Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extreme slowness even in Safe Mode


  • This topic is locked This topic is locked
28 replies to this topic

#1 kgtrojan

kgtrojan

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 05 August 2017 - 07:46 PM

I am experiencing extreme slowness in booting up (over an hour), browser usage and launching programs.  I went through list of slow computer fixes posted by quietman7, which seemed to help at first, but after about an hour the slowness returned.  I did have a "hard disk failure" message a few weeks ago, but I was able to still do a hard reboot.  I am not sure if the slowness is a result of an infection, but I would appreciate any help that be provided in fixing this issue.

 

FRST.txt and Addition.txt Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by User (administrator) on KAPPY-PC (05-08-2017 17:21:52)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: Kappy & User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-314803027-123487486-2882202857-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-314803027-123487486-2882202857-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{2DF0F14B-DD12-4963-B6BA-CED520C134C8}: [NameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-314803027-123487486-2882202857-1001 -> DefaultScope {97E74ECB-9A37-43A2-9ED4-F0B14A4C0242} URL =
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-30] (AO Kaspersky Lab)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-18] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-18] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-30] (AO Kaspersky Lab)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-18] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-18] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-30] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-30] (AO Kaspersky Lab)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: 3uit54mf.default-1501347039285
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3uit54mf.default-1501347039285 [2017-08-05]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-07-26]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-24] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-11-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 0108341383330245mcinstcleanup; C:\Windows\TEMP\010834~1.EXE [827456 2012-01-09] (McAfee, Inc.)
S2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-09] (Dell Products, LP.) [File not signed]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
S2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
S0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab)
S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [195264 2017-07-26] (AO Kaspersky Lab)
S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [314864 2017-04-11] (AO Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1038528 2017-07-26] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2016-12-30] (AO Kaspersky Lab)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [135904 2017-03-14] (AO Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199640 2017-07-26] (AO Kaspersky Lab)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-05] (Malwarebytes)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-05 16:50 - 2017-08-05 17:21 - 000013693 _____ C:\Users\User\Downloads\FRST.txt
2017-08-05 16:06 - 2017-08-05 16:50 - 000000000 ____D C:\FRST
2017-08-05 16:01 - 2017-08-05 16:02 - 002381312 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2017-08-05 06:53 - 2017-08-05 06:53 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-07-30 10:17 - 2017-08-05 08:07 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-07-29 15:44 - 2017-07-29 15:44 - 000000000 ____D C:\Windows\SysWOW64\%Data%
2017-07-29 13:05 - 2017-07-29 13:11 - 000287544 _____ C:\Windows\Minidump\072917-450842-01.dmp
2017-07-29 09:50 - 2017-07-29 09:50 - 000000000 ____D C:\Users\User\Desktop\Old Firefox Data
2017-07-28 03:55 - 2017-07-28 03:55 - 000010248 ____N C:\bootsqm.dat
2017-07-15 06:31 - 2017-06-29 21:15 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-15 06:31 - 2017-06-29 20:32 - 000346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-15 06:31 - 2017-06-29 19:40 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-15 06:31 - 2017-06-29 19:40 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-15 06:31 - 2017-06-29 19:39 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-15 06:31 - 2017-06-29 19:39 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-15 06:31 - 2017-06-29 19:38 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-15 06:31 - 2017-06-29 19:38 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-15 06:31 - 2017-06-29 19:38 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-15 06:31 - 2017-06-29 19:38 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-15 06:31 - 2017-06-29 19:38 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-15 06:31 - 2017-06-29 19:38 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-15 06:31 - 2017-06-29 19:38 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-15 06:31 - 2017-06-29 19:38 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-15 06:31 - 2017-06-29 19:27 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-15 06:31 - 2017-06-29 19:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-15 06:31 - 2017-06-29 19:26 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-15 06:31 - 2017-06-29 19:26 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-15 06:31 - 2017-06-28 23:27 - 025734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-15 06:31 - 2017-06-28 23:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-15 06:31 - 2017-06-28 23:18 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-15 06:31 - 2017-06-28 23:04 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-15 06:31 - 2017-06-28 23:03 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-15 06:31 - 2017-06-28 23:03 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-15 06:31 - 2017-06-28 23:02 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-15 06:31 - 2017-06-28 23:02 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-15 06:31 - 2017-06-28 23:02 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-15 06:31 - 2017-06-28 22:55 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-15 06:31 - 2017-06-28 22:54 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-15 06:31 - 2017-06-28 22:51 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-15 06:31 - 2017-06-28 22:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-15 06:31 - 2017-06-28 22:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-15 06:31 - 2017-06-28 22:50 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-15 06:31 - 2017-06-28 22:50 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-15 06:31 - 2017-06-28 22:44 - 005975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-15 06:31 - 2017-06-28 22:43 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-15 06:31 - 2017-06-28 22:39 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-15 06:31 - 2017-06-28 22:35 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-15 06:31 - 2017-06-28 22:31 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-15 06:31 - 2017-06-28 22:31 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-15 06:31 - 2017-06-28 22:30 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-15 06:31 - 2017-06-28 22:27 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-15 06:31 - 2017-06-28 22:26 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-15 06:31 - 2017-06-28 22:23 - 020270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-15 06:31 - 2017-06-28 22:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-15 06:31 - 2017-06-28 22:23 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-15 06:31 - 2017-06-28 22:23 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-15 06:31 - 2017-06-28 22:23 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-15 06:31 - 2017-06-28 22:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-15 06:31 - 2017-06-28 22:22 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-15 06:31 - 2017-06-28 22:22 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-15 06:31 - 2017-06-28 22:19 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-15 06:31 - 2017-06-28 22:17 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-15 06:31 - 2017-06-28 22:16 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-15 06:31 - 2017-06-28 22:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-15 06:31 - 2017-06-28 22:13 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-15 06:31 - 2017-06-28 22:13 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-15 06:31 - 2017-06-28 22:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-15 06:31 - 2017-06-28 22:11 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-15 06:31 - 2017-06-28 22:09 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-15 06:31 - 2017-06-28 22:09 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-15 06:31 - 2017-06-28 22:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-15 06:31 - 2017-06-28 22:07 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-15 06:31 - 2017-06-28 22:05 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-15 06:31 - 2017-06-28 22:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-15 06:31 - 2017-06-28 22:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-15 06:31 - 2017-06-28 22:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-15 06:31 - 2017-06-28 21:58 - 015253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-15 06:31 - 2017-06-28 21:58 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-15 06:31 - 2017-06-28 21:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-15 06:31 - 2017-06-28 21:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-15 06:31 - 2017-06-28 21:54 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-15 06:31 - 2017-06-28 21:53 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-15 06:31 - 2017-06-28 21:52 - 004549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-15 06:31 - 2017-06-28 21:48 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-15 06:31 - 2017-06-28 21:47 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-15 06:31 - 2017-06-28 21:46 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-15 06:31 - 2017-06-28 21:46 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-15 06:31 - 2017-06-28 21:43 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-15 06:31 - 2017-06-28 21:41 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-15 06:31 - 2017-06-28 21:29 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-15 06:31 - 2017-06-28 21:28 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-15 06:31 - 2017-06-28 21:24 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-15 06:31 - 2017-06-28 21:23 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-15 06:31 - 2017-06-22 07:58 - 003223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-15 06:31 - 2017-06-15 13:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-15 06:31 - 2017-06-12 15:54 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-15 06:31 - 2017-06-12 15:54 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-15 06:31 - 2017-06-12 15:54 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-15 06:31 - 2017-06-12 15:49 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-15 06:31 - 2017-06-12 15:49 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-15 06:31 - 2017-06-12 15:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-15 06:31 - 2017-06-12 15:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-15 06:31 - 2017-06-12 15:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-15 06:31 - 2017-06-12 15:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-15 06:31 - 2017-06-12 15:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-15 06:31 - 2017-06-12 15:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-15 06:31 - 2017-06-12 15:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-15 06:31 - 2017-06-12 15:29 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-15 06:31 - 2017-06-12 15:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-15 06:31 - 2017-06-12 15:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-15 06:31 - 2017-06-12 15:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-15 06:31 - 2017-06-12 15:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-15 06:31 - 2017-06-12 15:12 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-15 06:31 - 2017-06-12 15:12 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-15 06:31 - 2017-06-12 15:12 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-15 06:31 - 2017-06-12 15:11 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-15 06:31 - 2017-06-12 15:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-15 06:31 - 2017-06-12 15:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-15 06:31 - 2017-06-12 15:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-15 06:31 - 2017-06-12 15:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-15 06:31 - 2017-06-12 15:05 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-15 06:31 - 2017-06-10 08:59 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-15 06:31 - 2017-06-10 08:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-15 06:31 - 2017-06-09 08:33 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-15 06:31 - 2017-06-06 08:30 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-15 06:31 - 2017-06-06 08:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-15 06:31 - 2017-05-29 21:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-15 06:31 - 2017-05-29 21:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-15 06:31 - 2017-05-29 21:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-15 06:31 - 2017-05-20 21:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-15 06:31 - 2017-05-20 21:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-15 06:31 - 2017-05-16 08:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-15 06:31 - 2017-05-16 08:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-15 06:31 - 2017-05-16 08:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-15 06:31 - 2017-05-03 08:34 - 000094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-15 06:31 - 2017-05-03 08:29 - 001206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-15 06:31 - 2017-05-03 06:05 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-15 06:31 - 2017-05-03 06:05 - 000620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-15 06:31 - 2017-05-03 06:05 - 000535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-15 06:31 - 2017-05-03 06:05 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-15 06:31 - 2017-05-03 06:05 - 000311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-15 06:31 - 2017-05-03 06:05 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-15 06:31 - 2017-05-03 06:05 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-15 06:31 - 2017-03-22 19:06 - 001691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-05 15:42 - 2009-07-13 22:13 - 000006214 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-05 15:40 - 2017-06-11 11:29 - 000756882 _____ C:\Windows\ntbtlog.txt
2017-08-05 15:12 - 2017-04-23 07:06 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-08-05 12:08 - 2016-11-18 21:54 - 000000000 ____D C:\Users\Kappy\AppData\LocalLow\Mozilla
2017-08-05 08:08 - 2013-11-01 12:18 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-08-05 08:01 - 2015-07-02 18:35 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-05 08:00 - 2009-07-13 21:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-05 08:00 - 2009-07-13 21:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-05 07:51 - 2017-06-09 22:32 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-05 07:51 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-03 22:35 - 2013-01-23 05:36 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-08-03 22:29 - 2013-01-23 05:48 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-08-03 22:29 - 2013-01-23 05:48 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-07-30 01:22 - 2013-01-23 05:19 - 000000000 ____D C:\Windows\system32\Macromed
2017-07-30 01:08 - 2013-01-23 05:19 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-29 13:34 - 2017-04-23 06:57 - 000000000 ____D C:\Users\User\AppData\Local\SoftThinks
2017-07-29 13:05 - 2016-08-22 08:29 - 000000000 ____D C:\Windows\Minidump
2017-07-29 08:57 - 2017-04-23 06:57 - 000000632 __RSH C:\Users\User\ntuser.pol
2017-07-26 21:48 - 2016-09-13 00:03 - 001038528 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2017-07-26 21:48 - 2016-06-26 16:10 - 000195264 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2017-07-26 21:48 - 2016-06-14 18:47 - 000199640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys
2017-07-16 13:56 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\rescache
2017-07-16 06:56 - 2009-07-13 21:45 - 000443208 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-16 06:53 - 2014-12-11 04:19 - 000000000 ____D C:\Windows\system32\appraiser
2017-07-15 10:33 - 2017-06-09 22:31 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-15 06:32 - 2017-03-28 06:15 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-15 06:03 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\NDF
2017-07-15 03:33 - 2013-11-02 09:20 - 000000000 ____D C:\Windows\system32\MRT
2017-07-15 03:27 - 2013-11-02 09:20 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-04-02 06:05 - 2017-03-12 13:53 - 000000949 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-15 03:50

