Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2020 Ran by Hernik (administrator) on DONKEYLOON (Hewlett-Packard HP ENVY 17 Notebook PC) (10-08-2020 22:35:02) Running from C:\Downloads Loaded Profiles: Hernik Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom) Default browser: Opera Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\Vpn.exe <2> (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe (CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14> (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Company -> HP) C:\Windows\System32\hpservice.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe <3> (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe (Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Validity Sensors, Inc.) [File not signed] C:\Windows\System32\valWBFPolicyService.exe (WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269352 2019-12-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2473800 2014-09-09] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [2799272 2014-09-09] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Softex Incorporated -> Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Softex Incorporated -> Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Softex Incorporated -> Hewlett-Packard) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [185648 2020-07-09] (ESET, spol. s r.o. -> ESET) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company -> Hewlett-Packard Company) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-10-09] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\Winampa.exe [12288 2003-04-02] () [File not signed] HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) HKU\S-1-5-21-829174052-3942012007-3595750886-1001\...\Run: [ChomikBox] => C:\Program Files (x86)\ChomikBox\ChomikBox.exe [3941376 2017-02-21] () [File not signed] HKU\S-1-5-21-829174052-3942012007-3595750886-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49805160 2018-11-09] (Skype Software Sarl -> Skype Technologies S.A.) HKU\S-1-5-21-829174052-3942012007-3595750886-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-829174052-3942012007-3595750886-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [7388488 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) HKU\S-1-5-21-829174052-3942012007-3595750886-1001\...\MountPoints2: {05564a3e-af7d-11e8-82a8-d85de2a1294a} - "H:\Setup.exe" HKU\S-1-5-21-829174052-3942012007-3595750886-1001\...\MountPoints2: {43262b15-943c-11e8-829e-d85de2a1294a} - "F:\setup_the_witcher_2_ee_3.0.1.17.exe" HKU\S-1-5-21-829174052-3942012007-3595750886-1001\...\MountPoints2: {8c821b82-85c2-11e8-829c-d85de2a1294a} - "F:\Setup.exe" HKU\S-1-5-21-829174052-3942012007-3595750886-1001\...\MountPoints2: {92a1d263-162a-11e7-8261-d85de2a1294a} - "F:\setup.exe" HKU\S-1-5-21-829174052-3942012007-3595750886-1001\...\MountPoints2: {ad7ae910-302b-11e8-8282-d85de2a1294a} - "F:\Setup.exe" HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-29] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Providers\Internet Print Provider: inetpp.dll HKLM\...\Providers\LanMan Print Services: win32spl.dll HKLM\...\Print\Monitors\HP Universal Port Monitor: hpbprtmon.dll HKLM\...\Print\Monitors\Local Port: localspl.dll HKLM\...\Print\Monitors\Microsoft Shared Fax Monitor: FXSMON.DLL HKLM\...\Print\Monitors\Standard TCP/IP Port: tcpmon.dll HKLM\...\Print\Monitors\USB Monitor: usbmon.dll HKLM\...\Print\Monitors\WSD Port: WSDMon.dll HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\Installer\chrmstp.exe [2020-08-10] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2014-09-23] (CyberLink Corp. -> CyberLink) HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2014-03-28] (Softex Inc..) [File not signed] HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2014-03-28] (Softex Inc..) [File not signed] HKLM\Software\...\Winlogon\GPExtensions: [{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}] -> C:\Windows\SysWOW64\wlgpclnt.dll [2014-10-29] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{16be69fa-4209-4250-88cb-716cf41954e0}] -> auditcse.dll HKLM\Software\...\Winlogon\GPExtensions: [{25537BA6-77A8-11D2-9B6C-0000F8080861}] -> C:\Windows\SysWOW64\fdeploy.dll [2014-10-29] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{426031c0-0b47-4852-b0ca-ac3d37bfcb39}] -> C:\Windows\SysWOW64\gptext.dll [2014-10-29] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{4d968b55-cac2-4ff5-983f-0a54603781a3}] -> WorkFoldersGPExt.dll HKLM\Software\...\Winlogon\GPExtensions: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] -> C:\Windows\SysWOW64\scecli.dll [2020-03-08] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}] -> C:\Windows\SysWOW64\dot3gpclnt.dll [2014-10-29] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}] -> pwlauncher.dll HKLM\Software\...