Infected with trackid sp-006 malware

Infected with google.com/?trackid=sp-006 malware.


I have an annoying malware which is hi-jacking my Chrome Searches. Not affecting IE/FF/Iron browsers.


I have managed to spread the malware from my Laptop (64bit) to my desktop (32bit) so it may have attached itself to my google profile (maybe?). It arrived on my laptop with an entire fruit salad of malware when I inadvertently clicked on a link. I managed to get rid of all others, but this keeps recurring.


Leaving aside the Laptop, I am concentrating on cleaning the desktop, so here is the FRST log for the desktop, 32bit running Windows 7 Ultimate.


PC appears to be running okay, I just can't use Google search on Chrome reliably.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2022.


Ran by StudyDesktop (administrator) on STUDYDESKTOP-PC on 05-04-2022 10:43:44.


Running from C:\Users\StudyDesktop\Downloads.


Loaded Profiles: StudyDesktop (Available profiles: StudyDesktop)


Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)


Internet Explorer Version 11 (Default browser: Chrome)


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe.


(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe.


(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe.


(Teruten) C:\Windows\System32\FsUsbExService.Exe.


(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe.


(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE.


(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe.


(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE.


(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe.


(Secunia) C:\Program Files\Secunia\PSI\sua.exe.


(Intel Corporation) C:\Windows\System32\igfxtray.exe.


(Intel Corporation) C:\Windows\System32\hkcmd.exe.


(Intel Corporation) C:\Windows\System32\igfxpers.exe.


(Intel Corporation) C:\Windows\System32\igfxsrvc.exe.


(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe.


(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe.


(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe.


(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe.


(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe.


(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe.


(Brother Industries, Ltd.) C:\Program Files\Brother\Brother Help\BrotherHelp.exe.


(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe.


(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe.


(Samsung) C:\Program Files\Samsung\Kies\Kies.exe.


(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe.


(Creative Technology Ltd) C:\Program Files\Creative\Software Update 3\SoftAuto.exe.


(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe.


(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe.


(Jumping Bytes) C:\Program Files\PureSync\PureSyncTray.exe.


(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe.


(VoipConnect) C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe.


(Secunia) C:\Program Files\Secunia\PSI\psi tray.exe.


(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe.


(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.


(Microsoft Corporation) C:\Windows\System32\dllhost.exe.


(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe.


(Microsoft Corporation) C:\Windows\System32\taskmgr.exe.


(SRWare) C:\Program Files\SRWare Iron\iron.exe.


(SRWare) C:\Program Files\SRWare Iron\iron.exe.


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\. \Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)


HKLM\. \Run: [EEventManager] => C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe.


HKLM\. \Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2022-03-31] (Avast Software s.r.o.)


HKLM\. \Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)


HKLM\. \Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)


HKLM\. \Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)


HKLM\. \Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)


HKLM\. \Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)


HKLM\. \Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)


HKLM\. \Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)


HKLM\. \Run: [BrHelp] => C:\Program Files\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)


HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->


HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [SoftAuto.exe] => C:\Program Files\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [PureSync] => C:\Program Files\PureSync\PureSyncTray.exe [923312 2022-03-17] (Jumping Bytes)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2022-03-13] (Piriform Ltd)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [*LABAL*] => [X]


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [VoipConnect] => C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe [31445088 2022-03-27] (VoipConnect)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)


HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->


Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()


Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk.


ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi tray.exe (Secunia)


Startup: C:\Users\StudyDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()


ShellIconOverlayIdentifiers: [00avast] -> => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)


ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)


ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)


ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)


ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)


ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)


ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


HKLM\Software\Microsoft\Internet Explorer\Main,Default Page URL =


HKLM\Software\Microsoft\Internet Explorer\Main,Default Search URL =


HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm.


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cantinone.eu/


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp.


SearchScopes: HKU\.DEFAULT -> DefaultScope URL =


SearchScopes: HKU\S-1-5-19 -> DefaultScope URL =


SearchScopes: HKU\S-1-5-20 -> DefaultScope URL =


BHO: PlusIEEventHelper Class -> -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)


BHO: avast! Online Security -> -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2022-03-31] (Avast Software s.r.o.)


BHO: Windows Live ID Sign-in Helper -> -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)


BHO: Office Document Cache Handler -> -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)


BHO: Java™ Plug-In 2 SSV Helper -> -> C:\Program Files\Java\jre1.8.0 25\bin\jp2ssv.dll [2014-11-14] (Oracle Corporation)


Handler: skype-ie-addon-data - - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)


Handler: skype4com - - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)


Tcpip\Parameters: [DhcpNameServer] 192.168.0.1.


Tcpip\..\Interfaces\ : [NameServer] 192.168.7.1.


FF ProfilePath: C:\Users\StudyDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\7n4w50mp.default.


FF SearchEngineOrder.1: Yahoo! (Avast)


FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32 16 0 0 305.dll [2022-02-05] ()


FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)


FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0 25\bin\dtplugin\npDeployJava1.dll [2014-11-14] (Oracle Corporation)


FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0 25\bin\plugin2\npjp2.dll [2014-11-14] (Oracle Corporation)


FF Plugin: @microsoft.com/GENUINE -> disabled No File.


FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)


FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)


FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)


FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2022-02-05] (Google Inc.)


FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2022-02-05] (Google Inc.)


FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)


FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)


FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)


FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)


FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)


FF SearchPlugin: C:\Users\StudyDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\7n4w50mp.default\searchplugins\yahoo-avast.xml [2014-06-07]


FF Extension: Google Bookmarks for Firefox - C:\Users\StudyDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\7n4w50mp.default\Extensions\ .xpi [2011-03-29]


FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\ [2022-04-03]


FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\ [2022-04-03]


FF HKLM\. \Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF.


FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-25]


CHR HomePage: Default -> hxxp://www.dalani.it/014-oldengland-house/?&utm source=evening-newsletter&utm medium=da-newsletter&utm content=old england&utm campaign=evening-nl-20140408&utm term=no-special-tg.


CHR DefaultSuggestURL: Default -> search?client=&gs ri=&xssi=t&q=&sugkey=


CHR Profile: C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default.


CHR Extension: (YouTube) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-23]


CHR Extension: (Google Search) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-23]


CHR Extension: (ZenMate) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-06-10]


CHR Extension: (Chrome Hotword Shared Module) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2022-03-05]


CHR Extension: (ADTelly PRO Watch BBC iPlayer & ITV abroad) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijiggndnopldglgelamfhfhicjbfdam [2014-10-05]


CHR Extension: (Google Wallet) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]


CHR Extension: (Watch UK TV Online with Adtelly.tv) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjjcnhdfjhfmkpilggjhhkgafmflld [2014-12-22]


CHR Extension: (Gmail) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-23]


CHR HKLM\. \Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2022-03-31]


(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2022-03-31] (Avast Software s.r.o.)


R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2022-03-31] (Avast Software s.r.o.)


R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2022-03-31] (Avast Software)


R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]


R2 CTDevice Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]


S3 CTUPnPSv; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]


S4 EPSON EB RPCV4 01; C:\ProgramData\EPSON\EPW!3 SSRP\E S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)


S4 EPSON PM RPCV4 01; C:\ProgramData\EPSON\EPW!3 SSRP\E S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)


R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed]


S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]


S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [33080 2022-03-04] (The OpenVPN Project)


R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)


S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)


R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)


R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)


(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2022-03-31] ()


R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2022-03-31] (Avast Software s.r.o.)


R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2022-03-31] (Avast Software s.r.o.)


R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [271248 2022-03-31] (Avast Software s.r.o.)


R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2022-03-31] (Avast Software s.r.o.)


R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2022-03-31] ()


R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2022-03-31] (Avast Software s.r.o.)


R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2022-03-31] (Avast Software s.r.o.)


R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2022-03-31] (Avast Software s.r.o.)


R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2022-03-31] ()


R3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-14] (Atheros Communications, Inc.)


R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)


R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]


R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()


R3 PSI; C:\Windows\System32\DRIVERS\psi mf x86.sys [16024 2014-11-28] (Secunia)


S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)


S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)


S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)


S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation)


S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)


S3 s116obex; C:\Windows\System32\DRIVERS\s116obex.sys [98696 2007-04-03] (MCCI Corporation)


S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)


R3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-14] (Conexant Systems, Inc.)


R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-11-05] (The OpenVPN Project)


R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2022-03-31] (Avast Software)


R3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [91527 2005-02-26] (VM)


S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]


S4 LMIRfsClientNP; No ImagePath.


S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]


S3 tsusbhub; system32\drivers\tsusbhub.sys [X]


S3 VGPU; System32\drivers\rdvgkmd.sys [X]


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========


(If an entry is included in the fixlist, the file\folder will be moved.)


2022-04-05 10:43 - 2022-04-05 10:44 - 00021790 () C:\Users\StudyDesktop\Downloads\FRST.txt.


2022-04-05 10:43 - 2022-04-05 10:43 - 00000000 D () C:\FRST.


2022-04-05 10:41 - 2022-04-05 10:42 - 01135104 (Farbar) C:\Users\StudyDesktop\Downloads\FRST.exe.


2022-04-05 03:01 - 2022-04-05 03:01 - 00000000 SD () C:\Windows\system32\GWX.


2022-04-04 18:02 - 2022-04-04 18:03 - 00000000 D () C:\Users\StudyDesktop\Documents\Dad Photos.


2022-04-04 09:11 - 2022-04-05 09:13 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-04-03 09:48 - 2022-04-03 09:48 - 00000000 D () C:\Program Files\Mozilla Firefox.


