Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potential Win 10 x64 Boot Infector Preventing System Rebuild.


  • This topic is locked This topic is locked
41 replies to this topic

#1 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:42 PM

Posted 11 November 2017 - 01:46 PM

Hi,

 

 

Thanks for your time!

 

I'm trying to assist a friend to repair her Laptop which seems to be hacked/infected.

 

This machine is a Lenovo Ideapad 110 running Windows 10 x64 Home (pre-installed,) plus, Office 365 (2016) which are all duly licensed.

 

The machine has an AMD K6-7310 Processor (showing as running at 2ghz) & Radeon R4 Graphics.

 

It has 8gb Ram.  The HDD is an ST1000LM035-1RK1 allegedly about 1Tb.

 

It is/was running Kaspersky Total Security 2017 plus Malwarebytes: 3.2.2.2018 with component package: 1.0.212, update package version: 1.0.3231.

 

The first indicator that something was not right was major slowing of this machine. The boot time is ridiculous even taking into account the HDD. The cursor is also moving of its own accord.

 

Today I counted 72+ Instances of SVCHOST.EXE with the machine running at idle. 

 

Google Chrome is showing far more Windows Open than actually are.

 

*EDIT ( I am now UNABLE to LAUNCH Farbar.) Smartscreen is blocking it and I am unable to "unblock" it by normal means.

 

Programs are taking in excess of 10 seconds to start to load(at times well over 20 secs.) and general performance is shocking. I'm aware that this model of laptop is no speed demon but this is ridiculous.

 

I've been working on PCs since the Radio Shack TRS-80(?) back in the 1970's and have never been so perplexed by a PC issue. I'm a relatively new convert to Win 10, and, as such, would be grateful for someone to have a look over this system for a start please?

 

There appears to be something going on with the networking side of things, somewhat reminiscent of the old "Back Orifice" or "SubSeven" type Backdoors. I have also seen files which lead me to believe that "IME" is also potentially in play. This PC runs a VPN setup (Nord,) but even that doesn't explain the IP Addresses I've been regularly booting out with AdwCleaner and, at times, Rogue Killer.

 

I actually seriously doubt that Malwarebytes or Kaspersky Total are running properly. I would have thought that Malwarebytes would have picked up on the things that AdwCleaner grabbed, but not so.

 

There is a user profile set up as DefaultUser0, in addition to the profile of my friend,plus the standard "Default" and "Public."

 

It also seems that the OneDrive interface is being abused, possibly as a means of access. Skydrive was also being accessed by the OneDrive interface.

 

I have also noticed considerable activity on Network Ports in the 40,000+ Range.

 

Significant amounts of data seem to be disappearing also.

 

I've taken all this up with MS but they refuse to do anything but re-install Windows. From my experience with my own PC, assuming this is the same infector/hack, it stores its own copy of a Windows Image and will not permit re-installation from any other source even after completely flattening the system and attempting to install from a good image on DVD.

 

I have run Farbar x64, but it was a version dating back to August as it refuses to update. I've run the "standard" scans, plus, I ran one with BCD and Shortcuts.txt also. Farbar, when run, creates a folder in the C:\ root which contains ERUNT.EXE plus some very ancient looking (Win NT) registry hives & what seem to be user profiles.

 

I'll gladly paste in whatever you'd like. Please bear with me as I've done a great deal of reading on this site but this is my first post. I have yet to work out how to insert a Screenshot. If someone would advise me I'd be grateful.

 

The only reason I may fail to respond in a timely manner will be due to a network outage(induced or otherwise.)

 

I'm not posting the Farbar logs due to my interpretation of the forum rules.

 

 

To start with here's the most recent batch of scan logs, minus the Farbar ones until requested:

 

 

 

HitmanPro 3.7.20.286
 
www.hitmanpro.com
 
   Computer name . . . . : LAPTOP-CB5ICRTF
   Windows . . . . . . . : 10.0.0.15063.X64/4
   User name . . . . . . : LAPTOP-CB5ICRTF\Curri
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)
 
   Scan date . . . . . . : 2017-11-12 02:50:15
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 14m 22s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 10
 
   Objects scanned . . . : 1,743,558
   Files scanned . . . . : 43,963
   Remnants scanned  . . : 386,851 files / 1,312,744 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Curri\AppData\Local\Microsoft\Windows\FileHistory\Data\33\C\Users\Curri\Desktop\M-CHECK ASAP\FRST64.exe
      Size . . . . . . . : 2,395,648 bytes
      Age  . . . . . . . : 75.1 days (2017-08-29 00:35:04)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3A0DD3CC5A3AF8F77E2DFE27765BFC712CEF4536CCC3C6B27A9C5A790A3CAE0B
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
 
   C:\Users\Curri\AppData\Local\Microsoft\Windows\FileHistory\Data\33\C\Users\Curri\Downloads\FRST64.exe
      Size . . . . . . . : 2,395,648 bytes
      Age  . . . . . . . : 75.1 days (2017-08-29 00:34:28)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3A0DD3CC5A3AF8F77E2DFE27765BFC712CEF4536CCC3C6B27A9C5A790A3CAE0B
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
 
   C:\Users\Curri\AppData\Local\Microsoft\Windows\FileHistory\Data\67\C\Users\Curri\Desktop\TOOLS\Farbar\FRST64.exe
      Size . . . . . . . : 2,399,744 bytes
      Age  . . . . . . . : 48.3 days (2017-09-24 20:17:02)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 8ACD1981EAA43298F07CB6A52F329D1F7DAA2DE241B5AEE6FDA903ADBF2C9A1B
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
 
   C:\Users\Curri\Desktop\M-CHECK ASAP\FRST64.exe
      Size . . . . . . . : 2,395,648 bytes
      Age  . . . . . . . : 75.4 days (2017-08-28 18:03:50)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3A0DD3CC5A3AF8F77E2DFE27765BFC712CEF4536CCC3C6B27A9C5A790A3CAE0B
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
 
   C:\Users\Curri\Desktop\M-CHECK ASAP\Old Stuff\3rd Run Including MD5 and BCD plus Shortcuts\FRST64.exe
      Size . . . . . . . : 2,395,648 bytes
      Age  . . . . . . . : 0.1 days (2017-11-12 01:13:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3A0DD3CC5A3AF8F77E2DFE27765BFC712CEF4536CCC3C6B27A9C5A790A3CAE0B
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Users\Curri\Desktop\TOOLS\Farbar\FRST64.exe
      Size . . . . . . . : 2,399,744 bytes
      Age  . . . . . . . : 49.2 days (2017-09-23 22:18:27)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 8ACD1981EAA43298F07CB6A52F329D1F7DAA2DE241B5AEE6FDA903ADBF2C9A1B
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
 
   C:\Users\Curri\Downloads\FRST64.exe
      Size . . . . . . . : 2,395,648 bytes
      Age  . . . . . . . : 75.4 days (2017-08-28 17:18:04)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3A0DD3CC5A3AF8F77E2DFE27765BFC712CEF4536CCC3C6B27A9C5A790A3CAE0B
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Curri\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0864TC1E.cookie
   C:\Users\Curri\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\JSQK7IX2.cookie

 

 

PLEASE NOTE THAT THE GOOGLE COOKIE COULD NOT BE DELETED.

 

 

This is the latest Rogue Killer Scan Report:

 

 

RogueKiller V12.11.23.0 (x64) [Nov  6 2017] (Free) by Adlice Software

 
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Curri [Administrator]
Started from : C:\Users\Curri\Desktop\RogueKiller_portable64 (1).exe
Mode : Scan -- Date : 11/12/2017 02:15:14 (Duration : 01:19:29)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 2 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 103.86.99.99 103.86.96.96 78.46.223.24 162.242.211.137 ([X][X][-][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7176311d-6a8c-48e7-928e-057abc4ae0e1} | DhcpNameServer : 103.86.99.99 103.86.96.96 78.46.223.24 162.242.211.137 ([X][X][-][-])  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM035-1RK172 +++++
--- User ---
[MBR] 146c0b97c243c2a76a81979d359176f0
[BSP] 81341ba64eec7cac7867af8c16bca70c : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 908772 MB
3 - Basic data partition | Offset (sectors): 1861732352 | Size: 25600 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1914161152 | Size: 1000 MB
5 - Basic data partition | Offset (sectors): 1916209152 | Size: 17220 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1951475712 | Size: 1000 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Lexar USB Flash Drive USB Device +++++
--- User ---
[MBR] 5b465188ea4c714f107ef8d5b2d75d0b
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 64 | Size: 15262 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
This is the prior Rogue Killer report done late yesterday:

 

 

RogueKiller V12.11.16.0 (x64) [Sep 18 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Curri [Administrator]
Started from : C:\Users\Curri\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 11/11/2017 18:30:16 (Duration : 01:33:17)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 2 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 61.9.226.33 61.9.226.1 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e9eca778-ae65-480d-9ebd-d89859060234} | DhcpNameServer : 61.9.226.33 61.9.226.1 ([X][X])  -> Found
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \Lenovo\Lenovo Service Bridge\S-1-5-21-1429696996-3989237847-2058814036-1001 -- "C:\Users\Curri\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe" -> Found
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM035-1RK172 +++++
--- User ---
[MBR] 146c0b97c243c2a76a81979d359176f0
[BSP] 81341ba64eec7cac7867af8c16bca70c : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 908772 MB
3 - Basic data partition | Offset (sectors): 1861732352 | Size: 25600 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1914161152 | Size: 1000 MB
5 - Basic data partition | Offset (sectors): 1916209152 | Size: 17220 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1951475712 | Size: 1000 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Lexar USB Flash Drive USB Device +++++
--- User ---
[MBR] 5b465188ea4c714f107ef8d5b2d75d0b
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 64 | Size: 15262 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
Here is the latest AdwCleaner Scan:
 
 
 
# AdwCleaner 7.0.2.1 - Logfile created on Sat Nov 11 06:42:51 2017
# Updated on 2017/29/08 by Malwarebytes 
# Database: 08-29-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1429696996-3989237847-2058814036-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11082017120451378\Software\Host App Service
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1429696996-3989237847-2058814036-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11082017120451378\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [1283 B] - [2017/7/31 12:46:25]
C:/AdwCleaner/AdwCleaner[C1].txt - [1868 B] - [2017/9/24 7:30:20]
C:/AdwCleaner/AdwCleaner[C2].txt - [1876 B] - [2017/11/1 15:8:52]
C:/AdwCleaner/AdwCleaner[S0].txt - [1148 B] - [2017/7/31 12:44:49]
C:/AdwCleaner/AdwCleaner[S1].txt - [1081 B] - [2017/8/14 9:52:40]
C:/AdwCleaner/AdwCleaner[S2].txt - [1148 B] - [2017/8/28 10:29:31]
C:/AdwCleaner/AdwCleaner[S3].txt - [1216 B] - [2017/8/28 13:27:56]
C:/AdwCleaner/AdwCleaner[S4].txt - [1284 B] - [2017/8/30 11:56:34]
C:/AdwCleaner/AdwCleaner[S5].txt - [1352 B] - [2017/8/30 12:15:56]
C:/AdwCleaner/AdwCleaner[S6].txt - [1420 B] - [2017/9/23 12:10:14]
C:/AdwCleaner/AdwCleaner[S7].txt - [1709 B] - [2017/9/24 7:29:9]
C:/AdwCleaner/AdwCleaner[S8].txt - [1621 B] - [2017/10/31 11:58:31]
C:/AdwCleaner/AdwCleaner[S9].txt - [1690 B] - [2017/11/1 15:7:29]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt ##########
 
 
Upon trying to install Sophos Virus Removal Tool, I keep getting the following message:
 
"ERROR 1606. Could not access network location data" 

Edited by Unworn_Kilt, 12 November 2017 - 09:14 AM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


BC AdBot (Login to Remove)

 


#2 Unworn_Kilt

Unworn_Kilt
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:42 PM

Posted 15 November 2017 - 03:45 AM

Mod Edit: Moved from AII to Malware Removal Logs ~~ boopme

Here's the further information I advised I'd post.
 
Today, out of sheer frustration with this machine, I took the unusual step of running Rem-VBSWorm.  (I'm aware its not really designed for Win 10 systems.)
 
It Advised a Possible Andromeda/Gamarue Infection with the following Output:
 
 
 
=========== - General info:
 
Running under: Curri on profile: C:\Users\Curri
Computer name: LAPTOP-CB5ICRTF
 
Operating System:
Microsoft Windows 10 Home  
 
Boot Mode:
Normal boot  
 
Antivirus software installed:
Kaspersky Total Security  
 
Windows Defender          
 
Malwarebytes              
 
 
Executed on: Wed 15/11/2017 @  6:50:04.45
 
=========== - Drive info:
 
Listing currently attached drives:
Caption  Description       VolumeName  
 
C:       Local Fixed Disk  Windows     
 
D:       Local Fixed Disk  LENOVO      
 
E:       CD-ROM Disc                   
 
 
 
 
Physical drives information:
C: \Device\HarddiskVolume3 NTFS
D: \Device\HarddiskVolume4 NTFS
 
=========== - Disinfection info:
 
 
INFO: No tasks running with the specified criteria.
 
=========== - Shortcut info:
 
 
=========== - Scheduled tasks info:
 
TaskName:                             \Microsoft\Windows\NetTrace\GatherNetworkInfo
Next Run Time:                        N/A
Last Run Time:                        30/11/1999 12:00:00 AM
Task To Run:                          %windir%\system32\gatherNetworkInfo.vbs 
Start In:                             $(Arg1)
Comment:                              Network information collector
Run As User:                          Users
 
INFO: No tasks running with the specified criteria.
 
=========== - Shortcut info:
 
 
=========== - Scheduled tasks info:
 
TaskName:                             \Microsoft\Windows\NetTrace\GatherNetworkInfo
Next Run Time:                        N/A
Last Run Time:                        30/11/1999 12:00:00 AM
Task To Run:                          %windir%\system32\gatherNetworkInfo.vbs 
Start In:                             $(Arg1)
Comment:                              Network information collector
Run As User:                          Users
 
=========== - USB drive info:
 
F: selected
 
USB Device ID:
SCSI\DISK&VEN_&PROD_ST1000LM035-1RK1\4&1F8F3ACC&0&000000                   
 
USBSTOR\DISK&VEN_LEXAR&PROD_USB_FLASH_DRIVE&REV_1100\AA42GQCXVS8B4J9H1G&0  
 
 
 
 
Deleted file - F:\TOOLS\Windows Repair Dont Move\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\remove_symbolic_links_from_windows_defender_folder.bat
Deleted file - F:\AUTORUN.INF
WARNING... Possible Andromeda/Gamarue infection...
Listing root contents of F:
 
 
21/08/2016  09:14 PM    <DIR>          EncryptStick lite.app
21/08/2016  09:40 PM         2,056,833 EncryptStick Lite Quick Reference Release v6.0.19.pdf
21/08/2016  09:40 PM        16,468,768 encryptsticklite.exe
05/11/2016  04:28 PM            15,429 tn_P2290102.jpg
31/05/2017  08:04 PM    <DIR>          Doctor Web
01/06/2017  07:53 PM    <DIR>          Software Licenses etc
04/07/2017  02:04 AM    <DIR>          My Kindle Content
12/07/2017  07:19 PM        53,162,704 ksc_launcher.exe
31/07/2017  05:28 PM            31,805 Msg On Restart.PNG
31/07/2017  08:53 PM             7,864 RogueKiller_Run_1_31-07-2017_19-52hrs_Detect_Only.txt
31/07/2017  08:54 PM           389,960 RogueKiller_Run_1_31-07-2017_19-52hrs_Detect_Only.html
31/07/2017  11:05 PM           597,519 RogueKiller_Run_1_31-07-2017_19-52hrs_REMOVAL_.html
31/07/2017  11:06 PM           242,138 RogueKiller_Run_1_31-07-2017_19-52hrs_REMOVE_Only.txt
28/08/2017  06:45 PM                36 RegCheckWif.txt
28/08/2017  11:08 PM             5,022 RKreport_SCN_08282017_213247.log
28/08/2017  11:42 PM             2,120 Rkill_20-08-2017_22-42.txt
29/08/2017  02:42 AM             4,564 RKreport_SCN_08292017_010701.log
29/08/2017  02:42 AM             4,592 RKreport_DEL_08292017_014216.log
29/08/2017  04:54 AM             1,509 IPs To Check.txt
29/08/2017  05:52 AM               352 Check This Key.txt
24/09/2017  05:54 PM             1,970 Rkill_24-09-2017_16-54hrs.txt
24/09/2017  06:24 PM        26,696,776 RogueKiller_portable64.exe
28/10/2017  10:35 PM    <DIR>          Swiss Drumming Band
02/11/2017  02:11 AM    <DIR>          mbar
11/11/2017  09:45 PM               217 Oddities.txt
12/11/2017  01:15 AM    <DIR>          ksc
12/11/2017  01:28 AM            39,736 KSC_LAPTOP-CB5ICRTF_11_12_2017_00_27.html
12/11/2017  01:47 AM               101 Kaspersky_Update.txt
12/11/2017  01:56 AM               101 1.txt
12/11/2017  02:11 AM        26,828,360 RogueKiller_portable64 (1).exe
12/11/2017  03:34 AM             7,073 Sophos_Error_Msg.PNG
12/11/2017  04:18 AM             4,570 rogue_killer_12-11-2017_Run1.txt
12/11/2017  08:40 AM             1,872 Rkill.txt
12/11/2017  08:40 AM    <DIR>          TOOLS
12/11/2017  08:55 AM    <DIR>          NEW M
12/11/2017  06:54 PM             1,292 Submit.txt
12/11/2017  08:23 PM    <DIR>          M-CHECK ASAP
15/11/2017  06:54 AM     4,292,870,144 ReadyBoost.sfcache
              28 File(s)  4,419,443,427 bytes
              11 Dir(s)   9,545,252,864 bytes free
 
USB drive disinfected and files unhidden
 
 
=========== - USB drive info:
 
F: selected
 
USB Device ID:
SCSI\DISK&VEN_&PROD_ST1000LM035-1RK1\4&1F8F3ACC&0&000000                   
 
USBSTOR\DISK&VEN_LEXAR&PROD_USB_FLASH_DRIVE&REV_1100\AA42GQCXVS8B4J9H1G&0  
 
 
 
 
Deleted file - F:\AUTORUN.INF
WARNING... Possible Andromeda/Gamarue infection...
Listing root contents of F:
 
 
21/08/2016  09:14 PM    <DIR>          EncryptStick lite.app
21/08/2016  09:40 PM         2,056,833 EncryptStick Lite Quick Reference Release v6.0.19.pdf
21/08/2016  09:40 PM        16,468,768 encryptsticklite.exe
05/11/2016  04:28 PM            15,429 tn_P2290102.jpg
31/05/2017  08:04 PM    <DIR>          Doctor Web
01/06/2017  07:53 PM    <DIR>          Software Licenses etc
04/07/2017  02:04 AM    <DIR>          My Kindle Content
12/07/2017  07:19 PM        53,162,704 ksc_launcher.exe
31/07/2017  05:28 PM            31,805 Msg On Restart.PNG
31/07/2017  08:53 PM             7,864 RogueKiller_Run_1_31-07-2017_19-52hrs_Detect_Only.txt
31/07/2017  08:54 PM           389,960 RogueKiller_Run_1_31-07-2017_19-52hrs_Detect_Only.html
31/07/2017  11:05 PM           597,519 RogueKiller_Run_1_31-07-2017_19-52hrs_REMOVAL_.html
31/07/2017  11:06 PM           242,138 RogueKiller_Run_1_31-07-2017_19-52hrs_REMOVE_Only.txt
28/08/2017  06:45 PM                36 RegCheckWif.txt
28/08/2017  11:08 PM             5,022 RKreport_SCN_08282017_213247.log
28/08/2017  11:42 PM             2,120 Rkill_20-08-2017_22-42.txt
29/08/2017  02:42 AM             4,564 RKreport_SCN_08292017_010701.log
29/08/2017  02:42 AM             4,592 RKreport_DEL_08292017_014216.log
29/08/2017  04:54 AM             1,509 IPs To Check.txt
29/08/2017  05:52 AM               352 Check This Key.txt
24/09/2017  05:54 PM             1,970 Rkill_24-09-2017_16-54hrs.txt
24/09/2017  06:24 PM        26,696,776 RogueKiller_portable64.exe
28/10/2017  10:35 PM    <DIR>          Swiss Drumming Band
02/11/2017  02:11 AM    <DIR>          mbar
11/11/2017  09:45 PM               217 Oddities.txt
12/11/2017  01:15 AM    <DIR>          ksc
12/11/2017  01:28 AM            39,736 KSC_LAPTOP-CB5ICRTF_11_12_2017_00_27.html
12/11/2017  01:47 AM               101 Kaspersky_Update.txt
12/11/2017  01:56 AM               101 1.txt
12/11/2017  02:11 AM        26,828,360 RogueKiller_portable64 (1).exe
12/11/2017  03:34 AM             7,073 Sophos_Error_Msg.PNG
12/11/2017  04:18 AM             4,570 rogue_killer_12-11-2017_Run1.txt
12/11/2017  08:40 AM             1,872 Rkill.txt
12/11/2017  08:40 AM    <DIR>          TOOLS
12/11/2017  08:55 AM    <DIR>          NEW M
12/11/2017  06:54 PM             1,292 Submit.txt
12/11/2017  08:23 PM    <DIR>          M-CHECK ASAP
15/11/2017  06:55 AM    <DIR>          AUTORUN_.INF
              27 File(s)    126,573,283 bytes
              12 Dir(s)  13,838,090,240 bytes free
 
USB drive disinfected and files unhidden


Edited by boopme, 15 November 2017 - 12:44 PM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 PM

Posted 16 November 2017 - 01:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/662591 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Unworn_Kilt

Unworn_Kilt
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:42 PM

Posted 17 November 2017 - 06:41 AM

G'day,

 

 

Thanks for your help.