\Winlogon\GPExtensions: [{C34B2751-1CF4-44F5-9262-C3FC39666591}] -> pwlauncher.dll HKLM\Software\...\Winlogon\GPExtensions: [{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}] -> C:\Windows\SysWOW64\gptext.dll [2014-10-29] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{f3ccc681-b74c-4060-9f26-cd84525dca2a}] -> auditcse.dll HKLM\Software\...\Winlogon\GPExtensions: [{FB2CA36D-0B40-4307-821B-A13B252DE56C}] -> C:\Windows\SysWOW64\gptext.dll [2014-10-29] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}] -> C:\Windows\SysWOW64\gptext.dll [2014-10-29] (Microsoft Windows -> Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-06-16] ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software) BootExecute: autocheck autochk * sdnclean64.exeicarus_rvrt.exe GroupPolicy: Restriction ? <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08E6BBB2-FC4C-47D8-B5F4-4E2B02F5AB12} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14679256 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd) Task: {0A60D90C-1BB8-448F-989D-91B1BFE3B19E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe <==== ATTENTION Task: {129B2564-7785-4DC0-876D-E8582B0594B8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {20DCBEF0-29B1-4D78-9824-40AB106DB95E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd) Task: {3E79058C-EB2D-4947-97B3-7D7FA7E27E65} - System32\Tasks\IcarusAvastVpnUpgrade => C:\Program Files\AVAST Software\SecureLine\setup\avast_vpn_online_setup.exe [1071288 2020-08-10] (Avast Software s.r.o. -> Avast Software) Task: {3F7A0D3B-B08E-4A7F-8396-4EA4B0DD56C3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.) Task: {5117163C-29D3-43F7-B8C3-6B533A1BFAE1} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-15] (Dropbox, Inc -> ) Task: {514A4A77-1CD5-453E-9729-69D12E617DB3} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1354552 2014-05-19] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) Task: {60607B54-A775-4602-A633-8BF2A5CFFEE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-17] (Google LLC -> Google LLC) Task: {6090ED67-45A0-44C9-8DD8-304A1B02F0EE} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [339208 2014-07-24] (CyberLink Corp. -> CyberLink Corp.) Task: {68F12DA0-BDD0-4F7D-BA39-B1FA5AF9CCFA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-04-09] (Intel® Services Manager -> ) Task: {6A791D9E-D2AC-4394-9B36-7E07D1838FAB} - System32\Tasks\{0E2DFF6A-8780-4F90-8B75-D07EA1A305A5} => c:\program files\opera developer\launcher.exe [1574488 2018-06-13] (Opera Software AS -> Opera Software) Task: {6F73FC93-659D-454F-A62E-2A493DE244F4} - System32\Tasks\Avast SecureLine VPN Update => c:\program files\avast software\secureline\vpnupdate.exe [1390472 2019-10-23] (AVAST Software s.r.o. -> AVAST Software) Task: {8A4E02D5-AEC7-43DD-A09A-EB11ABC67508} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-04-09] (Intel® Services Manager -> ) Task: {9B34479B-631C-4294-A2DF-A3FC6F2C2FC2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-15] (Adobe Inc. -> Adobe) Task: {9F95355F-ED55-4DCC-B74D-3123F6E7FFCE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_403_pepper.exe [1471032 2020-07-15] (Adobe Inc. -> Adobe) Task: {A216000C-66D3-4E66-8A6E-D98AB5762D3C} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\SysWOW64\BthUdTask.exe [35840 2014-10-29] (Microsoft Windows -> Microsoft Corporation) Task: {A7D7DFA7-C52C-40F0-9995-EB8D7942BEAE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-17] (Google LLC -> Google LLC) Task: {B5C7347F-D83B-4B27-834D-E28E14BB31E4} - System32\Tasks\{DA92026D-AFD1-41B6-B4AC-6BEC582C5C2A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Ubisoft\Gearbox Software\BrothersInArms\System\bia.exe" -d "C:\Program Files (x86)\Ubisoft\Gearbox Software\BrothersInArms\System" Task: {B7D25BA8-2E94-4D9D-84D6-9B0E0BEA49F1} - System32\Tasks\Opera scheduled Autoupdate 1488019712 => C:\Program Files\Opera developer\launcher.exe [1574488 2018-06-13] (Opera Software AS -> Opera Software) <==== ATTENTION Task: {C11167A1-1D96-4B9A-BFC5-34B979B5F965} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\7.1.0\Scheduler.exe [149776 2019-11-14] (IObit Information Technology -> IObit) Task: {DA281F53-BC3C-4D2A-B8EC-EC43993C1003} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2014-09-23] (CyberLink Corp. -> CyberLink Corp.) Task: {EC5CF955-28CB-4E68-928A-7CF95134FCD5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{D949E3B4-5D11-4BC9-9675-B0722F3217DD}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com HKU\S-1-5-21-829174052-3942012007-3595750886-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-829174052-3942012007-3595750886-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com HKU\S-1-5-21-829174052-3942012007-3595750886-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://hp13.