2022-04-02 21:49 - 2022-04-03 09:49 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-04-02 09:47 - 2022-04-02 09:47 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-04-01 08:27 - 2022-04-01 08:27 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-04-01 08:18 - 2022-04-04 08:22 - 00000224 () C:\Windows\setupact.log.


2022-04-01 08:18 - 2022-04-01 08:18 - 00000000 () C:\Windows\setuperr.log.


2022-03-31 19:25 - 2022-03-31 19:25 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-31 18:43 - 2022-03-31 18:46 - 44832392 (SRWare ) C:\Users\StudyDesktop\Documents\srware iron.exe.


2022-03-31 17:41 - 2022-03-31 17:41 - 00001064 () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk.


2022-03-31 17:29 - 2022-03-31 17:29 - 00000000 D () C:\Windows\system32\vbox.


2022-03-31 16:28 - 2022-03-31 16:28 - 00002063 () C:\Users\Public\Desktop\Avast SafeZone.lnk.


2022-03-31 16:28 - 2022-03-31 16:28 - 00002003 () C:\Users\Public\Desktop\Avast Internet Security.lnk.


2022-03-31 16:24 - 2022-03-31 16:23 - 00291312 (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe.


2022-03-31 16:24 - 2022-03-31 16:23 - 00026096 (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys.


2022-03-31 16:23 - 2022-03-31 16:23 - 00043112 (Avast Software s.r.o.) C:\Windows\avastSS.scr.


2022-03-31 16:22 - 2022-03-31 16:22 - 00271248 (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys.


2022-03-31 07:24 - 2022-03-31 07:24 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-30 11:43 - 2022-03-30 11:43 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-28 10:34 - 2022-03-29 10:37 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-26 10:16 - 2022-03-27 10:17 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-24 07:58 - 2022-03-24 07:59 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-23 11:38 - 2022-03-23 11:38 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-23 09:32 - 2022-03-23 09:32 - 00000895 () C:\Users\Public\Desktop\PureSync.lnk.


2022-03-23 09:32 - 2022-03-23 09:32 - 00000000 D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync.


2022-03-23 09:32 - 2022-03-23 09:32 - 00000000 D () C:\Program Files\PureSync.


2022-03-23 09:32 - 2022-03-23 09:32 - 00000000 D () C:\Program Files\Common Files\Jumping Bytes.


2022-03-22 23:35 - 2022-03-22 23:37 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-22 18:24 - 2022-03-22 18:25 - 00000580 RSH () C:\Users\StudyDesktop\ntuser.pol.


2022-03-22 16:51 - 2022-03-22 16:51 - 00001065 () C:\Users\Public\Desktop\OpenVPN GUI.lnk.


2022-03-22 16:48 - 2022-03-22 16:51 - 00000000 D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN.


2022-03-22 16:48 - 2022-03-22 16:51 - 00000000 D () C:\Program Files\TAP-Windows.


2022-03-22 16:48 - 2022-03-22 16:51 - 00000000 D () C:\Program Files\OpenVPN.


2022-03-22 16:48 - 2022-03-22 16:48 - 00000000 D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows.


2022-03-22 10:11 - 2022-03-22 10:11 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-20 10:07 - 2022-03-20 10:07 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-19 08:48 - 2022-03-19 08:48 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-18 10:58 - 2022-03-18 10:58 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-17 08:44 - 2022-03-17 08:44 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-15 12:04 - 2022-03-15 12:04 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-12 10:15 - 2022-03-13 10:18 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-11 21:45 - 2022-03-11 21:46 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-11 10:09 - 2022-03-11 10:09 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-11 09:10 - 2022-02-26 05:11 - 02381312 (Microsoft Corporation) C:\Windows\system32\win32k.sys.


2022-03-11 09:10 - 2022-02-24 04:32 - 00342696 (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll.


2022-03-11 09:10 - 2022-02-21 02:27 - 00418304 (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll.


2022-03-11 09:10 - 2022-02-20 04:08 - 00047616 (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll.


2022-03-11 09:10 - 2022-02-20 04:01 - 00047104 (Microsoft Corporation) C:\Windows\system32\jsproxy.dll.


2022-03-11 09:10 - 2022-02-20 04:00 - 00030720 (Microsoft Corporation) C:\Windows\system32\iernonce.dll.


2022-03-11 09:10 - 2022-02-20 03:56 - 00620032 (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll.


2022-03-11 09:10 - 2022-02-20 03:56 - 00115712 (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe.


2022-03-11 09:10 - 2022-02-20 03:56 - 00102912 (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe.


2022-03-11 09:10 - 2022-02-20 03:50 - 00667648 (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe.


2022-03-11 09:10 - 2022-02-20 03:41 - 00060416 (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll.


2022-03-11 09:10 - 2022-02-20 03:24 - 00684544 (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe.


2022-03-11 09:10 - 2022-02-20 02:57 - 01311232 (Microsoft Corporation) C:\Windows\system32\urlmon.dll.


2022-03-11 09:10 - 2022-02-20 02:55 - 00710144 (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll.


2022-03-11 09:10 - 2022-02-13 07:26 - 12875264 (Microsoft Corporation) C:\Windows\system32\shell32.dll.


2022-03-11 09:10 - 2022-02-03 05:12 - 01230848 (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll.


2022-03-11 09:10 - 2022-01-31 05:32 - 00919552 (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll.


2022-03-11 09:10 - 2022-01-31 04:52 - 00134656 (Microsoft Corporation) C:\Windows\system32\rdpudd.dll.


2022-03-11 09:10 - 2022-01-31 04:51 - 00015872 (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys.


2022-03-11 09:10 - 2022-01-17 04:30 - 00828928 (Microsoft Corporation) C:\Windows\system32\msctf.dll.


2022-03-11 09:09 - 2022-02-21 02:41 - 12827648 (Microsoft Corporation) C:\Windows\system32\ieframe.dll.


2022-03-11 09:09 - 2022-02-21 02:27 - 00285696 (Microsoft Corporation) C:\Windows\system32\dxtrans.dll.


2022-03-11 09:09 - 2022-02-21 02:25 - 19720222 (Microsoft Corporation) C:\Windows\system32\mshtml.dll.


2022-03-11 09:09 - 2022-02-21 01:32 - 00076288 (Microsoft Corporation) C:\Windows\system32\mshtmled.dll.


2022-03-11 09:09 - 2022-02-20 04:22 - 02724864 (Microsoft Corporation) C:\Windows\system32\mshtml.tlb.


2022-03-11 09:09 - 2022-02-20 04:22 - 00004096 (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll.


2022-03-11 09:09 - 2022-02-20 04:09 - 00503296 (Microsoft Corporation) C:\Windows\system32\vbscript.dll.


2022-03-11 09:09 - 2022-02-20 04:08 - 00062464 (Microsoft Corporation) C:\Windows\system32\iesetup.dll.


2022-03-11 09:09 - 2022-02-20 04:06 - 00064000 (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll.


2022-03-11 09:09 - 2022-02-20 04:03 - 02278400 (Microsoft Corporation) C:\Windows\system32\iertutil.dll.


2022-03-11 09:09 - 2022-02-20 03:58 - 00478208 (Microsoft Corporation) C:\Windows\system32\ieui.dll.


2022-03-11 09:09 - 2022-02-20 03:37 - 00168960 (Microsoft Corporation) C:\Windows\system32\msrating.dll.


2022-03-11 09:09 - 2022-02-20 03:30 - 04300288 (Microsoft Corporation) C:\Windows\system32\jscript9.dll.


2022-03-11 09:09 - 2022-02-20 03:24 - 02052608 (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl.


2022-03-11 09:09 - 2022-02-20 03:24 - 00689152 (Microsoft Corporation) C:\Windows\system32\msfeeds.dll.


2022-03-11 09:09 - 2022-02-20 03:23 - 01155072 (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll.


2022-03-11 09:09 - 2022-02-20 03:01 - 01888256 (Microsoft Corporation) C:\Windows\system32\wininet.dll.


2022-03-11 09:08 - 2022-03-06 07:15 - 00137656 (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.


2022-03-11 09:08 - 2022-03-06 07:15 - 00067512 (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.


2022-03-11 09:08 - 2022-03-06 07:10 - 01061376 (Microsoft Corporation) C:\Windows\system32\lsasrv.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00550912 (Microsoft Corporation) C:\Windows\system32\kerberos.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00259584 (Microsoft Corporation) C:\Windows\system32\msv1 0.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00248832 (Microsoft Corporation) C:\Windows\system32\schannel.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00221184 (Microsoft Corporation) C:\Windows\system32\ncrypt.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00172032 (Microsoft Corporation) C:\Windows\system32\wdigest.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00100352 (Microsoft Corporation) C:\Windows\system32\sspicli.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00065536 (Microsoft Corporation) C:\Windows\system32\TSpkg.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00022022 (Microsoft Corporation) C:\Windows\system32\secur32.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00017408 (Microsoft Corporation) C:\Windows\system32\credssp.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00015872 (Microsoft Corporation) C:\Windows\system32\sspisrv.dll.


2022-03-11 09:08 - 2022-03-06 07:09 - 00050176 (Microsoft Corporation) C:\Windows\system32\auditpol.exe.


2022-03-11 09:08 - 2022-03-06 07:09 - 00022528 (Microsoft Corporation) C:\Windows\system32\lsass.exe.


2022-03-11 09:08 - 2022-03-06 07:07 - 00146432 (Microsoft Corporation) C:\Windows\system32\msaudite.dll.


2022-03-11 09:08 - 2022-03-06 07:07 - 00060416 (Microsoft Corporation) C:\Windows\system32\msobjs.dll.


2022-03-11 09:08 - 2022-03-06 07:06 - 00686080 (Microsoft Corporation) C:\Windows\system32\adtschema.dll.