 

 

Please be aware that I'm located in Australia, hence we may be operating on different time zones. I make every attempt to operate on USA time, but occasionally I need to run on Australian time for meetings.

 

 

A "new" version of Malwarebytes installed a couple of days ago. Today, I've been having to constantly re-enable settings in it. When I first posted, the version of MWB was Malwarebytes: 3.2.2.2018 with component package: 1.0.212, update package version: 1.0.3231. After an "update" I was prompted to install, the details are now: MWB Version: 3.3.1.283; Component Package Version: 1.0.236; Update Package Version: 1.0.3271.

 

 

Kaspersky is connecting to some unusual locations for its downloads. Earlier it connected to Cogent which gave me a "Files are Corrupted" Error." Later it was trying to download from Quebec, not a server I recognised as being a Kaspersky one.

 

 

I've run all the removal steps for the "Andromeda/Gamarue" potential infection but came up with a null result.

 

 

I definitely don't have full control over this machine. I've been working on the things long enough to recognise when there's a problem. Usually I can solve them. This time, given that I'm a new convert to Win 10 x64, I need a bit of help please.

 

 

BACKGROUND INFORMATION:

 

 

My own machine is currently totally down. The infector on there seems to have hijacked Bitlocker. It also seems to have created its own Windows Image complete with the infector, encrypted it, and seems to load it onto an inacessible VDisk until reboot then it writes it back to the SSD on Restart or Shutdown. When viewing a few files, the code suggests that the computer doesn't actually fully power down, but, rather goes into a very low power mode. When I try to re-install from a clean DVD the infector merely hooks it's own image and re-installs Windows and the infector. This is despite apparently re-partitioning and reformatting the drives. I can't even run Kaspersy Rescue Disk 10. It also seems to load and run but I have no access to any either the SSD or HDD and can't connect to any network via cable or WiFi.

 

 

I generally run Kaspersky Total, MWB, and, VooDooShield Pro.

 

 

The first sign that there was a problem with my machine was WMIC being totally overwhelmed, which, I believe dropped Kaspersky long enough for the Malware/Virus to get in. I reckon I had over 100 alerts in a matter of seconds. It was so quick I couldn't respond.

 

 

My machine is literally destroying all Anti-Malware and Anti-Virus software thrown at it. It seems to have a routine that rates software prior to installation. If it detects a threat to the Infector, it merely displays a facade of the AV/AM Software. As an example, a TDSS scan takes approximately 2 seconds to complete. That is booked in for the 24th to have the BIOS reset and motherboard firmware checked.

 

 

I'm supplying the info on my machine so you have some idea of what you're likely facing here, also, these machines have shared the same network at times. Thus, there's the potential for cross infection. USB drives have also been shared. 

 

 

THIS MACHINE:

 

 

I have deliberately not cleared the Temp folders etc., in case they were needed for information. I also haven't reset the Browser(s.) Chrome is the one principally used.

 

 

Getting back to this machine, I have read the Sophos SVRT logfiles from C:\Appdata\...  They show that there are problems connecting to download updates due to there being "no proxy."

 

 

I'm fairly certain that Kaspersky is not functioning correctly & the same of MWB. Both are full licensed versions. Kaspersky is logging some events, but, it either can't detect what's on here (more likely in my opinion is skipping it due to a form of masking/running in memory Kaspersky can't access,) or has somehow been selectively disabled. It's taking a very long time to download updates and the server IPs it's connecting to are more than a little anomalous. MWB has yet to detect the EICAR-TEST_VIRUS. The same goes for Windows Defender. I've tried saving it as both an EXE and as Ducklin.html. Kaspersky does grab it.

 

 

I have a number of Farbar logs, plus just about every other tool you could imagine, dating from virtually new machine up to a day or two ago. As far as I recall, this laptop was supplied in around August or September of this year as a "warranty" replacement. The HDD on the prior machine self destructed. I'm wondering if that may have been infected also.

 

 

At boot, a file named "errorlog.txt" launched from C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup is appearing, open and blank, in the middle of the desktop.

 

 

The cursor has a tendancy to move on its own. My friend also advises that when she's been working on files and documents they will sporadically close without warning or input from her. Whilst in the Windows interface the cursor blinks with the busy "spinner" about every second. That stops when working in Chrome and even Notepad, provided it's on top of Chrome.

 

 

I installed Zemana Free Anti-Keylogger yesterday and since then have been unable to type into Chrome. That applies to standard Chrome and the Kaspersky Secure Browser. (Edit: I re-installed Anti-Logger and that seems to be fixed.)

 

 

The computer is also not producing most system sounds. I can't find a logical reason for this.

 

 

I also wonder if the Security Certificate Store has been altered or corrupted.

 

 

If you get the impression that there is hardware involvement with this computer too, just let me know and I'll get it checked as well. You're welcome to try pretty much anything you like on this. All vital data is backed up.

 

 

From various files I've read, I'm certain that there is a form of monitoring software installed at the least. The Desktop (and other folders) are Shared to the Public User Profile despite this never having been enabled. In fact it is explicity disabled along with SSDP Discovery. The Service is disabled. Whilst on that topic, there are some very odd looking Services installed too.

 

 

The Windows and Explorer Search Function is not returning true results.

 

 

I have also reviewed the LMHosts file in the C:\Windows\System32\Drivers\Etc folder. It looks odd to me. It contains what looks like XML code, and, the IP Addresses resolve to Mauritius. It appears to imply membership of a domain. I'll paste it in if requested.

 

 

The CIMv2 appears to be in play and seems to have been altered.

 

 

On the current machine, at idle, a few days ago I counted 75+ separate instances of SvcHost.exe. That was with just the OS running.

 

 

I have noted a massive Apps.inf file. It contains old DOS and early Windows games and Apps. Initially I was thinkng somehow MINI-NT was being run in a Virtualized Environment, as it is referenced. Now, having done more research, the "Wine" type attack would seem to me to be more logical. That would also explain why this thing is so hard to nail down. It would require a precursor Mimikatz type attack first, or, another method of acquiring Administrator or Hypervisor Account Status.

 

 

Despite running an Administrator account, I don't have permission to write to the C:\ directory or the Windows Directory and its Sub Directories despite taking ownership of the Windows Directory and assigning explicit Full Control Rights to it a few days ago. I also assigned explicit Full Control to the C: drive then too.

 

 

It appears that Developer Mode may be enabled on this machine. The owner would not have enabled it as she wouldn't know how to. Numerous other oddites are present in the Windows Settings.

 

 

There are few Anti-Virus or Anti-Malware Tools I haven't tried, generally with no luck.

 

 

Just a quick idea. There's an article I came across whilst researching this the other day. If the Wine Scenario is in play, Microsoft may have a massive headache on their hands.

 

 

Here's one potential area I've been pondering:

 

 

https://motherboard.vice.com/en_us/article/xwwexa/windows-10s-built-in-linux-shell-could-be-abused-to-hide-malware-researchers-say

 

 

I've also just noticed that this text has been edited since I initially completed it. I wrote it up in Notepad so I could just copy and paste it in to the Forum when I was happy I'd included all pertinent information. That was done whilst I had the computer on my lap and was using it.

 

 

I'm quite comfortable working from the Command Prompt if there's anything that comes up and needs to be done there.

 

 

Both the HDD and DVD drives appear to be configured in Device Manager as SCSI. Unless something has changed with Win 10, I would have expected them to be SATA.

 

 

So far as I said I've tried most of the tools available including:

 

 

Kaspersky Total Security 2017 (Won't let me upgrade to 2018 - Connection Fails.)

MalwareBytes - Registered.

AdwCleaner.

Rkill.

JRT.

REMVBSWorm.

Hitman Pro (Trial.)

Eset Online Scan.

Full Removal Guide for Andromeda/Gamarue Infection.

Full Virtumonde Removal Guide.

Rogue Killer (Adlice) Scan Attached above.

SVRT the scans from which have been taking several hours to run.

McAfee RKR.

Zemana Anti-Malware.

F-Secure Online Scan.

and a heap more.

 

 

One last comment. I have been getting occasional Kernel  BSOD errors.

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2017

Ran by Curri (administrator) on LAPTOP-CB5ICRTF (17-11-2017 21:20:52)

Running from C:\Users\Curri\Desktop

Loaded Profiles: Curri &  (Available Profiles: defaultuser0 & Curri)

Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe

() C:\Windows\Mobile_Series_Service.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe

(Microsoft Corporation) C:\Windows\System32\Locator.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe

(VoodooSoft, LLC ) C:\Program Files\VoodooShield\VoodooShieldService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe

(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe

(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\CCSDK\CCSDKUpdateAgent.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe

(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe

() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18242048 2017-03-09] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489408 2017-03-09] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489408 2017-03-09] (Realtek Semiconductor)

HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)

HKLM\...\Run: [VoodooShield] => C:\Program Files\VoodooShield\VoodooShield.exe [2443600 2017-05-01] (VoodooSoft, LLC )

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

HKLM-x32\...\Run: [CheckNDISPortf0acae] => C:\Program Files (x86)\Hostless Modem\Telstra Pre-Paid 3G Wi-Fi\CheckNDISPort_df.exe [459008 2013-08-15] ()

HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Hostless Modem\Telstra Pre-Paid 3G Wi-Fi\CancelAutoPlay_df.exe [446208 2013-08-15] ()

HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)

HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192605922\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [15671472 2017-08-23] (NordVPN)

HKU\S-1-5-21-1429696996-3989237847-2058814036-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192606984\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-19] (Microsoft Corporation)

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [15671472 2017-08-23] (NordVPN)

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [150016 2017-03-19] (Microsoft Corporation)

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192611390\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [15671472 2017-08-23] (NordVPN)

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192611390\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [150016 2017-03-19] (Microsoft Corporation)

HKU\S-1-5-18\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [15671472 2017-08-23] (NordVPN)

AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE6D28~1.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(2).dll [95712 2015-11-05] (Zemana Ltd.)

AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KE50FD~1.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(2).dll [86936 2015-11-05] (Zemana Ltd.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2017-11-15] ()

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1

Tcpip\..\Interfaces\{7176311d-6a8c-48e7-928e-057abc4ae0e1}: [DhcpNameServer] 103.86.99.99 103.86.96.96 78.46.223.24 162.242.211.137

Tcpip\..\Interfaces\{7247e38b-9ba0-4a04-a775-eef29cf746b4}: [DhcpNameServer] 10.0.0.138

Tcpip\..\Interfaces\{e9eca778-ae65-480d-9ebd-d89859060234}: [NameServer] 162.242.211.137,78.46.223.24

Tcpip\..\Interfaces\{e9eca778-ae65-480d-9ebd-d89859060234}: [DhcpNameServer] 192.168.0.1 192.168.0.1

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192611390\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192611390\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/

SearchScopes: HKU\S-1-5-21-1429696996-3989237847-2058814036-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04

SearchScopes: HKU\S-1-5-21-1429696996-3989237847-2058814036-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04

SearchScopes: HKU\S-1-5-21-1429696996-3989237847-2058814036-1001 -> {C810E132-AC8C-41CF-ABDD-1FE840BF84F7} URL = 

SearchScopes: HKU\S-1-5-21-1429696996-3989237847-2058814036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192611390 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04

SearchScopes: HKU\S-1-5-21-1429696996-3989237847-2058814036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192611390 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04

SearchScopes: HKU\S-1-5-21-1429696996-3989237847-2058814036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192611390 -> {C810E132-AC8C-41CF-ABDD-1FE840BF84F7} URL = 

BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-29] (AO Kaspersky Lab)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-08] (Microsoft Corporation)

BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File

BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-04-29] (AO Kaspersky Lab)

Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-29] (AO Kaspersky Lab)

Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2017-04-29] (AO Kaspersky Lab)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)

 

Edge: 

======

Edge HomeButtonPage: HKU\S-1-5-21-1429696996-3989237847-2058814036-1001 -> hxxps://www.google.com.au/

Edge Session Restore: HKU\S-1-5-21-1429696996-3989237847-2058814036-1001 -> is enabled.

Edge Extension: (Adguard AdBlocker) -> EdgeExtension_AdguardAdguardAdBlocker_m055xr0c82818 => C:\Program Files\WindowsApps\Adguard.AdguardAdBlocker_2.7.2.0_neutral__m055xr0c82818 [2017-10-02]

Edge Extension: (Ghostery) -> EdgeExtension_GhosteryGhostery_kzkqe0pn505dg => C:\Program Files\WindowsApps\Ghostery.Ghostery_7.3.3.0_neutral__kzkqe0pn505dg [2017-08-15]

 

FireFox:

========

FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi

FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-10-16]

FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-26] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR DefaultSearchKeyword: Default -> lp

CHR Session Restore: Default -> is enabled.

CHR Profile: C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default [2017-11-17]

CHR Extension: (Slides) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]

CHR Extension: (Docs) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]

CHR Extension: (Google Drive) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-31]

CHR Extension: (YouTube) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-31]

CHR Extension: (uBlock Origin) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-11-17]

CHR Extension: (VTchromizer) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2017-08-28]

CHR Extension: (Sheets) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]

CHR Extension: (Kaspersky Protection) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-06-01]

CHR Extension: (HTTPS Everywhere) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-11-02]

CHR Extension: (Google Docs Offline) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-01]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-11-17]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]

CHR Extension: (WebRTC Network Limiter) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\npeicpdbkakmehahjeeohfdhnlpdklia [2017-06-01]

CHR Extension: (Gmail) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-31]

CHR Extension: (Chrome Media Router) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]

CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)

R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (Lenovo)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-10-31] (Microsoft Corporation)

R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68416 2017-09-08] (Lenovo Group Limited)

S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)

R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)

R2 Mobile_Series; C:\Windows\Mobile_Series_Service.exe [32768 2015-02-12] () [File not signed]

S2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [417456 2017-08-23] ()

R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [214712 2016-10-17] (Realtek Semiconductor Corp.)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [267352 2017-03-23] (Synaptics Incorporated)

R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [51208 2017-01-09] (Advanced Micro Devices, Inc.)

R2 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [129360 2017-05-01] (VoodooSoft, LLC )

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [100744 2017-01-09] (Advanced Micro Devices, Inc. )

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0312694.inf_amd64_9da804b05ab53fd2\atikmdag.sys [32703384 2017-03-29] (Advanced Micro Devices, Inc.)

R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0312694.inf_amd64_9da804b05ab53fd2\atikmpag.sys [525208 2017-03-29] (Advanced Micro Devices, Inc.)

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [86936 2017-03-29] (Advanced Micro Devices, Inc.)

R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [255368 2017-01-09] (Advanced Micro Devices, Inc. )

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2016-12-12] (Advanced Micro Devices)

R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-09] (CyberLink)

R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] ()

R3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)

R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)

R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab)

R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)

R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)

S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)

R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197344 2017-10-16] (AO Kaspersky Lab)

R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [520152 2017-07-25] (AO Kaspersky Lab)

R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [186184 2017-11-17] (AO Kaspersky Lab)

R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1021656 2017-10-16] (AO Kaspersky Lab)

R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-04-29] (AO Kaspersky Lab)

R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)

R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)

R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab)

R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)

R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-06-01] (AO Kaspersky Lab)

R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-06-01] (AO Kaspersky Lab)

R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [251656 2017-06-01] (AO Kaspersky Lab)

R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [112912 2017-06-01] (AO Kaspersky Lab)

R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173144 2017-06-01] (AO Kaspersky Lab)

R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)

R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-04-29] (AO Kaspersky Lab)

R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199640 2017-07-25] (AO Kaspersky Lab)

R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-11-16] (Malwarebytes)

R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-17] (Malwarebytes)

R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-11-17] (Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-17] (Malwarebytes)

R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-17] (Malwarebytes)

S3 MFE_RR; C:\Users\Curri\AppData\Local\Temp\mfe_rr.sys [24120 2017-11-17] (McAfee, Inc.) <==== ATTENTION

R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-23] (Realtek )

R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [712200 2016-10-17] (Realtek Semiconductor Corporation)

R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [427520 2016-11-16] (Realsil Semiconductor Corporation)

R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3150344 2016-10-24] (Realtek Semiconductor Corp.)

R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6813664 2017-05-19] (Realtek Semiconductor Corporation )

S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()

R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [84432 2017-03-27] (The OpenVPN Project)

R3 VSScanner; C:\WINDOWS\System32\DRIVERS\vsscanner.sys [29808 2016-08-18] (VoodooSoft, LLC)

S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)

S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-11-16] (Zemana Ltd.)