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {F9A40DD7-FDB6-49F3-82C7-23F858D661A0} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-829174052-3942012007-3595750886-1001 -> DefaultScope {16C29558-6870-4BFF-9486-DCFACC54F69C} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms} SearchScopes: HKU\S-1-5-21-829174052-3942012007-3595750886-1001 -> {16C29558-6870-4BFF-9486-DCFACC54F69C} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms} SearchScopes: HKU\S-1-5-21-829174052-3942012007-3595750886-1001 -> {F9A40DD7-FDB6-49F3-82C7-23F858D661A0} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-07-25] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) [File not signed] Edge: ====== Edge Profile: C:\Users\Hernik\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-21] FireFox: ======== FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] (Foxit Corporation -> ) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] (Foxit Corporation -> ) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] (WildTangent Inc -> ) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-829174052-3942012007-3595750886-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Hernik\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-18] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default [2020-08-10] CHR Notifications: Default -> hxxps://player.pl; hxxps://wojas.pl; hxxps://www.cbssports.com; hxxps://www.duolingo.com; hxxps://www.newchic.com; hxxps://www.totaljobs.com CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Extension: (Slides) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14] CHR Extension: (Dominykas Blyžė) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\afoibpobokebhgfnknfndkgemglggomo [2020-06-05] CHR Extension: (Docs) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (Google Drive) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-17] CHR Extension: (Unblocked PRO Anonymity) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgomeihihgehobajjhncjegcjlbcfiek [2019-04-02] CHR Extension: (YouTube) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-17] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-07-02] CHR Extension: (PDF Editor for Docs:Edit, Fill, Sign, Print) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjboohgkgchdnfnjiaggdbkdmpieoagi [2020-04-20] CHR Extension: (Moesif Orign & CORS Changer) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\digfbfaphojjndkpccljibejjbppifbc [2019-05-05] CHR Extension: (PerfectPixel by WellDoneCode (pixel perfect)) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkaagdgjmgdmbnecmcefdhjekcoceebi [2020-03-04] CHR Extension: (Adobe Acrobat) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-07-02] CHR Extension: (Sheets) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14] CHR Extension: (React Developer Tools) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmkadmapgofadopljbjfkapdkoienihi [2020-06-02] CHR Extension: (Google Docs Offline) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-02] CHR Extension: (JetBrains IDE Support) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhgeddbohgjknpmjagkdomcpobmllji [2019-02-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-01] CHR Extension: (Gmail) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-05] CHR Extension: (Chrome Media Router) - C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-04] CHR Profile: C:\Users\Hernik\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-07-17] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] Opera: ======= StartMenuInternet: (HKLM) Operadeveloper - C:\Program Files\Opera developer\Launcher.exe ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-15] (Adobe Inc. -> Adobe) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (Shanghai Comet Network Technology -> www.BitComet.com) R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2371248 2020-07-09] (ESET, spol. s r.o. -> ESET) R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2371248 2020-07-09] (ESET, spol. s r.o. -> ESET) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-25] (WildTangent Inc -> WildTangent) S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [569608 2014-10-09] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-04-09] (Intel® Services Manager -> ) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-09] (NVIDIA Corporation -> NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19438920 2014-09-09] (NVIDIA Corporation -> NVIDIA Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2018-08-16] (Even Balance, Inc. -> ) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> ) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) R2 SecureLine; "C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2015-01-21] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.) S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.) S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2018-08-07] (Tages