11 02:14 - 2018-06-11 02:22 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-06-11 02:13 - 2018-06-23 12:24 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3414196017-733389354-2935765532-1001
2018-06-11 02:13 - 2018-06-18 21:10 - 000003254 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForRodoula
2018-06-11 02:13 - 2018-06-11 02:14 - 000003632 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-06-11 02:13 - 2018-06-11 02:14 - 000003524 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3414196017-733389354-2935765532-1001UA
2018-06-11 02:13 - 2018-06-11 02:14 - 000003256 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3414196017-733389354-2935765532-1001Core
2018-06-11 02:13 - 2018-06-11 02:14 - 000003106 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6DCF9C0B-E7D1-41C6-8526-B8BD81882856}
2018-06-11 02:13 - 2018-06-11 02:14 - 000002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3414196017-733389354-2935765532-1001
2018-06-11 02:13 - 2018-06-11 02:14 - 000002318 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3414196017-733389354-2935765532-500
2018-06-11 02:13 - 2018-06-11 02:14 - 000002316 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2018-06-11 02:13 - 2018-06-11 02:13 - 000003408 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-06-11 02:13 - 2018-06-11 02:13 - 000003016 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2018-06-11 02:13 - 2018-06-11 02:13 - 000002866 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2018-06-11 02:13 - 2018-06-11 02:13 - 000002352 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2018-06-11 02:13 - 2018-06-11 02:13 - 000002340 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2018-06-11 02:13 - 2018-06-11 02:13 - 000002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2018-06-11 02:13 - 2018-06-11 02:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-11 02:13 - 2018-06-11 02:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2018-06-11 02:13 - 2018-06-11 02:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2018-06-11 02:13 - 2018-06-11 02:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2018-06-11 02:13 - 2012-12-26 03:47 - 000002320 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-666577921-3711047924-659843981-500
2018-06-11 02:13 - 2012-08-20 11:58 - 000003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-162013581-403268946-3148210563-500
2018-06-11 02:12 - 2018-06-11 02:14 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-06-11 02:11 - 2018-06-11 02:11 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-06-11 02:10 - 2018-06-11 02:13 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-06-11 02:10 - 2018-06-11 02:13 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-06-11 02:06 - 2018-06-11 02:06 - 025844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 022709248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 022001664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 007582720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 006816848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 006567904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 006527568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 004787960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 004563968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 004402768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 002536056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-11 02:06 - 2018-06-11 02:06 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-11 02:06 - 2018-06-11 02:06 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 001017056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000988128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000861608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000713368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000457144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000416120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
2018-06-11 02:06 - 2018-06-11 02:06 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat
2018-06-11 02:05 - 2018-06-11 02:05 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-11 02:05 - 2018-06-11 02:05 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 004372480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 003733312 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-11 02:05 - 2018-06-11 02:05 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 002896896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-11 02:05 - 2018-06-11 02:05 - 002836376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-11 02:05 - 2018-06-11 02:05 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 002486984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-11 02:05 - 2018-06-11 02:05 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-11 02:05 - 2018-06-11 02:05 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001462288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-11 02:05 - 2018-06-11 02:05 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-06-11 02:05 - 2018-06-11 02:05 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-11 02:05 - 2018-06-11 02:05 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001209792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-11 02:05 - 2018-06-11 02:05 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-11 02:05 - 2018-06-11 02:05 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-06-11 02:05 - 2018-06-11 02:05 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-06-11 02:05 - 2018-06-11 02:05 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-11 02:05 - 2018-06-11 02:05 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-11 02:05 - 2018-06-11 02:05 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-11 02:05 - 2018-06-11 02:05 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2018-06-11 02:05 - 2018-06-11 02:05 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2018-06-11 02:05 - 2018-06-11 02:05 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000792984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-11 02:05 - 2018-06-11 02:05 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000748504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000722288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-11 02:05 - 2018-06-11 02:05 - 000707480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-06-11 02:05 - 2018-06-11 02:05 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-06-11 02:05 - 2018-06-11 02:05 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-06-11 02:05 - 2018-06-11 02:05 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-06-11 02:05 - 2018-06-11 02:05 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-06-11 02:05 - 2018-06-11 02:05 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-06-11 02:05 - 2018-06-11 02:05 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-06-11 02:05 - 2018-06-11 02:05 - 000413080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-11 02:05 - 2018-06-11 02:05 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-06-11 02:05 - 2018-06-11 02:05 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-11 02:05 - 2018-06-11 02:05 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2018-06-11 02:05 - 2018-06-11 02:05 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000193936 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-06-11 02:05 - 2018-06-11 02:05 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2018-06-11 02:05 - 2018-06-11 02:05 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-06-11 02:05 - 2018-06-11 02:05 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-06-11 02:05 - 2018-06-11 02:05 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-06-11 02:05 - 2018-06-11 02:05 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2018-06-11 02:05 - 2018-06-11 02:05 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys
2018-06-11 02:05 - 2018-06-11 02:05 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
2018-06-11 02:05 - 2018-06-11 02:05 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-11 02:05 - 2018-06-11 02:05 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-06-11 01:36 - 2018-06-11 01:36 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-06-11 01:36 - 2018-06-11 01:36 - 000000000 ____D C:\inetpub
2018-06-11 01:35 - 2018-06-11 02:22 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-06-11 01:35 - 2018-06-11 01:35 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-06-11 01:35 - 2018-06-11 01:35 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-06-11 01:35 - 2018-06-11 01:35 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-06-11 01:35 - 2018-06-11 01:35 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-06-11 01:35 - 2018-06-11 01:35 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-06-11 01:35 - 2018-06-11 01:35 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-06-11 01:35 - 2018-06-11 01:35 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2018-06-11 01:35 - 2018-06-11 01:35 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-06-11 01:35 - 2018-06-11 01:35 - 000000000 ____D C:\Program Files\MSBuild
2018-06-11 01:35 - 2018-06-11 01:35 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-06-11 01:33 - 2018-06-11 01:33 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-06-11 01:33 - 2018-06-11 01:33 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-06-11 01:33 - 2018-06-11 01:33 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-06-11 01:33 - 2018-06-11 01:33 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-06-11 01:33 - 2018-06-11 01:33 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-06-11 01:33 - 2018-06-11 01:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-06-11 01:33 - 2018-06-11 01:33 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-06-11 01:33 - 2018-06-11 01:33 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-06-11 01:32 - 2018-06-23 12:23 - 000002405 _____ C:\Users\Rodoula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-11 01:32 - 2018-06-11 02:15 - 000000000 ____D C:\Users\Rodoula
2018-06-11 01:32 - 2018-06-11 01:48 - 000000000 ____D C:\Users\Rodoula\Documents\hp.system.package.metadata
2018-06-11 01:32 - 2018-06-11 01:39 - 000000000 ____D C:\Users\Rodoula\AppData\Local\Microsoft Help
2018-06-11 01:32 - 2018-06-11 01:32 - 006238208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons000c.dll
2018-06-11 01:32 - 2018-06-11 01:32 - 006238208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons000c.dll
2018-06-11 01:32 - 2018-06-11 01:32 - 002356736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData000c.dll
2018-06-11 01:32 - 2018-06-11 01:32 - 002268672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData000c.dll
2018-06-11 01:32 - 2018-06-11 01:32 - 000000000 _SHDL C:\Users\Rodoula\Τα έγγραφά μου
2018-06-11 01:32 - 2018-06-11 01:32 - 000000000 _SHDL C:\Users\Rodoula\Documents\Τα βίντεό μου
2018-06-11 01:32 - 2018-06-11 01:32 - 000000000 _SHDL C:\Users\Rodoula\Documents\Οι εικόνες μου
2018-06-11 01:32 - 2018-06-11 01:32 - 000000000 _SHDL C:\Users\Rodoula\Documents\Η μουσική μου
2018-06-11 01:32 - 2018-06-11 01:32 - 000000000 _SHDL C:\Users\Rodoula\AppData\Roaming\Microsoft\Windows\Start Menu\Προγράμματα
2018-06-11 01:32 - 2015-10-09 08:19 - 000000000 ____D C:\Users\Rodoula\AppData\Roaming\TuneUp Software
2018-06-11 01:32 - 2014-11-04 21:31 - 000000000 ____D C:\Users\Rodoula\Documents\hp.applications.package.appdata
2018-06-11 01:32 - 2014-09-24 19:17 - 000000369 _____ C:\Users\Rodoula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2018-06-11 01:32 - 2014-09-24 19:17 - 000000369 _____ C:\Users\Rodoula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2018-06-11 01:31 - 2018-06-11 01:49 - 001678942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-11 01:28 - 2018-06-11 01:28 - 000000000 ____D C:\ProgramData\USOShared
2018-06-11 01:28 - 2018-04-12 02:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-06-11 01:23 - 2018-06-22 17:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-11 01:23 - 2018-06-11 01:41 - 000413120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-05 13:10 - 2018-06-11 02:16 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-28 09:28 - 2018-05-28 09:28 - 000035328 _____ C:\Users\Rodoula\Downloads\11_arithmitiki_grammi (1).pub
2018-05-28 08:45 - 2018-05-28 08:45 - 000620817 _____ C:\Users\Rodoula\Downloads\ACLASSJUNE2016.zip
2018-05-27 11:29 - 2018-05-27 11:37 - 159010449 _____ C:\Users\Rodoula\Downloads\math_a1.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-23 12:23 - 2014-11-05 15:05 - 000000000 __RDO C:\Users\Rodoula\OneDrive
2018-06-23 12:17 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-23 12:15 - 2018-04-12 02:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-21 12:28 - 2015-10-10 11:14 - 000000000 ____D C:\Users\Rodoula\AppData\Roaming\vlc
2018-06-21 11:42 - 2018-04-12 02:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-20 21:59 - 2016-09-26 20:59 - 000000000 ____D C:\Users\Rodoula\Desktop\RODOULA5
2018-06-20 14:29 - 2018-04-12 02:36 - 000000000 ____D C:\WINDOWS\INF
2018-06-19 22:17 - 2016-10-19 22:11 - 000000000 ____D C:\ProgramData\MCShield
2018-06-18 21:10 - 2017-01-17 15:14 - 000000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRodoula.job
2018-06-18 20:05 - 2017-12-22 18:41 - 000000000 ____D C:\Users\Rodoula\AppData\Roaming\dvdcss
2018-06-18 04:15 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-18 04:15 - 2018-04-12 02:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-15 22:31 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-13 05:45 - 2013-09-02 21:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-13 05:39 - 2017-10-12 18:47 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-13 05:39 - 2013-09-02 21:11 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-12 20:44 - 2018-05-14 14:32 - 000002544 _____ C:\Users\Rodoula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-12 20:44 - 2018-05-14 14:32 - 000002507 _____ C:\Users\Rodoula\Desktop\Google Chrome.lnk
2018-06-11 14:59 - 2018-02-06 21:14 - 000000000 ____D C:\Users\Rodoula\AppData\Local\Packages
2018-06-11 14:56 - 2018-04-12 02:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-06-11 03:57 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-06-11 02:22 - 2018-05-11 23:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-11 02:22 - 2018-04-12 02:41 - 000000000 ____D C:\WINDOWS\Setup
2018-06-11 02:22 - 2018-04-12 02:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-06-11 02:22 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-11 02:22 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-06-11 02:22 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-06-11 02:22 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system3
Nothing...