2022-03-11 09:08 - 2022-02-20 06:13 - 00070656 (Microsoft Corporation) C:\Windows\system32\fontsub.dll.


2022-03-11 09:08 - 2022-02-20 06:13 - 00034304 (Adobe Systems) C:\Windows\system32\atmlib.dll.


2022-03-11 09:08 - 2022-02-20 06:13 - 00026624 (Microsoft Corporation) C:\Windows\system32\lpk.dll.


2022-03-11 09:08 - 2022-02-20 06:13 - 00010240 (Microsoft Corporation) C:\Windows\system32\dciman32.dll.


2022-03-11 09:08 - 2022-02-20 05:09 - 00299008 (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll.


2022-03-11 09:08 - 2022-02-03 05:12 - 00171520 (Microsoft Corporation) C:\Windows\system32\ubpm.dll.


2022-03-11 09:07 - 2022-02-04 04:54 - 00417792 (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll.


2022-03-11 09:07 - 2022-02-03 05:16 - 03973048 (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe.


2022-03-11 09:07 - 2022-02-03 05:16 - 03917760 (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe.


2022-03-11 09:07 - 2022-02-03 05:16 - 00078784 (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.


2022-03-11 09:07 - 2022-02-03 05:12 - 11411968 (Microsoft Corporation) C:\Windows\system32\wmp.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 03209728 (Microsoft Corporation) C:\Windows\system32\mf.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 01329664 (Microsoft Corporation) C:\Windows\system32\quartz.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 01174528 (Microsoft Corporation) C:\Windows\system32\crypt32.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 01005056 (Microsoft Corporation) C:\Windows\system32\cryptui.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00988160 (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00744960 (Microsoft Corporation) C:\Windows\system32\blackbox.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00617984 (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00519680 (Microsoft Corporation) C:\Windows\system32\qdvd.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00504320 (Microsoft Corporation) C:\Windows\system32\msscp.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00489984 (Microsoft Corporation) C:\Windows\system32\evr.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00475136 (Microsoft Corporation) C:\Windows\system32\audiosrv.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00442880 (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00406016 (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00400896 (Microsoft Corporation) C:\Windows\system32\srcore.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00374784 (Microsoft Corporation) C:\Windows\system32\AudioEng.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00354816 (Microsoft Corporation) C:\Windows\system32\mfplat.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00275968 (Microsoft Corporation) C:\Windows\system32\EncDump.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00265216 (Microsoft Corporation) C:\Windows\system32\msnetobj.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00195584 (Microsoft Corporation) C:\Windows\system32\AudioSes.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00179200 (Microsoft Corporation) C:\Windows\system32\wintrust.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00157184 (Microsoft Corporation) C:\Windows\system32\pcasvc.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00143872 (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00103936 (Microsoft Corporation) C:\Windows\system32\cryptnet.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00103424 (Microsoft Corporation) C:\Windows\system32\mfps.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00081408 (Microsoft Corporation) C:\Windows\system32\cryptsp.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00069632 (Microsoft Corporation) C:\Windows\system32\smss.exe.


2022-03-11 09:07 - 2022-02-03 05:12 - 00050688 (Microsoft Corporation) C:\Windows\system32\appidapi.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00050176 (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00043008 (Microsoft Corporation) C:\Windows\system32\srclient.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00038912 (Microsoft Corporation) C:\Windows\system32\csrsrv.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00028160 (Microsoft Corporation) C:\Windows\system32\pcadm.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00027648 (Microsoft Corporation) C:\Windows\system32\appidsvc.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00010752 (Microsoft Corporation) C:\Windows\system32\msmmsp.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00008192 (Microsoft Corporation) C:\Windows\system32\spwmp.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00004096 (Microsoft Corporation) C:\Windows\system32\msdxm.ocx.


2022-03-11 09:07 - 2022-02-03 05:12 - 00004096 (Microsoft Corporation) C:\Windows\system32\dxmasf.dll.


2022-03-11 09:07 - 2022-02-03 05:11 - 12625408 (Microsoft Corporation) C:\Windows\system32\wmploc.DLL.


2022-03-11 09:07 - 2022-02-03 05:11 - 00262656 (Microsoft Corporation) C:\Windows\system32\rstrui.exe.


2022-03-11 09:07 - 2022-02-03 05:11 - 00100864 (Microsoft Corporation) C:\Windows\system32\audiodg.exe.


2022-03-11 09:07 - 2022-02-03 05:11 - 00096768 (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe.


2022-03-11 09:07 - 2022-02-03 05:11 - 00050176 (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe.


2022-03-11 09:07 - 2022-02-03 05:11 - 00023040 (Microsoft Corporation) C:\Windows\system32\mfpmp.exe.


2022-03-11 09:07 - 2022-02-03 05:11 - 00016896 (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe.


2022-03-11 09:07 - 2022-02-03 05:11 - 00009728 (Microsoft Corporation) C:\Windows\system32\pcawrk.exe.


2022-03-11 09:07 - 2022-02-03 05:11 - 00008192 (Microsoft Corporation) C:\Windows\system32\pcalua.exe.


2022-03-11 09:07 - 2022-02-03 05:10 - 00008704 (Microsoft Corporation) C:\Windows\system32\pcaevts.dll.


2022-03-11 09:07 - 2022-02-03 05:09 - 00002048 (Microsoft Corporation) C:\Windows\system32\mferror.dll.


2022-03-11 09:07 - 2022-02-03 05:08 - 00006656 (Microsoft Corporation) C:\Windows\system32\apisetschema.dll.


2022-03-11 09:07 - 2022-02-03 05:00 - 00593920 (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.


2022-03-11 09:07 - 2022-02-03 04:26 - 00050176 (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.


2022-03-11 09:07 - 2022-01-31 01:56 - 00370488 (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.


2022-03-11 09:07 - 2014-11-01 00:22 - 00521384 (Microsoft Corporation) C:\Windows\system32\winload.exe.


2022-03-11 09:07 - 2014-06-28 02:21 - 00455752 (Microsoft Corporation) C:\Windows\system32\winresume.exe.


2022-03-11 09:07 - 2014-06-28 02:21 - 00409272 (Microsoft Corporation) C:\Windows\system32\ci.dll.


2022-03-09 10:05 - 2022-03-10 22:08 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-08 13:39 - 2022-03-08 13:39 - 00000000 RD () C:\Users\StudyDesktop\AppData\Roaming\Brother.


2022-03-08 11:26 - 2022-03-08 11:26 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-07 09:26 - 2022-03-07 09:26 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-06 17:35 - 2022-03-06 17:38 - 06208736 (Tim Kosse) C:\Users\StudyDesktop\Downloads\FileZilla 3.10.2 win32-setup.exe.


2022-03-06 10:43 - 2022-03-06 10:43 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


==================== One Month Modified Files and Folders =======


(If an entry is included in the fixlist, the file\folder will be moved.)


2022-04-05 10:37 - 2012-03-23 16:46 - 00000886 () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job.


2022-04-05 10:37 - 2012-03-23 16:46 - 00000882 () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job.


2022-04-05 10:26 - 2014-02-26 16:32 - 00000000 D () C:\Users\StudyDesktop\MoneySunset.


2022-04-05 10:24 - 2011-03-26 15:48 - 00000000 D () C:\Users\StudyDesktop\AppData\Roaming\Skype.


2022-04-05 10:04 - 2012-04-17 08:49 - 00000830 () C:\Windows\Tasks\Adobe Flash Player Updater.job.


2022-04-05 09:28 - 2009-07-14 04:37 - 00000000 D () C:\Windows\tracing.


2022-04-05 09:24 - 2011-03-26 15:48 - 00000000 RD () C:\Program Files\Skype.


2022-04-05 09:24 - 2011-03-26 15:48 - 00000000 D () C:\ProgramData\Skype.


2022-04-05 03:21 - 2011-03-24 13:34 - 01505575 () C:\Windows\WindowsUpdate.log.


2022-04-04 18:02 - 2009-08-26 11:16 - 00000000 D () C:\Users\StudyDesktop\Documents\General.


2022-04-04 17:55 - 2005-04-25 23:07 - 00000000 D () C:\Users\StudyDesktop\Documents\CVS.


2022-04-04 12:19 - 2014-11-17 17:29 - 00000000 D () C:\Users\StudyDesktop\AppData\Roaming\ControlCenter4.


2022-04-04 11:50 - 2013-07-22 09:45 - 00000000 D () C:\Users\StudyDesktop\Documents\Beauclerc Road Ltd.


2022-04-04 11:27 - 2011-03-24 12:42 - 00782470 () C:\Windows\system32\PerfStringBackup.INI.


2022-04-04 09:39 - 2022-02-07 11:54 - 00000000 D () C:\Program Files\Mozilla Firefox.bak.


2022-04-04 09:39 - 2012-07-30 08:29 - 00000000 D () C:\Program Files\Mozilla Maintenance Service.


2022-04-04 09:11 - 2011-05-28 11:32 - 00000000 D () C:\Users\StudyDesktop\Tracing.


2022-04-04 08:30 - 2009-07-14 06:34 - 00020816 H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0.


2022-04-04 08:30 - 2009-07-14 06:34 - 00020816 H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0.


2022-04-04 08:22 - 2011-06-12 20:17 - 04325376 () C:\Windows\system32\Ikeext.etl.


2022-04-04 08:22 - 2009-07-14 06:53 - 00000006 H () C:\Windows\Tasks\SA.DAT.


2022-04-03 09:16 - 2008-01-13 11:32 - 00000000 D () C:\Users\StudyDesktop\Documents\B&B Receipts.