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by User (05-08-2017 17:24:49)
Running from C:\Users\User\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-11-01 18:23:59)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-314803027-123487486-2882202857-500 - Administrator - Disabled)
Guest (S-1-5-21-314803027-123487486-2882202857-501 - Limited - Disabled)
Kappy (S-1-5-21-314803027-123487486-2882202857-1000 - Limited - Enabled) => C:\Users\Kappy
User (S-1-5-21-314803027-123487486-2882202857-1001 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{9DDFE322-6BA0-4F90-8689-D98382492371}) (Version: 2.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}) (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4815.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{F390D923-76F1-458E-8218-8C0C156CDCFD}) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.5.8 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 - Realtek Semiconductor Corp.)
Self-service Plug-in (HKLM-x32\...\{47117FCA-0D00-4B6D-9D68-00B763629463}) (Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-03-19] (Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {047BF46C-4170-4EC7-8563-126C238F3AE9} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {11608FD5-4D97-4E17-8D9D-3C49BB0A4432} - System32\Tasks\{1DC12E11-AF2F-4CA0-9963-9A44A9AAA534} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {2FA42E04-0F1D-4356-9EDC-E350A1B4895B} - System32\Tasks\{4D0812FB-5571-40B9-A6F9-3348E3A80072} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {303D2C0A-578C-487B-9368-627CBACAC8CD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {4A5EA31C-90F7-48C3-8BEB-1D7FE51D4108} - System32\Tasks\{7A32114A-717E-4855-8F82-096A10A12466} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {595E7DAA-6630-4ED3-BE81-E63775FD29C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {6F7155E0-D698-447D-922E-269758FE1D53} - System32\Tasks\{7099E416-84DE-473D-B4FC-44463059B53E} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {7537CA2E-EEB6-475E-93A1-9503CA8D1089} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {7738D19C-6CD4-4B26-989A-2DF4DDDFFC0D} - System32\Tasks\{CC7282E0-6CE9-4541-BFCE-B580FE737961} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {7A161304-054D-4BC8-B33F-CFF969D064D4} - System32\Tasks\{5B8E5311-3D40-4DE7-AD14-92CA5B385E10} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {8814AD67-7901-4998-8A3A-FCBEA1DE4F9D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {94B959AB-4A8A-450D-85DA-BD7DEEB75B8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {A1B2CEF2-846B-422F-9BB4-0A2E6FEB08E6} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {A7634F8D-8BFD-42C9-A930-5CFBB8991F34} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-24] (Adobe Systems Incorporated)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {ACE7E45E-B46E-4AA4-BB7B-64F5F70CB38E} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {AE8E4E40-992A-40ED-B4A2-67A7672BF1DE} - System32\Tasks\{D4B85AE8-3F96-4270-8D9E-C2B99A0E14EB} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {EE1F3A5F-A108-4214-9384-421D3EF536D1} - System32\Tasks\{B4FAD1D1-EC77-46B6-B0F6-54AFFC51DA79} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-09-15 04:21 - 2015-09-01 09:04 - 008901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-15 04:21 - 2015-09-01 05:25 - 008901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-314803027-123487486-2882202857-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: 0108341383330245mcinstcleanup => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C9484A28-F48D-43D2-8A55-81BEEDC3516F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3883E520-8804-408C-9312-26F39717C382}] => (Allow) LPort=2869
FirewallRules: [{FB6E098A-788F-49D5-9926-71C889800D74}] => (Allow) LPort=1900
FirewallRules: [{90ABA078-25A3-4843-A908-6E04D2339C47}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4FC98A46-4636-4C64-AE84-2A17F5BC7565}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{5845D5C7-CDEF-44FD-B300-40DFBF2ED60D}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{AD6E3AFF-721E-46A2-AF10-4702710404C1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{5FBE8E0E-433C-4663-A1A0-EFB6D32DCD60}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{0B0948E8-0939-4EE3-8EEB-DAF5484C9B8B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A6BD848-1877-435C-B49F-A63E0E9703F8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A5D4F80F-DF54-4905-B5AE-F3114C4F9BB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{74AABA74-9E66-45B9-A76C-8FF99D7420F4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F6633400-C916-4D0E-916D-1A5E61F7F563}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{443B0070-5D08-421B-B47E-F1A20A1170BC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B91D63ED-E69B-4064-ADB7-7EF49A75B46A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{2C71ACAC-34FB-4C45-B3FB-36BCC3B48C12}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{AE102720-89BB-4082-B0CE-B64BC8D651F7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{4A8C031D-D4EC-48CB-8331-DBBBB774A563}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{8B03ECC2-90E0-4E10-87B4-AD6C1367E86E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5ABD0D4C-E77B-44CE-9E47-6D3EFCBA7A17}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{B2015D8D-4D3C-4A30-99A3-AEEFE85DF09C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{98C877FA-2678-413E-9867-5A882250E4B9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F64ECD14-E827-4D6F-8B1B-7A74E7803408}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Kaspersky Lab power events provider
Description: Kaspersky Lab power events provider
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: KL
Service: klhk
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2017 03:42:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/05/2017 03:42:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/05/2017 12:52:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/05/2017 07:56:18 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/05/2017 07:52:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/03/2017 11:21:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/03/2017 10:26:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/30/2017 10:46:55 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (07/30/2017 09:24:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1068, time stamp: 0x59125d35
Faulting module name: mbamtray.exe, version: 3.0.0.1068, time stamp: 0x59125d35
Exception code: 0xc0000005
Fault offset: 0x0008a378
Faulting process id: 0x564
Faulting application start time: 0x01d3094f01f0837d
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Report Id: 8e027dfb-7543-11e7-bdfe-a41f728ff1b3

Error: (07/30/2017 09:18:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (08/05/2017 12:56:09 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/05/2017 12:53:57 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/05/2017 12:51:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/05/2017 12:51:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/05/2017 12:51:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/05/2017 12:51:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/05/2017 12:51:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/05/2017 12:51:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (08/05/2017 12:51:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
klbackupdisk
klbackupflt
klhk
KLIF
klpd
kneps
spldr
Wanarpv6

Error: (08/05/2017 12:51:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Malwarebytes Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
  Date: 2014-10-15 03:02:35.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 03:02:35.555
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 03:02:35.553
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 03:02:35.526
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 03:02:35.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 03:02:35.505
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 08:29:55.090
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 08:29:55.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 08:29:55.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 08:29:55.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G2030 @ 3.00GHz
Percentage of memory in use: 27%
Total physical RAM: 3967.58 MB
Available physical RAM: 2872.29 MB
Total Virtual: 7933.35 MB
Available Virtual: 6922.48 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.31 GB) (Free:865.22 GB) NTFS
Drive f: () (Removable) (Total:3.73 GB) (Free:2.17 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 015D815A)
Partition 1: (Not Active) - (Size=24 MB) - (Type=DE)
Partition 2: (Active) - (Size=15.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0C)

==================== End of Addition.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:07 PM

Posted 06 August 2017 - 03:50 PM

Welcome. :)

 

I believe Kaspersky Internet Security is making your computer slow. Remove Kaspersky Internet Security and in addition, run the removal tool for a complete cleanup. If a paid version maintain your license in a safe place. If you wish to reinstall, by all means.

 

Once done open FRST, make sure there is a checkmark on the addition .txt and re-scan. Post a new set of logs.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 kgtrojan

kgtrojan
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 08 August 2017 - 05:00 PM

Thank you for the suggestion.  I'll give that a try.



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:07 PM

Posted 08 August 2017 - 06:24 PM

Keep me posted.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 kgtrojan

kgtrojan
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 12 August 2017 - 11:58 AM

I uninstalled Kaspersky and reran the FRST scan.  The scans are below. 

 

The performance of the PC did not change at all.  There is still extreme slowness. For example, it took over an hour to launch FRST.   The Windows Boot Manager screen also displayed indicating that Windows failed to start, but I was able to boot normally, albeit at a snail's pace.  The Boot Manager screen has displayed a few times previously. As best as I can recall, the slowness started about a month or two ago after a Windows update.  Hopefully, this information is helpful.

 

-----------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by User (administrator) on KAPPY-PC (12-08-2017 08:56:16)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: Kappy & User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-314803027-123487486-2882202857-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-314803027-123487486-2882202857-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{2DF0F14B-DD12-4963-B6BA-CED520C134C8}: [NameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-314803027-123487486-2882202857-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-314803027-123487486-2882202857-1001 -> DefaultScope {97E74ECB-9A37-43A2-9ED4-F0B14A4C0242} URL =
SearchScopes: HKU\S-1-5-21-314803027-123487486-2882202857-1001 -> {97E74ECB-9A37-43A2-9ED4-F0B14A4C0242} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-18] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-18] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-18] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-18] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: 3uit54mf.default-1501347039285
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3uit54mf.default-1501347039285 [2017-08-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-08-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-08-06] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-11-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 0108341383330245mcinstcleanup; C:\Windows\TEMP\010834~1.EXE [827456 2012-01-09] (McAfee, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-09] (Dell Products, LP.) [File not signed]
S2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-12] (Malwarebytes)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-12 00:23 - 2017-08-12 00:26 - 014448016 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\kavremvr.exe
2017-08-11 23:10 - 2017-08-11 23:10 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-08-06 08:19 - 2017-08-06 08:22 - 000000000 ____D C:\Users\User\AppData\Local\Microsoft Games
2017-08-05 20:05 - 2017-08-05 20:05 - 000073287 _____ C:\Users\User\Desktop\PC Post.txt
2017-08-05 17:24 - 2017-08-05 17:27 - 000033720 _____ C:\Users\User\Downloads\Addition.txt
2017-08-05 16:50 - 2017-08-12 09:31 - 000011326 _____ C:\Users\User\Downloads\FRST.txt
2017-08-05 16:06 - 2017-08-12 08:56 - 000000000 ____D C:\FRST
2017-08-05 16:01 - 2017-08-05 16:02 - 002381312 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2017-08-05 06:53 - 2017-08-05 06:53 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-07-29 15:44 - 2017-07-29 15:44 - 000000000 ____D C:\Windows\SysWOW64\%Data%
2017-07-29 13:05 - 2017-07-29 13:11 - 000287544 _____ C:\Windows\Minidump\072917-450842-01.dmp
2017-07-29 09:50 - 2017-07-29 09:50 - 000000000 ____D C:\Users\User\Desktop\Old Firefox Data
2017-07-28 03:55 - 2017-07-28 03:55 - 000010248 ____N C:\bootsqm.dat
2017-07-15 06:31 - 2017-06-29 21:15 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-15 06:31 - 2017-06-29 20:32 - 000346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-15 06:31 - 2017-06-29 19:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-15 06:31 - 2017-06-29 19:40 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-15 06:31 - 2017-06-29 19:40 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-15 06:31 - 2017-06-29 19:39 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-15 06:31 - 2017-06-29 19:39 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-15 06:31 - 2017-06-29 19:38 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-15 06:31 - 2017-06-29 19:38 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-15 06:31 - 2017-06-29 19:38 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-15 06:31 - 2017-06-29 19:38 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-15 06:31 - 2017-06-29 19:38 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-15 06:31 - 2017-06-29 19:38 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-15 06:31 - 2017-06-29 19:38 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-15 06:31 - 2017-06-29 19:38 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-15 06:31 - 2017-06-29 19:27 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-15 06:31 - 2017-06-29 19:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-15 06:31 - 2017-06-29 19:26 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-15 06:31 - 2017-06-29 19:26 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-15 06:31 - 2017-06-28 23:27 - 025734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-15 06:31 - 2017-06-28 23:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-15 06:31 - 2017-06-28 23:18 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-15 06:31 - 2017-06-28 23:04 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-15 06:31 - 2017-06-28 23:03 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-15 06:31 - 2017-06-28 23:03 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-15 06:31 - 2017-06-28 23:02 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-15 06:31 - 2017-06-28 23:02 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-15 06:31 - 2017-06-28 23:02 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-15 06:31 - 2017-06-28 22:55 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-15 06:31 - 2017-06-28 22:54 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-15 06:31 - 2017-06-28 22:51 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-15 06:31 - 2017-06-28 22:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-15 06:31 - 2017-06-28 22:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-15 06:31 - 2017-06-28 22:50 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-15 06:31 - 2017-06-28 22:50 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-15 06:31 - 2017-06-28 22:44 - 005975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-15 06:31 - 2017-06-28 22:43 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-15 06:31 - 2017-06-28 22:39 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-15 06:31 - 2017-06-28 22:35 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-15 06:31 - 2017-06-28 22:31 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-15 06:31 - 2017-06-28 22:31 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-15 06:31 - 2017-06-28 22:30 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-15 06:31 - 2017-06-28 22:27 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-15 06:31 - 2017-06-28 22:26 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-15 06:31 - 2017-06-28 22:23 - 020270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-15 06:31 - 2017-06-28 22:23 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-15 06:31 - 2017-06-28 22:23 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-15 06:31 - 2017-06-28 22:23 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-15 06:31 - 2017-06-28 22:23 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-15 06:31 - 2017-06-28 22:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-15 06:31 - 2017-06-28 22:22 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-15 06:31 - 2017-06-28 22:22 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-15 06:31 - 2017-06-28 22:19 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-15 06:31 - 2017-06-28 22:17 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-15 06:31 - 2017-06-28 22:16 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-15 06:31 - 2017-06-28 22:14 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-15 06:31 - 2017-06-28 22:13 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-15 06:31 - 2017-06-28 22:13 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-15 06:31 - 2017-06-28 22:13 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-15 06:31 - 2017-06-28 22:11 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-15 06:31 - 2017-06-28 22:09 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-15 06:31 - 2017-06-28 22:09 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-15 06:31 - 2017-06-28 22:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-15 06:31 - 2017-06-28 22:07 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-15 06:31 - 2017-06-28 22:05 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-15 06:31 - 2017-06-28 22:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-15 06:31 - 2017-06-28 22:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-15 06:31 - 2017-06-28 22:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-15 06:31 - 2017-06-28 21:58 - 015253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-15 06:31 - 2017-06-28 21:58 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-15 06:31 - 2017-06-28 21:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-15 06:31 - 2017-06-28 21:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-15 06:31 - 2017-06-28 21:54 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-15 06:31 - 2017-06-28 21:53 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-15 06:31 - 2017-06-28 21:52 - 004549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-15 06:31 - 2017-06-28 21:48 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-15 06:31 - 2017-06-28 21:47 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-15 06:31 - 2017-06-28 21:46 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-15 06:31 - 2017-06-28 21:46 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-15 06:31 - 2017-06-28 21:43 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-15 06:31 - 2017-06-28 21:41 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-15 06:31 - 2017-06-28 21:29 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-15 06:31 - 2017-06-28 21:28 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-15 06:31 - 2017-06-28 21:24 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-15 06:31 - 2017-06-28 21:23 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-15 06:31 - 2017-06-22 07:58 - 003223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-15 06:31 - 2017-06-15 13:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-15 06:31 - 2017-06-12 15:54 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-15 06:31 - 2017-06-12 15:54 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-15 06:31 - 2017-06-12 15:54 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-15 06:31 - 2017-06-12 15:49 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-15 06:31 - 2017-06-12 15:49 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-15 06:31 - 2017-06-12 15:49 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-15 06:31 - 2017-06-12 15:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-15 06:31 - 2017-06-12 15:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-15 06:31 - 2017-06-12 15:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-15 06:31 - 2017-06-12 15:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-15 06:31 - 2017-06-12 15:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-15 06:31 - 2017-06-12 15:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-15 06:31 - 2017-06-12 15:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-15 06:31 - 2017-06-12 15:29 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-15 06:31 - 2017-06-12 15:28 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-15 06:31 - 2017-06-12 15:19 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-15 06:31 - 2017-06-12 15:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-15 06:31 - 2017-06-12 15:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-15 06:31 - 2017-06-12 15:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-15 06:31 - 2017-06-12 15:12 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-15 06:31 - 2017-06-12 15:12 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-15 06:31 - 2017-06-12 15:12 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-15 06:31 - 2017-06-12 15:11 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-15 06:31 - 2017-06-12 15:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-15 06:31 - 2017-06-12 15:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-15 06:31 - 2017-06-12 15:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-15 06:31 - 2017-06-12 15:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-15 06:31 - 2017-06-12 15:05 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-15 06:31 - 2017-06-10 08:59 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-15 06:31 - 2017-06-10 08:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-15 06:31 - 2017-06-09 08:33 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-15 06:31 - 2017-06-06 08:30 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-15 06:31 - 2017-06-06 08:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-15 06:31 - 2017-05-29 21:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-15 06:31 - 2017-05-29 21:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-15 06:31 - 2017-05-29 21:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-15 06:31 - 2017-05-20 21:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-15 06:31 - 2017-05-20 21:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-15 06:31 - 2017-05-16 08:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-15 06:31 - 2017-05-16 08:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-15 06:31 - 2017-05-16 08:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-15 06:31 - 2017-05-03 08:34 - 000094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-15 06:31 - 2017-05-03 08:29 - 001206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-15 06:31 - 2017-05-03 06:05 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-15 06:31 - 2017-05-03 06:05 - 000620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-15 06:31 - 2017-05-03 06:05 - 000535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-15 06:31 - 2017-05-03 06:05 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-15 06:31 - 2017-05-03 06:05 - 000311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-15 06:31 - 2017-05-03 06:05 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-15 06:31 - 2017-05-03 06:05 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-15 06:31 - 2017-03-22 19:06 - 001691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-12 09:01 - 2009-07-13 21:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-12 09:01 - 2009-07-13 21:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-12 08:34 - 2017-04-23 07:06 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-08-12 01:38 - 2017-06-09 22:32 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-12 01:20 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-12 00:59 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2017-08-12 00:54 - 2013-11-01 12:18 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-08-12 00:54 - 2013-11-01 12:18 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-08-12 00:43 - 2015-08-05 23:16 - 000000000 ____D C:\Program Files\Common Files\AV
2017-08-11 03:51 - 2009-07-13 22:13 - 000006214 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-06 14:35 - 2013-01-23 05:19 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-06 14:35 - 2013-01-23 05:19 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-06 14:34 - 2013-01-23 05:19 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-06 14:34 - 2013-01-23 05:19 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-05 15:40 - 2017-06-11 11:29 - 000756882 _____ C:\Windows\ntbtlog.txt
2017-08-05 12:08 - 2016-11-18 21:54 - 000000000 ____D C:\Users\Kappy\AppData\LocalLow\Mozilla
2017-08-05 08:01 - 2015-07-02 18:35 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-03 22:35 - 2013-01-23 05:36 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-08-03 22:29 - 2013-01-23 05:48 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-08-03 22:29 - 2013-01-23 05:48 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-07-29 13:34 - 2017-04-23 06:57 - 000000000 ____D C:\Users\User\AppData\Local\SoftThinks
2017-07-29 13:05 - 2016-08-22 08:29 - 000000000 ____D C:\Windows\Minidump
2017-07-29 08:57 - 2017-04-23 06:57 - 000000632 __RSH C:\Users\User\ntuser.pol
2017-07-16 13:56 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\rescache
2017-07-16 06:56 - 2009-07-13 21:45 - 000443208 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-16 06:53 - 2014-12-11 04:19 - 000000000 ____D C:\Windows\system32\appraiser
2017-07-15 10:33 - 2017-06-09 22:31 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-15 06:32 - 2017-03-28 06:15 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-15 06:03 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\NDF
2017-07-15 03:33 - 2013-11-02 09:20 - 000000000 ____D C:\Windows\system32\MRT
2017-07-15 03:27 - 2013-11-02 09:20 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-04-02 06:05 - 2017-03-12 13:53 - 000000949 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-15 03:50