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1527
  • Happy July 13th!
    • View Profile
Re: Another infected computer
« Reply #1 on: June 23, 2018, 08:56:09 AM »
FRST log (PART II):

2018-06-11 02:22 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-11 02:22 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-11 02:22 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-06-11 02:22 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-11 02:22 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\InputMethod
2018-06-11 02:22 - 2018-04-12 02:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-06-11 02:22 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-06-11 02:22 - 2017-06-24 10:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-06-11 02:22 - 2017-06-24 10:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2018-06-11 02:22 - 2017-06-24 09:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-06-11 02:22 - 2017-06-22 12:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2018-06-11 02:22 - 2016-10-19 22:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2018-06-11 02:22 - 2014-10-29 16:32 - 000000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2018-06-11 02:22 - 2014-09-24 21:59 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager
2018-06-11 02:22 - 2014-09-24 18:48 - 000000000 ____D C:\WINDOWS\ShellNew
2018-06-11 02:22 - 2014-09-24 11:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2018-06-11 02:22 - 2014-09-24 11:12 - 000000000 ____D C:\Program Files (x86)\HP
2018-06-11 02:22 - 2014-04-01 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2018-06-11 02:22 - 2014-04-01 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2018-06-11 02:22 - 2013-08-22 18:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2018-06-11 02:22 - 2013-08-22 18:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2018-06-11 02:22 - 2012-12-26 04:15 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2018-06-11 02:22 - 2012-12-26 04:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2018-06-11 02:22 - 2012-12-26 04:09 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2018-06-11 02:22 - 2012-12-26 03:56 - 000000000 ____D C:\Program Files\Intel
2018-06-11 02:22 - 2012-08-20 11:50 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2018-06-11 02:22 - 2012-08-20 11:44 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2018-06-11 02:22 - 2012-08-20 11:44 - 000000000 ____D C:\WINDOWS\en
2018-06-11 02:22 - 2012-08-20 11:44 - 000000000 ____D C:\WINDOWS\el
2018-06-11 02:22 - 2012-08-20 11:37 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2018-06-11 02:21 - 2018-04-12 02:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-06-11 02:17 - 2018-02-06 21:56 - 000000000 ___RD C:\Users\Rodoula\3D Objects
2018-06-11 02:17 - 2013-09-01 17:11 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-11 02:16 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-06-11 02:16 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-06-11 02:16 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-06-11 02:16 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-06-11 02:16 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-06-11 02:16 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-06-11 02:16 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\IME
2018-06-11 02:16 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-06-11 02:16 - 2014-09-24 11:17 - 000000000 ____D C:\WINDOWS\SysWOW64\spool
2018-06-11 02:15 - 2018-04-12 00:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-06-11 02:14 - 2017-06-23 23:59 - 000000000 ____D C:\Program Files\Realtek
2018-06-11 02:14 - 2017-06-23 23:58 - 000000000 ____D C:\Program Files\Synaptics
2018-06-11 02:13 - 2018-04-12 02:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-06-11 02:09 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-06-11 02:09 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-11 02:09 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-11 02:09 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-06-11 02:09 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-06-11 02:09 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-06-11 02:09 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-11 02:09 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-06-11 02:09 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\Registration
2018-06-11 02:09 - 2014-05-26 17:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2018-06-11 02:08 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-06-11 02:08 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-11 02:08 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-11 02:08 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-11 02:08 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-06-11 02:08 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-06-11 02:08 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-06-11 02:08 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-11 02:08 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-06-11 02:08 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-06-11 02:08 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-11 02:08 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-06-11 02:08 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-06-11 02:08 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-11 02:08 - 2018-04-12 02:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-11 02:08 - 2018-04-12 02:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-11 01:57 - 2018-04-12 19:15 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-06-11 01:57 - 2018-04-12 19:15 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-06-11 01:57 - 2018-04-12 02:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-06-11 01:57 - 2018-04-12 02:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-06-11 01:57 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-11 01:57 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-06-11 01:57 - 2018-04-12 02:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-06-11 01:56 - 2018-04-12 02:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-11 01:55 - 2014-11-04 21:45 - 000024036 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-06-11 01:49 - 2018-04-12 19:15 - 000633030 _____ C:\WINDOWS\system32\perfh008.dat
2018-06-11 01:49 - 2018-04-12 19:15 - 000124914 _____ C:\WINDOWS\system32\perfc008.dat
2018-06-11 01:49 - 2018-04-12 19:15 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-06-11 01:49 - 2018-04-12 19:15 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-06-11 01:49 - 2018-04-12 19:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-06-11 01:49 - 2018-04-12 19:15 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-06-11 01:49 - 2018-04-12 19:15 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-06-11 01:49 - 2018-04-12 19:15 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-06-11 01:49 - 2018-04-12 02:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-06-11 01:49 - 2018-04-12 02:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-06-11 01:49 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-11 01:49 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-06-11 01:49 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\IME
2018-06-11 01:49 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\Help
2018-06-11 01:49 - 2018-04-12 02:38 - 000000000 ____D C:\Program Files\Common Files\system
2018-06-11 01:49 - 2018-04-12 00:04 - 000000000 ____D C:\WINDOWS\servicing
2018-06-11 01:47 - 2017-06-24 00:04 - 001675520 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2018-06-11 01:43 - 2018-05-11 23:17 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-11 01:40 - 2018-04-12 00:04 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-06-11 01:39 - 2017-10-29 16:33 - 000000000 ____D C:\Users\Rodoula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2
2018-06-11 01:36 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-06-11 01:36 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-06-11 01:35 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-06-11 01:35 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-06-11 01:33 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-06-11 01:33 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-06-11 01:32 - 2018-04-12 19:16 - 000000000 ____D C:\WINDOWS\OCR
2018-06-11 01:30 - 2017-06-23 23:59 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-06-11 01:30 - 2017-06-23 23:59 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-06-06 22:04 - 2018-01-28 23:41 - 000000000 ____D C:\Users\Rodoula\Desktop\SEMELI A'1
2018-06-06 02:29 - 2018-04-12 02:41 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-06 02:29 - 2018-04-12 02:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-31 09:49 - 2018-02-06 21:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-27 13:36 - 2017-09-01 09:04 - 000000000 ____D C:\Users\Rodoula\Desktop\SEMELI ENGLISH

==================== Files in the root of some directories =======

2015-10-22 21:30 - 2015-10-22 21:30 - 000003584 _____ () C:\Users\Rodoula\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-02-12 15:30 - 2018-02-12 15:30 - 000000017 _____ () C:\Users\Rodoula\AppData\Local\resmon.resmoncfg
2017-06-22 11:38 - 2017-06-22 11:38 - 000000000 _____ () C:\Users\Rodoula\AppData\Local\{BB2D261C-BD38-4C49-975C-CD6935AAFAE9}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-11 01:23

==================== End of FRST.txt ============================
Nothing...