SA -> ) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [159528 2020-07-09] (ESET, spol. s r.o. -> ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [106640 2020-07-09] (ESET, spol. s r.o. -> ESET) S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15800 2020-04-01] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [195456 2020-07-09] (ESET, spol. s r.o. -> ESET) R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [53064 2020-07-09] (ESET, spol. s r.o. -> ESET) R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [79536 2020-07-09] (ESET, spol. s r.o. -> ESET) R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [116488 2020-07-09] (ESET, spol. s r.o. -> ESET) S3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [32840 2019-12-01] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-12-01] (Martin Malik - REALiX -> REALiX(tm)) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2018-08-07] (Tages SA -> ) S3 nmwcdnsucx64; C:\Windows\system32\drivers\nmwcdnsucx64.sys [12800 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia) S3 nmwcdnsux64; C:\Windows\system32\drivers\nmwcdnsux64.sys [171008 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia) S3 qcfilter; C:\Windows\System32\drivers\qcusbfilter.sys [49208 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated) S3 qcusbnet; C:\Windows\system32\DRIVERS\qcusbnet.sys [428600 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated) S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2019-08-05] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31656 2019-12-01] (Hewlett-Packard Company -> HP) R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2019-12-01] (Hewlett-Packard Company -> HP) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-08-10 22:34 - 2020-08-10 22:34 - 000003320 _____ C:\Windows\system32\Tasks\IcarusAvastVpnUpgrade 2020-08-10 22:29 - 2020-08-10 22:29 - 000000000 ____D C:\Program Files\Common Files\Avast Software 2020-08-10 22:29 - 2020-07-14 07:45 - 000076184 _____ (Avast Software) C:\Windows\system32\icarus_rvrt.exe 2020-08-10 20:54 - 2020-08-10 22:35 - 000000000 ____D C:\FRST 2020-07-17 22:41 - 2020-08-10 20:54 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-07-17 22:41 - 2020-08-10 20:54 - 000002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-07-17 22:41 - 2020-08-10 20:54 - 000002210 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-07-17 22:40 - 2020-07-17 22:46 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2020-07-17 22:40 - 2020-07-17 22:46 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2020-07-16 00:03 - 2020-07-08 11:56 - 001370688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2020-07-16 00:03 - 2020-07-08 09:28 - 000129024 _____ (Microsoft Corporation) C:\Windows\splwow64.exe 2020-07-16 00:03 - 2020-07-08 08:40 - 001088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2020-07-16 00:03 - 2020-07-02 03:57 - 001756672 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2020-07-16 00:03 - 2020-07-02 03:43 - 001494016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2020-07-16 00:03 - 2020-06-16 04:11 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll 2020-07-16 00:03 - 2020-06-13 01:29 - 000092944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll 2020-07-16 00:03 - 2020-06-13 00:27 - 000073776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll 2020-07-16 00:03 - 2020-06-12 23:53 - 000360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2020-07-16 00:03 - 2020-06-12 22:39 - 000391168 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2020-07-16 00:03 - 2020-06-12 22:25 - 000269312 _____ (Microsoft Corporation) C:\Windows\system32\netman.dll 2020-07-16 00:03 - 2020-06-12 18:37 - 000537616 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2020-07-16 00:03 - 2020-06-12 17:56 - 000450296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2020-07-16 00:03 - 2020-06-12 14:29 - 001549560 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2020-07-16 00:03 - 2020-06-11 21:18 - 007362288 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2020-07-16 00:03 - 2020-06-11 06:03 - 022378304 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2020-07-16 00:03 - 2020-06-11 06:03 - 000723008 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2020-07-16 00:03 - 2020-06-11 05:56 - 000806200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2020-07-16 00:03 - 2020-06-11 05:37 - 019803064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2020-07-16 00:03 - 2020-06-11 05:37 - 000561896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2020-07-16 00:03 - 2020-06-11 05:33 - 000613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2020-07-16 00:03 - 2020-06-11 05:16 - 