R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-11-16] (Zemana Ltd.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-11-17 21:20 - 2017-11-17 21:28 - 000023176 _____ C:\Users\Curri\Desktop\FRST.txt

2017-11-17 07:38 - 2017-11-17 07:38 - 000000934 _____ C:\Users\Curri\Desktop\Install Kaspersky Total Security version 18.0.0.405.lnk

2017-11-17 06:49 - 2017-11-17 06:49 - 002410440 _____ (Kaspersky Lab) C:\Users\Curri\Desktop\startup.exe

2017-11-17 06:36 - 2017-11-17 06:36 - 000000000 ____D C:\ProgramData\dbg

2017-11-17 06:21 - 2017-11-17 18:51 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2017-11-17 05:48 - 2017-11-17 05:48 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET5A62.tmp

2017-11-17 05:48 - 2017-11-17 05:48 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET5159.tmp

2017-11-17 05:48 - 2017-11-17 05:48 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET4A24.tmp

2017-11-17 05:48 - 2017-11-17 05:48 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET3DB0.tmp

2017-11-17 05:41 - 2017-11-17 05:41 - 002392576 _____ (Farbar) C:\Users\Curri\Desktop\FRST64.exe

2017-11-17 05:34 - 2017-11-17 05:34 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET3467.tmp

2017-11-17 03:49 - 2017-11-17 03:49 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET3B00.tmp

2017-11-17 03:49 - 2017-11-17 03:49 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET338D.tmp

2017-11-17 03:49 - 2017-11-17 03:49 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET2C1A.tmp

2017-11-17 03:49 - 2017-11-17 03:49 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET2572.tmp

2017-11-17 03:49 - 2017-11-17 03:49 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET18AF.tmp

2017-11-16 09:17 - 2017-11-17 21:28 - 000218224 _____ C:\WINDOWS\ZAM.krnl.trace

2017-11-16 09:17 - 2017-11-17 21:28 - 000051342 _____ C:\WINDOWS\ZAM_Guard.krnl.trace

2017-11-16 09:17 - 2017-11-16 09:17 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys

2017-11-16 09:17 - 2017-11-16 09:17 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys

2017-11-16 09:17 - 2017-11-16 09:17 - 000001228 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk

2017-11-16 09:17 - 2017-11-16 09:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware

2017-11-16 09:17 - 2017-11-16 09:17 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware

2017-11-16 09:09 - 2017-11-16 09:10 - 006625600 _____ (Zemana Ltd. ) C:\Users\Curri\Downloads\Zemana.AntiMalware.Setup.exe

2017-11-16 09:03 - 2017-11-17 07:06 - 000000000 ____D C:\Program Files (x86)\KeyCryptSDK

2017-11-16 09:03 - 2017-11-17 06:44 - 000001220 _____ C:\Users\Public\Desktop\AntiLogger Free.lnk

2017-11-16 09:03 - 2017-11-17 06:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free

2017-11-16 09:03 - 2017-11-17 06:44 - 000000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free

2017-11-16 09:03 - 2015-11-05 15:00 - 000143904 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt64.sys

2017-11-16 09:03 - 2015-11-05 15:00 - 000143904 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\012B9E5F-EF13-4B08-9B-86-14-A2-EA-40-6B-0F.sys

2017-11-16 08:57 - 2017-11-16 09:16 - 000000000 ____D C:\Users\Curri\AppData\Local\Zemana

2017-11-16 08:57 - 2017-11-16 08:57 - 000000000 ____D C:\Users\Curri\AppData\Local\AntiLogger Free

2017-11-16 08:00 - 2017-11-02 15:34 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2017-11-16 08:00 - 2017-11-02 15:19 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2017-11-16 08:00 - 2017-11-02 15:15 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll

2017-11-16 08:00 - 2017-11-02 15:15 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2017-11-16 08:00 - 2017-11-02 15:15 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

2017-11-16 08:00 - 2017-11-02 15:15 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

2017-11-16 08:00 - 2017-11-02 15:15 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

2017-11-16 08:00 - 2017-11-02 15:15 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe

2017-11-16 08:00 - 2017-11-02 15:14 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2017-11-16 08:00 - 2017-11-02 15:13 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2017-11-16 08:00 - 2017-11-02 15:01 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2017-11-16 08:00 - 2017-11-02 15:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2017-11-16 08:00 - 2017-11-02 15:00 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll

2017-11-16 08:00 - 2017-11-02 15:00 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE

2017-11-16 08:00 - 2017-11-02 14:59 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2017-11-16 08:00 - 2017-11-02 14:58 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll

2017-11-16 08:00 - 2017-11-02 14:57 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2017-11-16 08:00 - 2017-11-02 14:57 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2017-11-16 08:00 - 2017-11-02 14:57 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll

2017-11-16 08:00 - 2017-11-02 14:56 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2017-11-16 08:00 - 2017-11-02 14:56 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2017-11-16 08:00 - 2017-11-02 14:56 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll

2017-11-16 08:00 - 2017-11-02 14:55 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll

2017-11-16 08:00 - 2017-11-02 14:55 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2017-11-16 08:00 - 2017-11-02 14:55 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll

2017-11-16 08:00 - 2017-11-02 14:55 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll

2017-11-16 08:00 - 2017-11-02 14:55 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2017-11-16 08:00 - 2017-11-02 14:54 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2017-11-16 08:00 - 2017-11-02 14:54 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2017-11-16 08:00 - 2017-11-02 14:54 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll

2017-11-16 08:00 - 2017-11-02 14:54 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll

2017-11-16 08:00 - 2017-11-02 14:54 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2017-11-16 08:00 - 2017-11-02 14:53 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2017-11-16 08:00 - 2017-11-02 14:53 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll

2017-11-16 08:00 - 2017-11-02 14:53 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll

2017-11-16 08:00 - 2017-11-02 14:52 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2017-11-16 08:00 - 2017-11-02 14:52 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2017-11-16 08:00 - 2017-11-02 14:52 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2017-11-16 08:00 - 2017-11-02 14:52 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll

2017-11-16 08:00 - 2017-11-02 14:52 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll

2017-11-16 08:00 - 2017-11-02 14:51 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll

2017-11-16 08:00 - 2017-11-02 14:51 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2017-11-16 08:00 - 2017-11-02 14:51 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2017-11-16 08:00 - 2017-11-02 14:51 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2017-11-16 08:00 - 2017-10-25 18:10 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll

2017-11-16 08:00 - 2017-10-16 01:39 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2017-11-16 08:00 - 2017-10-16 01:33 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2017-11-16 08:00 - 2017-10-16 01:21 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll

2017-11-16 08:00 - 2017-10-16 01:19 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll

2017-11-16 08:00 - 2017-10-16 01:15 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll

2017-11-16 08:00 - 2017-10-16 01:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll

2017-11-16 08:00 - 2017-10-16 01:14 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll

2017-11-16 08:00 - 2017-10-16 01:14 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll

2017-11-16 08:00 - 2017-10-16 01:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll

2017-11-16 08:00 - 2017-10-16 01:12 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll

2017-11-16 08:00 - 2017-10-16 01:11 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll

2017-11-16 08:00 - 2017-10-16 01:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll

2017-11-16 08:00 - 2017-10-16 01:08 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll

2017-11-16 07:59 - 2017-11-02 15:33 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll

2017-11-16 07:59 - 2017-11-02 15:15 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll

2017-11-16 07:59 - 2017-11-02 15:14 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2017-11-16 07:59 - 2017-11-02 14:56 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll

2017-11-16 07:59 - 2017-11-02 14:53 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll

2017-11-16 07:59 - 2017-10-16 01:31 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2017-11-16 07:54 - 2017-11-02 15:43 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys

2017-11-16 07:54 - 2017-11-02 15:05 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll

2017-11-16 07:54 - 2017-11-02 15:05 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

2017-11-16 07:54 - 2017-11-02 15:00 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll

2017-11-16 07:54 - 2017-11-02 15:00 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe

2017-11-16 07:54 - 2017-11-02 14:55 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2017-11-16 07:54 - 2017-11-02 14:55 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll

2017-11-16 07:53 - 2017-11-02 15:50 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll

2017-11-16 07:53 - 2017-11-02 15:43 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2017-11-16 07:53 - 2017-11-02 15:42 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2017-11-16 07:53 - 2017-11-02 15:35 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll

2017-11-16 07:53 - 2017-11-02 15:07 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2017-11-16 07:53 - 2017-11-02 15:05 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2017-11-16 07:53 - 2017-11-02 15:04 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2017-11-16 07:53 - 2017-11-02 15:04 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2017-11-16 07:53 - 2017-11-02 15:04 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll

2017-11-16 07:53 - 2017-11-02 15:04 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2017-11-16 07:53 - 2017-11-02 15:04 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll

2017-11-16 07:53 - 2017-11-02 15:03 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll

2017-11-16 07:53 - 2017-11-02 15:03 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll

2017-11-16 07:53 - 2017-11-02 15:02 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll

2017-11-16 07:53 - 2017-11-02 15:02 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll

2017-11-16 07:53 - 2017-11-02 14:59 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll

2017-11-16 07:53 - 2017-11-02 14:58 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll

2017-11-16 07:53 - 2017-11-02 14:57 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll

2017-11-16 07:53 - 2017-11-02 14:56 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll

2017-11-16 07:53 - 2017-11-02 14:56 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2017-11-16 07:53 - 2017-11-02 14:55 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2017-11-16 07:53 - 2017-11-02 14:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2017-11-16 07:53 - 2017-11-02 14:53 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2017-11-16 07:53 - 2017-11-02 14:53 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2017-11-16 07:53 - 2017-10-16 01:25 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2017-11-16 07:53 - 2017-10-16 00:45 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll

2017-11-16 07:53 - 2017-10-16 00:38 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe

2017-11-16 07:53 - 2017-10-16 00:34 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll

2017-11-16 07:53 - 2017-10-16 00:30 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll

2017-11-16 07:52 - 2017-11-02 15:43 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2017-11-16 07:52 - 2017-11-02 15:42 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys

2017-11-16 07:52 - 2017-11-02 15:41 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2017-11-16 07:52 - 2017-11-02 15:40 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2017-11-16 07:52 - 2017-11-02 15:07 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe

2017-11-16 07:52 - 2017-11-02 15:06 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll

2017-11-16 07:52 - 2017-11-02 15:04 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll

2017-11-16 07:52 - 2017-11-02 15:04 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe

2017-11-16 07:52 - 2017-11-02 15:04 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2017-11-16 07:52 - 2017-11-02 15:03 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll

2017-11-16 07:52 - 2017-11-02 15:02 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2017-11-16 07:52 - 2017-11-02 15:01 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2017-11-16 07:52 - 2017-11-02 15:01 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll

2017-11-16 07:52 - 2017-11-02 15:00 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll

2017-11-16 07:52 - 2017-11-02 15:00 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2017-11-16 07:52 - 2017-11-02 14:59 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2017-11-16 07:52 - 2017-11-02 14:57 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll

2017-11-16 07:52 - 2017-11-02 14:56 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2017-11-16 07:52 - 2017-11-02 14:56 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2017-11-16 07:52 - 2017-11-02 14:56 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2017-11-16 07:52 - 2017-11-02 14:56 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2017-11-16 07:52 - 2017-11-02 14:55 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2017-11-16 07:52 - 2017-11-02 14:55 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll

2017-11-16 07:52 - 2017-11-02 14:53 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2017-11-16 07:52 - 2017-10-16 01:19 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2017-11-16 07:52 - 2017-10-16 00:39 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll

2017-11-16 07:52 - 2017-10-16 00:39 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll

2017-11-16 07:52 - 2017-10-16 00:37 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll

2017-11-16 07:52 - 2017-10-16 00:35 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll

2017-11-16 07:51 - 2017-11-02 15:50 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll

2017-11-16 07:51 - 2017-11-02 15:50 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2017-11-16 07:51 - 2017-11-02 15:46 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2017-11-16 07:51 - 2017-11-02 15:46 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2017-11-16 07:51 - 2017-11-02 15:46 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2017-11-16 07:51 - 2017-11-02 15:45 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2017-11-16 07:51 - 2017-11-02 15:43 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll

2017-11-16 07:51 - 2017-11-02 15:43 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2017-11-16 07:51 - 2017-11-02 15:42 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2017-11-16 07:51 - 2017-11-02 15:42 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2017-11-16 07:51 - 2017-11-02 15:42 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

2017-11-16 07:51 - 2017-11-02 15:42 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

2017-11-16 07:51 - 2017-11-02 15:42 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe

2017-11-16 07:51 - 2017-11-02 15:42 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys

2017-11-16 07:51 - 2017-11-02 15:35 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

2017-11-16 07:51 - 2017-11-02 15:14 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2017-11-16 07:51 - 2017-11-02 15:07 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll

2017-11-16 07:51 - 2017-11-02 15:07 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll

2017-11-16 07:51 - 2017-11-02 15:07 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE

2017-11-16 07:51 - 2017-11-02 15:06 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll

2017-11-16 07:51 - 2017-11-02 15:05 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys

2017-11-16 07:51 - 2017-11-02 15:05 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll

2017-11-16 07:51 - 2017-11-02 15:04 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2017-11-16 07:51 - 2017-11-02 15:03 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll

2017-11-16 07:51 - 2017-11-02 15:01 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll

2017-11-16 07:51 - 2017-11-02 15:00 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll

2017-11-16 07:51 - 2017-11-02 15:00 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll

2017-11-16 07:51 - 2017-11-02 15:00 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2017-11-16 07:51 - 2017-11-02 15:00 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2017-11-16 07:51 - 2017-11-02 14:59 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2017-11-16 07:51 - 2017-11-02 14:59 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys

2017-11-16 07:51 - 2017-11-02 14:59 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2017-11-16 07:51 - 2017-11-02 14:58 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2017-11-16 07:51 - 2017-11-02 14:58 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll

2017-11-16 07:51 - 2017-11-02 14:57 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2017-11-16 07:51 - 2017-11-02 14:57 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll

2017-11-16 07:51 - 2017-11-02 14:55 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2017-11-16 07:51 - 2017-11-02 14:55 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll

2017-11-16 07:51 - 2017-11-02 14:54 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll

2017-11-16 07:51 - 2017-11-02 14:49 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys

2017-11-16 07:51 - 2017-10-16 01:27 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2017-11-16 07:51 - 2017-10-16 01:27 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2017-11-16 07:51 - 2017-10-16 01:23 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll

2017-11-16 07:51 - 2017-10-16 00:44 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll

2017-11-16 07:51 - 2017-10-16 00:43 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll

2017-11-16 07:51 - 2017-10-16 00:40 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll

2017-11-16 07:51 - 2017-10-16 00:35 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll

2017-11-16 07:51 - 2017-10-16 00:32 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll

2017-11-16 07:50 - 2017-11-02 15:00 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2017-11-16 07:48 - 2017-11-02 15:51 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2017-11-16 07:48 - 2017-11-02 15:51 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2017-11-16 07:48 - 2017-11-02 15:51 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2017-11-16 07:48 - 2017-11-02 15:51 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2017-11-16 07:48 - 2017-10-16 01:23 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll

2017-11-16 07:47 - 2017-11-02 15:51 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2017-11-16 07:47 - 2017-11-02 15:51 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2017-11-16 07:47 - 2017-11-02 15:50 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe

2017-11-16 07:47 - 2017-11-02 15:50 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2017-11-16 07:47 - 2017-11-02 15:50 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2017-11-16 07:47 - 2017-11-02 15:45 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll

2017-11-16 07:47 - 2017-11-02 15:44 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2017-11-16 07:47 - 2017-11-02 15:44 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll

2017-11-16 07:47 - 2017-11-02 15:43 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2017-11-16 07:47 - 2017-11-02 15:42 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2017-11-16 07:47 - 2017-11-02 15:42 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll

2017-11-16 07:47 - 2017-11-02 15:03 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll

2017-11-16 07:47 - 2017-11-02 14:58 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll

2017-11-16 07:47 - 2017-11-02 14:58 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll

2017-11-16 07:47 - 2017-11-02 14:56 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2017-11-16 07:47 - 2017-11-02 14:55 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2017-11-16 07:47 - 2017-10-16 00:38 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll

2017-11-16 07:46 - 2017-11-02 15:50 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2017-11-16 07:46 - 2017-11-02 15:50 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2017-11-16 07:46 - 2017-11-02 15:50 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi

2017-11-16 07:46 - 2017-11-02 15:50 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe

2017-11-16 07:46 - 2017-11-02 15:50 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe

2017-11-16 07:46 - 2017-10-16 01:29 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2017-11-16 07:46 - 2017-10-16 01:26 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll

2017-11-16 07:04 - 2017-11-17 03:49 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETCC72.tmp

2017-11-16 05:42 - 2017-11-17 21:18 - 000000000 ____D C:\ProgramData\VoodooShield

2017-11-16 05:42 - 2017-11-16 05:48 - 000000000 ____D C:\Program Files\VoodooShield

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETFEB1.tmp

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETF692.tmp

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETEEE0.tmp

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETE7CB.tmp

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETE067.tmp

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET5A7.tmp

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET3045.tmp

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET22F5.tmp

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET1519.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETD00B.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETC329.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETBBF4.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETB5F8.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETAE94.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETA5F8.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET9BB6.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET8EC4.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET84E0.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000000908 _____ C:\Users\Public\Desktop\Voodoo Shield.lnk

2017-11-16 05:42 - 2017-11-16 05:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield

2017-11-16 05:42 - 2016-08-18 18:17 - 000029808 _____ (VoodooSoft, LLC) C:\WINDOWS\system32\Drivers\vsscanner.sys

2017-11-16 05:41 - 2017-11-16 05:41 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETEB7E.tmp

2017-11-16 05:41 - 2017-11-16 05:41 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETDD34.tmp

2017-11-16 05:41 - 2017-11-16 05:41 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETD64E.tmp

2017-11-16 05:41 - 2017-11-16 05:41 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETCB60.tmp

2017-11-16 05:41 - 2017-11-16 05:41 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETB5F2.tmp

2017-11-16 05:41 - 2017-11-16 05:41 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETAF5A.tmp

2017-11-16 05:41 - 2017-11-16 05:41 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET82EA.tmp

2017-11-16 05:41 - 2017-11-16 05:41 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET6A40.tmp

2017-11-16 05:40 - 2017-11-16 05:40 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET6A15.tmp

2017-11-16 05:40 - 2017-11-16 05:40 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET26E1.tmp

2017-11-16 05:39 - 2017-11-16 05:39 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET446F.tmp

2017-11-16 05:38 - 2017-11-16 05:39 - 014044240 _____ (VoodooSoft, LLC ) C:\Users\Curri\Desktop\InstallVoodooShield.exe

2017-11-16 05:38 - 2017-11-16 05:38 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET865E.tmp

2017-11-16 05:37 - 2017-11-16 05:37 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETE28C.tmp

2017-11-16 05:37 - 2017-11-16 05:37 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETD397.tmp

2017-11-16 05:37 - 2017-11-16 05:37 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETC34A.tmp

2017-11-16 05:36 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET5472.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETCB2C.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETBF73.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETB233.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETA571.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET9D04.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET9581.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET8D71.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET8581.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET7D23.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET769A.tmp

2017-11-16 05:35 - 2017-11-16 05:35 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET6EF8.tmp

2017-11-16 05:35 - 2017-11-16 05:35 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET6737.tmp

2017-11-16 05:35 - 2017-11-16 05:35 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET5CF5.tmp

2017-11-16 05:35 - 2017-11-16 05:35 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET539D.tmp

2017-11-16 05:35 - 2017-11-16 05:35 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET3111.tmp

2017-11-16 05:31 - 2017-11-16 05:31 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET2E15.tmp

2017-11-16 04:55 - 2017-11-17 16:33 - 000018654 _____ C:\Users\Curri\Desktop\NEXT_PST.txt

2017-11-16 04:10 - 2017-11-16 04:10 - 000001108 _____ C:\Users\Curri\Desktop\SystemData - Shortcut.lnk

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETD287.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETCC2D.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETC5E2.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETBE6F.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETB5A4.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETAC7B.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETA314.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET9B14.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET8D77.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET844E.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET5270.tmp

2017-11-16 02:17 - 2017-11-17 18:51 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys

2017-11-16 02:07 - 2017-11-16 02:07 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET177A.tmp

2017-11-16 01:50 - 2017-11-17 18:51 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2017-11-16 01:50 - 2017-11-16 01:50 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys

2017-11-16 00:51 - 2017-11-17 14:55 - 000000000 ____D C:\Users\Curri\Desktop\LOGS 15 to 16-11

2017-11-15 23:42 - 2017-11-15 23:42 - 000000684 _____ C:\WINDOWS\SysWOW64\tmp.reg

2017-11-15 23:42 - 2017-11-15 23:42 - 000000000 _____ C:\WINDOWS\SysWOW64\tmp.txt