==================== End of FRST.txt ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by User (12-08-2017 09:44:59)
Running from C:\Users\User\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-11-01 18:23:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-314803027-123487486-2882202857-500 - Administrator - Disabled)
Guest (S-1-5-21-314803027-123487486-2882202857-501 - Limited - Disabled)
Kappy (S-1-5-21-314803027-123487486-2882202857-1000 - Limited - Enabled) => C:\Users\Kappy
User (S-1-5-21-314803027-123487486-2882202857-1001 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{9DDFE322-6BA0-4F90-8689-D98382492371}) (Version: 2.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}) (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4815.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{F390D923-76F1-458E-8218-8C0C156CDCFD}) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.5.8 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 - Realtek Semiconductor Corp.)
Self-service Plug-in (HKLM-x32\...\{47117FCA-0D00-4B6D-9D68-00B763629463}) (Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-03-19] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0016985D-6580-4F5E-8BDC-F47AD11E2907} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
Task: {047BF46C-4170-4EC7-8563-126C238F3AE9} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {11608FD5-4D97-4E17-8D9D-3C49BB0A4432} - System32\Tasks\{1DC12E11-AF2F-4CA0-9963-9A44A9AAA534} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {2FA42E04-0F1D-4356-9EDC-E350A1B4895B} - System32\Tasks\{4D0812FB-5571-40B9-A6F9-3348E3A80072} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {303D2C0A-578C-487B-9368-627CBACAC8CD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {4A5EA31C-90F7-48C3-8BEB-1D7FE51D4108} - System32\Tasks\{7A32114A-717E-4855-8F82-096A10A12466} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {595E7DAA-6630-4ED3-BE81-E63775FD29C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {6F7155E0-D698-447D-922E-269758FE1D53} - System32\Tasks\{7099E416-84DE-473D-B4FC-44463059B53E} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {7537CA2E-EEB6-475E-93A1-9503CA8D1089} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {7738D19C-6CD4-4B26-989A-2DF4DDDFFC0D} - System32\Tasks\{CC7282E0-6CE9-4541-BFCE-B580FE737961} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {7A161304-054D-4BC8-B33F-CFF969D064D4} - System32\Tasks\{5B8E5311-3D40-4DE7-AD14-92CA5B385E10} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {8814AD67-7901-4998-8A3A-FCBEA1DE4F9D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {94B959AB-4A8A-450D-85DA-BD7DEEB75B8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {A1B2CEF2-846B-422F-9BB4-0A2E6FEB08E6} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {A7634F8D-8BFD-42C9-A930-5CFBB8991F34} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-06] (Adobe Systems Incorporated)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AE8E4E40-992A-40ED-B4A2-67A7672BF1DE} - System32\Tasks\{D4B85AE8-3F96-4270-8D9E-C2B99A0E14EB} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {EE1F3A5F-A108-4214-9384-421D3EF536D1} - System32\Tasks\{B4FAD1D1-EC77-46B6-B0F6-54AFFC51DA79} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-03-24 20:47 - 2015-10-13 05:34 - 000105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-09-15 04:21 - 2015-09-01 09:04 - 008901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-15 04:21 - 2015-09-01 05:25 - 008901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-314803027-123487486-2882202857-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: 0108341383330245mcinstcleanup => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C9484A28-F48D-43D2-8A55-81BEEDC3516F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3883E520-8804-408C-9312-26F39717C382}] => (Allow) LPort=2869
FirewallRules: [{FB6E098A-788F-49D5-9926-71C889800D74}] => (Allow) LPort=1900
FirewallRules: [{90ABA078-25A3-4843-A908-6E04D2339C47}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4FC98A46-4636-4C64-AE84-2A17F5BC7565}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{5845D5C7-CDEF-44FD-B300-40DFBF2ED60D}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{AD6E3AFF-721E-46A2-AF10-4702710404C1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{5FBE8E0E-433C-4663-A1A0-EFB6D32DCD60}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{0B0948E8-0939-4EE3-8EEB-DAF5484C9B8B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A6BD848-1877-435C-B49F-A63E0E9703F8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A5D4F80F-DF54-4905-B5AE-F3114C4F9BB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{74AABA74-9E66-45B9-A76C-8FF99D7420F4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F6633400-C916-4D0E-916D-1A5E61F7F563}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{443B0070-5D08-421B-B47E-F1A20A1170BC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B91D63ED-E69B-4064-ADB7-7EF49A75B46A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{2C71ACAC-34FB-4C45-B3FB-36BCC3B48C12}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{AE102720-89BB-4082-B0CE-B64BC8D651F7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{4A8C031D-D4EC-48CB-8331-DBBBB774A563}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{8B03ECC2-90E0-4E10-87B4-AD6C1367E86E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5ABD0D4C-E77B-44CE-9E47-6D3EFCBA7A17}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{B2015D8D-4D3C-4A30-99A3-AEEFE85DF09C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{98C877FA-2678-413E-9867-5A882250E4B9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F64ECD14-E827-4D6F-8B1B-7A74E7803408}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: E:\
Description: Multi-Card      
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (08/12/2017 09:42:53 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/12/2017 09:06:29 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (08/12/2017 01:28:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/11/2017 09:31:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/11/2017 03:50:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/11/2017 03:50:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/11/2017 03:46:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/06/2017 02:34:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 54.0.1.6388 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ad8

Start Time: 01d30eb948947705

Termination Time: 376

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 0ac314b4-7aef-11e7-ae63-a41f728ff1b3

Error: (08/06/2017 06:43:13 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/06/2017 06:43:13 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (08/12/2017 08:15:14 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (08/12/2017 06:45:00 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (08/12/2017 01:41:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application User Notification Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/12/2017 01:41:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application User Notification Service service to connect.

Error: (08/12/2017 01:40:23 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (08/12/2017 01:34:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/12/2017 01:34:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.

Error: (08/12/2017 01:33:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kaspersky Secure Connection Service 1.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/12/2017 01:33:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Kaspersky Secure Connection Service 1.0.0 service to connect.

Error: (08/12/2017 01:32:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intuit Update Service v4 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
  Date: 2014-10-15 03:02:35.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 03:02:35.555
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 03:02:35.553
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 03:02:35.526
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 03:02:35.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-15 03:02:35.505
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 08:29:55.090
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 08:29:55.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 08:29:55.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-13 08:29:55.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G2030 @ 3.00GHz
Percentage of memory in use: 54%
Total physical RAM: 3967.58 MB
Available physical RAM: 1823.78 MB
Total Virtual: 7933.35 MB
Available Virtual: 5298.62 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.31 GB) (Free:866.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 015D815A)
Partition 1: (Not Active) - (Size=24 MB) - (Type=DE)
Partition 2: (Active) - (Size=15.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:07 PM

Posted 14 August 2017 - 09:38 PM

Lets scan:

 

 

  • Highlight the entire content of the quote box below.

Start::  
FirewallRules: [{3883E520-8804-408C-9312-26F39717C382}] => (Allow) LPort=2869
FirewallRules: [{FB6E098A-788F-49D5-9926-71C889800D74}] => (Allow) LPort=1900
GroupPolicy\User: Restriction <==== ATTENTION
Task: {047BF46C-4170-4EC7-8563-126C238F3AE9} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {A1B2CEF2-846B-422F-9BB4-0A2E6FEB08E6} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {047BF46C-4170-4EC7-8563-126C238F3AE9} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {A1B2CEF2-846B-422F-9BB4-0A2E6FEB08E6} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. (FRST will process the text copied above into the clipboard) No paste is necessary.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 kgtrojan

kgtrojan
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 15 August 2017 - 10:06 AM

Logs are below.  I did receive a Windows boot error when the PC rebooted after AdwCleaner ran it's process.

 

---------------

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by User (14-08-2017 20:59:40) Run:1
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: Kappy & User)
Boot Mode: Normal
==============================================

fixlist content:
*****************
 
FirewallRules: [{3883E520-8804-408C-9312-26F39717C382}] => (Allow) LPort=2869
FirewallRules: [{FB6E098A-788F-49D5-9926-71C889800D74}] => (Allow) LPort=1900
GroupPolicy\User: Restriction <==== ATTENTION
Task: {047BF46C-4170-4EC7-8563-126C238F3AE9} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {A1B2CEF2-846B-422F-9BB4-0A2E6FEB08E6} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {047BF46C-4170-4EC7-8563-126C238F3AE9} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {A1B2CEF2-846B-422F-9BB4-0A2E6FEB08E6} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:

*****************

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3883E520-8804-408C-9312-26F39717C382} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB6E098A-788F-49D5-9926-71C889800D74} => value removed successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{047BF46C-4170-4EC7-8563-126C238F3AE9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{047BF46C-4170-4EC7-8563-126C238F3AE9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1B2CEF2-846B-422F-9BB4-0A2E6FEB08E6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1B2CEF2-846B-422F-9BB4-0A2E6FEB08E6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{047BF46C-4170-4EC7-8563-126C238F3AE9} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1B2CEF2-846B-422F-9BB4-0A2E6FEB08E6} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-314803027-123487486-2882202857-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-314803027-123487486-2882202857-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21557985 B
Java, Flash, Steam htmlcache => 1279 B
Windows/system/drivers => 1187649275 B
Edge => 0 B
Chrome => 0 B
Firefox => 380226355 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 43309325 B
systemprofile32 => 71744 B
LocalService => 0 B
NetworkService => 1584250 B
Kappy => 50767578 B
User => 337031315 B

RecycleBin => 664 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:25:46 ====

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by User (Administrator) on Tue 08/15/2017 at  5:43:17.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 4

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0108341383330245mcinstcleanup (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{97E74ECB-9A37-43A2-9ED4-F0B14A4C0242} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/15/2017 at  5:58:36.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

 # AdwCleaner 7.0.1.0 - Logfile created on Tue Aug 15 13:16:21 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1008 B] - [2017/8/15 13:14:39]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:07 PM

Posted 15 August 2017 - 10:43 AM

Any improvement?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 kgtrojan

kgtrojan
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 17 August 2017 - 12:43 AM

Unfortunately, there hasn't been much improvement.  It's taking close to 90 minutes to boot up and 3 minutes to fully load Firefox. 