025755136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2020-07-16 00:03 - 2020-06-11 04:52 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2020-07-16 00:03 - 2020-06-11 04:42 - 000187392 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll 2020-07-16 00:03 - 2020-06-11 04:41 - 020291072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2020-07-16 00:03 - 2020-06-11 04:41 - 005498880 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2020-07-16 00:03 - 2020-06-11 04:39 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.PointOfService.dll 2020-07-16 00:03 - 2020-06-11 04:25 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2020-07-16 00:03 - 2020-06-11 04:17 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2020-07-16 00:03 - 2020-06-11 04:16 - 000148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll 2020-07-16 00:03 - 2020-06-11 04:14 - 000368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll 2020-07-16 00:03 - 2020-06-11 04:04 - 015479296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2020-07-16 00:03 - 2020-06-11 04:04 - 001057792 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll 2020-07-16 00:03 - 2020-06-11 03:57 - 000279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2020-07-16 00:03 - 2020-06-11 03:56 - 000257536 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll 2020-07-16 00:03 - 2020-06-11 03:56 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\keyiso.dll 2020-07-16 00:03 - 2020-06-11 03:54 - 000551424 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll 2020-07-16 00:03 - 2020-06-11 03:49 - 000882688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll 2020-07-16 00:03 - 2020-06-11 03:48 - 000255488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll 2020-07-16 00:03 - 2020-06-11 03:46 - 013861888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2020-07-16 00:03 - 2020-06-11 03:45 - 000693248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll 2020-07-16 00:03 - 2020-06-11 03:44 - 014534656 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2020-07-16 00:03 - 2020-06-11 03:42 - 000906240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.dll 2020-07-16 00:03 - 2020-06-11 03:42 - 000211968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll 2020-07-16 00:03 - 2020-06-11 03:39 - 000173568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll 2020-07-16 00:03 - 2020-06-11 03:37 - 007800320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2020-07-16 00:03 - 2020-06-11 03:37 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll 2020-07-16 00:03 - 2020-06-11 03:35 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2020-07-16 00:03 - 2020-06-11 03:35 - 000629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll 2020-07-16 00:03 - 2020-06-11 03:29 - 005272064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2020-07-16 00:03 - 2020-06-11 03:29 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2020-07-16 00:03 - 2020-06-11 03:27 - 001728512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll 2020-07-16 00:03 - 2020-06-11 03:27 - 000710656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2020-07-16 00:03 - 2020-06-11 03:22 - 001547264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll 2020-07-16 00:03 - 2020-06-09 06:12 - 001764872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2020-07-16 00:03 - 2020-06-09 06:12 - 000374008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2020-07-16 00:03 - 2020-06-09 06:05 - 000357824 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2020-07-16 00:03 - 2020-06-09 05:37 - 001489528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2020-07-16 00:03 - 2020-06-09 05:36 - 000316152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2020-07-16 00:03 - 2020-06-09 05:31 - 000255104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2020-07-16 00:03 - 2020-06-09 04:27 - 001994240 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2020-07-16 00:03 - 2020-06-09 04:18 - 001384960 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2020-07-16 00:03 - 2020-06-09 04:06 - 001695744 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll 2020-07-16 00:03 - 2020-06-09 04:03 - 001560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2020-07-16 00:03 - 2020-06-06 20:58 - 001542672 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2020-07-16 00:03 - 2020-06-05 23:09 - 000430832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2020-07-16 00:03 - 2020-06-05 23:06 - 000320240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2020-07-16 00:03 - 2020-06-05 17:20 - 001441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2020-07-16 00:03 - 2020-06-05 17:16 - 000964096 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2020-07-16 00:03 - 2020-06-05 17:15 - 000781312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2020-07-16 00:03 - 2020-06-05 17:15 - 000436224 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2020-07-16 00:03 - 2020-06-05 17:15 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2020-07-16 00:03 - 2020-06-05 17:15 - 000227328 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2020-07-16 00:03 - 2020-06-05 17:14 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2020-07-16 00:03 - 2020-06-05 17:14 - 000193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2020-07-16 00:03 - 2020-06-05 17:06 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll 2020-07-16 00:03 - 2020-06-05 17:06 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2020-07-16 00:03 - 2020-06-05 16:39 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll 2020-07-16 00:03 - 2020-06-05 16:39 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll 2020-07-16 00:03 - 2020-06-04 20:33 - 001902240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2020-07-16 00:03 - 2020-06-04 20:32 - 002535960 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2020-07-16 00:03 - 2020-06-04 19:25 - 000427584 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll 2020-07-16 00:03 - 2020-06-04 19:21 - 000368240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll 2020-07-16 00:03 - 2020-06-04 14:58 - 000460800 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll 2020-07-16 00:03 - 2020-06-04 14:47 - 000333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnphost.dll 2020-07-16 00:03 - 2020-06-04 14:43 - 000699904 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll 2020-07-16 00:03 - 2020-06-04 14:38 - 000628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll 2020-07-16 00:03 - 2020-06-03 19:40 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2020-07-16 00:03 - 2020-06-03 19:20 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWSD.dll 2020-07-16 00:03 - 2020-06-03 19:19 - 000505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll 2020-07-16 00:03 - 2020-06-03 19:08 - 006220288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2020-07-16 00:03 - 2020-06-03 17:43 - 001101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2020-07-16 00:03 - 2020-06-03 17:12 - 000750080 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll 2020-07-16 00:03 - 2020-06-03 17:12 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll 2020-07-16 00:03 - 2020-06-03 16:52 - 007040000 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2020-07-16 00:02 - 2020-07-02 05:05 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll 2020-07-16 00:02 - 2020-07-02 04:32 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll 2020-07-16 00:02 - 2020-06-11 04:41 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2020-07-16 00:02 - 2020-06-11 04:24 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2020-07-16 00:02 - 2020-06-11 04:19 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2020-07-16 00:02 - 2020-06-11 04:15 - 000653824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2020-07-16 00:02 - 2020-06-11 04:13 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2020-07-16 00:02 - 2020-06-11 04:05 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2020-07-16 00:02 - 2020-06-11 04:02 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2020-07-16 00:02 - 2020-06-11 03:59 - 000076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2020-07-16 00:02 - 2020-06-11 03:55 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2020-07-16 00:02 - 2020-06-11 03:52 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2020-07-16 00:02 - 2020-06-11 03:52 - 004111872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2020-07-16 00:02 - 2020-06-11 03:50 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2020-07-16 00:02 - 2020-06-11 03:44 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\keyiso.dll 2020-07-16 00:02 - 2020-06-11 03:40 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2020-07-16 00:02 - 2020-06-11 03:32 - 003317248 _____ (Microsoft Corporation) C:\Windows\system32\bootux.dll 2020-07-16 00:02 - 2020-06-11 03:31 - 004387328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2020-07-16 00:02 - 2020-06-11 03:28 - 001341952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2020-07-16 00:02 - 2020-06-09 05:15 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2020-07-16 00:02 - 2020-06-09 04:44 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2020-07-16 00:02 - 2020-06-05 17:14 - 000208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2020-07-16 00:02 - 2020-06-05 17:09 - 001377792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2020-07-16 00:02 - 2020-06-05 17:06 - 000174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll 2020-07-16 00:02 - 2020-06-03 19:48 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2020-07-16 00:02 - 2020-06-03 17:54 