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1527
  • Happy July 13th!
    • View Profile
Re: Another infected computer
« Reply #2 on: June 23, 2018, 08:57:57 AM »
ADDITION log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Rodoula (23-06-2018 12:33:05)
Running from C:\Users\Rodoula\Desktop
Windows 10 Home Version 1803 17134.81 (X64) (2018-06-10 23:15:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3414196017-733389354-2935765532-500 - Administrator - Disabled)
Guest (S-1-5-21-3414196017-733389354-2935765532-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3414196017-733389354-2935765532-1005 - Limited - Enabled)
Rodoula (S-1-5-21-3414196017-733389354-2935765532-1001 - Administrator - Enabled) => C:\Users\Rodoula
WDAGUtilityAccount (S-1-5-21-3414196017-733389354-2935765532-504 - Limited - Disabled)
Προεπιλεγμένος λογαριασμός (S-1-5-21-3414196017-733389354-2935765532-503 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510gm_Help (HKLM-x32\...\{DF0B357C-5874-47D0-81E7-79AA890B0CE0}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510gm (HKLM-x32\...\{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (HKLM-x32\...\{28379381-B56A-43e1-B505-3098D82B1C30}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
GeoGebra Geometry (HKU\S-1-5-21-3414196017-733389354-2935765532-1001\...\GeoGebra_Geometry) (Version: 6.0.414 - International GeoGebra Institute)
Google Chrome (HKU\S-1-5-21-3414196017-733389354-2935765532-1001\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{8E7CB625-076C-4812-87B9-A2695C2CFABF}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 G510g-m 14.0 Rel. 6 (HKLM\...\{C55BF64E-60E1-494C-B1EB-97A008141A55}) (Version: 14.0 - HP)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{F9EDF85E-BB4A-4F4C-B1A6-A647CB0235AC}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.6.18.11 - HP)
HP Support Solutions Framework (HKLM-x32\...\{779FB5D3-64BF-4D14-A47B-3148161D9AE3}) (Version: 12.9.18.3 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Integral 4.0.0 (HKLM\...\Integral) (Version: 4.0.0 - Integral)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
LenovoUsbDriver 1.0.14 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.14 - Lenovo)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office Language Pack 2010 - Greek/Ελληνικά (HKLM-x32\...\Office14.OMUI.el-gr) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3414196017-733389354-2935765532-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Language Pack 2010 - Greek/Ελληνικά (HKLM-x32\...\Office14.VisMUI.el-gr) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others)
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Pale Moon 27.6.0 (x86 en-US) (HKLM-x32\...\Pale Moon 27.6.0 (x86 en-US)) (Version: 27.6.0 - Moonchild Productions)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6714 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0055-0408-0000-0000000FF1CE}_Office14.VisMUI.el-gr_{2E2F58E2-1C35-4B90-B3D9-1C396C12BF61}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0408-0000-0000000FF1CE}_Office14.OMUI.el-gr_{3A75628F-649E-466A-ADA1-AF61121D383C}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
Συλλογή φωτογραφιών του Windows Live (HKLM-x32\...\{C00C2A91-6CB3-483F-80B3-2958E29468F1}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3414196017-733389354-2935765532-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Rodoula\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3414196017-733389354-2935765532-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\Rodoula\AppData\Local\Google\Chrome\Application\67.0.3396.87\notification_helper.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3414196017-733389354-2935765532-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Rodoula\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3414196017-733389354-2935765532-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Rodoula\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Integral\ShellExtensionx64\ShellExtension.dll [2013-03-07] ()
ShellIconOverlayIdentifiers: [MemopalError] -> {B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} => C:\Program Files\Integral\ShellExtensionx64\ShellExtension.dll [2013-03-07] ()
ShellIconOverlayIdentifiers: [MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Integral\ShellExtensionx64\ShellExtension.dll [2013-03-07] ()
ShellIconOverlayIdentifiers: [MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Integral\ShellExtensionx64\ShellExtension.dll [2013-03-07] ()
ShellIconOverlayIdentifiers-x32: [MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Integral\ShellExtensionx64\ShellExtension.dll [2013-03-07] ()
ShellIconOverlayIdentifiers-x32: [MemopalError] -> {B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} => C:\Program Files\Integral\ShellExtensionx64\ShellExtension.dll [2013-03-07] ()
ShellIconOverlayIdentifiers-x32: [MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Integral\ShellExtensionx64\ShellExtension.dll [2013-03-07] ()
ShellIconOverlayIdentifiers-x32: [MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Integral\ShellExtensionx64\ShellExtension.dll [2013-03-07] ()
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-10-06] (Cyberlink)
ContextMenuHandlers1: [MemopalShell] -> {723F4F64-AB80-46AF-9FF3-09D8C46C0746} => C:\Program Files\Integral\ShellExtensionx64\ShellExtension.dll [2013-03-07] ()
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-10-06] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [MemopalShell] -> {723F4F64-AB80-46AF-9FF3-09D8C46C0746} => C:\Program Files\Integral\ShellExtensionx64\ShellExtension.dll [2013-03-07] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03287FC4-1949-4F09-B591-C8485F0173D7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {070758B9-DCD2-4C2C-976A-26CF0AEB6FFF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {0E525705-6AA4-495A-8746-4E6AF52B5AB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1344426E-5739-494B-8204-E25B26C210DD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {1465328B-4F3A-4531-9F7A-9D6F5F91AE06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {177B1123-2701-460C-ABE9-F640F248B9BF} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {17EBBD86-4B64-4818-8AA4-C2849F7A1FC7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-04-28] (Synaptics Incorporated)
Task: {1F8A79A6-7D37-42D3-BC25-E5DC91D442C4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {31C36670-C426-4EF9-9875-508C3A4C165A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {38C54207-26A4-4173-BD5A-0B120FCC4BE7} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
Task: {605AA924-38A3-4DCF-886E-5CE1A8692ABC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-05-11] (HP Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {74529A1C-DA6A-486D-8912-00DDF5D141C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {86908C14-3A77-4D21-B2BC-510D0F9FEF44} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-20] ()