2022-04-01 17:09 - 2014-01-16 13:49 - 00000000 D () C:\Users\StudyDesktop\Documents\Personal Finance.


2022-03-31 17:42 - 2014-11-14 08:57 - 00114904 (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys.


2022-03-31 17:41 - 2014-11-14 08:56 - 00000000 D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware.


2022-03-31 17:41 - 2014-11-14 08:56 - 00000000 D () C:\Program Files\Malwarebytes Anti-Malware.


2022-03-31 17:21 - 2009-07-14 06:53 - 00032620 () C:\Windows\Tasks\SCHEDLGU.TXT.


2022-03-31 16:24 - 2014-06-03 15:55 - 00106912 (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys.


2022-03-31 16:24 - 2014-06-03 15:55 - 00024144 () C:\Windows\system32\Drivers\aswHwid.sys.


2022-03-31 16:24 - 2013-04-25 12:35 - 00427736 (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys.


2022-03-31 16:24 - 2013-04-25 12:35 - 00208024 () C:\Windows\system32\Drivers\aswVmm.sys.


2022-03-31 16:24 - 2013-04-25 12:35 - 00081728 (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys.


2022-03-31 16:24 - 2013-04-25 12:35 - 00073440 (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys.


2022-03-31 16:24 - 2013-04-25 12:35 - 00049904 () C:\Windows\system32\Drivers\aswRvrt.sys.


2022-03-31 16:23 - 2013-04-25 12:35 - 00788272 (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys.


2022-03-30 12:42 - 2008-01-13 11:29 - 00000000 D () C:\Users\StudyDesktop\Documents\B&B Guest Info.


2022-03-27 10:24 - 2022-01-12 13:56 - 00000000 D () C:\Program Files\CCleaner.


2022-03-23 16:25 - 2008-11-21 18:19 - 00000000 D () C:\Users\StudyDesktop\Documents\Personal Income.


2022-03-23 13:28 - 2014-11-17 17:19 - 00007891 () C:\Windows\BRRBCOM.INI.


2022-03-23 09:32 - 2022-01-03 14:13 - 00000000 D () C:\Users\StudyDesktop\AppData\Roaming\Jumping Bytes.


2022-03-22 18:20 - 2009-07-14 04:37 - 00000000 HD () C:\Windows\system32\GroupPolicy.


2022-03-22 16:29 - 2011-05-09 09:30 - 00000000 D () C:\Users\StudyDesktop\AppData\Roaming\ObviousIdea.


2022-03-22 16:27 - 2014-09-29 16:58 - 00000032 () C:\Users\StudyDesktop\AppData\Local\Images.fl.


2022-03-18 17:56 - 2008-11-19 11:31 - 00000000 D () C:\Users\StudyDesktop\Documents\x 19b Sycamore.


2022-03-18 17:56 - 2008-11-19 11:31 - 00000000 D () C:\Users\StudyDesktop\Documents\Beauclerc Road 34.


2022-03-18 17:53 - 2013-01-20 15:38 - 00000000 D () C:\Users\StudyDesktop\Documents\GSE Accounts.


2022-03-18 17:49 - 2011-06-30 11:10 - 00000000 SD () C:\Users\StudyDesktop\Documents\My Web Sites.


2022-03-18 17:45 - 2008-05-06 15:18 - 00000000 D () C:\Users\StudyDesktop\Documents\Cantinone Website Notes.


2022-03-18 12:49 - 2011-03-29 19:37 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\Adobe.


2022-03-18 11:42 - 2009-02-18 15:36 - 00000000 D () C:\Users\StudyDesktop\Documents\Accoglie.


2022-03-18 11:12 - 2012-04-17 08:49 - 00778928 (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe.


2022-03-18 11:12 - 2011-06-24 19:10 - 00142512 (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl.


2022-03-15 13:11 - 2014-01-11 16:30 - 00000000 D () C:\Users\StudyDesktop\Documents\Adtelly.


2022-03-13 18:30 - 2005-04-25 23:13 - 00000000 D () C:\Users\StudyDesktop\Documents\B&B Regulations.


2022-03-13 18:29 - 2013-04-09 17:17 - 00000000 D () C:\Users\StudyDesktop\Documents\Online Bills.


2022-03-13 11:42 - 2013-04-25 12:39 - 00000000 D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.


2022-03-12 10:55 - 2009-07-14 04:37 - 00000000 D () C:\Windows\rescache.


2022-03-11 21:42 - 2009-07-14 06:33 - 00306080 () C:\Windows\system32\FNTCACHE.DAT.


2022-03-11 20:33 - 2011-06-07 15:11 - 00000000 D () C:\ProgramData\Microsoft Help.


2022-03-11 20:31 - 2013-07-26 23:20 - 00000000 D () C:\Windows\system32\MRT.


2022-03-11 20:21 - 2011-04-30 07:26 - 119837696 (Microsoft Corporation) C:\Windows\system32\MRT.exe.


2022-03-06 18:46 - 2011-08-29 13:58 - 00000000 D () C:\Users\StudyDesktop\AppData\Roaming\FileZilla.


==================== Files in the root of some directories =======


2013-10-05 11:52 - 2013-10-05 11:52 - 4188160 () C:\Program Files\GUTB76F.tmp.


2014-10-07 18:46 - 2014-10-07 18:46 - 0000268 RH () C:\Users\StudyDesktop\AppData\Roaming\howto.


2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 RH () C:\Users\StudyDesktop\AppData\Roaming\Vocals.


2014-10-07 18:48 - 2014-10-07 18:48 - 0000268 RH () C:\Users\StudyDesktop\AppData\Roaming\WebServer.


2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 RH () C:\Users\StudyDesktop\AppData\Roaming\Widgets.


2013-04-03 10:49 - 2014-12-09 16:36 - 0005632 () C:\Users\StudyDesktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.


2014-09-29 16:58 - 2022-03-22 16:27 - 0000032 () C:\Users\StudyDesktop\AppData\Local\Images.fl.


2011-12-29 12:21 - 2014-11-13 16:52 - 0007626 () C:\Users\StudyDesktop\AppData\Local\Resmon.ResmonCfg.


2011-03-26 16:07 - 2011-03-26 16:07 - 0000056 H () C:\ProgramData\ezsidmv.dat.


2014-10-07 18:46 - 2014-10-07 18:47 - 0000012 RH () C:\ProgramData\manual.


2014-10-07 18:46 - 2014-10-07 18:46 - 0000020 H () C:\ProgramData\PKP DLeo.DAT.


2014-10-07 18:48 - 2014-10-07 19:04 - 0000020 H () C:\ProgramData\PKP DLes.DAT.


2014-10-07 18:47 - 2014-10-25 17:30 - 0000020 H () C:\ProgramData\PKP DLet.DAT.


2014-10-07 18:47 - 2014-10-07 18:47 - 0000020 H () C:\ProgramData\PKP DLev.DAT.


2014-10-07 18:48 - 2014-10-07 18:48 - 0000012 RH () C:\ProgramData\vhosts.


2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 RH () C:\ProgramData\Woodwinds.


2014-10-07 18:48 - 2014-10-07 18:48 - 0000268 RH () C:\ProgramData\Work - Home.


2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 RH () C:\ProgramData\Workflows.


C:\Users\StudyDesktop\AppData\Local\Temp\SkypeSetup.exe.


C:\Users\StudyDesktop\AppData\Local\Temp\WDAutoUpdate.exe.


(There is no automatic fix for files that do not pass verification.)


C:\Windows\explorer.exe => File is digitally signed.


C:\Windows\system32\winlogon.exe => File is digitally signed.


C:\Windows\system32\wininit.exe => File is digitally signed.


C:\Windows\system32\svchost.exe => File is digitally signed.


C:\Windows\system32\services.exe => File is digitally signed.


C:\Windows\system32\User32.dll => File is digitally signed.


C:\Windows\system32\userinit.exe => File is digitally signed.


C:\Windows\system32\rpcss.dll => File is digitally signed.