2017-11-15 23:40 - 2017-11-15 23:43 - 000007020 _____ C:\rapport.txt

2017-11-15 23:40 - 2009-06-02 11:17 - 000075776 _____ C:\WINDOWS\SysWOW64\WS2Fix.exe

2017-11-15 23:40 - 2008-12-12 01:57 - 000078336 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\Agent.OMZ.Fix.exe

2017-11-15 23:40 - 2008-11-29 18:58 - 000082944 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\IEDFix.C.exe

2017-11-15 23:40 - 2008-10-01 15:51 - 000087552 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\VACFix.exe

2017-11-15 23:40 - 2008-09-20 12:45 - 000080384 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\o4Patch.exe

2017-11-15 23:40 - 2008-08-18 12:19 - 000082432 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\404Fix.exe

2017-11-15 23:40 - 2008-05-18 21:40 - 000082944 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\IEDFix.exe

2017-11-15 23:40 - 2007-09-06 00:22 - 000289144 _____ (S!Ri) C:\WINDOWS\SysWOW64\VCCLSID.exe

2017-11-15 23:40 - 2006-12-01 06:20 - 000079360 _____ (SteelWerX) C:\WINDOWS\SysWOW64\swxcacls.exe

2017-11-15 23:40 - 2006-08-29 19:43 - 000135168 _____ (SteelWerX) C:\WINDOWS\SysWOW64\swreg.exe

2017-11-15 23:40 - 2006-04-27 17:49 - 000288417 _____ (S!Ri) C:\WINDOWS\SysWOW64\SrchSTS.exe

2017-11-15 23:40 - 2006-01-09 10:36 - 000040960 _____ C:\WINDOWS\SysWOW64\swsc.exe

2017-11-15 23:40 - 2004-07-31 18:50 - 000051200 _____ C:\WINDOWS\SysWOW64\dumphive.exe

2017-11-15 23:40 - 2003-06-05 21:13 - 000053248 _____ (hxxp://www.beyondlogic.org) C:\WINDOWS\SysWOW64\Process.exe

2017-11-15 22:54 - 2017-11-16 04:18 - 000002074 _____ C:\Users\Curri\Desktop\Scratchpad_Temp.txt

2017-11-15 22:08 - 2017-11-15 22:12 - 000280780 _____ C:\TDSSKiller.3.1.0.15_15.11.2017_22.08.20_log.txt

2017-11-15 21:10 - 2017-11-17 19:08 - 000003392 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}

2017-11-15 06:50 - 2017-11-15 07:04 - 000000000 ____D C:\Rem-VBSqt

2017-11-15 06:47 - 2017-11-15 06:47 - 000002098 _____ C:\Users\Curri\Desktop\checkup2.txt

2017-11-15 04:11 - 2017-11-17 05:49 - 000026688 _____ C:\Users\Curri\Desktop\Taglines.txt

2017-11-15 01:47 - 2017-11-15 01:48 - 026835016 _____ (Adlice Software) C:\Users\Curri\Desktop\RogueKiller_portable64.exe

2017-11-15 01:12 - 2017-11-15 01:12 - 000003284 _____ C:\WINDOWS\System32\Tasks\PandaUSBVaccine

2017-11-15 01:12 - 2017-11-15 01:12 - 000000000 ____D C:\ProgramData\Panda Security

2017-11-15 01:12 - 2017-11-15 01:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security

2017-11-15 01:12 - 2017-11-15 01:12 - 000000000 ____D C:\Program Files (x86)\Panda USB Vaccine

2017-11-14 20:04 - 2017-11-17 05:47 - 000000000 ____D C:\Users\Curri\Desktop\Transfer To M-PC

2017-11-14 18:24 - 2017-11-14 18:26 - 098752864 _____ ( ) C:\Users\Curri\Downloads\Power2Go_167025(8.0.0)_Lenovo_Patch_Patch_P2G171005-02.exe

2017-11-14 15:54 - 2017-11-17 18:51 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

2017-11-14 15:54 - 2017-11-14 15:54 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2017-11-14 15:54 - 2017-11-14 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2017-11-14 15:54 - 2017-11-14 15:54 - 000000000 ____D C:\ProgramData\MB3CoreBackup

2017-11-14 15:54 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys

2017-11-14 15:45 - 2017-11-14 15:53 - 001055490 _____ C:\TDSSKiller.3.1.0.15_14.11.2017_15.45.11_log.txt

2017-11-14 15:42 - 2017-11-14 15:42 - 000007732 _____ C:\TDSSKiller.3.1.0.15_14.11.2017_15.42.13_log.txt

2017-11-14 15:39 - 2017-11-14 15:42 - 000007566 _____ C:\TDSSKiller.3.1.0.15_14.11.2017_15.39.58_log.txt

2017-11-13 20:37 - 2017-11-13 20:37 - 000000002 ___RH C:\WINDOWS\PERFC

2017-11-13 18:19 - 2017-11-14 15:44 - 000000000 ____D C:\Users\Curri\AppData\Local\FSDART

2017-11-13 18:18 - 2017-11-13 18:36 - 000000000 ____D C:\ProgramData\F-Secure

2017-11-13 18:18 - 2017-11-13 18:18 - 000000000 ____D C:\Users\Curri\AppData\Local\F-Secure

2017-11-13 18:16 - 2017-11-13 18:16 - 000524248 _____ (F-Secure Corporation) C:\Users\Curri\Downloads\F-SecureOnlineScanner.exe

2017-11-13 16:54 - 2017-11-14 15:32 - 000000000 ____D C:\Users\Curri\Desktop\Unsuitable Progs

2017-11-13 13:31 - 2017-11-13 13:49 - 000000000 ____D C:\Users\Curri\Desktop\WFT

2017-11-12 22:01 - 2017-11-14 15:44 - 000000000 ____D C:\Users\Curri\AppData\Local\ESET

2017-11-12 22:00 - 2017-11-12 22:00 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Curri\Downloads\esetonlinescanner_enu.exe

2017-11-12 20:41 - 2017-11-12 20:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1429696996-3989237847-2058814036-1001

2017-11-12 18:05 - 2017-11-14 03:50 - 000001292 _____ C:\Users\Curri\Desktop\Submit.txt

2017-11-12 07:33 - 2017-11-12 07:33 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk

2017-11-12 07:33 - 2017-11-12 07:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos

2017-11-12 07:30 - 2017-11-12 07:30 - 000000000 ____D C:\Program Files (x86)\Sophos

2017-11-12 02:46 - 2017-11-12 03:06 - 000000000 ____D C:\ProgramData\HitmanPro

2017-11-12 02:46 - 2017-11-12 02:46 - 000000000 ____D C:\Program Files\HitmanPro

2017-11-12 01:47 - 2017-11-12 01:47 - 000000101 _____ C:\Users\Curri\Desktop\Kaspersky_Update.txt

2017-11-12 01:28 - 2017-11-12 01:28 - 000039736 _____ C:\Users\Curri\Desktop\KSC_LAPTOP-CB5ICRTF_11_12_2017_00_27.html

2017-11-11 20:28 - 2017-11-11 23:34 - 000281804 _____ C:\TDSSKiller.3.1.0.15_11.11.2017_20.28.51_log.txt

2017-11-11 17:51 - 2017-11-15 02:59 - 000000000 ____D C:\Users\Curri\Desktop\NEW M

2017-11-08 09:02 - 2017-11-08 09:02 - 000000000 ___HD C:\OneDriveTemp

2017-11-01 00:58 - 2017-11-15 22:04 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2017-11-01 00:56 - 2017-11-15 22:04 - 000000000 ____D C:\Users\Curri\Desktop\mbar

2017-11-01 00:55 - 2017-11-01 00:55 - 000000000 ____D C:\ProgramData\Sophos

2017-11-01 00:53 - 2017-11-01 00:55 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Curri\Downloads\mbar-1.09.3.1001.exe

2017-11-01 00:45 - 2017-11-01 00:49 - 179228168 _____ (Sophos Limited) C:\Users\Curri\Downloads\Sophos Virus Removal Tool.exe

2017-10-31 23:24 - 2017-11-17 19:49 - 000000000 ____D C:\Users\Curri\AppData\Local\CrashDumps

2017-10-31 22:39 - 2017-10-31 22:54 - 337088512 _____ C:\Users\Curri\Downloads\kav_rescue_10.iso

2017-10-31 22:28 - 2017-10-31 22:28 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe

2017-10-30 16:17 - 2017-09-30 12:56 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2017-10-30 16:17 - 2017-09-30 12:32 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll

2017-10-30 16:17 - 2017-09-29 18:08 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll

2017-10-30 16:17 - 2017-09-29 18:02 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2017-10-30 16:17 - 2017-09-29 17:59 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll

2017-10-30 16:17 - 2017-09-29 17:58 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll

2017-10-30 16:17 - 2017-09-29 17:58 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll

2017-10-30 16:17 - 2017-09-29 17:58 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe

2017-10-30 16:17 - 2017-09-29 17:58 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe

2017-10-30 16:17 - 2017-09-21 01:38 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll

2017-10-30 16:17 - 2017-09-21 01:38 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll

2017-10-30 16:16 - 2017-09-30 12:59 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

2017-10-30 16:16 - 2017-09-30 12:40 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll

2017-10-30 16:16 - 2017-09-30 12:40 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2017-10-30 16:16 - 2017-09-30 12:40 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll

2017-10-30 16:16 - 2017-09-30 12:39 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll

2017-10-30 16:16 - 2017-09-30 12:35 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2017-10-30 16:16 - 2017-09-30 12:35 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll

2017-10-30 16:16 - 2017-09-30 12:35 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll

2017-10-30 16:16 - 2017-09-30 12:35 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

2017-10-30 16:16 - 2017-09-30 12:35 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe

2017-10-30 16:16 - 2017-09-30 12:34 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll

2017-10-30 16:16 - 2017-09-30 12:34 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll

2017-10-30 16:16 - 2017-09-30 12:34 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

2017-10-30 16:16 - 2017-09-30 12:34 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll

2017-10-30 16:16 - 2017-09-30 12:33 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll

2017-10-30 16:16 - 2017-09-30 12:31 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll

2017-10-30 16:16 - 2017-09-29 18:13 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll

2017-10-30 16:16 - 2017-09-29 18:13 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll

2017-10-30 16:16 - 2017-09-29 18:12 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll

2017-10-30 16:16 - 2017-09-29 18:10 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2017-10-30 16:16 - 2017-09-29 18:10 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll

2017-10-30 16:16 - 2017-09-29 18:08 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll

2017-10-30 16:16 - 2017-09-29 18:08 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll

2017-10-30 16:16 - 2017-09-29 18:08 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll

2017-10-30 16:16 - 2017-09-29 18:08 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll

2017-10-30 16:16 - 2017-09-29 18:07 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll

2017-10-30 16:16 - 2017-09-29 18:07 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll

2017-10-30 16:16 - 2017-09-29 18:04 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2017-10-30 16:16 - 2017-09-29 18:04 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll

2017-10-30 16:16 - 2017-09-29 18:02 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll

2017-10-30 16:16 - 2017-09-29 18:02 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll

2017-10-30 16:16 - 2017-09-29 18:01 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe

2017-10-30 16:16 - 2017-09-29 17:59 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll

2017-10-30 16:16 - 2017-09-29 17:59 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll

2017-10-30 16:16 - 2017-09-29 17:58 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe

2017-10-30 16:16 - 2017-09-19 08:45 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll

2017-10-30 16:15 - 2017-09-30 12:59 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2017-10-30 16:15 - 2017-09-30 12:40 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll

2017-10-30 16:15 - 2017-09-30 12:36 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2017-10-30 16:15 - 2017-09-29 18:14 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll

2017-10-30 16:15 - 2017-09-29 18:13 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll

2017-10-30 16:15 - 2017-09-29 18:11 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2017-10-30 16:15 - 2017-09-29 18:11 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll

2017-10-30 16:15 - 2017-09-29 18:08 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll

2017-10-30 16:15 - 2017-09-29 18:03 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll

2017-10-30 16:15 - 2017-09-29 18:02 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll

2017-10-30 16:15 - 2017-09-29 16:10 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls

2017-10-30 16:15 - 2017-09-29 16:10 - 000804312 _____ C:\WINDOWS\system32\locale.nls

2017-10-30 16:15 - 2017-09-19 08:50 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll

2017-10-30 16:06 - 2017-09-30 16:11 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll

2017-10-30 16:06 - 2017-09-30 16:10 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll

2017-10-30 16:06 - 2017-09-30 16:10 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe

2017-10-30 16:06 - 2017-09-29 17:57 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll

2017-10-30 16:05 - 2017-09-30 16:20 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll

2017-10-30 16:05 - 2017-09-30 16:19 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll

2017-10-30 16:05 - 2017-09-30 16:12 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe

2017-10-30 16:05 - 2017-09-30 16:11 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe

2017-10-30 16:05 - 2017-09-29 18:02 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll

2017-10-30 16:05 - 2017-09-29 17:59 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2017-10-30 16:05 - 2017-09-29 17:59 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll

2017-10-30 16:05 - 2017-09-29 17:59 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll

2017-10-30 16:05 - 2017-09-29 17:57 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll

2017-10-30 16:05 - 2017-09-29 17:57 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll

2017-10-30 16:05 - 2017-09-29 17:53 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2017-10-30 16:05 - 2017-09-29 17:52 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll

2017-10-30 16:05 - 2017-09-29 17:50 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll

2017-10-30 16:05 - 2017-09-29 17:49 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll

2017-10-30 16:04 - 2017-09-30 16:21 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2017-10-30 16:04 - 2017-09-30 16:17 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll

2017-10-30 16:04 - 2017-09-30 16:12 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll

2017-10-30 16:04 - 2017-09-30 16:11 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe

2017-10-30 16:04 - 2017-09-30 16:11 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys

2017-10-30 16:04 - 2017-09-30 16:10 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

2017-10-30 16:04 - 2017-09-30 16:10 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe

2017-10-30 16:04 - 2017-09-30 16:09 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll

2017-10-30 16:04 - 2017-09-30 16:06 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2017-10-30 16:04 - 2017-09-29 18:02 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll

2017-10-30 16:04 - 2017-09-29 18:02 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll

2017-10-30 16:04 - 2017-09-29 18:01 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll

2017-10-30 16:04 - 2017-09-29 18:00 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2017-10-30 16:04 - 2017-09-29 18:00 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll

2017-10-30 16:04 - 2017-09-29 17:58 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll

2017-10-30 16:04 - 2017-09-29 17:58 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll

2017-10-30 16:04 - 2017-09-29 17:58 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll

2017-10-30 16:04 - 2017-09-29 17:57 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll

2017-10-30 16:04 - 2017-09-29 17:56 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll

2017-10-30 16:04 - 2017-09-29 17:56 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll

2017-10-30 16:04 - 2017-09-29 17:55 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll

2017-10-30 16:04 - 2017-09-29 17:55 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll

2017-10-30 16:04 - 2017-09-29 17:54 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll

2017-10-30 16:04 - 2017-09-29 17:54 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll

2017-10-30 16:04 - 2017-09-29 17:53 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe

2017-10-30 16:04 - 2017-09-29 17:53 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2017-10-30 16:04 - 2017-09-29 17:53 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll

2017-10-30 16:04 - 2017-09-29 17:53 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll

2017-10-30 16:04 - 2017-09-29 17:51 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe

2017-10-30 16:04 - 2017-09-29 17:51 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2017-10-30 16:04 - 2017-09-29 17:51 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys

2017-10-30 16:04 - 2017-09-29 17:51 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll

2017-10-30 16:04 - 2017-09-29 17:51 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll

2017-10-30 16:04 - 2017-09-29 17:50 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll

2017-10-30 16:04 - 2017-09-29 17:50 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll

2017-10-30 16:04 - 2017-09-29 17:50 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys

2017-10-30 16:04 - 2017-09-29 17:50 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll

2017-10-30 16:04 - 2017-09-29 17:49 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll

2017-10-30 16:04 - 2017-09-29 17:49 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll

2017-10-30 16:04 - 2017-09-29 17:49 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll

2017-10-30 16:04 - 2017-09-29 17:48 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll

2017-10-30 16:04 - 2017-09-29 17:48 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe

2017-10-30 16:04 - 2017-09-29 17:48 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe

2017-10-30 16:04 - 2017-09-29 17:48 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe

2017-10-30 16:04 - 2017-09-29 17:48 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe

2017-10-30 16:04 - 2017-09-19 09:41 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2017-10-30 16:03 - 2017-09-30 16:19 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2017-10-30 16:03 - 2017-09-29 17:59 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys

2017-10-30 16:03 - 2017-09-29 17:59 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll

2017-10-30 16:03 - 2017-09-29 17:53 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll

2017-10-30 16:02 - 2017-09-30 16:19 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys

2017-10-30 16:02 - 2017-09-30 16:14 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll

2017-10-30 16:02 - 2017-09-30 16:13 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2017-10-30 16:02 - 2017-09-30 16:08 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll

2017-10-30 16:02 - 2017-09-30 16:06 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe

2017-10-30 16:02 - 2017-09-29 18:02 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll

2017-10-30 16:02 - 2017-09-29 17:59 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll

2017-10-30 16:02 - 2017-09-29 17:59 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe

2017-10-30 16:02 - 2017-09-29 17:53 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll

2017-10-30 16:02 - 2017-09-29 17:53 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2017-10-30 16:02 - 2017-09-29 17:51 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll

2017-10-30 16:02 - 2017-09-29 17:51 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll

2017-10-30 16:02 - 2017-09-29 17:48 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe

2017-10-30 16:02 - 2017-09-19 08:50 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll

2017-10-30 16:01 - 2017-09-30 16:22 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2017-10-30 16:01 - 2017-09-30 16:21 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll

2017-10-30 16:01 - 2017-09-30 16:12 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2017-10-30 16:01 - 2017-09-30 16:11 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll

2017-10-30 16:01 - 2017-09-29 18:04 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2017-10-30 16:01 - 2017-09-29 18:03 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll

2017-10-30 16:01 - 2017-09-29 18:02 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll

2017-10-30 16:01 - 2017-09-29 18:01 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll

2017-10-30 16:01 - 2017-09-29 18:00 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll

2017-10-30 16:01 - 2017-09-29 17:59 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll

2017-10-30 16:01 - 2017-09-29 17:58 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll

2017-10-30 16:01 - 2017-09-29 17:57 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll

2017-10-30 16:01 - 2017-09-29 17:56 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2017-10-30 16:01 - 2017-09-29 17:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll

2017-10-30 16:01 - 2017-09-29 17:53 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll

2017-10-30 16:01 - 2017-09-29 17:53 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll

2017-10-30 16:01 - 2017-09-29 17:52 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll

2017-10-30 16:01 - 2017-09-29 17:52 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2017-10-30 16:01 - 2017-09-29 17:51 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe

2017-10-30 16:01 - 2017-09-29 17:50 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll

2017-10-30 16:01 - 2017-09-29 17:48 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll

2017-10-30 16:01 - 2017-09-29 17:48 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll

2017-10-30 16:00 - 2017-09-29 17:48 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe

2017-10-30 16:00 - 2017-09-19 09:50 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2017-10-30 16:00 - 2017-09-19 09:50 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2017-10-30 16:00 - 2017-09-19 09:47 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2017-10-30 16:00 - 2017-09-19 09:47 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2017-10-30 16:00 - 2017-09-19 08:55 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll

2017-10-30 15:59 - 2017-09-30 16:18 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll

2017-10-30 15:59 - 2017-09-30 16:11 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll

2017-10-30 15:59 - 2017-09-30 16:10 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys

2017-10-30 15:58 - 2017-09-30 16:11 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll

2017-10-30 15:58 - 2017-09-29 17:57 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll

2017-10-30 15:58 - 2017-09-29 17:57 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll

2017-10-30 15:58 - 2017-09-29 17:55 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll

2017-10-30 15:58 - 2017-09-19 08:56 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll

2017-10-30 15:58 - 2017-09-19 08:53 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll

2017-10-30 15:56 - 2017-09-30 16:15 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys

2017-10-30 15:56 - 2017-09-30 16:10 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys

2017-10-30 15:56 - 2017-09-29 18:02 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys

2017-10-30 15:56 - 2017-09-19 09:39 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2017-10-27 16:46 - 2017-10-27 16:46 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_iMDriver_01_11_00.Wdf

2017-10-27 16:40 - 2017-09-08 03:57 - 000103744 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\ImController.CoInstaller.dll

2017-10-27 16:40 - 2017-09-08 03:57 - 000039744 _____ (Lenovo Group Limited) C:\WINDOWS\system32\ImController.InfInstaller.exe

2017-10-27 16:38 - 2017-09-08 03:57 - 002365296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll

2017-10-27 16:38 - 2017-09-08 03:57 - 000266560 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll

2017-10-18 17:17 - 2017-10-18 17:17 - 000002072 _____ C:\Users\Public\Desktop\Telstra Pre-Paid 3G Wi-Fi.lnk

2017-10-18 17:17 - 2017-10-18 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\SupportAppPBHostless Modem

2017-10-18 17:17 - 2017-10-18 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telstra Pre-Paid 3G Wi-Fi

2017-10-18 16:58 - 2017-10-18 16:58 - 000000000 ____D C:\Program Files (x86)\Hostless Modem

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-11-17 21:20 - 2017-08-28 23:09 - 000000000 ____D C:\FRST

2017-11-17 20:42 - 2017-06-01 02:13 - 000000000 ____D C:\ProgramData\Kaspersky Lab

2017-11-17 19:33 - 2017-07-11 22:16 - 000000000 ____D C:\Users\Curri

2017-11-17 19:33 - 2017-05-31 15:48 - 000166013 _____ C:\WINDOWS\system32\InstallUtil.InstallLog

2017-11-17 18:51 - 2017-07-11 22:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-11-17 18:50 - 2017-07-11 21:56 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin

2017-11-17 18:50 - 2017-03-18 22:10 - 000786432 _____ C:\WINDOWS\system32\config\BBI

2017-11-17 15:19 - 2017-06-22 14:45 - 000000000 ___DC C:\WINDOWS\Panther

2017-11-17 15:10 - 2017-08-02 16:21 - 000000000 ____D C:\temp

2017-11-17 15:09 - 2017-03-18 22:10 - 000032768 _____ C:\WINDOWS\system32\config\ELAM

2017-11-17 14:42 - 2017-07-11 23:07 - 000028578 _____ C:\WINDOWS\diagwrn.xml

2017-11-17 14:42 - 2017-07-11 23:07 - 000028578 _____ C:\WINDOWS\diagerr.xml

2017-11-17 13:48 - 2017-03-19 07:33 - 000000000 ____D C:\WINDOWS\Registration

2017-11-17 13:47 - 2017-09-30 01:34 - 000000000 ___HD C:\$WINDOWS.~BT

2017-11-17 10:05 - 2017-05-31 20:51 - 000000000 ____D C:\Users\Curri\AppData\Local\ElevatedDiagnostics

2017-11-17 10:05 - 2017-03-19 07:33 - 000000000 ____D C:\WINDOWS\system32\NDF

2017-11-17 09:30 - 2017-03-19 07:21 - 000000000 ____D C:\WINDOWS\CbsTemp

2017-11-17 07:16 - 2017-03-19 07:33 - 000000000 ____D C:\WINDOWS\AppReadiness

2017-11-17 07:14 - 2017-07-11 22:37 - 001204750 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-11-17 06:59 - 2017-07-31 23:11 - 000000000 ____D C:\AdwCleaner

2017-11-17 06:51 - 2017-06-01 01:37 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files

2017-11-17 06:35 - 2017-03-19 07:31 - 000000000 ____D C:\WINDOWS\INF

2017-11-17 06:32 - 2016-07-30 03:57 - 000000000 __RHD C:\Users\Public\AccountPictures

2017-11-17 06:19 - 2017-07-11 21:46 - 000389872 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2017-11-17 06:09 - 2017-03-19 07:33 - 000000000 ____D C:\WINDOWS\system32\appraiser

2017-11-17 06:09 - 2017-03-19 07:33 - 000000000 ____D C:\WINDOWS\ShellExperiences

2017-11-17 06:09 - 2017-03-19 07:33 - 000000000 ____D C:\WINDOWS\Provisioning

2017-11-17 06:09 - 2017-03-19 07:33 - 000000000 ____D C:\Program Files\Windows Photo Viewer

2017-11-17 06:09 - 2017-03-19 07:33 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2017-11-16 12:25 - 2017-03-19 07:33 - 000000000 ____D C:\WINDOWS\system32\AppLocker

2017-11-15 22:41 - 2017-05-31 20:10 - 000000000 ____D C:\Users\Curri\Desktop\TOOLS

2017-11-15 01:49 - 2017-07-31 19:12 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys

2017-11-15 01:28 - 2017-06-02 23:19 - 000000000 ____D C:\Users\Curri\Desktop\M-CHECK ASAP

2017-11-14 15:53 - 2017-05-31 18:42 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-11-14 15:53 - 2017-05-31 18:42 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-11-14 15:53 - 2017-03-19 07:33 - 000000000 ___HD C:\Program Files\WindowsApps

2017-11-14 15:47 - 2017-07-11 22:45 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2017-11-14 15:47 - 2017-07-11 22:45 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2017-11-12 01:48 - 2017-05-31 16:44 - 000002374 _____ C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2017-11-12 01:42 - 2017-05-31 16:44 - 000000000 ___RD C:\Users\Curri\OneDrive

2017-11-12 01:15 - 2017-06-01 02:52 - 000000000 ____D C:\Users\Curri\Desktop\ksc

2017-11-11 19:37 - 2017-05-31 16:39 - 000000000 ____D C:\Users\Curri\AppData\Local\Packages

2017-11-08 10:14 - 2017-03-19 07:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2017-11-08 10:05 - 2017-02-08 09:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Office

2017-11-05 12:10 - 2017-03-19 07:36 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2017-11-05 12:10 - 2017-03-19 07:36 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2017-11-02 00:50 - 2017-06-11 20:35 - 000000000 ____D C:\Users\Curri\AppData\Roaming\CyberLink

2017-11-01 03:52 - 2017-03-19 07:33 - 000000000 ____D C:\WINDOWS\rescache

2017-11-01 03:44 - 2017-09-18 21:38 - 000000000 ____D C:\Users\TEMP

2017-11-01 03:17 - 2017-03-19 07:33 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll

2017-11-01 03:17 - 2017-03-19 07:33 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll

2017-11-01 00:58 - 2017-08-30 23:34 - 000000000 ____D C:\ProgramData\Malwarebytes

2017-10-31 22:32 - 2017-05-31 21:29 - 000000000 ____D C:\WINDOWS\system32\MRT

2017-10-31 22:27 - 2017-05-31 21:18 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2017-10-28 22:35 - 2017-05-31 20:00 - 000000000 ____D C:\Users\Curri\Desktop\Swiss Drumming Band

2017-10-28 16:33 - 2017-08-01 18:07 - 000000000 ____D C:\Users\Curri\OneDrive\Documents\My Kindle Content

2017-10-28 14:10 - 2017-07-18 15:28 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1429696996-3989237847-2058814036-1001

2017-10-28 14:04 - 2017-07-31 16:51 - 000000000 ____D C:\Users\Curri\AppData\Local\LenovoServiceBridge

2017-10-27 16:44 - 2017-02-08 09:51 - 000000000 ____D C:\Program Files\Lenovo

2017-10-27 16:44 - 2017-02-08 09:51 - 000000000 ____D C:\Program Files (x86)\Lenovo

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2017-11-11 17:45

 

==================== End of FRST.txt ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2017

Ran by Curri (17-11-2017 21:31:12)

Running from C:\Users\Curri\Desktop

Windows 10 Home Version 1703 15063.726 (X64) (2017-07-11 12:50:15)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1429696996-3989237847-2058814036-500 - Administrator - Disabled)

Curri (S-1-5-21-1429696996-3989237847-2058814036-1001 - Administrator - Enabled) => C:\Users\Curri

DefaultAccount (S-1-5-21-1429696996-3989237847-2058814036-503 - Limited - Disabled)

defaultuser0 (S-1-5-21-1429696996-3989237847-2058814036-1000 - Limited - Disabled) => C:\Users\defaultuser0

Guest (S-1-5-21-1429696996-3989237847-2058814036-501 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}

AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Amazon Kindle (HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)

Amazon Kindle (HKU\S-1-5-21-1429696996-3989237847-2058814036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192611390\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)

AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)

AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.)

AntiLogger Free version 1.8.2.320 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.320 - Zemana Ltd.)

Catalyst Control Center Next Localization BR (HKLM\...\{1BE58F4C-0F85-8B2E-5C30-F3CF4C430638}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHS (HKLM\...\{BCA67CCE-4CC6-0E38-538C-3DEE736497B3}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHT (HKLM\...\{C2AB6B4B-67D4-0EA7-B6E7-2714204F2CCE}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CS (HKLM\...\{5E575B5F-8815-855E-8D7E-831F1864B265}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DA (HKLM\...\{B2EB8ADE-75EA-C07F-E9C3-211F261F6AE9}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DE (HKLM\...\{A0AF62E7-50FA-A6D5-3A41-AB0F2B78423C}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization EL (HKLM\...\{4BA1606F-6B9D-D069-5D45-CC92C31566FD}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization ES (HKLM\...\{14594745-CBC1-9B09-97F2-D87F4083AE59}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FI (HKLM\...\{B1A0EE0D-84AD-D650-23F8-C36C02BBA33B}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FR (HKLM\...\{658CD2B5-A13F-FE0C-EB02-D032347E1E8C}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization HU (HKLM\...\{144007A2-8FB2-14E6-B0A1-ACDAB319222F}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization IT (HKLM\...\{13209EB8-E25D-6B1B-3807-581BC483A620}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization JA (HKLM\...\{AC14F193-F900-C602-EAAA-A3D21C3E3939}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization KO (HKLM\...\{11215EF3-7B35-EDD9-9735-CA1B03A71D81}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NL (HKLM\...\{4CB0C4BF-84CC-6C21-B2E6-99AA9EA3EA2B}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NO (HKLM\...\{6E42D94A-7740-BC3B-E436-32CC2098F5D9}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization PL (HKLM\...\{4748499C-DEE2-1953-7F01-BC908170709C}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization RU (HKLM\...\{0F237AD1-B58E-9D8B-9B76-621992D0F987}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization SV (HKLM\...\{3D6AB824-7B90-141C-D2AB-D88D1D90C2B2}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TH (HKLM\...\{84AF1C48-9354-E614-4959-11AD41E74CCD}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TR (HKLM\...\{05EA44C5-E136-BF7A-1F49-9110EDF3213F}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.)

CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.6714 - CyberLink Corp.)

DS-620 (HKLM-x32\...\{50126EED-D623-40AE-AD0D-B98FB36E4DA9}) (Version: 6.12.15310 - Brother Industries, Ltd.)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden

Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden

Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)

Kaspersky Total Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden

Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)

Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden

Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)

Lenovo Service Bridge (HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.5.7 - Lenovo)

Lenovo Service Bridge (HKU\S-1-5-21-1429696996-3989237847-2058814036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192611390\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.5.7 - Lenovo)

Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8625.2121 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1429696996-3989237847-2058814036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192611390\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

NordVPN (HKLM-x32\...\{399A1E19-38E5-40C5-8ACD-BF007782F59A}) (Version: 6.6.11 - NordVPN) Hidden

NordVPN (HKLM-x32\...\NordVPN 6.6.11) (Version: 6.6.11 - NordVPN)

OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)

Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden

Panda USB Vaccine 1.0.1.16 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)

Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)

TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)

Telstra Pre-Paid 3G Wi-Fi (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)

VoodooShield version 3.59 (HKLM\...\{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 3.59 - VoodooSoft, LLC)

Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)

Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-16] ()

ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (Cyberlink)

ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-04-29] (AO Kaspersky Lab)

ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (Cyberlink)

ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-04-29] (AO Kaspersky Lab)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-04-29] (AO Kaspersky Lab)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-03-21] (Advanced Micro Devices, Inc.)

ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-16] ()

ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-04-29] (AO Kaspersky Lab)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {1543F724-58BE-4AFB-A578-6519FA87A108} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1429696996-3989237847-2058814036-1001 => C:\Users\Curri\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2017-10-10] (Lenovo Group Limited)

Task: {1B6E927A-5E66-4A07-9765-1BF0CC936B33} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService

Task: {2C301673-3BA3-448C-8640-91BA2CE3779D} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [2016-10-07] (CyberLink)

Task: {3B50CBE8-9DAB-4486-B087-74D573E62A8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-31] (Google Inc.)

Task: {3E243AD7-CD42-41B0-BA1B-171D3F07D090} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32

Task: {42B49C4A-E353-4D83-8325-E0BDE04809DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-31] (Google Inc.)

Task: {567E4430-7045-44DD-B544-CE9F1B25CB99} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-03] ()

Task: {6DC7ECA6-D697-41BF-9671-E81E9637DCE4} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\Lenovo\Power2Go\CLVDLauncher.exe [2016-09-20] (CyberLink Corp.)

Task: {705844CA-9E79-4D9F-84A8-F4BD0014F4CD} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2010-06-01] ()

Task: {71F12516-FF31-4F69-A0E3-1C437A374244} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)

Task: {8F81F71E-FF30-4F45-B64E-B27B905F90D9} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)

Task: {9AC21FA9-EDED-4DF7-9062-D875D71BEA2E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-11-08] (Microsoft Corporation)

Task: {9BE0976C-3FBA-477F-816D-D3EB3502AB98} - System32\Tasks\S-1-5-21-1429696996-3989237847-2058814036-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-11-02] (Microsoft Corporation)

Task: {9F80D2A3-AA15-4C13-9959-FF999CC6A609} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)

Task: {B3D58637-2625-4E63-93FA-3251D07526BE} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\748c8ab2-7a41-4277-a49a-1ff06cdb7fa8 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)

Task: {C271390B-F6FC-4EC5-8A64-29ADFF983FD3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5736f532-5711-49df-96cb-dca9aca5be2b => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)

Task: {C7974922-876D-40DB-BE7B-63B37F967150} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-03-21] (Advanced Micro Devices, Inc.)

Task: {CF105361-8115-48F1-B352-2834BDF6D277} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4df70603-07c0-4239-88f6-b5ace3559a35 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)

Task: {E0700400-697E-4CFE-B1BB-E0EF2CE729E9} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\99432b14-2768-4421-8d23-32be177ad203 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)

Task: {E48E8757-DBA1-408C-B646-C806AD385DD3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-03] ()

Task: {F5668E50-29C0-483B-AB3F-FA961AEC1D6C} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [2016-07-14] (CyberLink Corp.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

ShortcutWithArgument: C:\Users\Public\Desktop\Telstra Pre-Paid 3G Wi-Fi.lnk -> C:\Program Files (x86)\Hostless Modem\Telstra Pre-Paid 3G Wi-Fi\LaunchWebUI.exe () -> hxxp://m.home

 

==================== Loaded Modules (Whitelisted) ==============

 

2017-08-02 15:49 - 2015-02-12 12:43 - 000032768 _____ () C:\Windows\Mobile_Series_Service.exe

2017-11-14 15:54 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll

2017-11-14 15:54 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

2017-03-19 07:28 - 2017-03-19 07:28 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll

2017-11-16 09:17 - 2017-11-16 09:17 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll

2016-09-14 04:19 - 2016-09-14 04:19 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll

2016-09-14 04:19 - 2016-09-14 04:19 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll

2016-09-14 04:19 - 2016-09-14 04:19 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

2016-09-14 04:19 - 2016-09-14 04:19 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll

2016-09-14 04:18 - 2016-09-14 04:18 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll

2016-09-14 04:18 - 2016-09-14 04:18 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll

2016-09-14 04:19 - 2016-09-14 04:19 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll

2017-03-19 07:29 - 2017-03-19 13:01 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2017-11-12 21:58 - 2017-11-12 21:59 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe

2017-11-12 21:58 - 2017-11-12 21:59 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll

2017-11-12 21:58 - 2017-11-12 21:59 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll

2017-11-08 11:34 - 2017-11-08 11:36 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll

2017-11-12 21:58 - 2017-11-12 21:59 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll

2017-11-16 07:47 - 2017-10-16 01:21 - 004125080 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll

2017-03-19 07:29 - 2017-03-19 13:01 - 002487712 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll

2016-06-28 01:19 - 2016-06-28 01:19 - 000865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll

2017-02-08 09:55 - 2017-02-27 11:38 - 000116064 _____ () C:\Program Files (x86)\Lenovo\CCSDK\Xmlparser.dll

2017-02-08 09:56 - 2016-09-21 11:48 - 000763160 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll

2016-09-22 03:48 - 2016-09-22 03:48 - 000027416 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38395128.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45487959.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38395128.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45487959.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2016-07-16 22:17 - 2016-07-16 22:15 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192606297\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg

HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192606828\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg

HKU\S-1-5-21-1429696996-3989237847-2058814036-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192606984\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192611390\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg

DNS Servers: 162.242.211.137 - 78.46.223.24

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

HKLM\...\StartupApproved\Run: => "SecurityHealth"

HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"

HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"

HKLM\...\StartupApproved\Run: => "LenovoUtility"

HKLM\...\StartupApproved\Run: => "RTHDVCPL"

HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df"

HKLM\...\StartupApproved\Run32: => "CheckNDISPortf0acae"

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\...\StartupApproved\Run: => "NordVPN"

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192611390\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11172017192611390\...\StartupApproved\Run: => "NordVPN"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{A8DF7BF0-2535-49A3-BC98-DAF6A43D12F2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe

FirewallRules: [{785BB22B-7AC8-4CD6-8686-0EBA16832C24}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe

FirewallRules: [{0330F62C-4E09-4D75-9351-68508EB858EB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe

FirewallRules: [{2E51B10F-6529-42DB-A4DD-55D4D22C2018}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe

FirewallRules: [{54B8536F-B7B6-4554-8CE2-3B53B47F5100}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe

FirewallRules: [{BF24BEDC-750F-46B9-A897-FB234DBB3D0F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

FirewallRules: [{FD10FC98-A730-4328-9B5E-9E76F154A4E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

12-11-2017 05:48:40 Removed Sophos Virus Removal Tool.