Task: {88AFFF55-A7BF-43F6-AEF8-D1C14799E868} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {8DE5178D-CBC5-4565-A92B-9887F345C687} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {8ECFAD59-5066-46BB-95E6-33AD20EFB666} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {8FA45A17-579A-41F7-92D5-0565C5E7717A} - System32\Tasks\HPCeeScheduleForRodoula => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {9DF8D1DA-1BF3-4A3A-8473-4D269CE142E0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3414196017-733389354-2935765532-1001UA => C:\Users\Rodoula\AppData\Local\Google\Update\GoogleUpdate.exe [2018-05-14] (Google Inc.)
Task: {A7E85C34-5D3B-4221-ACB2-95539ED2213C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {B3923DCB-2468-48E5-9341-0E92BE4BE881} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-31] (Microsoft Corporation)
Task: {C8FA0A77-C1B5-4F15-BAE1-08EB81C09BFB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3414196017-733389354-2935765532-1001Core => C:\Users\Rodoula\AppData\Local\Google\Update\GoogleUpdate.exe [2018-05-14] (Google Inc.)
Task: {EC150FB5-9968-458C-BCA2-3177275ABDA1} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForRodoula.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\WebReg .job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-12 02:34 - 2018-04-12 02:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2013-03-07 22:42 - 2013-03-07 22:42 - 003919224 _____ () C:\Program Files\Integral\IntegralCrawler.exe
2018-05-11 23:16 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2013-03-07 22:37 - 2013-03-07 22:37 - 001999872 _____ () C:\Program Files\Integral\ShellExtensionx64\ShellExtension.dll
2018-04-12 02:35 - 2018-04-12 19:17 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-05-23 09:26 - 2018-05-23 09:27 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-23 09:26 - 2018-05-23 09:27 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-23 09:26 - 2018-05-23 09:27 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-23 09:26 - 2018-05-23 09:27 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-23 09:26 - 2018-05-23 09:27 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-05-23 09:26 - 2018-05-23 09:27 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.Proxies.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 002068480 _____ () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 001465856 _____ () C:\Windows\ShellExperiences\PeopleBarFlyout.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 003037184 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000580608 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.Relevance.QueryClient.dll
2012-12-26 03:56 - 2012-06-26 12:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 16:25 - 2013-08-22 16:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3414196017-733389354-2935765532-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rodoula\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{95B30AED-FAAA-4400-87E9-4885460EE40B}C:\users\rodoula\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\rodoula\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{95B74EE3-D76B-4211-BDF6-FD181927C622}C:\users\rodoula\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\rodoula\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{94015A66-0B5D-42D3-87A5-C9CD7054B05A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C3302C90-1775-4262-9DD2-3ACB5285CC45}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{E77A347A-D17F-4FB1-8680-D0AEA9F87159}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{F1A01EDE-373D-4A5C-9436-86B3C6BA0E81}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{0AB55495-6D6F-4550-9DEB-CB0D31CBFF90}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{3E6DEB75-E707-49E4-9231-F8E7ABA4DF2A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{E755D9DB-EA9A-4417-B93B-1B015DDA3782}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{D356F523-5BED-4B66-8730-D52CAC752565}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{1E098E7E-0A50-4382-B190-7A4C45B7B8E4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{0B7D3924-335B-4682-804A-B76E4FF6B7B0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D5CAF63F-D5A5-4E22-9F86-0DF934B0B602}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [UDP Query User{C7FA5AD8-A68F-45BF-AE92-A56ADA94CE4C}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe
FirewallRules: [TCP Query User{BA4A2418-57B8-4029-9BAB-71676E95FAD5}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe
FirewallRules: [{3447AEC2-2C4E-47AB-B936-E56FD17AF727}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A1D3E2A7-4E57-449C-816C-1C6BC9998A70}] => (Allow) LPort=2869
FirewallRules: [{3F097CB1-DF68-4183-841E-92FD0B1A24D4}] => (Allow) LPort=1900
FirewallRules: [{02772048-8D77-4EF6-ADF4-CD8C34C11340}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [TCP Query User{11C84798-4C82-4819-8B68-6C728308702A}C:\users\rodoula\appdata\local\ilivid\ilivid.exe] => (Allow) C:\users\rodoula\appdata\local\ilivid\ilivid.exe
FirewallRules: [UDP Query User{615E632A-64C7-429E-8AB3-B421C4395BAA}C:\users\rodoula\appdata\local\ilivid\ilivid.exe] => (Allow) C:\users\rodoula\appdata\local\ilivid\ilivid.exe
FirewallRules: [{13DB5E33-D59C-4650-A272-72CBEB7F339F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{1C46969C-5CC2-4241-8B7B-4D038FC9E151}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{4F482BE7-1C96-417D-BEE4-B777D2C2557E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{C4BD4B51-AB36-41CA-AC44-28A8FD6CD445}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{393B06BE-CE93-4E83-B32C-968FC8C3A75D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E4C5EC86-7A9E-4F41-BD4E-5D1C9F8A0755}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{7EF80AB7-DE59-460D-8C5D-344DD068C8A7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{2F207F4F-D453-4E78-9D1D-8FEA9C11EF41}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{F705B796-E78E-44AA-8753-2D12F7213269}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{5B5B42C8-1D9E-4F4C-9C79-7FEA4332C550}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{A5F3EEAB-944D-4DC0-965F-FFA33EE5A186}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{DC996CFC-73C7-476E-8C0F-32783FDB7B9E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{1354592E-579F-4C85-A1E1-E646C68E8DFA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{CF2B2370-9238-416B-8D31-4D9EB9394E07}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{712C0721-5BB4-4B5F-B0F5-41AD91DD23C8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{ED30B619-6996-411D-BD89-29C69C9D3AC8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{BD561301-365F-4BDE-80B8-9FB30B959EF4}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [TCP Query User{B1211E9C-CD11-4A47-926B-023EF01288E8}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{ED861913-44CD-4040-9B1A-52443E213EFF}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe

==================== Restore Points =========================

11-06-2018 04:22:19 Windows Update
20-06-2018 14:26:53 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2018 12:47:17 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (06/22/2018 12:47:16 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (06/22/2018 12:47:13 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected

Error: (06/20/2018 12:30:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TouchpointAnalyticsClient.exe, version: 4.0.2.1439, time stamp: 0x5a148768
Faulting module name: ntdll.dll, version: 10.0.17134.1, time stamp: 0x207580e2
Exception code: 0xc0000374
Fault offset: 0x00000000000f4eeb
Faulting process ID: 0x2fc0
Faulting application start time: 0x01d40879386bb650
Faulting application path: C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClient.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 3d31b19c-9d0b-4471-bfb8-ab57a1220a7d
Faulting package full name:
Faulting package-relative application ID:

Error: (06/14/2018 02:50:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: NotificationController.dll, version: 10.0.17134.1, time stamp: 0x498118f8
Exception code: 0xc0000005
Fault offset: 0x000000000007a25d
Faulting process ID: 0x2514
Faulting application start time: 0x01d403307cca3c0b
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\Windows\System32\NotificationController.dll
Report ID: dadbcd7b-557d-43db-9094-0254aab08319
Faulting package full name:
Faulting package-relative application ID:

Error: (06/13/2018 07:06:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: NotificationController.dll, version: 10.0.17134.1, time stamp: 0x498118f8
Exception code: 0xc0000005
Fault offset: 0x000000000007a25d
Faulting process ID: 0x74
Faulting application start time: 0x01d402c5129e6426
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\Windows\System32\NotificationController.dll
Report ID: d1239faf-c756-4e0b-8dc5-4a1af91d0352
Faulting package full name:
Faulting package-relative application ID:

Error: (06/13/2018 06:48:07 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: NICROD)
Description: httphttp-2147467263

Error: (06/13/2018 06:46:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SkypeApp.exe version 12.1815.209.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2a78

Start Time: 01d4032d7855a110

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeApp.exe

Report Id: 8b5a7f72-48c4-4fb3-abe3-eab549194bf8

Faulting package full name: Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c

Faulting package-relative application ID: App


System errors:
=============
Error: (06/23/2018 12:22:59 PM) (Source: DCOM) (EventID: 10016) (User: NICROD)
Description: The συγκεκριμένης εφαρμογής permission settings do not grant Τοπική Ενεργοποίηση permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user nicrod\Rodoula SID (S-1-5-21-3414196017-733389354-2935765532-1001) from address LocalHost (Χρήση LRPC) running in the application container Μη διαθέσιμο SID (Μη διαθέσιμο). This security permission can be modified using the Component Services administrative tool.

Error: (06/23/2018 12:17:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The συγκεκριμένης εφαρμογής permission settings do not grant Τοπική Ενεργοποίηση permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Χρήση LRPC) running in the application container Μη διαθέσιμο SID (Μη διαθέσιμο). This security permission can be modified using the Component Services administrative tool.

Error: (06/23/2018 12:16:37 PM) (Source: DCOM) (EventID: 10016) (User: NICROD)
Description: The συγκεκριμένης εφαρμογής permission settings do not grant Τοπική Ενεργοποίηση permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user nicrod\Rodoula SID (S-1-5-21-3414196017-733389354-2935765532-1001) from address LocalHost (Χρήση LRPC) running in the application container Μη διαθέσιμο SID (Μη διαθέσιμο). This security permission can be modified using the Component Services administrative tool.

Error: (06/22/2018 08:47:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The συγκεκριμένης εφαρμογής permission settings do not grant Τοπική Ενεργοποίηση permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Χρήση LRPC) running in the application container Μη διαθέσιμο SID (Μη διαθέσιμο). This security permission can be modified using the Component Services administrative tool.

Error: (06/22/2018 04:46:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The συγκεκριμένης εφαρμογής permission settings do not grant Τοπική Ενεργοποίηση permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Χρήση LRPC) running in the application container Μη διαθέσιμο SID (Μη διαθέσιμο). This security permission can be modified using the Component Services administrative tool.

Error: (06/21/2018 03:56:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The συγκεκριμένης εφαρμογής permission settings do not grant Τοπική Ενεργοποίηση permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Χρήση LRPC) running in the application container Μη διαθέσιμο SID (Μη διαθέσιμο). This security permission can be modified using the Component Services administrative tool.

Error: (06/21/2018 12:49:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (06/21/2018 12:49:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The συγκεκριμένης εφαρμογής permission settings do not grant Τοπική Ενεργοποίηση permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Χρήση LRPC) running in the application container Μη διαθέσιμο SID (Μη διαθέσιμο). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-06-23 12:27:05.608
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1807.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240016
Error description: Παρουσιάστηκε μη αναμενόμενο πρόβλημα κατά τον έλεγχο για ενημερώσεις. Για πληροφορίες σχετικά με την εγκατάσταση ή την αντιμετώπιση προβλημάτων ενημερώσεων, ανατρέξτε στη Βοήθεια και Υποστήριξη.

CodeIntegrity:
===================================

Date: 2018-06-23 12:15:33.662
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Integral\ShellExtensionx64\ShellExtension.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-23 12:15:33.612
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Integral\ShellExtensionx64\ShellExtension.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-23 12:15:33.540
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Integral\ShellExtensionx64\ShellExtension.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-23 12:15:33.472
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Integral\ShellExtensionx64\ShellExtension.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-17 09:58:44.373
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Integral\ShellExtensionx64\ShellExtension.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-17 09:58:43.923
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Integral\ShellExtensionx64\ShellExtension.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-17 09:58:43.887
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Integral\ShellExtensionx64\ShellExtension.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-17 09:58:43.850
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Integral\ShellExtensionx64\ShellExtension.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 55%
Total physical RAM: 3983.28 MB
Available physical RAM: 1788.93 MB
Total Virtual: 5753.95 MB
Available Virtual: 1612.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.03 GB) (Free:77.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.1 GB) (Free:1.87 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (DVD) (CDROM) (Total:2.34 GB) (Free:0 GB) UDF

\\?\Volume{87dc8837-bbec-4331-872c-11fe7fd5c62d}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.13 GB) NTFS
\\?\Volume{91a96b48-1931-48ca-b106-1890e600212f}\ () (Fixed) (Total:0.87 GB) (Free:0.34 GB) NTFS
\\?\Volume{a609c680-3ae2-47ac-b8ed-a049b7538fb4}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 491A0AAC)

Partition: GPT.

==================== End of Addition.txt ============================
Nothing...

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19146
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Another infected computer
« Reply #3 on: June 23, 2018, 02:55:28 PM »
Hi, Panos.

1.  The version of Adobe Flash Player for Firefox/Pale Moon is out of date.  The most recent version can be obtained from here:  Flash Player for Firefox/Pale Moon - NPAPI.  You may wish to set the option to 'Allow Adobe to install updates' and then the Flash Player update will be automatic.  To change the setting, go to Control Panel\All Control Panel Items and select Flash Player.  When the Flash Player Settings Manager opens, click the Updates tab and select "Allow Adobe to install updates (recommended)".

2.  Pale Moon is also a few updates behind.  To get the latest version, 27.9.3, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

3.  Since AVG is no longer installed on the computer, I've included the "leftovers" that the uninstall process did not remove.