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:07 PM

Posted 17 August 2017 - 12:33 PM

Open an Administrator Command prompt (Click on Start, type CMD and press CTRL+SHIFT+ENTER). At the prompt type Powershell and wait until PowerShell is loaded. Once loaded, Copy and Paste the following command and Press Enter:

 

wevtutil el | Foreach-Object {wevtutil cl “$_”}

 

It may take a while, please be patient. Once done, type Exit and press Enter two times and restart the computer.

 

Back from a restart, Make sure there is a check-mark on the addition.txt and re-scan with FRST. Please post the two resulting logs, FRST.txt and addition.txt.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 kgtrojan

kgtrojan
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 18 August 2017 - 09:16 AM

Logs are below.  There was no change to system slowness.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2017
Ran by User (administrator) on KAPPY-PC (18-08-2017 06:09:30)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: Kappy & User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 156.154.70.16 156.154.71.16
Tcpip\..\Interfaces\{2DF0F14B-DD12-4963-B6BA-CED520C134C8}: [DhcpNameServer] 156.154.70.16 156.154.71.16

Internet Explorer:
==================
HKU\S-1-5-21-314803027-123487486-2882202857-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-314803027-123487486-2882202857-1001 -> DefaultScope {97E74ECB-9A37-43A2-9ED4-F0B14A4C0242} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-18] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-18] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-18] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-18] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: 3uit54mf.default-1501347039285
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3uit54mf.default-1501347039285 [2017-08-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-08-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-08-06] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-11-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-09] (Dell Products, LP.) [File not signed]
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-17] (Malwarebytes)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-18 06:08 - 2017-08-18 06:08 - 002395648 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2017-08-15 06:08 - 2017-08-15 06:16 - 000000000 ____D C:\AdwCleaner
2017-08-15 06:07 - 2017-08-15 06:07 - 008185288 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner_7.0.1.0.exe
2017-08-15 05:58 - 2017-08-15 05:58 - 000001077 _____ C:\Users\User\Downloads\JRT.txt
2017-08-15 05:38 - 2017-08-15 05:38 - 001790024 _____ (Malwarebytes) C:\Users\User\Downloads\JRT.exe
2017-08-15 05:33 - 2017-08-15 05:54 - 000049685 _____ C:\Users\User\Desktop\Book1.xlsx
2017-08-15 05:30 - 2017-08-15 05:30 - 000000000 ____D C:\Users\User\Documents\Custom Office Templates
2017-08-14 20:59 - 2017-08-18 06:08 - 000000000 ____D C:\Users\User\Downloads\FRST-OlderVersion
2017-08-14 20:59 - 2017-08-14 21:25 - 000010255 _____ C:\Users\User\Downloads\Fixlog.txt
2017-08-12 18:08 - 2017-07-13 23:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-12 18:07 - 2017-07-13 19:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-12 18:06 - 2017-07-21 07:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-12 18:06 - 2017-07-21 07:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-12 18:06 - 2017-07-13 22:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-12 18:06 - 2017-07-13 21:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-12 18:06 - 2017-07-13 19:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-12 18:06 - 2017-07-08 08:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-12 18:06 - 2017-07-01 06:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-12 18:06 - 2017-07-01 06:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-12 18:06 - 2017-07-01 06:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-12 18:06 - 2017-07-01 06:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-12 18:05 - 2017-07-14 08:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-12 18:05 - 2017-07-14 08:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-12 18:05 - 2017-07-14 08:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-12 18:05 - 2017-07-14 08:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-12 18:05 - 2017-07-07 08:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-12 18:05 - 2017-07-07 08:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-08-12 18:05 - 2017-07-01 06:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-12 18:05 - 2017-07-01 06:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-12 18:05 - 2017-07-01 06:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-12 18:05 - 2017-07-01 06:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-12 18:05 - 2017-07-01 06:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-12 18:05 - 2017-07-01 06:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-12 18:05 - 2017-07-01 06:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-12 18:05 - 2017-07-01 06:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-08-12 18:04 - 2017-07-29 07:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-12 18:04 - 2017-07-21 07:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-08-12 18:04 - 2017-07-21 07:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-12 18:04 - 2017-07-15 11:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-12 18:04 - 2017-07-15 10:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-08-12 18:04 - 2017-07-14 08:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-12 18:04 - 2017-07-14 08:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-12 18:04 - 2017-07-14 08:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-12 18:04 - 2017-07-14 08:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-12 18:04 - 2017-07-14 08:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-12 18:04 - 2017-07-14 08:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-12 18:04 - 2017-07-14 08:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-12 18:04 - 2017-07-14 08:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-12 18:04 - 2017-07-14 08:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-12 18:04 - 2017-07-14 08:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-12 18:04 - 2017-07-14 08:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-12 18:04 - 2017-07-14 08:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-12 18:04 - 2017-07-14 08:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-12 18:04 - 2017-07-14 08:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-08-12 18:04 - 2017-07-14 08:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-08-12 18:04 - 2017-07-14 08:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-12 18:04 - 2017-07-14 08:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-08-12 18:04 - 2017-07-14 08:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-08-12 18:04 - 2017-07-14 08:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-08-12 18:04 - 2017-07-14 08:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-08-12 18:04 - 2017-07-14 08:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-08-12 18:04 - 2017-07-14 08:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-12 18:04 - 2017-07-14 08:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-12 18:04 - 2017-07-14 07:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-08-12 18:04 - 2017-07-14 07:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-08-12 18:04 - 2017-07-14 07:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-12 18:04 - 2017-07-14 07:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-12 18:04 - 2017-07-14 07:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-08-12 18:04 - 2017-07-14 00:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-12 18:04 - 2017-07-14 00:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-12 18:04 - 2017-07-13 23:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-12 18:04 - 2017-07-13 23:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-12 18:04 - 2017-07-13 23:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-12 18:04 - 2017-07-13 23:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-12 18:04 - 2017-07-13 23:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-12 18:04 - 2017-07-13 23:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-12 18:04 - 2017-07-13 23:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-12 18:04 - 2017-07-13 23:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-12 18:04 - 2017-07-13 23:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-12 18:04 - 2017-07-13 23:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-12 18:04 - 2017-07-13 23:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-12 18:04 - 2017-07-13 23:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-12 18:04 - 2017-07-13 23:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-12 18:04 - 2017-07-13 23:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-12 18:04 - 2017-07-13 23:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-12 18:04 - 2017-07-13 22:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-12 18:04 - 2017-07-13 22:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-12 18:04 - 2017-07-13 22:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-12 18:04 - 2017-07-13 22:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-12 18:04 - 2017-07-13 22:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-12 18:04 - 2017-07-13 22:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-12 18:04 - 2017-07-13 22:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-12 18:04 - 2017-07-13 22:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-12 18:04 - 2017-07-13 22:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-12 18:04 - 2017-07-13 22:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-12 18:04 - 2017-07-13 22:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-12 18:04 - 2017-07-13 22:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-12 18:04 - 2017-07-13 21:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-12 18:04 - 2017-07-13 21:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-12 18:04 - 2017-07-13 20:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-12 18:04 - 2017-07-13 20:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-08-12 18:04 - 2017-07-13 19:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-08-12 18:04 - 2017-07-13 19:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-08-12 18:04 - 2017-07-13 19:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-08-12 18:04 - 2017-07-13 19:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-08-12 18:04 - 2017-07-13 19:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-08-12 18:04 - 2017-07-13 19:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-08-12 18:04 - 2017-07-13 19:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-08-12 18:04 - 2017-07-13 19:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-08-12 18:04 - 2017-07-13 19:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-08-12 18:04 - 2017-07-13 19:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-08-12 18:04 - 2017-07-13 19:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-08-12 18:04 - 2017-07-13 19:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-08-12 18:04 - 2017-07-13 19:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-08-12 18:04 - 2017-07-13 19:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-12 18:04 - 2017-07-13 19:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-08-12 18:04 - 2017-07-13 19:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-08-12 18:04 - 2017-07-13 19:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-08-12 18:04 - 2017-07-13 19:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-08-12 18:04 - 2017-07-13 19:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-08-12 18:04 - 2017-07-13 19:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-08-12 18:04 - 2017-07-13 19:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-08-12 18:04 - 2017-07-13 19:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-08-12 18:04 - 2017-07-13 19:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-08-12 18:04 - 2017-07-13 19:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-08-12 18:04 - 2017-07-13 19:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-12 18:04 - 2017-07-13 18:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-12 18:04 - 2017-07-13 18:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-08-12 18:04 - 2017-07-13 18:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-08-12 18:04 - 2017-07-08 08:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-12 18:04 - 2017-07-07 08:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-08-12 18:04 - 2017-07-07 08:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-08-12 18:04 - 2017-07-07 08:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-12 18:04 - 2017-07-07 08:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-12 18:04 - 2017-07-07 08:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-12 18:04 - 2017-07-07 08:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-08-12 18:04 - 2017-07-07 08:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-12 18:04 - 2017-07-07 08:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-08-12 18:04 - 2017-07-07 08:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-08-12 18:04 - 2017-07-07 08:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-08-12 18:04 - 2017-07-07 08:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-08-12 18:04 - 2017-07-07 08:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-12 18:04 - 2017-07-07 08:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-08-12 18:04 - 2017-07-07 08:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-08-12 18:04 - 2017-07-07 08:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-08-12 18:04 - 2017-07-07 08:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-08-12 18:04 - 2017-07-07 08:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-08-12 18:04 - 2017-07-07 08:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-08-12 18:04 - 2017-07-07 08:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-08-12 18:04 - 2017-07-07 08:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-08-12 18:04 - 2017-07-07 08:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-08-12 18:04 - 2017-07-07 08:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 08:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-12 18:04 - 2017-07-07 08:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-12 18:04 - 2017-07-07 08:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-12 18:04 - 2017-07-07 08:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-12 18:04 - 2017-07-07 07:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-08-12 18:04 - 2017-07-07 07:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-12 18:04 - 2017-07-07 07:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-12 18:04 - 2017-07-07 07:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-12 18:04 - 2017-07-07 07:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-12 18:04 - 2017-07-07 07:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-12 18:04 - 2017-07-07 07:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-12 18:04 - 2017-07-07 07:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-08-12 18:04 - 2017-07-07 07:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-08-12 18:04 - 2017-07-07 07:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-08-12 18:04 - 2017-07-07 07:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-08-12 18:04 - 2017-07-07 07:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-08-12 18:04 - 2017-07-07 07:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-08-12 18:04 - 2017-07-07 07:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 07:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 07:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-12 18:04 - 2017-07-07 07:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-08-12 00:23 - 2017-08-12 00:26 - 014448016 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\kavremvr.exe
2017-08-11 23:10 - 2017-08-11 23:10 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-08-06 08:19 - 2017-08-06 08:22 - 000000000 ____D C:\Users\User\AppData\Local\Microsoft Games
2017-08-05 20:05 - 2017-08-05 20:05 - 000073287 _____ C:\Users\User\Desktop\PC Post.txt
2017-08-05 17:24 - 2017-08-12 09:51 - 000030617 _____ C:\Users\User\Downloads\Addition.txt
2017-08-05 16:50 - 2017-08-18 06:43 - 000011622 _____ C:\Users\User\Downloads\FRST.txt
2017-08-05 16:06 - 2017-08-18 06:09 - 000000000 ____D C:\FRST
2017-08-05 06:53 - 2017-08-15 05:36 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-07-29 15:44 - 2017-07-29 15:44 - 000000000 ____D C:\Windows\SysWOW64\%Data%
2017-07-29 13:05 - 2017-07-29 13:11 - 000287544 _____ C:\Windows\Minidump\072917-450842-01.dmp
2017-07-29 09:50 - 2017-07-29 09:50 - 000000000 ____D C:\Users\User\Desktop\Old Firefox Data