17-11-2017 01:28:21 Windows Update

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/17/2017 07:37:31 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: LSBUpdater.exe, version: 1.0.0.0, time stamp: 0x59dc2efa

Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x1a9bbe0b

Exception code: 0xe0434352

Fault offset: 0x0000000000069d98

Faulting process id: 0x19f8

Faulting application start time: 0x01d35f8243572ebb

Faulting application path: C:\Users\Curri\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe

Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll

Report Id: f0398943-4f84-4777-8c60-15a6c9dd342f

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (11/17/2017 07:37:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: LSBUpdater.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Win32Exception

   at ‌‪‫​‭​‌‮‪‌‎​‫‍‫‎‮‭‮‮.‪‎‏‪​‏‬‍‍‌‪‏‮‭‏​‪‭‬​‮​‮(System.Object, System.String, System.String, Boolean, System.EventHandler)

   at ‌‪‫​‭​‌‮‪‌‎​‫‍‫‎‮‭‮‮.‎‌‪‍‮‫‪‭‌‭‬‎‫‪‪‮‬‫‬‏‍​‫‮()

   at ‮‍‎‏‭‫​‪‌‭‭‍‬‭‏‫‮‎‭‫​‭‮.‭​‌​‮‭‏‬‌‮‭‪‮‌‎‍‎‮‬‍‮‎‭‭​‮​‬‎‌‏‏‮()

 

Error: (11/17/2017 07:00:13 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

 

Error: (11/17/2017 06:11:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-CB5ICRTF)

Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (11/17/2017 07:14:16 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: LSBUpdater.exe, version: 1.0.0.0, time stamp: 0x59dc2efa

Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x1a9bbe0b

Exception code: 0xe0434352

Fault offset: 0x0000000000069d98

Faulting process id: 0x1f7c

Faulting application start time: 0x01d35f1b002ba8cc

Faulting application path: C:\Users\Curri\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe

Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll

Report Id: bc92a31f-0ee5-479e-9750-c4e19e14f744

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (11/17/2017 07:13:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: LSBUpdater.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Win32Exception

   at ‌‪‫​‭​‌‮‪‌‎​‫‍‫‎‮‭‮‮.‪‎‏‪​‏‬‍‍‌‪‏‮‭‏​‪‭‬​‮​‮(System.Object, System.String, System.String, Boolean, System.EventHandler)

   at ‌‪‫​‭​‌‮‪‌‎​‫‍‫‎‮‭‮‮.‎‌‪‍‮‫‪‭‌‭‬‎‫‪‪‮‬‫‬‏‍​‫‮()

   at ‮‍‎‏‭‫​‪‌‭‭‍‬‭‏‫‮‎‭‫​‭‮.‭​‌​‮‭‏‬‌‮‭‪‮‌‎‍‎‮‬‍‮‎‭‭​‮​‬‎‌‏‏‮()

 

Error: (11/17/2017 07:10:18 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: CCSDK.exe, version: 2.0.21.1, time stamp: 0x58b390f4

Faulting module name: fastprox.dll, version: 10.0.15063.0, time stamp: 0xe0fd7c14

Exception code: 0xc0000005

Fault offset: 0x00083614

Faulting process id: 0x2194

Faulting application start time: 0x01d35f1b05ab1853

Faulting application path: C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe

Faulting module path: C:\WINDOWS\system32\wbem\fastprox.dll

Report Id: e33330d0-6710-438c-b723-e737d7826201

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (11/17/2017 06:42:38 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: LSBUpdater.exe, version: 1.0.0.0, time stamp: 0x59dc2efa

Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x1a9bbe0b

Exception code: 0xe0434352

Fault offset: 0x0000000000069d98

Faulting process id: 0x1e3c

Faulting application start time: 0x01d35f15e7af7691

Faulting application path: C:\Users\Curri\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe

Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll

Report Id: 01f0a6a3-0abe-476a-bc13-953dd14e5c72

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (11/17/2017 06:39:34 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: LSBUpdater.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ComponentModel.Win32Exception

   at ‌‪‫​‭​‌‮‪‌‎​‫‍‫‎‮‭‮‮.‪‎‏‪​‏‬‍‍‌‪‏‮‭‏​‪‭‬​‮​‮(System.Object, System.String, System.String, Boolean, System.EventHandler)

   at ‌‪‫​‭​‌‮‪‌‎​‫‍‫‎‮‭‮‮.‎‌‪‍‮‫‪‭‌‭‬‎‫‪‪‮‬‫‬‏‍​‫‮()

   at ‮‍‎‏‭‫​‪‌‭‭‍‬‭‏‫‮‎‭‫​‭‮.‭​‌​‮‭‏‬‌‮‭‪‮‌‎‍‎‮‬‍‮‎‭‭​‮​‬‎‌‏‏‮()

 

Error: (11/17/2017 06:10:53 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.15063.447, time stamp: 0xf6a2adae

Faulting module name: USER32.dll, version: 10.0.15063.674, time stamp: 0x1f13c547

Exception code: 0xc0000005

Fault offset: 0x000000000001fa9f

Faulting process id: 0x2bb8

Faulting application start time: 0x01d35f12d01f643f

Faulting application path: C:\WINDOWS\system32\SearchProtocolHost.exe

Faulting module path: C:\WINDOWS\System32\USER32.dll

Report Id: 4e46b765-d6f8-47d8-97a2-227ef892015f

Faulting package full name: 

Faulting package-relative application ID:

 

 

System errors:

=============

Error: (11/17/2017 06:51:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The nordvpn-service service failed to start due to the following error: 

The service did not respond to the start or control request in a timely fashion.

 

Error: (11/17/2017 06:51:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the nordvpn-service service to connect.

 

Error: (11/17/2017 06:51:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The CldFlt service failed to start due to the following error: 

The request is not supported.

 

Error: (11/17/2017 06:50:09 PM) (Source: Service Control Manager) (EventID: 7043) (User: )

Description: The Update Orchestrator Service service did not shut down properly after receiving a preshutdown control.

 

Error: (11/17/2017 06:47:11 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-CB5ICRTF)

Description: The server {3EEF301F-B596-4C0B-BD92-013BEAFCE793} did not register with DCOM within the required timeout.

 

Error: (11/17/2017 06:47:10 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-CB5ICRTF)

Description: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.

 

Error: (11/17/2017 06:47:10 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-CB5ICRTF)

Description: The server {3EEF301F-B596-4C0B-BD92-013BEAFCE793} did not register with DCOM within the required timeout.

 

Error: (11/17/2017 06:47:07 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-CB5ICRTF)

Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

 

Error: (11/17/2017 06:13:26 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-CB5ICRTF)

Description: The server Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

 

Error: (11/17/2017 06:12:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Group Policy Client service failed to start due to the following error: 

The service did not respond to the start or control request in a timely fashion.

 

 

CodeIntegrity:

===================================

  Date: 2017-11-16 09:14:01.108

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\remote_eka_prague_loader.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2017-11-16 07:39:12.073

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-11-16 07:35:22.889

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-11-16 04:24:38.789

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-11-15 18:38:51.698

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\remote_eka_prague_loader.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2017-11-14 02:47:39.141

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-11-14 01:46:06.983

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-11-13 16:20:36.849

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-11-13 16:20:30.554

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\dumpwriter.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2017-11-13 16:20:29.898

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\kl_service.dll that did not meet the Microsoft signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics 

Percentage of memory in use: 48%

Total physical RAM: 6322.6 MB

Available physical RAM: 3228.5 MB

Total Virtual: 7090.6 MB

Available Virtual: 3310.35 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:887.47 GB) (Free:812.15 GB) NTFS

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.62 GB) NTFS

Drive f: (Lexar) (Removable) (Total:14.9 GB) (Free:8.89 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 399418D1)

 

Partition: GPT.

 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18)

Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

 

==================== End of Addition.txt ============================


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#5 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:12 AM

Posted 27 November 2017 - 02:00 PM

Greetings Unworn_kilt,

 

 

It has been a long time since this was in queue. We volunteers sometimes do get overwhelmed at our lives and forums :(

 

Anyways, do you still require help with this? If yes, please respond to this thread with a concise list of issues which you are facing now.

 

 

Thanks,

Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#6 Unworn_Kilt

Unworn_Kilt
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:42 PM

Posted 28 November 2017 - 04:32 AM

Hi Pranav,

 

:thumbup2:

 

I understand the delays. I was helping where possible in the "Am I Infected, What Do I Do?" topic.

 

Apologies for the delay in getting back to you. I spent some time in hospital.

 

Yes, it appears that this machine is still compromised.

 

The issues remain pretty much the same, but I now have a new Folder, which may be normal, in the C:\ directory. It's called $WINDOWS.~BT

 

Quite a few programs seem to be running from in there in the Sub Directory NewOS. It also contains a Program Files (x86) folder and others one would expect to be in the standard directory tree.

 

There are numerous unknown incoming and outgoing connections.

 

Kaspersky Total seems to be trying to download updates from Cogent Technologies, and, other anomalous sources. Kaspersky state that this should not be happening but can not offer any advice beyond running GetSystemInfo, which invariably shows no problems. When I manually view the Registry, I can see that deep scanning for RootKits and many other settings are disabled. Safe Browser is logging all activity to sub-folders in C:\ProgramData despite caching being disabled.

 

In fact it seems that pretty much everything is being logged to various folders.

 

Despite running numerous different anti-virus and anti-malware software at different times, only Kaspersky will detect the Eicar Test File.

 

A lot of software won't update. The computer is behaving very erratically and windows will close without interaction from any user at this end.

 

There are also a number of odd Registry keys which seem to contain scripting code also.

 

Even Farbar doesn't seem to be reporting accurately.

 

My other computer is awaiting a hardware rebuild following similar problems prior to crashing completely. I had it checked by a "White Hacker" who needs to remain nameless but his tools were destroyed as soon as his USB drives were inserted.

 

Kaspersky Application Control is throwing up Warnings at the rate of about 5-10 per 20 seconds. Mainly programs trying perform illegal memory or process actions.

 

Internet Performance has dropped off irrespective of whether using WiFi or Cat 6 connection.

 

Massive increase in data usage.

 

 

Late Edit: I've just identified traces of "Win32/Neshta.a," however, I'm absolutely certain there's more.

 

 

In short, yes, I would be most grateful for assistance thanks!

 

 

I reckon you're going to need fresh Farbar logs too BTW.

 

 

 

 

Kilt.


Edited by Unworn_Kilt, 28 November 2017 - 10:30 PM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#7 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:12 AM

Posted 30 November 2017 - 08:11 AM

Greetings Unworn_Kilt,
 
Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only that tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and that may have been the route the malware used to infect your computer. Do not use any P2P software until we conclude your topic.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

Let's begin!
 
 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Once you have downloaded the file, kindly rename the file as "FRST64.com" instead of "FRST64.exe" (Without quotes). If you are not able to view the extensions of file names, kindly follow this guide.
  • Now, right click on the file and click on Properties. Under the General tab, you might notice a checkbox to Unblock the file. Please check the checkbox and then click on OK button.
  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste the logs back here.

 

 

Let me know how it goes!

 

 

Thanks and have a nice day!

 

Regards,

Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#8 Unworn_Kilt

Unworn_Kilt
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:42 PM

Posted 01 December 2017 - 06:53 AM

G'day Pranav,

 

 

Sorry for the delay. The scan I mentioned took about 9 hours and took in some 1,368,308 Files.

 

 

Notes:

 

 

Operating System (Windows 10 Home. Version 1703, Build 15063.726 until reboot. Via WinVer.) Windows 10 was Pre-Installed at collection from Retailer.

 

The Farbar Logs seem Inaccurate. Specially FRST.TXT. It is failing to show the 109,859 Files, 24,260 Folders sitting in C:\$WINDOWS.~BT (Size (17.5 GB (18,823,530,491 bytes)), (Size on Disk = 18.0 GB (19,354,988,544 bytes)) which is basically the Entire File System Repeated, at times, Twelvefold. Also Windows now appears to be running from there, not C:\Windows as a base. The majority of these files are showing an Install Date within the last 30 days but a Date Created of ‎Saturday, ‎30 ‎September ‎2017, ‏‎00:34:53 (+/-) Depending on the file.

 

There is also a C:\Windows.old folder which is not being shown in 

 

None of the above are being shown in the Farbar scans.  The C:\$WINDOWS.~BT folder also contains copies of \Program Files (x86), \Program Files and many copies of user files, documents and settings etc.

 

I know you have not requested it, but, I'm going to include SHORTCUTS.TXT. I believe it contains some very useful information.

 

Nothing on this computer is Private. All Libraries, Desktop and many other items are shared to Public.

 

This is a Single User computer. It should not be a member of any Domain(s.)

 

Other than installed Software, the User has only created (directly) about 300-500 files. She has some general photographs in addition to a number of Document files and a few MP3 files. I have used quite a number of Tools over time. These have generated various logs, a large number of which are Stored for Monitoring purposes.

 

All Files have been, or, will be Backed-Up Prior to Making Any Changes to the System.

 

 

The following Shares are enabled:

 

Share Name       Folder Path       Type      # Client Connections     Description

 

ADMIN$           C:\WINDOWS       Windows     0                       Remote Admin

C$               C:\              Windows     0                       Default Share

D$               D:\              Windows     0                       Default Share

IPC$                              Windows     0                       Remote IPC

 

These may be appropriate. I include them for your information only.

 

 

 

There are 6 Partitions showing in Disk Management. These are:

 

Volume                  Layout        Type    File System        Status

 

(Disk 0 partition 1)    Simple        Basic                     Healthy (EFI System Partition) - 260 MB

(Disk 0 partition 5)    Simple        Basic                     Healthy (Recovery Partition) - 16.82 GB

(Disk 0 partition 6)    Simple        Basic                     Healthy (Recovery Partition) - 16.82 GB

(Disk 0 partition 7)    Simple        Basic                     Healthy (OEM Partition) - 1000 MB

LENOVO (D:)             Simple        Basic   NTFS              Healthy (Primary Partition) - 25.00 GB

Windows (C:)            Simple        Basic   NTFS              Healthy (Boot, Page File, Crash Dump, Primary Partition) - 887.47 GB

 

CD-ROM 0 DVD (E:)

 

 

I believe the Security Certificates have been modified or replaced. I no longer trust them.

 

It also seems that the Boot Configuration MAY have been re-worked.

 

The performance continues to degrade & Internet access is blocked randomly.

 

All data on the Web appears to be being routed through an unknown server.

 

Please advise if you would like further information.

 

If I fail to respond, it's likely to be due to access being blocked. I'll get back to you as soon as I restore the connection.

 

Thank you again for your help.

 

 

 

Unworn_Kilt (Ruth)

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017

Ran by Curri (administrator) on LAPTOP-CB5ICRTF (01-12-2017 22:00:08)

Running from C:\Users\Curri\Desktop

Loaded Profiles: defaultuser0 & Curri (Available Profiles: defaultuser0 & Curri)

Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

() C:\Windows\Mobile_Series_Service.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe

(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe

(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe

(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe

(Microsoft Corporation) C:\Windows\System32\Locator.exe

(VoodooSoft, LLC ) C:\Program Files\VoodooShield\VoodooShield.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe

(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe

(VoodooSoft, LLC ) C:\Program Files\VoodooShield\VoodooShieldService.exe

(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\CCSDK\CCSDKUpdateAgent.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe

(NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe

() C:\Program Files (x86)\NordVPN\nordvpn-service.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe

(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe

(The OpenVPN Project) C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\openvpn-nordvpn.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe

(AVG Technologies CZ) C:\Users\Curri\Downloads\avg_remover_neshta.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8700.40675.0_x64__8wekyb3d8bbwe\HxOutlook.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8700.40675.0_x64__8wekyb3d8bbwe\HxTsr.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.724_none_9e8a868b2d8a538d\TiWorker.exe

(Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe

(Adlice Software) C:\Users\Curri\Desktop\Mmmmm\Transfer To M-PC\LogAnalyzer32.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18242048 2017-03-09] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489408 2017-03-09] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489408 2017-03-09] (Realtek Semiconductor)

HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)

HKLM\...\Run: [VoodooShield] => C:\Program Files\VoodooShield\VoodooShield.exe [2443600 2017-05-01] (VoodooSoft, LLC )

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

HKLM-x32\...\Run: [CheckNDISPortf0acae] => C:\Program Files (x86)\Hostless Modem\Telstra Pre-Paid 3G Wi-Fi\CheckNDISPort_df.exe [459008 2013-08-15] ()

HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Hostless Modem\Telstra Pre-Paid 3G Wi-Fi\CancelAutoPlay_df.exe [446208 2013-08-15] ()

HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)

HKU\S-1-5-21-1429696996-3989237847-2058814036-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-19] (Microsoft Corporation)

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [15671472 2017-08-23] (NordVPN)

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [150016 2017-03-19] (Microsoft Corporation)

HKU\S-1-5-18\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [15671472 2017-08-23] (NordVPN)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2017-11-15] ()

BootExecute: rmneshta.ntautocheck autochk * bootdeletebootdelete

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\..\Interfaces\{37af276a-8222-48eb-9041-079fb3f9fa65}: [DhcpNameServer] 192.168.0.1 192.168.0.1

Tcpip\..\Interfaces\{7176311d-6a8c-48e7-928e-057abc4ae0e1}: [DhcpNameServer] 103.86.99.99 103.86.96.96 78.46.223.24 162.242.211.137

Tcpip\..\Interfaces\{7247e38b-9ba0-4a04-a775-eef29cf746b4}: [DhcpNameServer] 10.0.0.138

Tcpip\..\Interfaces\{e9eca778-ae65-480d-9ebd-d89859060234}: [NameServer] 162.242.211.137,78.46.223.24

Tcpip\..\Interfaces\{e9eca778-ae65-480d-9ebd-d89859060234}: [DhcpNameServer] 192.168.0.1 192.168.0.1

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/

SearchScopes: HKU\S-1-5-21-1429696996-3989237847-2058814036-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04

SearchScopes: HKU\S-1-5-21-1429696996-3989237847-2058814036-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04

SearchScopes: HKU\S-1-5-21-1429696996-3989237847-2058814036-1001 -> {C810E132-AC8C-41CF-ABDD-1FE840BF84F7} URL = 

BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2017-11-24] (AO Kaspersky Lab)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-18] (Microsoft Corporation)

BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File

BHO-x32: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\IEExt\ie_plugin.dll [2017-11-24] (AO Kaspersky Lab)

Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2017-11-24] (AO Kaspersky Lab)

Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\IEExt\ie_plugin.dll [2017-11-24] (AO Kaspersky Lab)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-01] (Microsoft Corporation)

 

Edge: 

======

Edge HomeButtonPage: HKU\S-1-5-21-1429696996-3989237847-2058814036-1001 -> hxxps://www.google.com.au/

Edge Session Restore: HKU\S-1-5-21-1429696996-3989237847-2058814036-1001 -> is enabled.

Edge Extension: (Adguard AdBlocker) -> EdgeExtension_AdguardAdguardAdBlocker_m055xr0c82818 => C:\Program Files\WindowsApps\Adguard.AdguardAdBlocker_2.7.2.0_neutral__m055xr0c82818 [2017-10-02]

Edge Extension: (Ghostery) -> EdgeExtension_GhosteryGhostery_kzkqe0pn505dg => C:\Program Files\WindowsApps\Ghostery.Ghostery_7.3.3.0_neutral__kzkqe0pn505dg [2017-08-15]

 

FireFox:

========

FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi

FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-11-24]

FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-26] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR DefaultSearchKeyword: Default -> lp

CHR Session Restore: Default -> is enabled.

CHR Profile: C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default [2017-11-29]

CHR Extension: (Slides) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]

CHR Extension: (Docs) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]

CHR Extension: (Google Drive) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-31]

CHR Extension: (YouTube) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-31]

CHR Extension: (uBlock Origin) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-11-17]

CHR Extension: (VTchromizer) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2017-08-28]

CHR Extension: (Sheets) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]

CHR Extension: (HTTPS Everywhere) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-11-02]

CHR Extension: (Google Docs Offline) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-01]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-11-17]

CHR Extension: (Kaspersky Protection) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2017-11-29]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-27]

CHR Extension: (WebRTC Network Limiter) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\npeicpdbkakmehahjeeohfdhnlpdklia [2017-06-01]

CHR Extension: (Gmail) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-31]

CHR Extension: (Chrome Media Router) - C:\Users\Curri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]

CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)

R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (Lenovo)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)

R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68416 2017-09-08] (Lenovo Group Limited)

S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe [426416 2017-11-24] (AO Kaspersky Lab)

R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)

S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)

R2 Mobile_Series; C:\Windows\Mobile_Series_Service.exe [32768 2015-02-12] () [File not signed]

R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [417456 2017-08-23] ()

R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [214712 2016-10-17] (Realtek Semiconductor Corp.)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [267352 2017-03-23] (Synaptics Incorporated)

R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [51208 2017-01-09] (Advanced Micro Devices, Inc.)

R2 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [129360 2017-05-01] (VoodooSoft, LLC )

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [100744 2017-01-09] (Advanced Micro Devices, Inc. )

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0312694.inf_amd64_9da804b05ab53fd2\atikmdag.sys [32703384 2017-03-29] (Advanced Micro Devices, Inc.)