4.  Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines.  Right-click and select "Copy ".
Code: [Select]
Start::
CreateRestorePoint:
CloseProcesses:
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll => No File
CustomCLSID: HKU\S-1-5-21-3414196017-733389354-2935765532-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Rodoula\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
2018-06-11 02:13 - 2018-06-11 02:13 - 000003016 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
Task: {38C54207-26A4-4173-BD5A-0B120FCC4BE7} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
Folder:  C:\Program Files (x86)\AVG
Task: {8ECFAD59-5066-46BB-95E6-33AD20EFB666} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
FirewallRules: [{C3302C90-1775-4262-9DD2-3ACB5285CC45}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{E77A347A-D17F-4FB1-8680-D0AEA9F87159}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{F1A01EDE-373D-4A5C-9436-86B3C6BA0E81}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{0AB55495-6D6F-4550-9DEB-CB0D31CBFF90}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{3E6DEB75-E707-49E4-9231-F8E7ABA4DF2A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{E755D9DB-EA9A-4417-B93B-1B015DDA3782}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{D356F523-5BED-4B66-8730-D52CAC752565}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{1E098E7E-0A50-4382-B190-7A4C45B7B8E4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{0B7D3924-335B-4682-804A-B76E4FF6B7B0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D5CAF63F-D5A5-4E22-9F86-0DF934B0B602}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{11C84798-4C82-4819-8B68-6C728308702A}C:\users\rodoula\appdata\local\ilivid\ilivid.exe] => (Allow) C:\users\rodoula\appdata\local\ilivid\ilivid.exe
FirewallRules: [UDP Query User{615E632A-64C7-429E-8AB3-B421C4395BAA}C:\users\rodoula\appdata\local\ilivid\ilivid.exe] => (Allow) C:\users\rodoula\appdata\local\ilivid\ilivid.exe
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator.  When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.
Please let me know in your reply how your friend's computer is running now.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1527
  • Happy July 13th!
    • View Profile
Re: Another infected computer
« Reply #4 on: June 24, 2018, 08:23:30 AM »
Hi, Corrine.

1. Updates for Palemoon and Flash Player: Done.
2. Ran the FRST fix and this is the fixlist.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Rodoula (24-06-2018 11:20:05) Run:1
Running from C:\Users\Rodoula\Desktop
Loaded Profiles: Rodoula (Available Profiles: Rodoula)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll => No File
CustomCLSID: HKU\S-1-5-21-3414196017-733389354-2935765532-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Rodoula\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
2018-06-11 02:13 - 2018-06-11 02:13 - 000003016 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
Task: {38C54207-26A4-4173-BD5A-0B120FCC4BE7} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
Folder:  C:\Program Files (x86)\AVG
Task: {8ECFAD59-5066-46BB-95E6-33AD20EFB666} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
FirewallRules: [{C3302C90-1775-4262-9DD2-3ACB5285CC45}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{E77A347A-D17F-4FB1-8680-D0AEA9F87159}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{F1A01EDE-373D-4A5C-9436-86B3C6BA0E81}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{0AB55495-6D6F-4550-9DEB-CB0D31CBFF90}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{3E6DEB75-E707-49E4-9231-F8E7ABA4DF2A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{E755D9DB-EA9A-4417-B93B-1B015DDA3782}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{D356F523-5BED-4B66-8730-D52CAC752565}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{1E098E7E-0A50-4382-B190-7A4C45B7B8E4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{0B7D3924-335B-4682-804A-B76E4FF6B7B0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D5CAF63F-D5A5-4E22-9F86-0DF934B0B602}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{11C84798-4C82-4819-8B68-6C728308702A}C:\users\rodoula\appdata\local\ilivid\ilivid.exe] => (Allow) C:\users\rodoula\appdata\local\ilivid\ilivid.exe
FirewallRules: [UDP Query User{615E632A-64C7-429E-8AB3-B421C4395BAA}C:\users\rodoula\appdata\local\ilivid\ilivid.exe] => (Allow) C:\users\rodoula\appdata\local\ilivid\ilivid.exe
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
"HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => removed successfully
"HKLM\Software\Classes\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => removed successfully
"HKU\S-1-5-21-3414196017-733389354-2935765532-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
C:\WINDOWS\System32\Tasks\Antivirus Emergency Update => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{38C54207-26A4-4173-BD5A-0B120FCC4BE7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38C54207-26A4-4173-BD5A-0B120FCC4BE7}" => removed successfully
"C:\WINDOWS\System32\Tasks\Antivirus Emergency Update" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Antivirus Emergency Update" => removed successfully

========================= Folder:  C:\Program Files (x86)\AVG ========================

2016-06-10 15:08 - 2017-05-11 15:30 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\AVG\Av
2016-05-20 11:53 - 2016-09-07 09:12 - 000078608 ____A [B2530DDCA047CB311CCE047031EEC1B9] (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avguirux.exe
2016-06-10 15:10 - 2016-06-10 15:10 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\AVG\Av\myapps
2015-09-05 12:11 - 2015-09-05 12:11 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\AVG\Framework
2015-09-05 12:11 - 2017-06-22 11:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\AVG\Framework\1
2015-09-05 12:11 - 2017-06-22 11:58 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\AVG\Framework\Common

====== End of Folder: ======

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8ECFAD59-5066-46BB-95E6-33AD20EFB666}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ECFAD59-5066-46BB-95E6-33AD20EFB666}" => removed successfully
C:\WINDOWS\System32\Tasks\AVG EUpdate Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG EUpdate Task" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3302C90-1775-4262-9DD2-3ACB5285CC45}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E77A347A-D17F-4FB1-8680-D0AEA9F87159}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F1A01EDE-373D-4A5C-9436-86B3C6BA0E81}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0AB55495-6D6F-4550-9DEB-CB0D31CBFF90}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E6DEB75-E707-49E4-9231-F8E7ABA4DF2A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E755D9DB-EA9A-4417-B93B-1B015DDA3782}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D356F523-5BED-4B66-8730-D52CAC752565}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E098E7E-0A50-4382-B190-7A4C45B7B8E4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0B7D3924-335B-4682-804A-B76E4FF6B7B0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5CAF63F-D5A5-4E22-9F86-0DF934B0B602}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{11C84798-4C82-4819-8B68-6C728308702A}C:\users\rodoula\appdata\local\ilivid\ilivid.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{615E632A-64C7-429E-8AB3-B421C4395BAA}C:\users\rodoula\appdata\local\ilivid\ilivid.exe" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21040560 B
Java, Flash, Steam htmlcache => 13094 B
Windows/system/drivers => 172354 B
Edge => 6912900 B
Chrome => 961074951 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 966 B
LocalService => 0 B
NetworkService => 32066 B
NetworkService => 0 B
Rodoula => 42971122 B

RecycleBin => 1895149423 B
EmptyTemp: => 2.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:32:07 ====

3. Internet access Microsoft Edge: now OK.
4. The computer is still slow as before, especially when surfing the Internet.
Nothing...