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-18 06:05 - 2009-07-13 21:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-18 06:05 - 2009-07-13 21:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-18 06:03 - 2017-04-23 07:06 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-08-18 06:01 - 2013-11-01 12:18 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-08-17 22:41 - 2017-06-09 22:32 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-17 22:30 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-15 05:36 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\NDF
2017-08-14 22:26 - 2017-04-23 06:57 - 000000008 __RSH C:\Users\User\ntuser.pol
2017-08-14 20:59 - 2009-07-13 20:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-08-14 09:48 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\rescache
2017-08-13 05:40 - 2009-07-13 21:45 - 000443208 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-13 05:36 - 2009-07-13 22:13 - 000006214 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-13 03:45 - 2013-11-02 09:20 - 000000000 ____D C:\Windows\system32\MRT
2017-08-13 03:11 - 2013-11-02 09:20 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-12 00:59 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2017-08-12 00:54 - 2013-11-01 12:18 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-08-12 00:43 - 2015-08-05 23:16 - 000000000 ____D C:\Program Files\Common Files\AV
2017-08-06 14:35 - 2013-01-23 05:19 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-06 14:35 - 2013-01-23 05:19 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-06 14:34 - 2013-01-23 05:19 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-06 14:34 - 2013-01-23 05:19 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-05 15:40 - 2017-06-11 11:29 - 000756882 _____ C:\Windows\ntbtlog.txt
2017-08-05 12:08 - 2016-11-18 21:54 - 000000000 ____D C:\Users\Kappy\AppData\LocalLow\Mozilla
2017-08-05 08:01 - 2015-07-02 18:35 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-03 22:35 - 2013-01-23 05:36 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-08-03 22:29 - 2013-01-23 05:48 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-08-03 22:29 - 2013-01-23 05:48 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-07-29 13:34 - 2017-04-23 06:57 - 000000000 ____D C:\Users\User\AppData\Local\SoftThinks
2017-07-29 13:05 - 2016-08-22 08:29 - 000000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories =======

2014-04-02 06:05 - 2017-03-12 13:53 - 000000949 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-12 20:14

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2017
Ran by User (18-08-2017 07:00:01)
Running from C:\Users\User\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-11-01 18:23:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-314803027-123487486-2882202857-500 - Administrator - Disabled)
Guest (S-1-5-21-314803027-123487486-2882202857-501 - Limited - Disabled)
Kappy (S-1-5-21-314803027-123487486-2882202857-1000 - Limited - Enabled) => C:\Users\Kappy
User (S-1-5-21-314803027-123487486-2882202857-1001 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{9DDFE322-6BA0-4F90-8689-D98382492371}) (Version: 2.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}) (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4815.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{F390D923-76F1-458E-8218-8C0C156CDCFD}) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.5.8 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 - Realtek Semiconductor Corp.)
Self-service Plug-in (HKLM-x32\...\{47117FCA-0D00-4B6D-9D68-00B763629463}) (Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-03-19] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0016985D-6580-4F5E-8BDC-F47AD11E2907} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
Task: {11608FD5-4D97-4E17-8D9D-3C49BB0A4432} - System32\Tasks\{1DC12E11-AF2F-4CA0-9963-9A44A9AAA534} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {2FA42E04-0F1D-4356-9EDC-E350A1B4895B} - System32\Tasks\{4D0812FB-5571-40B9-A6F9-3348E3A80072} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {303D2C0A-578C-487B-9368-627CBACAC8CD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {4A5EA31C-90F7-48C3-8BEB-1D7FE51D4108} - System32\Tasks\{7A32114A-717E-4855-8F82-096A10A12466} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {595E7DAA-6630-4ED3-BE81-E63775FD29C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {6F7155E0-D698-447D-922E-269758FE1D53} - System32\Tasks\{7099E416-84DE-473D-B4FC-44463059B53E} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {7537CA2E-EEB6-475E-93A1-9503CA8D1089} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {7738D19C-6CD4-4B26-989A-2DF4DDDFFC0D} - System32\Tasks\{CC7282E0-6CE9-4541-BFCE-B580FE737961} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {7A161304-054D-4BC8-B33F-CFF969D064D4} - System32\Tasks\{5B8E5311-3D40-4DE7-AD14-92CA5B385E10} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {8814AD67-7901-4998-8A3A-FCBEA1DE4F9D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {94B959AB-4A8A-450D-85DA-BD7DEEB75B8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {A7634F8D-8BFD-42C9-A930-5CFBB8991F34} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-06] (Adobe Systems Incorporated)
Task: {AE8E4E40-992A-40ED-B4A2-67A7672BF1DE} - System32\Tasks\{D4B85AE8-3F96-4270-8D9E-C2B99A0E14EB} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE
Task: {EE1F3A5F-A108-4214-9384-421D3EF536D1} - System32\Tasks\{B4FAD1D1-EC77-46B6-B0F6-54AFFC51DA79} => C:\Users\Kappy\Desktop\TETRIS\TETRIS.EXE

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-03-24 20:47 - 2015-10-13 05:34 - 000105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-09-15 04:21 - 2015-09-01 09:04 - 008901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-01-23 05:31 - 2011-12-16 11:39 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2017-08-14 20:59 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-314803027-123487486-2882202857-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 156.154.70.16 - 156.154.71.16
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: 0108341383330245mcinstcleanup => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

13-08-2017 00:00:15 Scheduled Checkpoint
13-08-2017 03:01:44 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2017 06:52:03 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/17/2017 10:39:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/17/2017 09:48:11 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume \\?\Volume{148789c5-6567-11e2-b83e-806e6f6e6963}\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x00000000, The operation completed successfully.
], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
], OnRun[0x00000000, The operation completed successfully.
].


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (08/17/2017 09:47:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).


System errors:
=============
Error: (08/17/2017 10:43:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intuit Update Service v4 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/17/2017 10:43:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.

Error: (08/17/2017 10:42:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Rapid Storage Technology service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/17/2017 10:42:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.

Error: (08/17/2017 10:42:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Digital Delivery Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/17/2017 10:42:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.

Error: (08/17/2017 10:36:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ZAtheros Wlan Agent service to connect.

Error: (08/17/2017 10:35:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/17/2017 10:35:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

Error: (08/17/2017 10:33:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Installer service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G2030 @ 3.00GHz
Percentage of memory in use: 45%
Total physical RAM: 3967.58 MB
Available physical RAM: 2170.81 MB
Total Virtual: 7933.35 MB
Available Virtual: 6146.98 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.31 GB) (Free:863.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 015D815A)
Partition 1: (Not Active) - (Size=24 MB) - (Type=DE)
Partition 2: (Active) - (Size=15.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:07 PM

Posted 18 August 2017 - 04:35 PM

Lets refresh Windows Instrumentation:

Download the enclosed file. [attachment=197041:WMI.zip] Save and extract its contents to the desktop. Once extracted open the folder, right click on the Runme.bat file and select Run as Administrator. Restart the computer.

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

Edited by JSntgRvr, 18 August 2017 - 07:23 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 kgtrojan

kgtrojan
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 18 August 2017 - 10:57 PM

MTB log below.  I did have a Windows Boot Manager error when I tried to reboot, but I was able to boot up.  Same degree of slowness persists.

 

----------------

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by User (administrator) on 18-08-2017 at 20:47:13
Running from "C:\Users\User\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Inspiron 660s Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Dell Wireless 1506 802.11b/g/n (2.4GHz) = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Kaspersky Security Data Escort Adapter = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Kappy-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Kaspersky Security Data Escort Adapter
   Physical Address. . . . . . . . . : 00-FF-AE-A4-F5-83
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 12-18-8B-47-37-16
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Dell Wireless 1506 802.11b/g/n (2.4GHz)
   Physical Address. . . . . . . . . : 70-18-8B-47-37-16
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : A4-1F-72-8F-F1-B3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e9d3:b928:f699:e2b6%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, August 18, 2017 7:46:26 PM
   Lease Expires . . . . . . . . . . : Saturday, August 19, 2017 7:46:26 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 245636978
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-F8-68-42-A4-1F-72-8F-F1-B3
   DNS Servers . . . . . . . . . . . : 156.154.70.16
                                       156.154.71.16
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2DF0F14B-DD12-4963-B6BA-CED520C134C8}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  156.154.70.16

Name:    google.com
Addresses:  2607:f8b0:4009:80f::200e
      216.58.192.238


Pinging google.com [216.58.192.238] with 32 bytes of data:
Reply from 216.58.192.238: bytes=32 time=56ms TTL=53
Reply from 216.58.192.238: bytes=32 time=56ms TTL=53

Ping statistics for 216.58.192.238:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 56ms, Maximum = 56ms, Average = 56ms
Server:  UnKnown
Address:  156.154.70.16

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
      2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      206.190.36.45
      98.139.180.149
      98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=62ms TTL=52
Reply from 98.138.253.109: bytes=32 time=63ms TTL=52

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 62ms, Maximum = 63ms, Average = 62ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...00 ff ae a4 f5 83 ......Kaspersky Security Data Escort Adapter
 14...12 18 8b 47 37 16 ......Microsoft Virtual WiFi Miniport Adapter
 12...70 18 8b 47 37 16 ......Dell Wireless 1506 802.11b/g/n (2.4GHz)
 11...a4 1f 72 8f f1 b3 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.2    276
      192.168.1.2  255.255.255.255         On-link       192.168.1.2    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.2    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.2    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::e9d3:b928:f699:e2b6/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/18/2017 08:37:14 PM) (Source: Application Hang) (User: )
Description: The program solitaire.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bc0

Start Time: 01d3189c5dab39ac

Termination Time: 0

Application Path: C:\Program Files\Microsoft Games\solitaire\solitaire.exe

Report Id: a5387219-848f-11e7-92f8-a41f728ff1b3

Error: (08/18/2017 08:24:57 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 54.0.1.6388 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 998

Start Time: 01d31898396ed91e

Termination Time: 0

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 24107334-848d-11e7-92f8-a41f728ff1b3

Error: (08/18/2017 08:20:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe
Faulting module name: Wpc.dll, version: 1.0.0.1, time stamp: 0x50c1eda0
Exception code: 0xc0000005
Fault offset: 0x000000000000675e
Faulting process id: 0x79c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (08/18/2017 08:03:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1068, time stamp: 0x59125d35
Faulting module name: mbamtray.exe, version: 3.0.0.1068, time stamp: 0x59125d35
Exception code: 0xc0000005
Fault offset: 0x0008a378
Faulting process id: 0x880
Faulting application start time: 0xmbamtray.exe0
Faulting application path: mbamtray.exe1
Faulting module path: mbamtray.exe2
Report Id: mbamtray.exe3


System errors:
=============
Error: (08/18/2017 08:26:17 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (08/18/2017 08:18:27 PM) (Source: Service Control Manager) (User: )
Description: The Intuit Update Service v4 service hung on starting.

Error: (08/18/2017 08:16:22 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (08/18/2017 08:37:14 PM) (Source: Application Hang)(User: )
Description: solitaire.exe6.1.7600.16385bc001d3189c5dab39ac0C:\Program Files\Microsoft Games\solitaire\solitaire.exea5387219-848f-11e7-92f8-a41f728ff1b3

Error: (08/18/2017 08:24:57 PM) (Source: Application Hang)(User: )
Description: firefox.exe54.0.1.638899801d31898396ed91e0C:\Program Files (x86)\Mozilla Firefox\firefox.exe24107334-848d-11e7-92f8-a41f728ff1b3

Error: (08/18/2017 08:20:27 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.2353757c44efeWpc.dll1.0.0.150c1eda0c0000005000000000000675e79c01d31895c6dfa3ffC:\Windows\Explorer.EXEC:\Windows\System32\Wpc.dll5824ee91-848d-11e7-92f8-a41f728ff1b3

Error: (08/18/2017 08:03:45 PM) (Source: Application Error)(User: )
Description: mbamtray.exe3.0.0.106859125d35mbamtray.exe3.0.0.106859125d35c00000050008a37888001d31896b61eb249C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exeC:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe02eefb5f-848b-11e7-92f8-a41f728ff1b3


=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{9DDFE322-6BA0-4F90-8689-D98382492371}) (Version: 2.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}) (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4815.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{F390D923-76F1-458E-8218-8C0C156CDCFD}) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.5.8 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 - Realtek Semiconductor Corp.)
Self-service Plug-in (HKLM-x32\...\{47117FCA-0D00-4B6D-9D68-00B763629463}) (Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 3967.58 MB
Available physical RAM: 2521.18 MB
Total Virtual: 7933.35 MB
Available Virtual: 6384.88 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:916.31 GB) (Free:863.74 GB) NTFS

========================= Users: ========================================

User accounts for \\KAPPY-PC

Administrator            Guest                    Kappy                    
User                     


**** End of log ****
 



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:07 PM

Posted 19 August 2017 - 12:14 AM

  • Highlight the entire content of the quote box below.

Start::
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Folder: C:\Windows\System32\drivers
File: C:\WINDOWS\System32\NTOSKRNL.EXE
File: C:\WINDOWS\System32\WINLOAD.EXE
File: C:\WINDOWS\System32\HAL.DLL

CMD: BCDEDIT /Enum all
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.


Edited by JSntgRvr, 19 August 2017 - 12:15 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 kgtrojan

kgtrojan
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 19 August 2017 - 03:24 AM

Fix log below.