C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed.


~~~~~~~~~~~~~~~~~~~ Specs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ASUS N67VM-S3113V, Intel i7-3610 QM, CPU 2.3GHz 8GB RAM, 1TB, 64-bit OS, Windows 10 Home ASUS Eee 1005HA, Intel Atom CPU N270 1.60GHZ 1GB RAM, 32-bit OS, Windows 10 Home.


NUC5i5RYH: Intel i5, 32-bit Windows 10 Pro.


BC AdBot (Login to Remove)


BleepingComputer.com Register to remove ads.


#2 janefs.


Topic Starter Members 53 posts OFFLINE Gender: Female Location: United Kingdom Local time: 03:59 AM.


Posted 05 April 2022 - 04:25 AM.


Hello and happy Easter/hanukkah holiday,


I have an annoying malware which is hi-jacking my Chrome Searches. Not affecting IE/FF/Iron browsers.


I have managed to spread the malware from my Laptop (64bit) to my desktop (32bit) so it may have attached itself to my google profile (maybe?). It arrived on my laptop with an entire fruit salad of malware when I inadvertently clicked on a link. I managed to get rid of all others, but this keeps recurring.


Leaving aside the Laptop, I am concentrating on cleaning the desktop, so here is the FRST log for the desktop, 32bit running Windows 7 Ultimate.


PC appears to be running okay, I just can't use Google search on Chrome reliably.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2022.


Ran by StudyDesktop (administrator) on STUDYDESKTOP-PC on 05-04-2022 10:43:44.


Running from C:\Users\StudyDesktop\Downloads.


Loaded Profiles: StudyDesktop (Available profiles: StudyDesktop)


Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)


Internet Explorer Version 11 (Default browser: Chrome)


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe.


(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe.


(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTDevSrv.exe.


(Teruten) C:\Windows\System32\FsUsbExService.Exe.


(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe.


(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE.


(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe.


(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE.


(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe.


(Secunia) C:\Program Files\Secunia\PSI\sua.exe.


(Intel Corporation) C:\Windows\System32\igfxtray.exe.


(Intel Corporation) C:\Windows\System32\hkcmd.exe.


(Intel Corporation) C:\Windows\System32\igfxpers.exe.


(Intel Corporation) C:\Windows\System32\igfxsrvc.exe.


(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe.


(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe.


(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe.


(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe.


(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe.


(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe.


(Brother Industries, Ltd.) C:\Program Files\Brother\Brother Help\BrotherHelp.exe.


(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe.


(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe.


(Samsung) C:\Program Files\Samsung\Kies\Kies.exe.


(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe.


(Creative Technology Ltd) C:\Program Files\Creative\Software Update 3\SoftAuto.exe.


(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe.


(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe.


(Jumping Bytes) C:\Program Files\PureSync\PureSyncTray.exe.


(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe.


(VoipConnect) C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe.


(Secunia) C:\Program Files\Secunia\PSI\psi tray.exe.


(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe.


(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.


(Microsoft Corporation) C:\Windows\System32\dllhost.exe.


(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe.


(Microsoft Corporation) C:\Windows\System32\taskmgr.exe.


(SRWare) C:\Program Files\SRWare Iron\iron.exe.


(SRWare) C:\Program Files\SRWare Iron\iron.exe.


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\. \Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)


HKLM\. \Run: [EEventManager] => C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe.


HKLM\. \Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2022-03-31] (Avast Software s.r.o.)


HKLM\. \Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)


HKLM\. \Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)


HKLM\. \Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)


HKLM\. \Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)


HKLM\. \Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)


HKLM\. \Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)


HKLM\. \Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)


HKLM\. \Run: [BrHelp] => C:\Program Files\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)


HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->


HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [SoftAuto.exe] => C:\Program Files\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [PureSync] => C:\Program Files\PureSync\PureSyncTray.exe [923312 2022-03-17] (Jumping Bytes)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2022-03-13] (Piriform Ltd)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [*LABAL*] => [X]


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [VoipConnect] => C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe [31445088 2022-03-27] (VoipConnect)


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)


HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->


Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()


Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk.


ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi tray.exe (Secunia)


Startup: C:\Users\StudyDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()


ShellIconOverlayIdentifiers: [00avast] -> => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)


ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)


ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)


ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)


ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)


ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)


ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


HKLM\Software\Microsoft\Internet Explorer\Main,Default Page URL =


HKLM\Software\Microsoft\Internet Explorer\Main,Default Search URL =


HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm.


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cantinone.eu/


HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp.


SearchScopes: HKU\.DEFAULT -> DefaultScope URL =


SearchScopes: HKU\S-1-5-19 -> DefaultScope URL =


SearchScopes: HKU\S-1-5-20 -> DefaultScope URL =


BHO: PlusIEEventHelper Class -> -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)


BHO: avast! Online Security -> -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2022-03-31] (Avast Software s.r.o.)


BHO: Windows Live ID Sign-in Helper -> -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)


BHO: Office Document Cache Handler -> -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)


BHO: Java™ Plug-In 2 SSV Helper -> -> C:\Program Files\Java\jre1.8.0 25\bin\jp2ssv.dll [2014-11-14] (Oracle Corporation)


Handler: skype-ie-addon-data - - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)


Handler: skype4com - - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)


Tcpip\Parameters: [DhcpNameServer] 192.168.0.1.


Tcpip\..\Interfaces\ : [NameServer] 192.168.7.1.


FF ProfilePath: C:\Users\StudyDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\7n4w50mp.default.


FF SearchEngineOrder.1: Yahoo! (Avast)


FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32 16 0 0 305.dll [2022-02-05] ()


FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)


FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0 25\bin\dtplugin\npDeployJava1.dll [2014-11-14] (Oracle Corporation)


FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0 25\bin\plugin2\npjp2.dll [2014-11-14] (Oracle Corporation)


FF Plugin: @microsoft.com/GENUINE -> disabled No File.


FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)


FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)


FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)


FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2022-02-05] (Google Inc.)


FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2022-02-05] (Google Inc.)


FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)


FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)


FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)


FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)


FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)


FF SearchPlugin: C:\Users\StudyDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\7n4w50mp.default\searchplugins\yahoo-avast.xml [2014-06-07]


FF Extension: Google Bookmarks for Firefox - C:\Users\StudyDesktop\AppData\Roaming\Mozilla\Firefox\Profiles\7n4w50mp.default\Extensions\ .xpi [2011-03-29]


FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\ [2022-04-03]


FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\ [2022-04-03]


FF HKLM\. \Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF.


FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-25]


CHR HomePage: Default -> hxxp://www.dalani.it/014-oldengland-house/?&utm source=evening-newsletter&utm medium=da-newsletter&utm content=old england&utm campaign=evening-nl-20140408&utm term=no-special-tg.


CHR DefaultSuggestURL: Default -> search?client=&gs ri=&xssi=t&q=&sugkey=


CHR Profile: C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default.


CHR Extension: (YouTube) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-23]


CHR Extension: (Google Search) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-23]


CHR Extension: (ZenMate) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-06-10]


CHR Extension: (Chrome Hotword Shared Module) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2022-03-05]


CHR Extension: (ADTelly PRO Watch BBC iPlayer & ITV abroad) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijiggndnopldglgelamfhfhicjbfdam [2014-10-05]


CHR Extension: (Google Wallet) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]


CHR Extension: (Watch UK TV Online with Adtelly.tv) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjjcnhdfjhfmkpilggjhhkgafmflld [2014-12-22]


CHR Extension: (Gmail) - C:\Users\StudyDesktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-23]


CHR HKLM\. \Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2022-03-31]


(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2022-03-31] (Avast Software s.r.o.)


R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2022-03-31] (Avast Software s.r.o.)


R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2022-03-31] (Avast Software)


R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]


R2 CTDevice Srv; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]


S3 CTUPnPSv; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]


S4 EPSON EB RPCV4 01; C:\ProgramData\EPSON\EPW!3 SSRP\E S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)


S4 EPSON PM RPCV4 01; C:\ProgramData\EPSON\EPW!3 SSRP\E S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)


R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed]


S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]


S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [33080 2022-03-04] (The OpenVPN Project)


R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)


S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)


R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)


R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)


(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2022-03-31] ()


R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2022-03-31] (Avast Software s.r.o.)


R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2022-03-31] (Avast Software s.r.o.)


R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [271248 2022-03-31] (Avast Software s.r.o.)


R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2022-03-31] (Avast Software s.r.o.)


R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2022-03-31] ()


R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2022-03-31] (Avast Software s.r.o.)


R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2022-03-31] (Avast Software s.r.o.)


R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2022-03-31] (Avast Software s.r.o.)


R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2022-03-31] ()


R3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-14] (Atheros Communications, Inc.)


R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)


R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]


R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()


R3 PSI; C:\Windows\System32\DRIVERS\psi mf x86.sys [16024 2014-11-28] (Secunia)


S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)


S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)


S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)


S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation)


S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)


S3 s116obex; C:\Windows\System32\DRIVERS\s116obex.sys [98696 2007-04-03] (MCCI Corporation)


S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)