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19146
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Another infected computer
« Reply #5 on: June 24, 2018, 02:26:19 PM »
Hi, Panos.

Let's remove that AVG folder as well as the mysearch.avg from Chrome.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines.  Right-click and select "Copy ".
Code: [Select]
Start::
CreateRestorePoint:
CloseProcesses:
CHR HomePage: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
C:\Program Files (x86)\AVG
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator.  When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.
How is the PC now?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1527
  • Happy July 13th!
    • View Profile
Re: Another infected computer
« Reply #6 on: June 24, 2018, 02:55:21 PM »
I ran Adware Cleaner and then the FRST fix above:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build:    06-05-2018
# Database: 2018-06-22.2
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-24-2018
# Duration: 00:00:16
# OS:       Windows 10 Home
# Cleaned:  3
# Failed:   1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\Rodoula\AppData\Local\Packages\windows_ie_ac_001\AC\AVG Web TuneUp

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\.torrent|iLivid.torrent_backup

***** [ Chromium (and derivatives) ] *****

Not Deleted   AVG Web TuneUp

***** [ Chromium URLs ] *****

Deleted       Softonic EN

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

  • Delete Tracing Keys
  • Reset Winsock


*************************

AdwCleaner[S00].txt - [1390 octets] - [24/06/2018 18:26:17]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Rodoula (24-06-2018 18:34:38) Run:2
Running from C:\Users\Rodoula\Desktop
Loaded Profiles: Rodoula (Available Profiles: Rodoula)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CHR HomePage: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
C:\Program Files (x86)\AVG
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"Chrome HomePage" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
C:\Program Files (x86)\AVG => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9673983 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 125701 B
Edge => 32768 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 2792 B
NetworkService => 0 B
Rodoula => 319647 B

RecycleBin => 0 B
EmptyTemp: => 17.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:38:04 ====

Question:
Is it OK to uninstall the Chrome browser now?

Nothing...

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19146
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Another infected computer
« Reply #7 on: June 24, 2018, 03:53:28 PM »
Quote from: DR M
Question:
Is it OK to uninstall the Chrome browser now?

If Rodoula no longer wants it on the computer, sure.  The log shows that IE is the default browser.  Is that her choice?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1527
  • Happy July 13th!
    • View Profile
Re: Another infected computer
« Reply #8 on: June 24, 2018, 04:41:04 PM »
I removed Chrome, and made Palemoon as the default browser again. She told me that her daughters downloaded Chrome and that she prefers PM. So I don't think so that IE was her choice.

I find the computer slow, I don't know if I have in mind my computer and compare the two computers. There are only 80 GB free from 450 GB of the hard drive. FRST cleaned the temp files, right? Can I run cleanmgr to find if there is anything more to delete, including old system restore points?
Nothing...

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19146
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Another infected computer
« Reply #9 on: June 24, 2018, 05:23:55 PM »
Looking at the specs for the processor, the Intel® Core™ i3-2328M Processor is from 2012.  The device has 4 GB RAM, compared to today's standards of 8 GB and more so it is likely slower than you are used to.  That said, looking at C: drive, the log shows Free:77.29 GB on a 450 GB drive. 

I would start by going over the installed programs list with Rodoula and asking if there are programs no longer being used than can be uninstalled.  I would also suggest looking at the downloaded programs folder.  There is no value added in retaining the installation files for old programs no longer in use or installed on the device. 

Since the Spring Update, Version 1803, is on the device, old System Restore points would have been removed.  However, you could remove all but the most recent restore point created by FRST. 

As it turns out, Microsoft added new features to Windows 10 for the very purpose of removing temp files, etc.  With Storage Settings, you can not only set how frequently it is run but also control how soon to empty the Recycle Bin as well as providing an option to remove files from the Downloads folder if they have been there over a certain period of time.  See How to Use Windows 10’s Storage Settings to Free Hard Drive Space.

Although, as we discussed before, the free OneDrive space is "only" 5 GB, nonetheless, it is free.  If, for example, Rodoula does not do a lot of word processing so the Documents folder isn't all that large, it could be moved to OneDrive rather than taking space on the device.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1527
  • Happy July 13th!
    • View Profile
Re: Another infected computer
« Reply #10 on: June 24, 2018, 05:55:41 PM »
After some clean up (cleanmgr and deleting some setup files) the free space is now 82.3 GB.

I will return the computer tomorrow.

Thank you, Corrine. :)
Nothing...

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19146
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Another infected computer
« Reply #11 on: June 24, 2018, 06:14:47 PM »
Ok, before you return it, please delete FRST, FRST.txt and Addition.txt from the Desktop.  In addition, there are two other things you may wish to consider installing:

1.  To assist in preventing pre-checked offers when installing programs, you may wish to consider Unchecky.  Although an older article, this describes Unchecky, How to Avoid Junkware Offers with Unchecky.

2.  UCheck is by Adlice Software and can be helpful in keeping programs updated.  The free version doesn't do automatic scans but for people who forget to check their installed programs for updates, it is a "one-click" check rather than checking each program.  UCheck Free Download (Updates Manager)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline DR M

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1527
  • Happy July 13th!
    • View Profile
Re: Another infected computer
« Reply #12 on: June 24, 2018, 06:36:45 PM »
Ok, before you return it, please delete FRST, FRST.txt and Addition.txt from the Desktop.  In addition, there are two other things you may wish to consider installing:

1.  To assist in preventing pre-checked offers when installing programs, you may wish to consider Unchecky.  Although an older article, this describes Unchecky, How to Avoid Junkware Offers with Unchecky.

2.  UCheck is by Adlice Software and can be helpful in keeping programs updated.  The free version doesn't do automatic scans but for people who forget to check their installed programs for updates, it is a "one-click" check rather than checking each program.  UCheck Free Download (Updates Manager)

All done.
Thanks again.  :)

P.S. UCheck offers some programs for download, including uTorrent, Java and others. I hope that they won't choose something unnecessary from there.
Nothing...

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19146
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Another infected computer
« Reply #13 on: June 24, 2018, 06:49:33 PM »
That being the case, you need to strongly advise against using such programs. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.