-------------

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-08-2017
Ran by User (19-08-2017 01:16:54) Run:2
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: Kappy & User)
Boot Mode: Normal
==============================================

fixlist content:
*****************

    CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
    Folder: C:\Windows\System32\drivers
    File: C:\WINDOWS\System32\NTOSKRNL.EXE
    File: C:\WINDOWS\System32\WINLOAD.EXE
    File: C:\WINDOWS\System32\HAL.DLL    CMD: BCDEDIT /Enum all
    
*****************


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


========= End of CMD: =========


========================= Folder: C:\Windows\System32\drivers ========================

2013-01-23 06:52 - 2013-01-23 06:52 - 000003070 _____ () C:\Windows\System32\drivers\1028_Dell_INS_660S.mrk
2009-07-13 17:06 - 2009-07-13 17:06 - 000068096 _____ (Microsoft Corporation) C:\Windows\System32\drivers\1394bus.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000229888 _____ (Microsoft Corporation) C:\Windows\System32\drivers\1394ohci.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000334208 _____ (Microsoft Corporation) C:\Windows\System32\drivers\acpi.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000012800 _____ (Microsoft Corporation) C:\Windows\System32\drivers\acpipmi.sys
2009-06-10 13:36 - 2009-07-13 18:52 - 000491088 _____ (Adaptec, Inc.) C:\Windows\System32\drivers\adp94xx.sys
2009-07-13 14:59 - 2009-07-13 18:52 - 000339536 _____ (Adaptec, Inc.) C:\Windows\System32\drivers\adpahci.sys
2009-07-13 14:59 - 2009-07-13 18:52 - 000182864 _____ (Adaptec, Inc.) C:\Windows\System32\drivers\adpu320.sys
2017-05-10 03:15 - 2017-04-04 07:53 - 000496128 _____ (Microsoft Corporation) C:\Windows\System32\drivers\afd.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\System32\drivers\agilevpn.sys
2009-07-13 16:38 - 2009-07-13 18:52 - 000061008 _____ (Microsoft Corporation) C:\Windows\System32\drivers\AGP440.sys
2009-07-13 16:19 - 2009-07-13 18:52 - 000015440 _____ (Acer Laboratories Inc.) C:\Windows\System32\drivers\aliide.sys
2009-07-13 16:19 - 2009-07-13 18:52 - 000015440 _____ (Microsoft Corporation) C:\Windows\System32\drivers\amdide.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000064512 _____ (Microsoft Corporation) C:\Windows\System32\drivers\amdk8.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000060928 _____ (Microsoft Corporation) C:\Windows\System32\drivers\amdppm.sys
2013-01-23 07:09 - 2013-01-23 07:09 - 000107904 _____ (Advanced Micro Devices) C:\Windows\System32\drivers\amdsata.sys
2009-06-10 13:37 - 2009-07-13 18:52 - 000194128 _____ (AMD Technologies Inc.) C:\Windows\System32\drivers\amdsbs.sys
2013-01-23 07:09 - 2013-01-23 07:09 - 000027008 _____ (Advanced Micro Devices) C:\Windows\System32\drivers\amdxata.sys
2017-08-12 18:04 - 2017-07-07 08:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\System32\drivers\appid.sys
2009-07-13 14:59 - 2009-07-13 18:52 - 000087632 _____ (Adaptec, Inc.) C:\Windows\System32\drivers\arc.sys
2009-07-13 14:59 - 2009-07-13 18:52 - 000097856 _____ (Adaptec, Inc.) C:\Windows\System32\drivers\arcsas.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000023040 _____ (Microsoft Corporation) C:\Windows\System32\drivers\asyncmac.sys
2009-07-13 16:19 - 2009-07-13 18:52 - 000024128 _____ (Microsoft Corporation) C:\Windows\System32\drivers\atapi.sys
2013-11-02 04:21 - 2013-08-04 19:25 - 000155584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ataport.sys
2013-01-23 05:33 - 2012-02-01 00:10 - 002804736 _____ (Atheros Communications, Inc.) C:\Windows\System32\drivers\athrx.sys
2009-06-10 13:34 - 2009-06-10 13:34 - 000270848 _____ (Broadcom Corporation) C:\Windows\System32\drivers\b57nd60a.sys
2009-07-13 16:31 - 2009-07-13 18:52 - 000028240 _____ (Microsoft Corporation) C:\Windows\System32\drivers\battc.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000006656 _____ (Microsoft Corporation) C:\Windows\System32\drivers\beep.sys
2009-07-13 16:35 - 2009-07-13 16:35 - 000045056 _____ (Microsoft Corporation) C:\Windows\System32\drivers\blbdrive.sys
2016-11-08 23:30 - 2016-10-05 07:54 - 000090112 _____ (Microsoft Corporation) C:\Windows\System32\drivers\bowser.sys
2009-07-13 18:19 - 2009-06-10 13:41 - 000018432 _____ (Brother Industries, Ltd.) C:\Windows\System32\drivers\BrFiltLo.sys
2009-07-13 18:20 - 2009-06-10 13:41 - 000008704 _____ (Brother Industries, Ltd.) C:\Windows\System32\drivers\BrFiltUp.sys
2009-07-13 18:05 - 2009-07-13 18:01 - 000095232 _____ (Microsoft Corporation) C:\Windows\System32\drivers\bridge.sys
2009-07-13 18:19 - 2009-07-13 18:19 - 000286720 _____ (Brother Industries Ltd.) C:\Windows\System32\drivers\BrSerId.sys
2009-07-13 18:20 - 2009-06-10 13:41 - 000047104 _____ (Brother Industries Ltd.) C:\Windows\System32\drivers\BrSerWdm.sys
2009-07-13 18:20 - 2009-06-10 13:41 - 000014976 _____ (Brother Industries Ltd.) C:\Windows\System32\drivers\BrUsbMdm.sys
2009-07-13 18:20 - 2009-06-10 13:41 - 000014720 _____ (Brother Industries Ltd.) C:\Windows\System32\drivers\BrUsbSer.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000072192 _____ (Microsoft Corporation) C:\Windows\System32\drivers\bthmodem.sys
2009-06-10 13:34 - 2009-06-10 13:34 - 000468480 _____ (Broadcom Corporation) C:\Windows\System32\drivers\bxvbda.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000092160 _____ (Microsoft Corporation) C:\Windows\System32\drivers\cdfs.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000147456 _____ (Microsoft Corporation) C:\Windows\System32\drivers\cdrom.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000045568 _____ (Microsoft Corporation) C:\Windows\System32\drivers\circlass.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000179072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\Classpnp.sys
2009-07-13 16:31 - 2009-07-13 16:31 - 000017664 _____ (Microsoft Corporation) C:\Windows\System32\drivers\CmBatt.sys
2009-07-13 16:19 - 2009-07-13 18:52 - 000017488 _____ (CMD Technology, Inc.) C:\Windows\System32\drivers\cmdide.sys
2016-12-14 06:32 - 2016-11-20 07:07 - 000467392 _____ (Microsoft Corporation) C:\Windows\System32\drivers\cng.sys
2009-07-13 16:31 - 2009-07-13 18:52 - 000021584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\compbatt.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000038912 _____ (Microsoft Corporation) C:\Windows\System32\drivers\CompositeBus.sys
2009-07-13 17:01 - 2009-07-13 18:47 - 000039504 _____ (Microsoft Corporation) C:\Windows\System32\drivers\crashdmp.sys
2009-07-13 17:01 - 2009-07-13 18:47 - 000024144 _____ (Microsoft Corporation) C:\Windows\System32\drivers\crcdisk.sys
2013-09-24 07:10 - 2013-09-24 07:10 - 000097768 _____ (Citrix Systems, Inc.) C:\Windows\System32\drivers\ctxusbm.sys
2016-10-11 21:47 - 2016-09-08 07:55 - 000106496 _____ (Microsoft Corporation) C:\Windows\System32\drivers\dfsc.sys
2009-07-13 16:37 - 2009-07-13 16:37 - 000040448 _____ (Microsoft Corporation) C:\Windows\System32\drivers\discache.sys
2016-04-13 07:11 - 2016-01-20 17:51 - 000073664 _____ (Microsoft Corporation) C:\Windows\System32\drivers\disk.sys
2014-04-08 20:32 - 2014-02-03 19:37 - 000027584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\Diskdump.sys
2016-01-13 00:54 - 2015-12-08 11:54 - 000116736 _____ (Microsoft Corporation) C:\Windows\System32\drivers\drmk.sys
2016-01-13 00:54 - 2015-12-08 11:11 - 000005632 _____ (Microsoft Corporation) C:\Windows\System32\drivers\drmkaud.sys
2009-07-13 16:19 - 2009-07-13 18:47 - 000028736 _____ (Microsoft Corporation) C:\Windows\System32\drivers\Dumpata.sys
2009-07-13 16:21 - 2009-07-13 18:43 - 000055128 _____ (Microsoft Corporation) C:\Windows\System32\drivers\dumpfve.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000016896 _____ (Microsoft Corporation) C:\Windows\System32\drivers\dxapi.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000098816 _____ (Microsoft Corporation) C:\Windows\System32\drivers\dxg.sys
2017-07-15 06:31 - 2017-05-16 08:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\System32\drivers\dxgkrnl.sys
2017-07-15 06:31 - 2017-05-16 08:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\System32\drivers\dxgmms1.sys
2009-06-10 13:36 - 2009-07-13 18:47 - 000530496 _____ (Emulex) C:\Windows\System32\drivers\elxstor.sys
2009-07-13 16:31 - 2009-07-13 16:31 - 000009728 _____ (Microsoft Corporation) C:\Windows\System32\drivers\errdev.sys
2009-06-10 13:34 - 2009-06-10 13:34 - 003286016 _____ (Broadcom Corporation) C:\Windows\System32\drivers\evbda.sys
2017-05-10 03:15 - 2017-03-10 08:55 - 000195584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\exfat.sys
2017-06-09 22:32 - 2017-06-21 21:49 - 000113592 _____ (Malwarebytes) C:\Windows\System32\drivers\farflt.sys
2017-05-10 03:15 - 2017-03-10 08:55 - 000205312 _____ (Microsoft Corporation) C:\Windows\System32\drivers\fastfat.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000029696 _____ (Microsoft Corporation) C:\Windows\System32\drivers\fdc.sys
2009-07-13 16:34 - 2009-07-13 18:47 - 000070224 _____ (Microsoft Corporation) C:\Windows\System32\drivers\fileinfo.sys
2009-07-13 16:25 - 2009-07-13 16:25 - 000034304 _____ (Microsoft Corporation) C:\Windows\System32\drivers\filetrace.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\drivers\flpydisk.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000289664 _____ (Microsoft Corporation) C:\Windows\System32\drivers\fltMgr.sys
2013-01-23 07:09 - 2013-01-23 07:09 - 000023408 _____ (Microsoft Corporation) C:\Windows\System32\drivers\fs_rec.sys
2009-07-13 16:26 - 2009-07-13 18:47 - 000055376 _____ (Microsoft Corporation) C:\Windows\System32\drivers\fsdepends.sys
2013-11-02 04:17 - 2013-01-23 23:01 - 000223752 _____ (Microsoft Corporation) C:\Windows\System32\drivers\fvevol.sys
2017-07-15 06:31 - 2017-05-29 21:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\System32\drivers\FWPKCLNT.SYS
2009-07-13 16:38 - 2009-07-13 18:47 - 000065088 _____ (Microsoft Corporation) C:\Windows\System32\drivers\GAGP30KX.SYS
2009-06-10 13:30 - 2009-06-10 13:30 - 003440660 _____ () C:\Windows\System32\drivers\gm.dls
2009-07-13 15:13 - 2009-06-10 13:30 - 000000646 _____ () C:\Windows\System32\drivers\gmreadme.txt
2009-07-13 15:53 - 2009-06-10 13:31 - 000031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\System32\drivers\hcw85cir.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000122368 _____ (Microsoft Corporation) C:\Windows\System32\drivers\hdaudbus.sys
2013-01-23 06:52 - 2011-11-10 02:04 - 000060184 _____ (Intel Corporation) C:\Windows\System32\drivers\HECIx64.sys
2009-07-13 16:31 - 2009-07-13 16:31 - 000026624 _____ (Microsoft Corporation) C:\Windows\System32\drivers\hidbatt.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000100864 _____ (Microsoft Corporation) C:\Windows\System32\drivers\hidbth.sys
2013-11-02 04:21 - 2013-07-02 21:05 - 000076800 _____ (Microsoft Corporation) C:\Windows\System32\drivers\hidclass.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000046592 _____ (Microsoft Corporation) C:\Windows\System32\drivers\hidir.sys
2013-11-02 04:21 - 2013-07-02 21:05 - 000032896 _____ (Microsoft Corporation) C:\Windows\System32\drivers\hidparse.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000030208 _____ (Microsoft Corporation) C:\Windows\System32\drivers\hidusb.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000078720 _____ (Hewlett-Packard Company) C:\Windows\System32\drivers\HpSAMD.sys
2017-07-15 06:31 - 2017-06-15 13:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\System32\drivers\http.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000014720 _____ (Microsoft Corporation) C:\Windows\System32\drivers\hwpolicy.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000105472 _____ (Microsoft Corporation) C:\Windows\System32\drivers\i8042prt.sys
2013-01-23 06:53 - 2012-02-01 17:16 - 000568600 _____ (Intel Corporation) C:\Windows\System32\drivers\iaStor.sys
2013-01-23 07:09 - 2013-01-23 07:09 - 000410496 _____ (Intel Corporation) C:\Windows\System32\drivers\iaStorV.sys
2013-01-23 06:53 - 2012-03-19 17:32 - 014745600 _____ (Intel Corporation) C:\Windows\System32\drivers\igdkmd64.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\System32\drivers\iirsp.sys
2013-01-23 06:54 - 2011-12-06 04:23 - 000331264 _____ (Intel® Corporation) C:\Windows\System32\drivers\IntcDAud.sys
2009-07-13 16:19 - 2009-07-13 18:48 - 000016960 _____ (Microsoft Corporation) C:\Windows\System32\drivers\intelide.sys
2013-01-23 05:32 - 2011-12-16 11:40 - 000015128 _____ () C:\Windows\System32\drivers\IntelMEFWVer.dll
2009-07-13 16:19 - 2009-07-13 16:19 - 000062464 _____ (Microsoft Corporation) C:\Windows\System32\drivers\intelppm.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000082944 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ipfltdrv.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000078848 _____ (Microsoft Corporation) C:\Windows\System32\drivers\IPMIDrv.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000116224 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ipnat.sys
2009-07-13 17:09 - 2009-07-13 17:09 - 000120320 _____ (Microsoft Corporation) C:\Windows\System32\drivers\irda.sys
2009-07-13 17:08 - 2009-07-13 17:08 - 000017920 _____ (Microsoft Corporation) C:\Windows\System32\drivers\irenum.sys
2009-07-13 16:31 - 2009-07-13 18:48 - 000020544 _____ (Microsoft Corporation) C:\Windows\System32\drivers\isapnp.sys
2013-01-23 05:32 - 2012-02-27 03:01 - 000016152 _____ (Intel Corporation) C:\Windows\System32\drivers\iusb3hcs.sys
2013-01-23 05:32 - 2012-02-27 03:01 - 000356120 _____ (Intel Corporation) C:\Windows\System32\drivers\iusb3hub.sys
2013-01-23 05:32 - 2012-02-27 03:01 - 000788760 _____ (Intel Corporation) C:\Windows\System32\drivers\iusb3xhc.sys
2009-07-13 16:19 - 2009-07-13 18:48 - 000050768 _____ (Microsoft Corporation) C:\Windows\System32\drivers\kbdclass.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000033280 _____ (Microsoft Corporation) C:\Windows\System32\drivers\kbdhid.sys
2016-06-07 02:31 - 2016-06-07 02:31 - 000052152 _____ (The OpenVPN Project) C:\Windows\System32\drivers\kltap.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000243712 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ks.sys
2017-08-12 18:04 - 2017-07-07 08:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ksecdd.sys
2017-08-12 18:04 - 2017-07-07 08:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ksecpkg.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000020992 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ksthunk.sys
2009-07-13 17:08 - 2009-07-13 17:08 - 000060928 _____ (Microsoft Corporation) C:\Windows\System32\drivers\lltdio.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000114752 _____ (LSI Corporation) C:\Windows\System32\drivers\lsi_fc.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000106560 _____ (LSI Corporation) C:\Windows\System32\drivers\lsi_sas.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000065600 _____ (LSI Corporation) C:\Windows\System32\drivers\lsi_sas2.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000115776 _____ (LSI Corporation) C:\Windows\System32\drivers\lsi_scsi.sys
2009-07-13 16:26 - 2009-07-13 16:26 - 000113152 _____ (Microsoft Corporation) C:\Windows\System32\drivers\luafv.sys
2017-06-09 22:31 - 2017-07-15 10:33 - 000077376 _____ () C:\Windows\System32\drivers\mbae64.sys
2017-06-09 22:32 - 2017-06-21 21:49 - 000044960 _____ (Malwarebytes) C:\Windows\System32\drivers\mbam.sys
2017-06-09 22:32 - 2017-06-09 22:32 - 000188312 _____ (Malwarebytes) C:\Windows\System32\drivers\MBAMChameleon.sys
2017-06-09 22:32 - 2017-08-18 20:06 - 000253856 _____ (Malwarebytes) C:\Windows\System32\drivers\MBAMSwissArmy.sys
2009-07-13 17:01 - 2009-07-13 17:01 - 000022016 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mcd.sys
2009-06-10 13:37 - 2009-07-13 18:48 - 000035392 _____ (LSI Corporation) C:\Windows\System32\drivers\megasas.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000284736 _____ (LSI Corporation, Inc.) C:\Windows\System32\drivers\MegaSR.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000040448 _____ (Microsoft Corporation) C:\Windows\System32\drivers\modem.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000030208 _____ (Microsoft Corporation) C:\Windows\System32\drivers\monitor.sys
2009-07-13 16:19 - 2009-07-13 18:48 - 000049216 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mouclass.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000031232 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mouhid.sys
2017-06-13 19:29 - 2017-05-07 08:33 - 000094440 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mountmgr.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000155008 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mpio.sys
2009-07-13 17:08 - 2009-07-13 17:08 - 000077312 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mpsdrv.sys
2016-10-11 21:47 - 2016-09-08 07:55 - 000142336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mrxdav.sys
2017-08-12 18:04 - 2017-07-07 07:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mrxsmb.sys
2017-08-12 18:04 - 2017-07-07 07:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mrxsmb10.sys
2017-08-12 18:04 - 2017-07-07 07:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mrxsmb20.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000031104 _____ (Microsoft Corporation) C:\Windows\System32\drivers\msahci.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000140672 _____ (Microsoft Corporation) C:\Windows\System32\drivers\msdsm.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\System32\drivers\msfs.sys
2013-01-23 05:32 - 2013-01-23 05:32 - 000000000 ____H () C:\Windows\System32\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2013-01-23 07:15 - 2013-01-23 07:15 - 000000000 ____H () C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-11-02 04:21 - 2012-11-28 15:56 - 000000003 _____ () C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-11-02 08:02 - 2012-06-02 07:57 - 000000003 _____ () C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2009-07-13 17:06 - 2009-07-13 17:06 - 000008192 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mshidkmdf.sys
2009-07-13 16:19 - 2009-07-13 18:48 - 000015424 _____ (Microsoft Corporation) C:\Windows\System32\drivers\msisadrv.sys
2014-04-08 20:32 - 2014-02-03 19:35 - 000274880 _____ (Microsoft Corporation) C:\Windows\System32\drivers\msiscsi.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000011136 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mskssrv.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mspclock.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000006784 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mspqm.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000366976 _____ (Microsoft Corporation) C:\Windows\System32\drivers\msrpc.sys
2009-07-13 16:31 - 2009-07-13 18:48 - 000032320 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mssmbios.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000008064 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mstee.sys
2009-07-13 17:02 - 2009-07-13 17:02 - 000015360 _____ (Microsoft Corporation) C:\Windows\System32\drivers\MTConfig.sys
2009-07-13 16:23 - 2009-07-13 18:48 - 000060496 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mup.sys
2017-06-09 22:32 - 2017-06-24 21:56 - 000084256 _____ (Malwarebytes) C:\Windows\System32\drivers\mwac.sys
2015-11-10 22:24 - 2015-10-12 21:57 - 000950720 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ndis.sys
2009-07-13 17:08 - 2009-07-13 17:08 - 000035328 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ndiscap.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000024064 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ndistapi.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000056832 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ndisuio.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000164352 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ndiswan.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000057856 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ndproxy.sys
2009-07-13 17:09 - 2009-07-13 17:09 - 000044544 _____ (Microsoft Corporation) C:\Windows\System32\drivers\netbios.sys
2016-06-14 20:51 - 2016-05-11 07:58 - 000262144 _____ (Microsoft Corporation) C:\Windows\System32\drivers\netbt.sys
2017-07-15 06:31 - 2017-05-29 21:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\System32\drivers\netio.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000051264 _____ (IBM Corporation) C:\Windows\System32\drivers\nfrd960.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000044032 _____ (Microsoft Corporation) C:\Windows\System32\drivers\npfs.sys
2009-07-13 16:21 - 2009-07-13 16:21 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\drivers\nsiproxy.sys
2017-07-15 06:31 - 2017-06-09 08:33 - 001680616 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ntfs.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000006144 _____ (Microsoft Corporation) C:\Windows\System32\drivers\null.sys
2009-07-13 16:38 - 2009-07-13 18:48 - 000122960 _____ (Microsoft Corporation) C:\Windows\System32\drivers\NV_AGP.SYS
2013-01-23 07:09 - 2013-01-23 07:09 - 000148352 _____ (NVIDIA Corporation) C:\Windows\System32\drivers\nvraid.sys
2013-01-23 07:09 - 2013-01-23 07:09 - 000166272 _____ (NVIDIA Corporation) C:\Windows\System32\drivers\nvstor.sys
2009-07-13 17:07 - 2009-07-13 17:07 - 000318976 _____ (Microsoft Corporation) C:\Windows\System32\drivers\nwifi.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000072832 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ohci1394.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000131584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\pacer.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000097280 _____ (Microsoft Corporation) C:\Windows\System32\drivers\parport.sys