R3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-14] (Conexant Systems, Inc.)


R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-11-05] (The OpenVPN Project)


R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2022-03-31] (Avast Software)


R3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [91527 2005-02-26] (VM)


S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]


S4 LMIRfsClientNP; No ImagePath.


S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]


S3 tsusbhub; system32\drivers\tsusbhub.sys [X]


S3 VGPU; System32\drivers\rdvgkmd.sys [X]


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========


(If an entry is included in the fixlist, the file\folder will be moved.)


2022-04-05 10:43 - 2022-04-05 10:44 - 00021790 () C:\Users\StudyDesktop\Downloads\FRST.txt.


2022-04-05 10:43 - 2022-04-05 10:43 - 00000000 D () C:\FRST.


2022-04-05 10:41 - 2022-04-05 10:42 - 01135104 (Farbar) C:\Users\StudyDesktop\Downloads\FRST.exe.


2022-04-05 03:01 - 2022-04-05 03:01 - 00000000 SD () C:\Windows\system32\GWX.


2022-04-04 18:02 - 2022-04-04 18:03 - 00000000 D () C:\Users\StudyDesktop\Documents\Dad Photos.


2022-04-04 09:11 - 2022-04-05 09:13 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-04-03 09:48 - 2022-04-03 09:48 - 00000000 D () C:\Program Files\Mozilla Firefox.


2022-04-02 21:49 - 2022-04-03 09:49 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-04-02 09:47 - 2022-04-02 09:47 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-04-01 08:27 - 2022-04-01 08:27 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-04-01 08:18 - 2022-04-04 08:22 - 00000224 () C:\Windows\setupact.log.


2022-04-01 08:18 - 2022-04-01 08:18 - 00000000 () C:\Windows\setuperr.log.


2022-03-31 19:25 - 2022-03-31 19:25 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-31 18:43 - 2022-03-31 18:46 - 44832392 (SRWare ) C:\Users\StudyDesktop\Documents\srware iron.exe.


2022-03-31 17:41 - 2022-03-31 17:41 - 00001064 () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk.


2022-03-31 17:29 - 2022-03-31 17:29 - 00000000 D () C:\Windows\system32\vbox.


2022-03-31 16:28 - 2022-03-31 16:28 - 00002063 () C:\Users\Public\Desktop\Avast SafeZone.lnk.


2022-03-31 16:28 - 2022-03-31 16:28 - 00002003 () C:\Users\Public\Desktop\Avast Internet Security.lnk.


2022-03-31 16:24 - 2022-03-31 16:23 - 00291312 (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe.


2022-03-31 16:24 - 2022-03-31 16:23 - 00026096 (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys.


2022-03-31 16:23 - 2022-03-31 16:23 - 00043112 (Avast Software s.r.o.) C:\Windows\avastSS.scr.


2022-03-31 16:22 - 2022-03-31 16:22 - 00271248 (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys.


2022-03-31 07:24 - 2022-03-31 07:24 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-30 11:43 - 2022-03-30 11:43 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-28 10:34 - 2022-03-29 10:37 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-26 10:16 - 2022-03-27 10:17 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-24 07:58 - 2022-03-24 07:59 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-23 11:38 - 2022-03-23 11:38 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-23 09:32 - 2022-03-23 09:32 - 00000895 () C:\Users\Public\Desktop\PureSync.lnk.


2022-03-23 09:32 - 2022-03-23 09:32 - 00000000 D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync.


2022-03-23 09:32 - 2022-03-23 09:32 - 00000000 D () C:\Program Files\PureSync.


2022-03-23 09:32 - 2022-03-23 09:32 - 00000000 D () C:\Program Files\Common Files\Jumping Bytes.


2022-03-22 23:35 - 2022-03-22 23:37 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-22 18:24 - 2022-03-22 18:25 - 00000580 RSH () C:\Users\StudyDesktop\ntuser.pol.


2022-03-22 16:51 - 2022-03-22 16:51 - 00001065 () C:\Users\Public\Desktop\OpenVPN GUI.lnk.


2022-03-22 16:48 - 2022-03-22 16:51 - 00000000 D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN.


2022-03-22 16:48 - 2022-03-22 16:51 - 00000000 D () C:\Program Files\TAP-Windows.


2022-03-22 16:48 - 2022-03-22 16:51 - 00000000 D () C:\Program Files\OpenVPN.


2022-03-22 16:48 - 2022-03-22 16:48 - 00000000 D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows.


2022-03-22 10:11 - 2022-03-22 10:11 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-20 10:07 - 2022-03-20 10:07 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-19 08:48 - 2022-03-19 08:48 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-18 10:58 - 2022-03-18 10:58 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-17 08:44 - 2022-03-17 08:44 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-15 12:04 - 2022-03-15 12:04 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-12 10:15 - 2022-03-13 10:18 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-11 21:45 - 2022-03-11 21:46 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-11 10:09 - 2022-03-11 10:09 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-11 09:10 - 2022-02-26 05:11 - 02381312 (Microsoft Corporation) C:\Windows\system32\win32k.sys.


2022-03-11 09:10 - 2022-02-24 04:32 - 00342696 (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll.


2022-03-11 09:10 - 2022-02-21 02:27 - 00418304 (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll.


2022-03-11 09:10 - 2022-02-20 04:08 - 00047616 (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll.


2022-03-11 09:10 - 2022-02-20 04:01 - 00047104 (Microsoft Corporation) C:\Windows\system32\jsproxy.dll.


2022-03-11 09:10 - 2022-02-20 04:00 - 00030720 (Microsoft Corporation) C:\Windows\system32\iernonce.dll.


2022-03-11 09:10 - 2022-02-20 03:56 - 00620032 (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll.


2022-03-11 09:10 - 2022-02-20 03:56 - 00115712 (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe.


2022-03-11 09:10 - 2022-02-20 03:56 - 00102912 (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe.


2022-03-11 09:10 - 2022-02-20 03:50 - 00667648 (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe.


2022-03-11 09:10 - 2022-02-20 03:41 - 00060416 (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll.


2022-03-11 09:10 - 2022-02-20 03:24 - 00684544 (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe.


2022-03-11 09:10 - 2022-02-20 02:57 - 01311232 (Microsoft Corporation) C:\Windows\system32\urlmon.dll.


2022-03-11 09:10 - 2022-02-20 02:55 - 00710144 (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll.


2022-03-11 09:10 - 2022-02-13 07:26 - 12875264 (Microsoft Corporation) C:\Windows\system32\shell32.dll.


2022-03-11 09:10 - 2022-02-03 05:12 - 01230848 (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll.


2022-03-11 09:10 - 2022-01-31 05:32 - 00919552 (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll.


2022-03-11 09:10 - 2022-01-31 04:52 - 00134656 (Microsoft Corporation) C:\Windows\system32\rdpudd.dll.


2022-03-11 09:10 - 2022-01-31 04:51 - 00015872 (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys.


2022-03-11 09:10 - 2022-01-17 04:30 - 00828928 (Microsoft Corporation) C:\Windows\system32\msctf.dll.


2022-03-11 09:09 - 2022-02-21 02:41 - 12827648 (Microsoft Corporation) C:\Windows\system32\ieframe.dll.


2022-03-11 09:09 - 2022-02-21 02:27 - 00285696 (Microsoft Corporation) C:\Windows\system32\dxtrans.dll.


2022-03-11 09:09 - 2022-02-21 02:25 - 19720222 (Microsoft Corporation) C:\Windows\system32\mshtml.dll.


2022-03-11 09:09 - 2022-02-21 01:32 - 00076288 (Microsoft Corporation) C:\Windows\system32\mshtmled.dll.


2022-03-11 09:09 - 2022-02-20 04:22 - 02724864 (Microsoft Corporation) C:\Windows\system32\mshtml.tlb.


2022-03-11 09:09 - 2022-02-20 04:22 - 00004096 (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll.


2022-03-11 09:09 - 2022-02-20 04:09 - 00503296 (Microsoft Corporation) C:\Windows\system32\vbscript.dll.


2022-03-11 09:09 - 2022-02-20 04:08 - 00062464 (Microsoft Corporation) C:\Windows\system32\iesetup.dll.


2022-03-11 09:09 - 2022-02-20 04:06 - 00064000 (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll.


2022-03-11 09:09 - 2022-02-20 04:03 - 02278400 (Microsoft Corporation) C:\Windows\system32\iertutil.dll.


2022-03-11 09:09 - 2022-02-20 03:58 - 00478208 (Microsoft Corporation) C:\Windows\system32\ieui.dll.


2022-03-11 09:09 - 2022-02-20 03:37 - 00168960 (Microsoft Corporation) C:\Windows\system32\msrating.dll.


2022-03-11 09:09 - 2022-02-20 03:30 - 04300288 (Microsoft Corporation) C:\Windows\system32\jscript9.dll.


2022-03-11 09:09 - 2022-02-20 03:24 - 02052608 (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl.


2022-03-11 09:09 - 2022-02-20 03:24 - 00689152 (Microsoft Corporation) C:\Windows\system32\msfeeds.dll.


2022-03-11 09:09 - 2022-02-20 03:23 - 01155072 (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll.


2022-03-11 09:09 - 2022-02-20 03:01 - 01888256 (Microsoft Corporation) C:\Windows\system32\wininet.dll.


2022-03-11 09:08 - 2022-03-06 07:15 - 00137656 (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.


2022-03-11 09:08 - 2022-03-06 07:15 - 00067512 (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.


2022-03-11 09:08 - 2022-03-06 07:10 - 01061376 (Microsoft Corporation) C:\Windows\system32\lsasrv.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00550912 (Microsoft Corporation) C:\Windows\system32\kerberos.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00259584 (Microsoft Corporation) C:\Windows\system32\msv1 0.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00248832 (Microsoft Corporation) C:\Windows\system32\schannel.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00221184 (Microsoft Corporation) C:\Windows\system32\ncrypt.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00172032 (Microsoft Corporation) C:\Windows\system32\wdigest.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00100352 (Microsoft Corporation) C:\Windows\system32\sspicli.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00065536 (Microsoft Corporation) C:\Windows\system32\TSpkg.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00022022 (Microsoft Corporation) C:\Windows\system32\secur32.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00017408 (Microsoft Corporation) C:\Windows\system32\credssp.dll.


2022-03-11 09:08 - 2022-03-06 07:10 - 00015872 (Microsoft Corporation) C:\Windows\system32\sspisrv.dll.


2022-03-11 09:08 - 2022-03-06 07:09 - 00050176 (Microsoft Corporation) C:\Windows\system32\auditpol.exe.


2022-03-11 09:08 - 2022-03-06 07:09 - 00022528 (Microsoft Corporation) C:\Windows\system32\lsass.exe.


2022-03-11 09:08 - 2022-03-06 07:07 - 00146432 (Microsoft Corporation) C:\Windows\system32\msaudite.dll.


2022-03-11 09:08 - 2022-03-06 07:07 - 00060416 (Microsoft Corporation) C:\Windows\system32\msobjs.dll.


2022-03-11 09:08 - 2022-03-06 07:06 - 00686080 (Microsoft Corporation) C:\Windows\system32\adtschema.dll.


2022-03-11 09:08 - 2022-02-20 06:13 - 00070656 (Microsoft Corporation) C:\Windows\system32\fontsub.dll.


2022-03-11 09:08 - 2022-02-20 06:13 - 00034304 (Adobe Systems) C:\Windows\system32\atmlib.dll.


2022-03-11 09:08 - 2022-02-20 06:13 - 00026624 (Microsoft Corporation) C:\Windows\system32\lpk.dll.


2022-03-11 09:08 - 2022-02-20 06:13 - 00010240 (Microsoft Corporation) C:\Windows\system32\dciman32.dll.


2022-03-11 09:08 - 2022-02-20 05:09 - 00299008 (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll.


2022-03-11 09:08 - 2022-02-03 05:12 - 00171520 (Microsoft Corporation) C:\Windows\system32\ubpm.dll.


2022-03-11 09:07 - 2022-02-04 04:54 - 00417792 (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll.


2022-03-11 09:07 - 2022-02-03 05:16 - 03973048 (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe.


2022-03-11 09:07 - 2022-02-03 05:16 - 03917760 (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe.


2022-03-11 09:07 - 2022-02-03 05:16 - 00078784 (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.


2022-03-11 09:07 - 2022-02-03 05:12 - 11411968 (Microsoft Corporation) C:\Windows\system32\wmp.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 03209728 (Microsoft Corporation) C:\Windows\system32\mf.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 01329664 (Microsoft Corporation) C:\Windows\system32\quartz.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 01174528 (Microsoft Corporation) C:\Windows\system32\crypt32.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 01005056 (Microsoft Corporation) C:\Windows\system32\cryptui.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00988160 (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00744960 (Microsoft Corporation) C:\Windows\system32\blackbox.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00617984 (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00519680 (Microsoft Corporation) C:\Windows\system32\qdvd.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00504320 (Microsoft Corporation) C:\Windows\system32\msscp.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00489984 (Microsoft Corporation) C:\Windows\system32\evr.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00475136 (Microsoft Corporation) C:\Windows\system32\audiosrv.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00442880 (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00406016 (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00400896 (Microsoft Corporation) C:\Windows\system32\srcore.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00374784 (Microsoft Corporation) C:\Windows\system32\AudioEng.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00354816 (Microsoft Corporation) C:\Windows\system32\mfplat.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00275968 (Microsoft Corporation) C:\Windows\system32\EncDump.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00265216 (Microsoft Corporation) C:\Windows\system32\msnetobj.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00195584 (Microsoft Corporation) C:\Windows\system32\AudioSes.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00179200 (Microsoft Corporation) C:\Windows\system32\wintrust.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00157184 (Microsoft Corporation) C:\Windows\system32\pcasvc.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00143872 (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00103936 (Microsoft Corporation) C:\Windows\system32\cryptnet.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00103424 (Microsoft Corporation) C:\Windows\system32\mfps.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00081408 (Microsoft Corporation) C:\Windows\system32\cryptsp.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00069632 (Microsoft Corporation) C:\Windows\system32\smss.exe.