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2020-07-16 00:02 - 2020-06-03 17:25 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2020-07-16 00:02 - 2020-06-03 17:24 - 000840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll 2020-07-15 11:58 - 2020-07-15 11:58 - 008774200 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerInstaller.exe ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-08-10 22:29 - 2015-06-28 18:04 - 000000000 ____D C:\ProgramData\AVAST Software 2020-08-10 22:29 - 2015-06-28 18:04 - 000000000 ____D C:\Program Files\AVAST Software 2020-08-10 22:03 - 2017-02-25 11:48 - 000000000 ____D C:\Program Files\Opera developer 2020-08-10 20:59 - 2017-02-25 10:46 - 000003596 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-829174052-3942012007-3595750886-1001 2020-08-10 20:20 - 2017-02-25 10:55 - 000003938 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{2F6386AC-70FA-494E-AC39-E9B25100408B} 2020-08-10 20:16 - 2017-03-28 20:25 - 007653888 ___SH C:\Users\Hernik\Downloads\Thumbs.db 2020-08-10 20:12 - 2017-06-24 12:18 - 000000000 ____D C:\Users\Hernik\AppData\Roaming\CDisplayEx 2020-08-05 03:26 - 2019-05-24 10:28 - 000004188 _____ C:\Windows\system32\Tasks\Avast SecureLine VPN Update 2020-08-05 03:25 - 2019-01-14 18:13 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update 2020-08-03 21:25 - 2020-05-06 20:11 - 000010240 ___SH C:\Users\Hernik\Desktop\Thumbs.db 2020-08-03 20:24 - 2017-02-25 12:18 - 000000000 ____D C:\Users\Hernik\AppData\Roaming\vlc 2020-08-03 20:20 - 2019-09-30 19:19 - 000000000 ____D C:\Users\Hernik\Documents\Mateusz 2020-08-03 17:44 - 2019-12-08 18:03 - 000000000 ____D C:\Users\Hernik\AppData\Local\Stud.io 2020-08-03 15:57 - 2018-08-19 14:09 - 000000000 ____D C:\Users\Hernik\AppData\Local\CrashDumps 2020-07-23 22:47 - 2014-01-14 12:08 - 000000000 ____D C:\Muza 2020-07-22 00:31 - 2017-03-18 01:10 - 000000000 ____D C:\Warcraft 2020-07-21 23:06 - 2014-03-18 10:53 - 000959832 _____ C:\Windows\system32\PerfStringBackup.INI 2020-07-21 23:06 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf 2020-07-21 22:44 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\rescache 2020-07-21 21:44 - 2017-03-28 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2020-07-21 21:44 - 2017-03-28 20:15 - 000000000 ____D C:\Program Files\Java 2020-07-21 21:40 - 2018-04-25 13:30 - 000049029 _____ C:\IFRToolLog.txt 2020-07-21 21:36 - 2017-02-25 10:42 - 000000000 ____D C:\Users\Hernik\Documents\Youcam 2020-07-21 21:35 - 2017-06-11 12:11 - 000000000 ___RD C:\Users\Hernik\OneDrive 2020-07-21 00:58 - 2019-09-09 16:51 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2020-07-21 00:58 - 2015-06-28 17:54 - 000000000 ____D C:\ProgramData\Validity 2020-07-21 00:58 - 2015-06-28 17:47 - 000000000 ____D C:\ProgramData\NVIDIA 2020-07-21 00:58 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-07-21 00:57 - 2013-08-22 15:44 - 000426440 _____ C:\Windows\system32\FNTCACHE.DAT 2020-07-21 00:56 - 2013-08-22 14:25 - 000524288 ___SH C:\Windows\system32\config\BBI 2020-07-21 00:55 - 2017-02-25 10:40 - 000000000 ____D C:\Users\Hernik 2020-07-21 00:55 - 2013-08-22 16:36 - 000000000 ___RD C:\Windows\ToastData 2020-07-21 00:55 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\SysWOW64\setup 2020-07-21 00:55 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\setup 2020-07-21 00:55 - 2013-08-22 16:36 - 000000000 ____D C:\Program Files\Common Files\System 2020-07-17 22:41 - 2017-03-12 21:55 - 000000000 ____D C:\Program Files (x86)\Google 2020-07-17 22:37 - 2019-01-14 18:31 - 000000000 ____D C:\Users\Hernik\Documents\ccleaner backup 2020-07-17 22:16 - 2017-02-25 10:41 - 000000000 ____D C:\Users\Hernik\AppData\Local\Packages 2020-07-17 22:16 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps 2020-07-17 22:16 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\AppReadiness 2020-07-17 22:06 - 2013-08-22 16:20 - 000000000 ____D C:\Windows\CbsTemp 2020-07-17 21:35 - 2017-03-17 14:04 - 000000000 ____D C:\Foto 2020-07-15 11:58 - 2017-03-12 21:55 - 000004432 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier 2020-07-15 11:58 - 2017-03-12 21:55 - 000004288 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater 2020-07-15 11:58 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2020-07-15 11:58 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\Macromed 2020-07-14 10:12 - 2013-12-09 22:11 - 000000000 ____D C:\Filmy ==================== Files in the root of some directories ======== 2020-05-26 15:07 - 2020-05-26 15:07 - 000002363 _____ () C:\Users\Hernik\AppData\Local\recently-used.xbel 2017-10-31 18:16 - 2017-10-31 18:16 - 000000000 _____ () C:\Users\Hernik\AppData\Local\{14F0B52A-FBBE-458C-A1FC-17C8EB57CEB5} ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2020-08-01 20:03 ==================== End of FRST.txt ========================