2013-01-23 07:09 - 2013-01-23 07:09 - 000075120 _____ (Microsoft Corporation) C:\Windows\System32\drivers\partmgr.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000184704 _____ (Microsoft Corporation) C:\Windows\System32\drivers\pci.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000012352 _____ (Microsoft Corporation) C:\Windows\System32\drivers\pciide.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000048720 _____ (Microsoft Corporation) C:\Windows\System32\drivers\pciidex.sys
2009-07-13 16:31 - 2009-07-13 18:45 - 000220752 _____ (Microsoft Corporation) C:\Windows\System32\drivers\pcmcia.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000050768 _____ (Microsoft Corporation) C:\Windows\System32\drivers\pcw.sys
2016-10-11 21:47 - 2016-06-14 10:11 - 000663552 _____ (Microsoft Corporation) C:\Windows\System32\drivers\PEAuth.sys
2016-01-13 00:54 - 2015-12-08 11:12 - 000230400 _____ (Microsoft Corporation) C:\Windows\System32\drivers\portcls.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\System32\drivers\processr.sys
2009-06-10 13:37 - 2009-07-13 18:45 - 001524816 _____ (QLogic Corporation) C:\Windows\System32\drivers\ql2300.sys
2009-07-13 14:59 - 2009-07-13 18:45 - 000128592 _____ (QLogic Corporation) C:\Windows\System32\drivers\ql40xx.sys
2009-07-13 17:09 - 2009-07-13 17:09 - 000046592 _____ (Microsoft Corporation) C:\Windows\System32\drivers\qwavedrv.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000014848 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rasacd.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000129536 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rasl2tp.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000092672 _____ (Microsoft Corporation) C:\Windows\System32\drivers\raspppoe.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000111104 _____ (Microsoft Corporation) C:\Windows\System32\drivers\raspptp.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000083968 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rassstp.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000309248 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rdbss.sys
2009-07-13 17:17 - 2009-07-13 17:17 - 000024064 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rdpbus.sys
2009-07-13 17:16 - 2009-07-13 17:16 - 000007680 _____ (Microsoft Corporation) C:\Windows\System32\drivers\RDPCDD.sys
2009-07-13 17:16 - 2009-07-13 17:16 - 000007680 _____ (Microsoft Corporation) C:\Windows\System32\drivers\RDPENCDD.sys
2009-07-13 17:16 - 2009-07-13 17:16 - 000008192 _____ (Microsoft Corporation) C:\Windows\System32\drivers\RDPREFMP.sys
2014-10-15 02:13 - 2014-07-16 18:21 - 000212480 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rdpwd.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000213888 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rdyboost.sys
2015-12-08 21:23 - 2015-11-05 02:53 - 000146944 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rmcast.sys
2013-01-23 07:09 - 2013-01-23 07:09 - 000041472 _____ (Microsoft Corporation) C:\Windows\System32\drivers\RNDISMP.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000011264 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rootmdm.sys
2009-07-13 17:08 - 2009-07-13 17:08 - 000076800 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rspndr.sys
2013-01-23 06:53 - 2011-08-23 23:57 - 000565352 _____ (Realtek ) C:\Windows\System32\drivers\Rt64win7.sys
2013-01-23 06:53 - 2012-01-17 17:25 - 000215644 _____ () C:\Windows\System32\drivers\RTAIODAT.DAT
2013-01-23 06:53 - 2012-01-17 20:19 - 004734440 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\drivers\RTKVHD64.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000103808 _____ (Microsoft Corporation) C:\Windows\System32\drivers\sbp2port.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000029696 _____ (Microsoft Corporation) C:\Windows\System32\drivers\scfilter.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000171392 _____ (Microsoft Corporation) C:\Windows\System32\drivers\scsiport.sys
2009-07-13 19:36 - 2009-06-10 13:37 - 000023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\System32\drivers\secdrv.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000023552 _____ (Microsoft Corporation) C:\Windows\System32\drivers\serenum.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000094208 _____ (Brother Industries Ltd.) C:\Windows\System32\drivers\serial.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000026624 _____ (Microsoft Corporation) C:\Windows\System32\drivers\sermouse.sys
2009-07-13 17:01 - 2009-07-13 17:01 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\sffdisk.sys
2009-07-13 17:01 - 2009-07-13 17:01 - 000013824 _____ (Microsoft Corporation) C:\Windows\System32\drivers\sffp_mmc.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\sffp_sd.sys
2009-07-13 17:01 - 2009-07-13 17:01 - 000016896 _____ (Microsoft Corporation) C:\Windows\System32\drivers\sfloppy.sys
2009-06-10 13:37 - 2009-07-13 18:45 - 000043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\System32\drivers\sisraid2.sys
2009-07-13 14:59 - 2009-07-13 18:45 - 000080464 _____ (Silicon Integrated Systems) C:\Windows\System32\drivers\sisraid4.sys
2009-07-13 17:09 - 2009-07-13 17:09 - 000093184 _____ (Microsoft Corporation) C:\Windows\System32\drivers\smb.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000020992 _____ (Microsoft Corporation) C:\Windows\System32\drivers\smclib.sys
2009-07-13 13:27 - 2009-07-13 18:45 - 000019008 _____ (Microsoft Corporation) C:\Windows\System32\drivers\spldr.sys
2009-06-10 13:48 - 2009-06-10 13:48 - 000426496 _____ (Microsoft Corporation) C:\Windows\System32\drivers\spsys.sys
2017-05-10 03:15 - 2017-04-05 07:55 - 000460800 _____ (Microsoft Corporation) C:\Windows\System32\drivers\srv.sys
2017-05-10 03:15 - 2017-04-05 07:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\System32\drivers\srv2.sys
2017-05-10 03:15 - 2017-04-05 07:55 - 000168960 _____ (Microsoft Corporation) C:\Windows\System32\drivers\srvnet.sys
2009-07-13 14:59 - 2009-07-13 18:45 - 000024656 _____ (Promise Technology) C:\Windows\System32\drivers\stexstor.sys
2014-04-08 20:32 - 2014-02-03 19:35 - 000190912 _____ (Microsoft Corporation) C:\Windows\System32\drivers\storport.sys
2015-06-09 17:43 - 2015-04-10 20:19 - 000069888 _____ (Microsoft Corporation) C:\Windows\System32\drivers\stream.sys
2009-07-13 17:00 - 2009-07-13 18:45 - 000012496 _____ (Microsoft Corporation) C:\Windows\System32\drivers\swenum.sys
2009-07-13 17:01 - 2009-07-13 17:01 - 000029184 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tape.sys
2017-07-15 06:31 - 2017-05-29 21:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tcpip.sys
2016-09-13 23:49 - 2016-07-07 08:08 - 000046080 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tcpipreg.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000026624 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tdi.sys
2009-07-13 17:16 - 2009-07-13 17:16 - 000015872 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tdpipe.sys
2013-11-01 11:38 - 2012-02-16 21:57 - 000023552 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tdtcp.sys
2017-08-12 18:04 - 2017-07-29 07:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tdx.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000063360 _____ (Microsoft Corporation) C:\Windows\System32\drivers\termdd.sys
2014-10-15 02:13 - 2014-07-16 18:21 - 000039936 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tssecsrv.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000059392 _____ (Microsoft Corporation) C:\Windows\System32\drivers\TsUsbFlt.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000031232 _____ (Microsoft Corporation) C:\Windows\System32\drivers\TsUsbGD.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000125440 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tunnel.sys
2009-07-13 16:38 - 2009-07-13 18:45 - 000064080 _____ (Microsoft Corporation) C:\Windows\System32\drivers\UAGP35.SYS
2010-11-20 20:23 - 2010-11-20 20:23 - 000328192 _____ (Microsoft Corporation) C:\Windows\System32\drivers\udfs.sys
2009-07-13 16:38 - 2009-07-13 18:45 - 000064592 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ULIAGPKX.SYS
2010-11-20 20:23 - 2010-11-20 20:23 - 000048640 _____ (Microsoft Corporation) C:\Windows\System32\drivers\umbus.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000009728 _____ (Microsoft Corporation) C:\Windows\System32\drivers\umpass.sys
2013-01-23 05:32 - 2012-02-27 03:00 - 000041984 _____ (Intel Corporation) C:\Windows\System32\drivers\USB3Ver.dll
2013-11-02 04:21 - 2013-02-11 21:12 - 000019968 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usb8023.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000032896 _____ (Microsoft Corporation) C:\Windows\System32\drivers\USBCAMD2.sys
2016-10-11 20:23 - 2016-08-16 13:40 - 000099840 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbccgp.sys
2013-11-02 04:21 - 2013-07-12 03:41 - 000100864 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbcir.sys
2016-10-11 20:23 - 2016-08-16 13:40 - 000007808 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbd.sys
2016-10-11 20:23 - 2016-08-16 13:40 - 000056320 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbehci.sys
2016-10-11 20:23 - 2016-08-16 13:40 - 000343552 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbhub.sys
2016-10-11 20:23 - 2016-08-16 13:40 - 000025600 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbohci.sys
2016-10-11 20:23 - 2016-08-16 13:40 - 000327168 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbport.sys
2009-07-13 17:38 - 2009-07-13 17:38 - 000025088 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbprint.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000031744 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbrpm.sys
2016-03-08 22:47 - 2016-02-03 11:07 - 000091648 _____ (Microsoft Corporation) C:\Windows\System32\drivers\USBSTOR.SYS
2016-10-11 20:23 - 2016-08-16 13:40 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbuhci.sys
2009-07-13 17:01 - 2009-07-13 18:45 - 000036432 _____ (Microsoft Corporation) C:\Windows\System32\drivers\vdrvroot.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000029184 _____ (Microsoft Corporation) C:\Windows\System32\drivers\vga.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000029184 _____ (Microsoft Corporation) C:\Windows\System32\drivers\vgapnp.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000215936 _____ (Microsoft Corporation) C:\Windows\System32\drivers\vhdmp.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000017488 _____ (VIA Technologies, Inc.) C:\Windows\System32\drivers\viaide.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000129024 _____ (Microsoft Corporation) C:\Windows\System32\drivers\videoprt.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000071552 _____ (Microsoft Corporation) C:\Windows\System32\drivers\volmgr.sys
2017-08-12 18:04 - 2017-07-07 08:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\System32\drivers\volmgrx.sys
2013-01-23 07:09 - 2013-01-23 07:09 - 000296320 _____ (Microsoft Corporation) C:\Windows\System32\drivers\volsnap.sys
2009-06-10 13:37 - 2009-07-13 18:45 - 000161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\System32\drivers\vsmraid.sys
2009-07-13 17:07 - 2009-07-13 17:07 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\drivers\vwifibus.sys
2009-07-13 17:07 - 2009-07-13 17:07 - 000059904 _____ (Microsoft Corporation) C:\Windows\System32\drivers\vwififlt.sys
2009-07-13 17:07 - 2009-07-13 17:07 - 000017920 _____ (Microsoft Corporation) C:\Windows\System32\drivers\vwifimp.sys
2009-07-13 17:02 - 2009-07-13 17:02 - 000027776 _____ (Microsoft Corporation) C:\Windows\System32\drivers\wacompen.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000088576 _____ (Microsoft Corporation) C:\Windows\System32\drivers\wanarp.sys
2009-07-13 16:37 - 2009-07-13 16:37 - 000042496 _____ (Microsoft Corporation) C:\Windows\System32\drivers\watchdog.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000021056 _____ (Microsoft Corporation) C:\Windows\System32\drivers\wd.sys
2013-11-02 04:21 - 2013-06-25 15:55 - 000785624 _____ (Microsoft Corporation) C:\Windows\System32\drivers\Wdf01000.sys
2013-11-02 04:21 - 2012-11-28 15:56 - 000054376 _____ (Microsoft Corporation) C:\Windows\System32\drivers\WdfLdr.sys
2009-07-13 17:09 - 2009-07-13 17:09 - 000012800 _____ (Microsoft Corporation) C:\Windows\System32\drivers\wfplwf.sys
2013-01-23 05:36 - 2006-11-01 03:51 - 000151656 _____ (Microsoft Corporation) C:\Windows\System32\drivers\WimFltr.sys
2009-07-13 16:29 - 2009-07-13 18:45 - 000022096 _____ (Microsoft Corporation) C:\Windows\System32\drivers\wimmount.sys
2009-07-13 16:31 - 2009-07-13 16:31 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\wmiacpi.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000016464 _____ (Microsoft Corporation) C:\Windows\System32\drivers\wmilib.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000021504 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ws2ifsl.sys
2013-11-02 08:02 - 2012-07-25 19:26 - 000087040 _____ (Microsoft Corporation) C:\Windows\System32\drivers\WUDFPf.sys
2013-11-02 08:02 - 2012-07-25 19:26 - 000198656 _____ (Microsoft Corporation) C:\Windows\System32\drivers\WUDFRd.sys
2010-11-21 00:06 - 2016-10-12 03:26 - 000000000 ____D () C:\Windows\System32\drivers\en-US
2010-11-21 00:06 - 2010-11-21 00:06 - 000011776 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\1394ohci.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000009216 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\acpi.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000014848 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\afd.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\AGP440.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\amdide.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\amdk8.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\amdppm.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ataport.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 _____ (ATI Technologies Inc.) C:\Windows\System32\drivers\en-US\atikmdag.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000007168 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\battc.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\bfe.dll.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Brother Industries Ltd.) C:\Windows\System32\drivers\en-US\BrParwdm.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000010240 _____ (Brother Industries Ltd.) C:\Windows\System32\drivers\en-US\BrSerIb.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000010240 _____ (Brother Industries Ltd.) C:\Windows\System32\drivers\en-US\BrSerId.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\bthenum.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000004608 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\bthpan.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000007680 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\bthport.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\BTHUSB.SYS.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\cdrom.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\disk.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\Dot4usb.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\fltmgr.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\fvevol.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\GAGP30KX.SYS.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\hdaudbus.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\HdAudio.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\hidbth.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000032256 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\http.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000010240 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\i8042prt.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\intelppm.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000006144 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ipnat.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\isapnp.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000004608 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\kbdhid.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000006144 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\luafv.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\modem.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\mouclass.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\mouhid.sys.mui
2015-08-12 02:25 - 2015-07-15 11:02 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\mountmgr.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000026624 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\mpio.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000005632 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\msdsm.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\mssmbios.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\MTConfig.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000035328 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ndis.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000005632 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ndiscap.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ndisuio.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000059904 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ntfs.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\NV_AGP.SYS.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000013824 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\nwifi.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000011776 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ohci1394.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000015360 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\pacer.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\parport.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\partmgr.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000008192 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\pci.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\pcmcia.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\pnpmem.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\portcls.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\processr.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003584 _____ (SCM Microsystems, Inc.) C:\Windows\System32\drivers\en-US\pscr.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\qwavedrv.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000004608 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\rdbss.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\RNDISMP.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\rndismp6.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\rndismpx.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\scfilter.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\scsiport.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000010240 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\serial.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\sermouse.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\serscan.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\srv.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000044032 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\tcpip.sys.mui
2016-04-13 07:11 - 2016-02-05 11:53 - 000008192 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\tpm.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000007680 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\tunnel.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\UAGP35.SYS.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ULIAGPKX.SYS.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\umbus.sys.mui
2016-10-11 20:23 - 2016-08-16 14:03 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\usbehci.sys.mui
2016-10-11 20:23 - 2016-08-16 14:03 - 000011776 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\usbhub.sys.mui
2016-10-11 20:23 - 2016-08-16 14:03 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\usbport.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\usbrpm.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\vdrvroot.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\vhdmp.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\volmgrx.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000023552 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\volsnap.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\vwifibus.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\wacompen.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\wd.sys.mui
2013-11-02 08:29 - 2012-07-25 21:47 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ws2ifsl.sys.mui
2009-07-13 20:20 - 2017-08-14 20:59 - 000000000 ____D () C:\Windows\System32\drivers\etc
2009-07-13 19:34 - 2017-08-14 20:59 - 000000035 _____ () C:\Windows\System32\drivers\etc\hosts
2009-07-13 19:35 - 2009-06-10 14:00 - 000003683 _____ () C:\Windows\System32\drivers\etc\lmhosts.sam
2009-07-13 19:34 - 2009-06-10 14:00 - 000000407 _____ () C:\Windows\System32\drivers\etc\networks
2009-07-13 19:34 - 2009-06-10 14:00 - 000001358 _____ () C:\Windows\System32\drivers\etc\protocol
2009-07-13 19:34 - 2009-06-10 14:00 - 000017463 _____ () C:\Windows\System32\drivers\etc\services
2009-07-13 20:20 - 2013-01-23 07:15 - 000000000 ____D () C:\Windows\System32\drivers\UMDF
2009-07-13 17:21 - 2009-07-13 18:41 - 000299520 _____ (Microsoft Corporation) C:\Windows\System32\drivers\UMDF\WpdFs.dll
2010-11-21 00:06 - 2010-11-21 00:06 - 000000000 ____D () C:\Windows\System32\drivers\UMDF\en-US
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\UMDF\en-US\WpdMtpDr.dll.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000006144 _____ (Microsoft Corporation) C:\Windows\System32\drivers\UMDF\en-US\WUDFUsbccidDriver.dll.mui