2022-03-11 09:07 - 2022-02-03 05:12 - 00050688 (Microsoft Corporation) C:\Windows\system32\appidapi.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00050176 (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00043008 (Microsoft Corporation) C:\Windows\system32\srclient.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00038912 (Microsoft Corporation) C:\Windows\system32\csrsrv.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00028160 (Microsoft Corporation) C:\Windows\system32\pcadm.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00027648 (Microsoft Corporation) C:\Windows\system32\appidsvc.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00010752 (Microsoft Corporation) C:\Windows\system32\msmmsp.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00008192 (Microsoft Corporation) C:\Windows\system32\spwmp.dll.


2022-03-11 09:07 - 2022-02-03 05:12 - 00004096 (Microsoft Corporation) C:\Windows\system32\msdxm.ocx.


2022-03-11 09:07 - 2022-02-03 05:12 - 00004096 (Microsoft Corporation) C:\Windows\system32\dxmasf.dll.


2022-03-11 09:07 - 2022-02-03 05:11 - 12625408 (Microsoft Corporation) C:\Windows\system32\wmploc.DLL.


2022-03-11 09:07 - 2022-02-03 05:11 - 00262656 (Microsoft Corporation) C:\Windows\system32\rstrui.exe.


2022-03-11 09:07 - 2022-02-03 05:11 - 00100864 (Microsoft Corporation) C:\Windows\system32\audiodg.exe.


2022-03-11 09:07 - 2022-02-03 05:11 - 00096768 (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe.


2022-03-11 09:07 - 2022-02-03 05:11 - 00050176 (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe.


2022-03-11 09:07 - 2022-02-03 05:11 - 00023040 (Microsoft Corporation) C:\Windows\system32\mfpmp.exe.


2022-03-11 09:07 - 2022-02-03 05:11 - 00016896 (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe.


2022-03-11 09:07 - 2022-02-03 05:11 - 00009728 (Microsoft Corporation) C:\Windows\system32\pcawrk.exe.


2022-03-11 09:07 - 2022-02-03 05:11 - 00008192 (Microsoft Corporation) C:\Windows\system32\pcalua.exe.


2022-03-11 09:07 - 2022-02-03 05:10 - 00008704 (Microsoft Corporation) C:\Windows\system32\pcaevts.dll.


2022-03-11 09:07 - 2022-02-03 05:09 - 00002048 (Microsoft Corporation) C:\Windows\system32\mferror.dll.


2022-03-11 09:07 - 2022-02-03 05:08 - 00006656 (Microsoft Corporation) C:\Windows\system32\apisetschema.dll.


2022-03-11 09:07 - 2022-02-03 05:00 - 00593920 (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.


2022-03-11 09:07 - 2022-02-03 04:26 - 00050176 (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.


2022-03-11 09:07 - 2022-01-31 01:56 - 00370488 (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.


2022-03-11 09:07 - 2014-11-01 00:22 - 00521384 (Microsoft Corporation) C:\Windows\system32\winload.exe.


2022-03-11 09:07 - 2014-06-28 02:21 - 00455752 (Microsoft Corporation) C:\Windows\system32\winresume.exe.


2022-03-11 09:07 - 2014-06-28 02:21 - 00409272 (Microsoft Corporation) C:\Windows\system32\ci.dll.


2022-03-09 10:05 - 2022-03-10 22:08 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-08 13:39 - 2022-03-08 13:39 - 00000000 RD () C:\Users\StudyDesktop\AppData\Roaming\Brother.


2022-03-08 11:26 - 2022-03-08 11:26 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-07 09:26 - 2022-03-07 09:26 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


2022-03-06 17:35 - 2022-03-06 17:38 - 06208736 (Tim Kosse) C:\Users\StudyDesktop\Downloads\FileZilla 3.10.2 win32-setup.exe.


2022-03-06 10:43 - 2022-03-06 10:43 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\


==================== One Month Modified Files and Folders =======


(If an entry is included in the fixlist, the file\folder will be moved.)


2022-04-05 10:37 - 2012-03-23 16:46 - 00000886 () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job.


2022-04-05 10:37 - 2012-03-23 16:46 - 00000882 () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job.


2022-04-05 10:26 - 2014-02-26 16:32 - 00000000 D () C:\Users\StudyDesktop\MoneySunset.


2022-04-05 10:24 - 2011-03-26 15:48 - 00000000 D () C:\Users\StudyDesktop\AppData\Roaming\Skype.


2022-04-05 10:04 - 2012-04-17 08:49 - 00000830 () C:\Windows\Tasks\Adobe Flash Player Updater.job.


2022-04-05 09:28 - 2009-07-14 04:37 - 00000000 D () C:\Windows\tracing.


2022-04-05 09:24 - 2011-03-26 15:48 - 00000000 RD () C:\Program Files\Skype.


2022-04-05 09:24 - 2011-03-26 15:48 - 00000000 D () C:\ProgramData\Skype.


2022-04-05 03:21 - 2011-03-24 13:34 - 01505575 () C:\Windows\WindowsUpdate.log.


2022-04-04 18:02 - 2009-08-26 11:16 - 00000000 D () C:\Users\StudyDesktop\Documents\General.


2022-04-04 17:55 - 2005-04-25 23:07 - 00000000 D () C:\Users\StudyDesktop\Documents\CVS.


2022-04-04 12:19 - 2014-11-17 17:29 - 00000000 D () C:\Users\StudyDesktop\AppData\Roaming\ControlCenter4.


2022-04-04 11:50 - 2013-07-22 09:45 - 00000000 D () C:\Users\StudyDesktop\Documents\Beauclerc Road Ltd.


2022-04-04 11:27 - 2011-03-24 12:42 - 00782470 () C:\Windows\system32\PerfStringBackup.INI.


2022-04-04 09:39 - 2022-02-07 11:54 - 00000000 D () C:\Program Files\Mozilla Firefox.bak.


2022-04-04 09:39 - 2012-07-30 08:29 - 00000000 D () C:\Program Files\Mozilla Maintenance Service.


2022-04-04 09:11 - 2011-05-28 11:32 - 00000000 D () C:\Users\StudyDesktop\Tracing.


2022-04-04 08:30 - 2009-07-14 06:34 - 00020816 H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0.


2022-04-04 08:30 - 2009-07-14 06:34 - 00020816 H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0.


2022-04-04 08:22 - 2011-06-12 20:17 - 04325376 () C:\Windows\system32\Ikeext.etl.


2022-04-04 08:22 - 2009-07-14 06:53 - 00000006 H () C:\Windows\Tasks\SA.DAT.


2022-04-03 09:16 - 2008-01-13 11:32 - 00000000 D () C:\Users\StudyDesktop\Documents\B&B Receipts.


2022-04-01 17:09 - 2014-01-16 13:49 - 00000000 D () C:\Users\StudyDesktop\Documents\Personal Finance.


2022-03-31 17:42 - 2014-11-14 08:57 - 00114904 (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys.


2022-03-31 17:41 - 2014-11-14 08:56 - 00000000 D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware.


2022-03-31 17:41 - 2014-11-14 08:56 - 00000000 D () C:\Program Files\Malwarebytes Anti-Malware.


2022-03-31 17:21 - 2009-07-14 06:53 - 00032620 () C:\Windows\Tasks\SCHEDLGU.TXT.


2022-03-31 16:24 - 2014-06-03 15:55 - 00106912 (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys.


2022-03-31 16:24 - 2014-06-03 15:55 - 00024144 () C:\Windows\system32\Drivers\aswHwid.sys.


2022-03-31 16:24 - 2013-04-25 12:35 - 00427736 (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys.


2022-03-31 16:24 - 2013-04-25 12:35 - 00208024 () C:\Windows\system32\Drivers\aswVmm.sys.


2022-03-31 16:24 - 2013-04-25 12:35 - 00081728 (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys.


2022-03-31 16:24 - 2013-04-25 12:35 - 00073440 (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys.


2022-03-31 16:24 - 2013-04-25 12:35 - 00049904 () C:\Windows\system32\Drivers\aswRvrt.sys.


2022-03-31 16:23 - 2013-04-25 12:35 - 00788272 (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys.


2022-03-30 12:42 - 2008-01-13 11:29 - 00000000 D () C:\Users\StudyDesktop\Documents\B&B Guest Info.


2022-03-27 10:24 - 2022-01-12 13:56 - 00000000 D () C:\Program Files\CCleaner.


2022-03-23 16:25 - 2008-11-21 18:19 - 00000000 D () C:\Users\StudyDesktop\Documents\Personal Income.


2022-03-23 13:28 - 2014-11-17 17:19 - 00007891 () C:\Windows\BRRBCOM.INI.


2022-03-23 09:32 - 2022-01-03 14:13 - 00000000 D () C:\Users\StudyDesktop\AppData\Roaming\Jumping Bytes.


2022-03-22 18:20 - 2009-07-14 04:37 - 00000000 HD () C:\Windows\system32\GroupPolicy.


2022-03-22 16:29 - 2011-05-09 09:30 - 00000000 D () C:\Users\StudyDesktop\AppData\Roaming\ObviousIdea.


2022-03-22 16:27 - 2014-09-29 16:58 - 00000032 () C:\Users\StudyDesktop\AppData\Local\Images.fl.


2022-03-18 17:56 - 2008-11-19 11:31 - 00000000 D () C:\Users\StudyDesktop\Documents\x 19b Sycamore.


2022-03-18 17:56 - 2008-11-19 11:31 - 00000000 D () C:\Users\StudyDesktop\Documents\Beauclerc Road 34.


2022-03-18 17:53 - 2013-01-20 15:38 - 00000000 D () C:\Users\StudyDesktop\Documents\GSE Accounts.


2022-03-18 17:49 - 2011-06-30 11:10 - 00000000 SD () C:\Users\StudyDesktop\Documents\My Web Sites.


2022-03-18 17:45 - 2008-05-06 15:18 - 00000000 D () C:\Users\StudyDesktop\Documents\Cantinone Website Notes.


2022-03-18 12:49 - 2011-03-29 19:37 - 00000000 D () C:\Users\StudyDesktop\AppData\Local\Adobe.


2022-03-18 11:42 - 2009-02-18 15:36 - 00000000 D () C:\Users\StudyDesktop\Documents\Accoglie.


2022-03-18 11:12 - 2012-04-17 08:49 - 00778928 (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe.


2022-03-18 11:12 - 2011-06-24 19:10 - 00142512 (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl.


2022-03-15 13:11 - 2014-01-11 16:30 - 00000000 D () C:\Users\StudyDesktop\Documents\Adtelly.


2022-03-13 18:30 - 2005-04-25 23:13 - 00000000 D () C:\Users\StudyDesktop\Documents\B&B Regulations.


2022-03-13 18:29 - 2013-04-09 17:17 - 00000000 D () C:\Users\StudyDesktop\Documents\Online Bills.


2022-03-13 11:42 - 2013-04-25 12:39 - 00000000 D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.


2022-03-12 10:55 - 2009-07-14 04:37 - 00000000 D () C:\Windows\rescache.


2022-03-11 21:42 - 2009-07-14 06:33 - 00306080 () C:\Windows\system32\FNTCACHE.DAT.


2022-03-11 20:33 - 2011-06-07 15:11 - 00000000 D () C:\ProgramData\Microsoft Help.


2022-03-11 20:31 - 2013-07-26 23:20 - 00000000 D () C:\Windows\system32\MRT.


2022-03-11 20:21 - 2011-04-30 07:26 - 119837696 (Microsoft Corporation) C:\Windows\system32\MRT.exe.


2022-03-06 18:46 - 2011-08-29 13:58 - 00000000 D () C:\Users\StudyDesktop\AppData\Roaming\FileZilla.


==================== Files in the root of some directories =======


2013-10-05 11:52 - 2013-10-05 11:52 - 4188160 () C:\Program Files\GUTB76F.tmp.


2014-10-07 18:46 - 2014-10-07 18:46 - 0000268 RH () C:\Users\StudyDesktop\AppData\Roaming\howto.


2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 RH () C:\Users\StudyDesktop\AppData\Roaming\Vocals.


2014-10-07 18:48 - 2014-10-07 18:48 - 0000268 RH () C:\Users\StudyDesktop\AppData\Roaming\WebServer.


2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 RH () C:\Users\StudyDesktop\AppData\Roaming\Widgets.


2013-04-03 10:49 - 2014-12-09 16:36 - 0005632 () C:\Users\StudyDesktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.


2014-09-29 16:58 - 2022-03-22 16:27 - 0000032 () C:\Users\StudyDesktop\AppData\Local\Images.fl.


2011-12-29 12:21 - 2014-11-13 16:52 - 0007626 () C:\Users\StudyDesktop\AppData\Local\Resmon.ResmonCfg.


2011-03-26 16:07 - 2011-03-26 16:07 - 0000056 H () C:\ProgramData\ezsidmv.dat.


2014-10-07 18:46 - 2014-10-07 18:47 - 0000012 RH () C:\ProgramData\manual.


2014-10-07 18:46 - 2014-10-07 18:46 - 0000020 H () C:\ProgramData\PKP DLeo.DAT.


2014-10-07 18:48 - 2014-10-07 19:04 - 0000020 H () C:\ProgramData\PKP DLes.DAT.


2014-10-07 18:47 - 2014-10-25 17:30 - 0000020 H () C:\ProgramData\PKP DLet.DAT.


2014-10-07 18:47 - 2014-10-07 18:47 - 0000020 H () C:\ProgramData\PKP DLev.DAT.


2014-10-07 18:48 - 2014-10-07 18:48 - 0000012 RH () C:\ProgramData\vhosts.


2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 RH () C:\ProgramData\Woodwinds.


2014-10-07 18:48 - 2014-10-07 18:48 - 0000268 RH () C:\ProgramData\Work - Home.


2014-10-07 18:47 - 2014-10-07 18:47 - 0000268 RH () C:\ProgramData\Workflows.


C:\Users\StudyDesktop\AppData\Local\Temp\SkypeSetup.exe.


C:\Users\StudyDesktop\AppData\Local\Temp\WDAutoUpdate.exe.


(There is no automatic fix for files that do not pass verification.)


C:\Windows\explorer.exe => File is digitally signed.


C:\Windows\system32\winlogon.exe => File is digitally signed.


C:\Windows\system32\wininit.exe => File is digitally signed.


C:\Windows\system32\svchost.exe => File is digitally signed.


C:\Windows\system32\services.exe => File is digitally signed.


C:\Windows\system32\User32.dll => File is digitally signed.


C:\Windows\system32\userinit.exe => File is digitally signed.


C:\Windows\system32\rpcss.dll => File is digitally signed.


C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed.


Attached Files.


~~~~~~~~~~~~~~~~~~~ Specs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ASUS N67VM-S3113V, Intel i7-3610 QM, CPU 2.3GHz 8GB RAM, 1TB, 64-bit OS, Windows 10 Home ASUS Eee 1005HA, Intel Atom CPU N270 1.60GHZ 1GB RAM, 32-bit OS, Windows 10 Home.


NUC5i5RYH: Intel i5, 32-bit Windows 10 Pro.


#3 nasdaq.


Malware Response Team 48,317 posts OFFLINE Gender: Male Location: Montreal, QC. Canada Local time: 09:59 PM.


Posted 05 April 2022 - 08:14 AM.


Hello, Welcome to BleepingComputer. I'm nasdaq and will be helping you.


If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. ===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start CloseProcesses: HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-2339582824-2284352642-1849451596-1001\. \Run: [*LABAL*] => [X] FF SearchEngineOrder.1: Yahoo! (Avast) FF Plugin: @microsoft.com/GENUINE -> disabled No File CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006" CHR HKLM\. \Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2022-03-31] S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X] S4 LMIRfsClientNP; No ImagePath S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] AlternateDataStreams: C:\ProgramData\TEMP:6DDED7D9 End.


Save the files as fixlist.txt into the same folder as FRST.


Run FRST and click Fix only once and wait.


Restart the computer normally to reset the registry.


The tool will create a log (Fixlog.txt) please post it to your reply. ===


Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Click the Report button and the report will open in Notepad. If you click the Clean button all items listed in the report will be removed . Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Check off the element(s) you wish to keep. Click on the Clean button follow the prompts. A log file will automatically open after the scan has finished. Please post the content of that log file with your next answer. You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).


Reset the browsers that have been compromised.


Reset Chrome. Open Google Chrome, click on menu icon which is located right side top of the google chrome. Click "Settings" then "Show advanced settings" at the bottom of the screen. Click "Reset browser settings" button. Restart Chrome. ====


Reset Internet Explorer: Menu > Tools > Internet Options > Advanced Tab. Click the Reset button on the bottom of the pane. Click the Apply button. Close IE.


How is the computer running now?


p.s. I have merged you posts.

Corretores de opções binárias confiáveis

Corretoras de opções binárias confiáveis - encontre a melhor plataforma para negociar com segurança Quando se trata de operar no mercado d...