====== End of Folder: ======


========================= File: C:\WINDOWS\System32\NTOSKRNL.EXE ========================

File is digitally signed
MD5: 44229026F0B4DED033280CCBCA72465B
Creation and modification date: 2017-08-12 18:05 - 2017-07-07 08:33
Size: 005547752
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: ntkrnlmp.exe
Original Name: ntkrnlmp.exe
Product: Microsoft® Windows® Operating System
Description: NT Kernel & System
File Version: 6.1.7601.23864 (win7sp1_ldr.170707-0600)
Product Version: 6.1.7601.23864
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/file/143442bd895017703c88900bd1f2f636a77d87033fd8c24cb3beb6fe50440046/analysis/1503004079/

====== End of File: ======


========================= File: C:\WINDOWS\System32\WINLOAD.EXE ========================

File is digitally signed
MD5: 77A271A950ADA116D6D740AC1466F520
Creation and modification date: 2016-12-14 06:32 - 2016-10-08 06:06
Size: 000633296
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: osloader.exe
Original Name: osloader.exe
Product: Microsoft® Windows® Operating System
Description: OS Loader
File Version: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
Product Version: 6.1.7601.23569
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/file/b4f87e95fcaa04ccc9a0f860e10aee15cb472db044e28069e0a6d5731c079689/analysis/1502483866/

====== End of File: ======


========================= File: C:\WINDOWS\System32\HAL.DLL    CMD: BCDEDIT /Enum all ========================

"C:\WINDOWS\System32\HAL.DLL    CMD: BCDEDIT /Enum all" => not found.
====== End of File: ======


==== End of Fixlog 01:22:26 ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users