R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0312694.inf_amd64_9da804b05ab53fd2\atikmpag.sys [525208 2017-03-29] (Advanced Micro Devices, Inc.)

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [86936 2017-03-29] (Advanced Micro Devices, Inc.)

R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [255368 2017-01-09] (Advanced Micro Devices, Inc. )

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2016-12-12] (Advanced Micro Devices)

R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)

R4 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2017-11-29] ()

R3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)

R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)

R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70872 2017-10-14] (AO Kaspersky Lab)

R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [89952 2017-10-14] (AO Kaspersky Lab)

R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)

S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29816 2016-10-14] (AO Kaspersky Lab)

R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207576 2017-11-24] (AO Kaspersky Lab)

R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [594144 2017-11-24] (AO Kaspersky Lab)

R3 klids; C:\ProgramData\Kaspersky Lab\AVP18.0.0\Bases\klids.sys [186184 2017-11-24] (AO Kaspersky Lab)

R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1055448 2017-11-24] (AO Kaspersky Lab)

R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-10-12] (AO Kaspersky Lab)

R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (AO Kaspersky Lab)

R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)

R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-10-14] (AO Kaspersky Lab)

R3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [44768 2017-01-20] (AO Kaspersky Lab)

R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)

R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [230312 2017-11-25] (AO Kaspersky Lab)

R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-11-24] (AO Kaspersky Lab)

R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [253192 2017-11-25] (AO Kaspersky Lab)

R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [107680 2017-11-25] (AO Kaspersky Lab)

R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173664 2017-11-25] (AO Kaspersky Lab)

R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93920 2016-12-20] (AO Kaspersky Lab)

R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136176 2017-10-14] (AO Kaspersky Lab)

R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199360 2017-10-14] (AO Kaspersky Lab)

S3 MFE_RR; C:\Users\Curri\AppData\Local\Temp\mfe_rr.sys [24120 2017-11-17] (McAfee, Inc.) <==== ATTENTION

R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-23] (Realtek )

R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [712200 2016-10-17] (Realtek Semiconductor Corporation)

R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [427520 2016-11-16] (Realsil Semiconductor Corporation)

R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3150344 2016-10-24] (Realtek Semiconductor Corp.)

R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6813664 2017-05-19] (Realtek Semiconductor Corporation )

S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()

R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [84432 2017-03-27] (The OpenVPN Project)

R3 VSScanner; C:\WINDOWS\System32\DRIVERS\vsscanner.sys [29808 2016-08-18] (VoodooSoft, LLC)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)

S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-11-16] (Zemana Ltd.)

R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-11-16] (Zemana Ltd.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-12-01 22:00 - 2017-12-01 22:01 - 000024911 _____ C:\Users\Curri\Desktop\FRST.txt

2017-12-01 21:55 - 2017-12-01 21:56 - 002391552 _____ (Farbar) C:\Users\Curri\Desktop\FRST64.exe

2017-12-01 21:51 - 2017-12-01 21:51 - 000000000 _____ C:\Users\Curri\defogger_reenable

2017-12-01 21:48 - 2017-12-01 21:49 - 000050477 _____ C:\Users\Curri\Desktop\Defogger.exe

2017-12-01 18:40 - 2017-11-01 00:55 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Curri\Desktop\mbar-1.09.3.1001.exe

2017-11-30 21:28 - 2017-11-30 21:29 - 000000000 ____D C:\Users\Curri\Desktop\Ruth to Review

2017-11-30 16:01 - 2017-12-01 19:30 - 000333828 _____ C:\Users\Curri\Desktop\Current_Scratchpad.txt

2017-11-30 15:34 - 2017-11-30 15:34 - 000003305 _____ C:\Users\Curri\Desktop\Adlice_Log_Analyzer_Error.txt

2017-11-30 15:22 - 2017-12-01 18:27 - 000000000 ____D C:\Users\Curri\Desktop\TOOLS

2017-11-30 14:19 - 2017-12-01 19:33 - 000000000 ____D C:\Users\Curri\Desktop\Mmmmm

2017-11-30 05:01 - 2017-11-30 05:01 - 006285824 _____ (AVG Technologies CZ) C:\WINDOWS\system32\rmneshta.nt

2017-11-30 05:01 - 2017-11-30 05:01 - 000000142 _____ C:\WINDOWS\system32\rmneshta.lst

2017-11-29 23:05 - 2017-11-29 23:05 - 003629536 _____ (AVG Technologies CZ) C:\Users\Curri\Downloads\avg_remover_neshta.exe

2017-11-29 13:30 - 2017-11-29 13:30 - 000158969 _____ C:\Users\Curri\Downloads\FRST.txt

2017-11-29 13:30 - 2017-11-29 13:30 - 000024686 _____ C:\Users\Curri\Downloads\Addition.txt

2017-11-29 03:35 - 2017-11-29 22:20 - 000000606 _____ C:\WINDOWS\system32\bootdelete.lst

2017-11-25 10:30 - 2017-11-25 10:33 - 122999056 _____ (Microsoft Corporation) C:\Users\Curri\Downloads\msert.exe

2017-11-25 02:43 - 2017-11-25 02:43 - 000253192 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys

2017-11-25 02:42 - 2017-11-25 14:23 - 000173664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys

2017-11-25 02:42 - 2017-11-25 02:42 - 000230312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys

2017-11-25 02:42 - 2017-11-25 02:42 - 000107680 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys

2017-11-24 14:40 - 2017-11-24 14:51 - 000002375 _____ C:\Users\Public\Desktop\Safe Money.lnk

2017-11-24 14:40 - 2017-11-24 14:51 - 000002375 _____ C:\ProgramData\Desktop\Safe Money.lnk

2017-11-24 14:40 - 2017-11-24 14:40 - 000087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys

2017-11-24 14:40 - 2017-11-24 14:40 - 000002191 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk

2017-11-24 14:40 - 2017-11-24 14:40 - 000002191 _____ C:\ProgramData\Desktop\Kaspersky Total Security.lnk

2017-11-24 14:40 - 2017-11-24 14:40 - 000001316 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk

2017-11-24 14:40 - 2017-11-24 14:40 - 000001316 _____ C:\ProgramData\Desktop\Kaspersky Secure Connection.lnk

2017-11-24 14:40 - 2017-11-24 14:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security

2017-11-24 14:40 - 2017-11-24 14:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection

2017-11-24 14:39 - 2017-11-24 14:40 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab

2017-11-24 14:39 - 2017-11-24 14:39 - 001055448 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys

2017-11-24 14:39 - 2017-11-24 14:39 - 000594144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys

2017-11-24 14:39 - 2017-11-24 14:39 - 000207576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys

2017-11-24 14:39 - 2017-11-24 14:39 - 000149304 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll

2017-11-24 14:39 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll

2017-11-22 06:33 - 2017-11-22 06:33 - 000000114 _____ C:\local.conf

2017-11-22 06:25 - 2017-11-29 22:20 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe

2017-11-22 05:58 - 2017-11-29 03:20 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys

2017-11-22 05:19 - 2017-11-22 05:20 - 000000000 ____D C:\ProgramData\sa8o

2017-11-22 04:51 - 2017-11-22 04:51 - 000000000 ____D C:\ProgramData\s6e8

2017-11-22 04:48 - 2017-11-22 04:48 - 000000000 ____D C:\ProgramData\saho

2017-11-22 04:48 - 2017-11-22 04:48 - 000000000 ____D C:\ProgramData\s7b4

2017-11-22 04:48 - 2017-11-22 04:48 - 000000000 ____D C:\ProgramData\s4e0

2017-11-22 04:48 - 2017-11-22 04:48 - 000000000 ____D C:\ProgramData\s460

2017-11-22 04:42 - 2017-11-22 04:42 - 000000000 ____D C:\ProgramData\sf48

2017-11-22 04:42 - 2017-11-22 04:42 - 000000000 ____D C:\ProgramData\seac

2017-11-22 04:42 - 2017-11-22 04:42 - 000000000 ____D C:\ProgramData\s58s

2017-11-22 04:36 - 2017-11-22 04:37 - 011308872 _____ (AO Kaspersky Lab) C:\Users\Curri\Downloads\GetSystemInfo6.2.exe

2017-11-22 04:28 - 2017-11-22 04:35 - 171514312 _____ (Kaspersky Lab) C:\Users\Curri\Downloads\KTS18.0.0.405en_full (1).exe

2017-11-22 04:27 - 2017-11-22 04:35 - 171514312 _____ (Kaspersky Lab) C:\Users\Curri\Downloads\KTS18.0.0.405en_full.exe

2017-11-22 01:41 - 2017-12-01 22:00 - 000000000 ____D C:\FRST

2017-11-22 00:23 - 2017-11-22 00:23 - 000011202 _____ C:\WINDOWS\DtcInstall.log.txt

2017-11-21 13:50 - 2017-11-21 13:52 - 000554726 _____ C:\TDSSKiller.3.1.0.15_21.11.2017_13.50.18_log.txt

2017-11-21 09:08 - 2017-11-21 09:16 - 000281078 _____ C:\TDSSKiller.3.1.0.15_21.11.2017_09.08.33_log.txt

2017-11-21 04:43 - 2017-11-21 04:43 - 000000000 ____D C:\ProgramData\Sophos

2017-11-21 04:16 - 2017-11-21 04:25 - 000003692 _____ C:\CapperKiller.1.0.12.0_21.11.2017_04.16.50_log.txt

2017-11-20 11:21 - 2017-11-20 11:24 - 000003692 _____ C:\CapperKiller.1.0.12.0_20.11.2017_11.21.48_log.txt

2017-11-20 10:59 - 2017-11-21 04:13 - 002971014 _____ C:\TDSSKiller.3.1.0.15_20.11.2017_10.59.18_log.txt

2017-11-20 10:56 - 2017-11-20 10:56 - 000008474 _____ C:\TDSSKiller.3.1.0.15_20.11.2017_10.56.14_log.txt

2017-11-20 09:10 - 2017-11-20 09:10 - 000000000 ____D C:\Users\Curri\AppData\Local\Apps\2.0

2017-11-19 01:10 - 2017-11-19 01:10 - 000000000 ____D C:\Windows.old

2017-11-17 23:08 - 2017-11-18 01:52 - 000094144 _____ (Malwarebytes) C:\WINDOWS\SMSS-PFRO9a4c.tmp

2017-11-17 22:42 - 2017-11-17 22:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETDF44.tmp

2017-11-17 22:42 - 2017-11-17 22:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETCA44.tmp

2017-11-17 06:36 - 2017-11-17 06:36 - 000000000 ____D C:\ProgramData\dbg

2017-11-17 06:21 - 2017-11-17 22:39 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET3913.tmp

2017-11-17 05:48 - 2017-11-17 05:48 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET5A62.tmp

2017-11-17 05:48 - 2017-11-17 05:48 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET5159.tmp

2017-11-17 05:48 - 2017-11-17 05:48 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET4A24.tmp

2017-11-17 05:48 - 2017-11-17 05:48 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET3DB0.tmp

2017-11-17 05:34 - 2017-11-17 05:34 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET3467.tmp

2017-11-17 03:49 - 2017-11-17 03:49 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET3B00.tmp

2017-11-17 03:49 - 2017-11-17 03:49 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET338D.tmp

2017-11-17 03:49 - 2017-11-17 03:49 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET2C1A.tmp

2017-11-17 03:49 - 2017-11-17 03:49 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET2572.tmp

2017-11-17 03:49 - 2017-11-17 03:49 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET18AF.tmp

2017-11-16 09:17 - 2017-12-01 22:00 - 003711323 _____ C:\WINDOWS\ZAM.krnl.trace

2017-11-16 09:17 - 2017-12-01 22:00 - 000515533 _____ C:\WINDOWS\ZAM_Guard.krnl.trace

2017-11-16 09:17 - 2017-11-16 09:17 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys

2017-11-16 09:17 - 2017-11-16 09:17 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys

2017-11-16 09:17 - 2017-11-16 09:17 - 000001228 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk

2017-11-16 09:17 - 2017-11-16 09:17 - 000001228 _____ C:\ProgramData\Desktop\Zemana AntiMalware.lnk

2017-11-16 09:17 - 2017-11-16 09:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware

2017-11-16 09:17 - 2017-11-16 09:17 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware

2017-11-16 09:03 - 2017-11-17 07:06 - 000000000 ____D C:\Program Files (x86)\KeyCryptSDK

2017-11-16 09:03 - 2017-11-17 06:44 - 000001220 _____ C:\Users\Public\Desktop\AntiLogger Free.lnk

2017-11-16 09:03 - 2017-11-17 06:44 - 000001220 _____ C:\ProgramData\Desktop\AntiLogger Free.lnk

2017-11-16 09:03 - 2017-11-17 06:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free

2017-11-16 09:03 - 2017-11-17 06:44 - 000000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free

2017-11-16 09:03 - 2015-11-05 15:00 - 000143904 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt64.sys

2017-11-16 09:03 - 2015-11-05 15:00 - 000143904 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\012B9E5F-EF13-4B08-9B-86-14-A2-EA-40-6B-0F.sys

2017-11-16 08:57 - 2017-11-16 09:16 - 000000000 ____D C:\Users\Curri\AppData\Local\Zemana

2017-11-16 08:57 - 2017-11-16 08:57 - 000000000 ____D C:\Users\Curri\AppData\Local\AntiLogger Free

2017-11-16 08:00 - 2017-11-02 15:34 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2017-11-16 08:00 - 2017-11-02 15:19 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2017-11-16 08:00 - 2017-11-02 15:15 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll

2017-11-16 08:00 - 2017-11-02 15:15 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2017-11-16 08:00 - 2017-11-02 15:15 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

2017-11-16 08:00 - 2017-11-02 15:15 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

2017-11-16 08:00 - 2017-11-02 15:15 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

2017-11-16 08:00 - 2017-11-02 15:15 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe

2017-11-16 08:00 - 2017-11-02 15:14 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2017-11-16 08:00 - 2017-11-02 15:13 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2017-11-16 08:00 - 2017-11-02 15:01 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2017-11-16 08:00 - 2017-11-02 15:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2017-11-16 08:00 - 2017-11-02 15:00 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll

2017-11-16 08:00 - 2017-11-02 15:00 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE

2017-11-16 08:00 - 2017-11-02 14:59 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2017-11-16 08:00 - 2017-11-02 14:58 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll

2017-11-16 08:00 - 2017-11-02 14:57 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2017-11-16 08:00 - 2017-11-02 14:57 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2017-11-16 08:00 - 2017-11-02 14:57 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll

2017-11-16 08:00 - 2017-11-02 14:56 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2017-11-16 08:00 - 2017-11-02 14:56 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2017-11-16 08:00 - 2017-11-02 14:56 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll

2017-11-16 08:00 - 2017-11-02 14:55 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll

2017-11-16 08:00 - 2017-11-02 14:55 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2017-11-16 08:00 - 2017-11-02 14:55 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll

2017-11-16 08:00 - 2017-11-02 14:55 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll

2017-11-16 08:00 - 2017-11-02 14:55 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2017-11-16 08:00 - 2017-11-02 14:54 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2017-11-16 08:00 - 2017-11-02 14:54 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2017-11-16 08:00 - 2017-11-02 14:54 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll

2017-11-16 08:00 - 2017-11-02 14:54 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll

2017-11-16 08:00 - 2017-11-02 14:54 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2017-11-16 08:00 - 2017-11-02 14:53 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2017-11-16 08:00 - 2017-11-02 14:53 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll

2017-11-16 08:00 - 2017-11-02 14:53 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll

2017-11-16 08:00 - 2017-11-02 14:52 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2017-11-16 08:00 - 2017-11-02 14:52 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2017-11-16 08:00 - 2017-11-02 14:52 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2017-11-16 08:00 - 2017-11-02 14:52 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll

2017-11-16 08:00 - 2017-11-02 14:52 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll

2017-11-16 08:00 - 2017-11-02 14:51 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll

2017-11-16 08:00 - 2017-11-02 14:51 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2017-11-16 08:00 - 2017-11-02 14:51 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2017-11-16 08:00 - 2017-11-02 14:51 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2017-11-16 08:00 - 2017-10-25 18:10 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll

2017-11-16 08:00 - 2017-10-16 01:39 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2017-11-16 08:00 - 2017-10-16 01:33 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2017-11-16 08:00 - 2017-10-16 01:21 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll

2017-11-16 08:00 - 2017-10-16 01:19 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll

2017-11-16 08:00 - 2017-10-16 01:15 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll

2017-11-16 08:00 - 2017-10-16 01:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll

2017-11-16 08:00 - 2017-10-16 01:14 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll

2017-11-16 08:00 - 2017-10-16 01:14 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll

2017-11-16 08:00 - 2017-10-16 01:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll

2017-11-16 08:00 - 2017-10-16 01:12 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll

2017-11-16 08:00 - 2017-10-16 01:11 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll

2017-11-16 08:00 - 2017-10-16 01:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll

2017-11-16 08:00 - 2017-10-16 01:08 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll

2017-11-16 07:59 - 2017-11-02 15:33 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll

2017-11-16 07:59 - 2017-11-02 15:15 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll

2017-11-16 07:59 - 2017-11-02 15:14 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2017-11-16 07:59 - 2017-11-02 14:56 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll

2017-11-16 07:59 - 2017-11-02 14:53 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll

2017-11-16 07:59 - 2017-10-16 01:31 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2017-11-16 07:54 - 2017-11-02 15:43 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys

2017-11-16 07:54 - 2017-11-02 15:05 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll

2017-11-16 07:54 - 2017-11-02 15:05 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

2017-11-16 07:54 - 2017-11-02 15:00 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll

2017-11-16 07:54 - 2017-11-02 15:00 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe

2017-11-16 07:54 - 2017-11-02 14:55 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2017-11-16 07:54 - 2017-11-02 14:55 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll

2017-11-16 07:53 - 2017-11-02 15:50 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll

2017-11-16 07:53 - 2017-11-02 15:43 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2017-11-16 07:53 - 2017-11-02 15:42 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2017-11-16 07:53 - 2017-11-02 15:35 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll

2017-11-16 07:53 - 2017-11-02 15:07 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2017-11-16 07:53 - 2017-11-02 15:05 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2017-11-16 07:53 - 2017-11-02 15:04 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2017-11-16 07:53 - 2017-11-02 15:04 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2017-11-16 07:53 - 2017-11-02 15:04 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll

2017-11-16 07:53 - 2017-11-02 15:04 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2017-11-16 07:53 - 2017-11-02 15:04 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll

2017-11-16 07:53 - 2017-11-02 15:03 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll

2017-11-16 07:53 - 2017-11-02 15:03 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll

2017-11-16 07:53 - 2017-11-02 15:02 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll

2017-11-16 07:53 - 2017-11-02 15:02 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll

2017-11-16 07:53 - 2017-11-02 14:59 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll

2017-11-16 07:53 - 2017-11-02 14:58 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll

2017-11-16 07:53 - 2017-11-02 14:57 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll

2017-11-16 07:53 - 2017-11-02 14:56 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll

2017-11-16 07:53 - 2017-11-02 14:56 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2017-11-16 07:53 - 2017-11-02 14:55 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2017-11-16 07:53 - 2017-11-02 14:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2017-11-16 07:53 - 2017-11-02 14:53 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2017-11-16 07:53 - 2017-11-02 14:53 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2017-11-16 07:53 - 2017-10-16 01:25 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2017-11-16 07:53 - 2017-10-16 00:45 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll

2017-11-16 07:53 - 2017-10-16 00:38 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe

2017-11-16 07:53 - 2017-10-16 00:34 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll

2017-11-16 07:53 - 2017-10-16 00:30 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll

2017-11-16 07:52 - 2017-11-02 15:43 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2017-11-16 07:52 - 2017-11-02 15:42 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys

2017-11-16 07:52 - 2017-11-02 15:41 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2017-11-16 07:52 - 2017-11-02 15:40 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2017-11-16 07:52 - 2017-11-02 15:07 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe

2017-11-16 07:52 - 2017-11-02 15:06 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll

2017-11-16 07:52 - 2017-11-02 15:04 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll

2017-11-16 07:52 - 2017-11-02 15:04 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe

2017-11-16 07:52 - 2017-11-02 15:04 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2017-11-16 07:52 - 2017-11-02 15:03 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll

2017-11-16 07:52 - 2017-11-02 15:02 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2017-11-16 07:52 - 2017-11-02 15:01 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2017-11-16 07:52 - 2017-11-02 15:01 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll

2017-11-16 07:52 - 2017-11-02 15:00 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll

2017-11-16 07:52 - 2017-11-02 15:00 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2017-11-16 07:52 - 2017-11-02 14:59 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2017-11-16 07:52 - 2017-11-02 14:57 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll

2017-11-16 07:52 - 2017-11-02 14:56 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2017-11-16 07:52 - 2017-11-02 14:56 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2017-11-16 07:52 - 2017-11-02 14:56 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2017-11-16 07:52 - 2017-11-02 14:56 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2017-11-16 07:52 - 2017-11-02 14:55 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2017-11-16 07:52 - 2017-11-02 14:55 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll

2017-11-16 07:52 - 2017-11-02 14:53 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2017-11-16 07:52 - 2017-10-16 01:19 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2017-11-16 07:52 - 2017-10-16 00:39 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll

2017-11-16 07:52 - 2017-10-16 00:39 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll

2017-11-16 07:52 - 2017-10-16 00:37 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll

2017-11-16 07:52 - 2017-10-16 00:35 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll

2017-11-16 07:51 - 2017-11-02 15:50 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll

2017-11-16 07:51 - 2017-11-02 15:50 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2017-11-16 07:51 - 2017-11-02 15:46 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2017-11-16 07:51 - 2017-11-02 15:46 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2017-11-16 07:51 - 2017-11-02 15:46 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2017-11-16 07:51 - 2017-11-02 15:45 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2017-11-16 07:51 - 2017-11-02 15:43 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll

2017-11-16 07:51 - 2017-11-02 15:43 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2017-11-16 07:51 - 2017-11-02 15:42 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2017-11-16 07:51 - 2017-11-02 15:42 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2017-11-16 07:51 - 2017-11-02 15:42 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

2017-11-16 07:51 - 2017-11-02 15:42 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

2017-11-16 07:51 - 2017-11-02 15:42 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe

2017-11-16 07:51 - 2017-11-02 15:42 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys

2017-11-16 07:51 - 2017-11-02 15:35 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

2017-11-16 07:51 - 2017-11-02 15:14 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2017-11-16 07:51 - 2017-11-02 15:07 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll

2017-11-16 07:51 - 2017-11-02 15:07 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll

2017-11-16 07:51 - 2017-11-02 15:07 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE

2017-11-16 07:51 - 2017-11-02 15:06 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll

2017-11-16 07:51 - 2017-11-02 15:05 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys

2017-11-16 07:51 - 2017-11-02 15:05 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll

2017-11-16 07:51 - 2017-11-02 15:04 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2017-11-16 07:51 - 2017-11-02 15:03 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll

2017-11-16 07:51 - 2017-11-02 15:01 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll

2017-11-16 07:51 - 2017-11-02 15:00 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll

2017-11-16 07:51 - 2017-11-02 15:00 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll

2017-11-16 07:51 - 2017-11-02 15:00 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2017-11-16 07:51 - 2017-11-02 15:00 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2017-11-16 07:51 - 2017-11-02 14:59 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2017-11-16 07:51 - 2017-11-02 14:59 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys

2017-11-16 07:51 - 2017-11-02 14:59 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2017-11-16 07:51 - 2017-11-02 14:58 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2017-11-16 07:51 - 2017-11-02 14:58 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll

2017-11-16 07:51 - 2017-11-02 14:57 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2017-11-16 07:51 - 2017-11-02 14:57 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll

2017-11-16 07:51 - 2017-11-02 14:55 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2017-11-16 07:51 - 2017-11-02 14:55 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll

2017-11-16 07:51 - 2017-11-02 14:54 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll

2017-11-16 07:51 - 2017-11-02 14:49 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys

2017-11-16 07:51 - 2017-10-16 01:27 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2017-11-16 07:51 - 2017-10-16 01:27 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2017-11-16 07:51 - 2017-10-16 01:23 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll

2017-11-16 07:51 - 2017-10-16 00:44 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll

2017-11-16 07:51 - 2017-10-16 00:43 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll

2017-11-16 07:51 - 2017-10-16 00:40 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll

2017-11-16 07:51 - 2017-10-16 00:35 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll

2017-11-16 07:51 - 2017-10-16 00:32 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll

2017-11-16 07:50 - 2017-11-02 15:00 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2017-11-16 07:48 - 2017-11-02 15:51 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2017-11-16 07:48 - 2017-11-02 15:51 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2017-11-16 07:48 - 2017-11-02 15:51 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2017-11-16 07:48 - 2017-11-02 15:51 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2017-11-16 07:48 - 2017-10-16 01:23 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll

2017-11-16 07:47 - 2017-11-02 15:51 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2017-11-16 07:47 - 2017-11-02 15:51 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2017-11-16 07:47 - 2017-11-02 15:50 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe

2017-11-16 07:47 - 2017-11-02 15:50 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2017-11-16 07:47 - 2017-11-02 15:50 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2017-11-16 07:47 - 2017-11-02 15:45 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll

2017-11-16 07:47 - 2017-11-02 15:44 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2017-11-16 07:47 - 2017-11-02 15:44 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll

2017-11-16 07:47 - 2017-11-02 15:43 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2017-11-16 07:47 - 2017-11-02 15:42 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2017-11-16 07:47 - 2017-11-02 15:42 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll

2017-11-16 07:47 - 2017-11-02 15:03 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll

2017-11-16 07:47 - 2017-11-02 14:58 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll

2017-11-16 07:47 - 2017-11-02 14:58 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll

2017-11-16 07:47 - 2017-11-02 14:56 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2017-11-16 07:47 - 2017-11-02 14:55 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2017-11-16 07:47 - 2017-10-16 00:38 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll

2017-11-16 07:46 - 2017-11-02 15:50 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2017-11-16 07:46 - 2017-11-02 15:50 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2017-11-16 07:46 - 2017-11-02 15:50 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi

2017-11-16 07:46 - 2017-11-02 15:50 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe

2017-11-16 07:46 - 2017-11-02 15:50 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe

2017-11-16 07:46 - 2017-10-16 01:29 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2017-11-16 07:46 - 2017-10-16 01:26 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll

2017-11-16 07:04 - 2017-11-17 03:49 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETCC72.tmp

2017-11-16 05:42 - 2017-12-01 21:59 - 000000000 ____D C:\ProgramData\VoodooShield

2017-11-16 05:42 - 2017-11-16 05:48 - 000000000 ____D C:\Program Files\VoodooShield

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETFEB1.tmp

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETF692.tmp

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETEEE0.tmp

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETE7CB.tmp

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETE067.tmp

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET5A7.tmp

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET3045.tmp

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET22F5.tmp

2017-11-16 05:42 - 2017-11-16 05:43 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET1519.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETD00B.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETC329.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETBBF4.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETB5F8.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETAE94.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETA5F8.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET9BB6.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET8EC4.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET84E0.tmp

2017-11-16 05:42 - 2017-11-16 05:42 - 000000908 _____ C:\Users\Public\Desktop\Voodoo Shield.lnk

2017-11-16 05:42 - 2017-11-16 05:42 - 000000908 _____ C:\ProgramData\Desktop\Voodoo Shield.lnk

2017-11-16 05:42 - 2017-11-16 05:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield

2017-11-16 05:42 - 2016-08-18 18:17 - 000029808 _____ (VoodooSoft, LLC) C:\WINDOWS\system32\Drivers\vsscanner.sys

2017-11-16 05:41 - 2017-11-16 05:41 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETEB7E.tmp

2017-11-16 05:41 - 2017-11-16 05:41 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETDD34.tmp

2017-11-16 05:41 - 2017-11-16 05:41 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETD64E.tmp

2017-11-16 05:41 - 2017-11-16 05:41 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETCB60.tmp

2017-11-16 05:41 - 2017-11-16 05:41 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETB5F2.tmp

2017-11-16 05:41 - 2017-11-16 05:41 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETAF5A.tmp

2017-11-16 05:41 - 2017-11-16 05:41 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET82EA.tmp

2017-11-16 05:41 - 2017-11-16 05:41 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET6A40.tmp

2017-11-16 05:40 - 2017-11-16 05:40 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET6A15.tmp

2017-11-16 05:40 - 2017-11-16 05:40 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET26E1.tmp

2017-11-16 05:39 - 2017-11-16 05:39 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET446F.tmp

2017-11-16 05:38 - 2017-11-16 05:38 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET865E.tmp

2017-11-16 05:37 - 2017-11-16 05:37 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETE28C.tmp

2017-11-16 05:37 - 2017-11-16 05:37 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETD397.tmp

2017-11-16 05:37 - 2017-11-16 05:37 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETC34A.tmp

2017-11-16 05:36 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET5472.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETCB2C.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETBF73.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETB233.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETA571.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET9D04.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET9581.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET8D71.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET8581.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET7D23.tmp

2017-11-16 05:35 - 2017-11-16 05:36 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET769A.tmp

2017-11-16 05:35 - 2017-11-16 05:35 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET6EF8.tmp

2017-11-16 05:35 - 2017-11-16 05:35 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET6737.tmp

2017-11-16 05:35 - 2017-11-16 05:35 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET5CF5.tmp

2017-11-16 05:35 - 2017-11-16 05:35 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET539D.tmp

2017-11-16 05:35 - 2017-11-16 05:35 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET3111.tmp

2017-11-16 05:31 - 2017-11-16 05:31 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET2E15.tmp

2017-11-16 04:10 - 2017-11-16 04:10 - 000001108 _____ C:\Users\Curri\Desktop\SystemData - Shortcut.lnk

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETD287.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETCC2D.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETC5E2.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETBE6F.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETB5A4.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETAC7B.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SETA314.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET9B14.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET8D77.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET844E.tmp

2017-11-16 02:28 - 2017-11-16 05:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET5270.tmp

2017-11-16 02:07 - 2017-11-16 02:07 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\SET177A.tmp

2017-11-15 23:42 - 2017-11-15 23:42 - 000000684 _____ C:\WINDOWS\SysWOW64\tmp.reg

2017-11-15 23:42 - 2017-11-15 23:42 - 000000000 _____ C:\WINDOWS\SysWOW64\tmp.txt

2017-11-15 23:40 - 2017-11-15 23:43 - 000007020 _____ C:\rapport.txt

2017-11-15 23:40 - 2009-06-02 11:17 - 000075776 _____ C:\WINDOWS\SysWOW64\WS2Fix.exe

2017-11-15 23:40 - 2008-12-12 01:57 - 000078336 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\Agent.OMZ.Fix.exe

2017-11-15 23:40 - 2008-11-29 18:58 - 000082944 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\IEDFix.C.exe

2017-11-15 23:40 - 2008-10-01 15:51 - 000087552 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\VACFix.exe

2017-11-15 23:40 - 2008-09-20 12:45 - 000080384 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\o4Patch.exe

2017-11-15 23:40 - 2008-08-18 12:19 - 000082432 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\404Fix.exe

2017-11-15 23:40 - 2008-05-18 21:40 - 000082944 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\IEDFix.exe

2017-11-15 23:40 - 2007-09-06 00:22 - 000289144 _____ (S!Ri) C:\WINDOWS\SysWOW64\VCCLSID.exe

2017-11-15 23:40 - 2006-12-01 06:20 - 000079360 _____ (SteelWerX) C:\WINDOWS\SysWOW64\swxcacls.exe

2017-11-15 23:40 - 2006-08-29 19:43 - 000135168 _____ (SteelWerX) C:\WINDOWS\SysWOW64\swreg.exe

2017-11-15 23:40 - 2006-04-27 17:49 - 000288417 _____ (S!Ri) C:\WINDOWS\SysWOW64\SrchSTS.exe

2017-11-15 23:40 - 2006-01-09 10:36 - 000040960 _____ C:\WINDOWS\SysWOW64\swsc.exe

2017-11-15 23:40 - 2004-07-31 18:50 - 000051200 _____ C:\WINDOWS\SysWOW64\dumphive.exe

2017-11-15 23:40 - 2003-06-05 21:13 - 000053248 _____ (hxxp://www.beyondlogic.org) C:\WINDOWS\SysWOW64\Process.exe

2017-11-15 22:08 - 2017-11-15 22:12 - 000280780 _____ C:\TDSSKiller.3.1.0.15_15.11.2017_22.08.20_log.txt

2017-11-15 06:50 - 2017-11-15 07:04 - 000000000 ____D C:\Rem-VBSqt

2017-11-15 04:11 - 2017-11-29 18:46 - 000037426 _____ C:\Users\Curri\Desktop\Taglines.txt

2017-11-15 01:12 - 2017-11-15 01:12 - 000003284 _____ C:\WINDOWS\System32\Tasks\PandaUSBVaccine

2017-11-15 01:12 - 2017-11-15 01:12 - 000000000 ____D C:\ProgramData\Panda Security

2017-11-15 01:12 - 2017-11-15 01:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security

2017-11-15 01:12 - 2017-11-15 01:12 - 000000000 ____D C:\Program Files (x86)\Panda USB Vaccine

2017-11-14 15:54 - 2017-11-14 15:54 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2017-11-14 15:54 - 2017-11-14 15:54 - 000001919 _____ C:\ProgramData\Desktop\Malwarebytes.lnk

2017-11-14 15:54 - 2017-11-14 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2017-11-14 15:54 - 2017-11-14 15:54 - 000000000 ____D C:\ProgramData\MB3CoreBackup

2017-11-14 15:54 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys

2017-11-14 15:45 - 2017-11-14 15:53 - 001055490 _____ C:\TDSSKiller.3.1.0.15_14.11.2017_15.45.11_log.txt

2017-11-14 15:42 - 2017-11-14 15:42 - 000007732 _____ C:\TDSSKiller.3.1.0.15_14.11.2017_15.42.13_log.txt

2017-11-14 15:39 - 2017-11-14 15:42 - 000007566 _____ C:\TDSSKiller.3.1.0.15_14.11.2017_15.39.58_log.txt

2017-11-13 20:37 - 2017-11-13 20:37 - 000000002 _____ C:\WINDOWS\PERFC

2017-11-13 18:19 - 2017-11-14 15:44 - 000000000 ____D C:\Users\Curri\AppData\Local\FSDART

2017-11-13 18:18 - 2017-11-13 18:36 - 000000000 ____D C:\ProgramData\F-Secure

2017-11-13 18:18 - 2017-11-13 18:18 - 000000000 ____D C:\Users\Curri\AppData\Local\F-Secure

2017-11-13 18:16 - 2017-11-13 18:16 - 000524248 _____ (F-Secure Corporation) C:\Users\Curri\Downloads\F-SecureOnlineScanner.exe

2017-11-12 22:01 - 2017-11-14 15:44 - 000000000 ____D C:\Users\Curri\AppData\Local\ESET

2017-11-12 20:41 - 2017-11-12 20:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1429696996-3989237847-2058814036-1001

2017-11-12 02:46 - 2017-11-22 06:25 - 000000000 ____D C:\ProgramData\HitmanPro

2017-11-12 02:46 - 2017-11-12 02:46 - 000000000 ____D C:\Program Files\HitmanPro

2017-11-11 20:28 - 2017-11-11 23:34 - 000281804 _____ C:\TDSSKiller.3.1.0.15_11.11.2017_20.28.51_log.txt

2017-11-08 09:02 - 2017-11-08 09:02 - 000000000 ___HD C:\OneDriveTemp

2017-11-01 00:58 - 2017-11-23 04:33 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2017-11-01 00:53 - 2017-11-01 00:55 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Curri\Downloads\mbar-1.09.3.1001.exe

2017-11-01 00:45 - 2017-11-01 00:49 - 179228168 _____ (Sophos Limited) C:\Users\Curri\Downloads\Sophos Virus Removal Tool.exe

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-12-01 21:55 - 2017-06-01 02:13 - 000000000 ____D C:\ProgramData\Kaspersky Lab

2017-12-01 21:53 - 2017-02-08 09:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Office

2017-12-01 21:52 - 2017-03-19 07:33 - 000000000 ____D C:\WINDOWS\AppReadiness

2017-12-01 21:51 - 2017-07-11 22:16 - 000000000 ____D C:\Users\Curri

2017-12-01 21:51 - 2017-03-19 07:33 - 000000000 ___HD C:\Program Files\WindowsApps

2017-11-30 14:51 - 2017-05-31 16:39 - 000000000 ____D C:\Users\Curri\AppData\Local\Packages

2017-11-30 14:49 - 2017-03-19 07:21 - 000000000 ____D C:\WINDOWS\CbsTemp

2017-11-30 14:32 - 2017-06-11 20:35 - 000000000 ____D C:\Users\Curri\AppData\Roaming\CyberLink

2017-11-30 14:32 - 2017-02-08 09:51 - 000000000 ____D C:\Program Files (x86)\Lenovo

2017-11-30 14:32 - 2017-02-08 09:41 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2017-11-29 21:19 - 2017-10-31 23:24 - 000000000 ____D C:\Users\Curri\AppData\Local\CrashDumps

2017-11-29 18:19 - 2017-07-31 23:11 - 000000000 ____D C:\AdwCleaner

2017-11-28 23:01 - 2017-07-31 19:12 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys

2017-11-28 19:34 - 2017-08-28 20:49 - 000001989 _____ C:\Users\Public\Desktop\NordVPN.lnk

2017-11-28 19:34 - 2017-08-28 20:49 - 000001989 _____ C:\ProgramData\Desktop\NordVPN.lnk

2017-11-28 18:20 - 2017-05-31 15:48 - 000173061 _____ C:\WINDOWS\system32\InstallUtil.InstallLog

2017-11-28 18:12 - 2017-07-11 22:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-11-26 20:46 - 2017-06-01 02:15 - 000000000 ____D C:\Program Files\Common Files\AV

2017-11-25 06:41 - 2017-07-11 22:37 - 001232026 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-11-25 03:45 - 2017-08-28 20:48 - 000000000 ____D C:\Program Files (x86)\NordVPN

2017-11-24 14:40 - 2017-03-19 07:31 - 000000000 ____D C:\WINDOWS\INF

2017-11-24 14:39 - 2017-03-19 07:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

2017-11-24 14:38 - 2017-06-01 01:37 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files

2017-11-24 14:35 - 2017-07-11 21:56 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin

2017-11-24 14:35 - 2017-03-18 22:10 - 000786432 _____ C:\WINDOWS\system32\config\BBI

2017-11-23 04:47 - 2017-03-18 22:10 - 000032768 _____ C:\WINDOWS\system32\config\ELAM

2017-11-21 08:52 - 2017-02-08 11:22 - 000000000 ____D C:\WINDOWS\tbaseregistry

2017-11-21 01:05 - 2017-06-22 14:45 - 000000000 ___DC C:\WINDOWS\Panther

2017-11-21 00:04 - 2017-07-11 23:07 - 000045723 _____ C:\WINDOWS\diagwrn.xml

2017-11-21 00:04 - 2017-07-11 23:07 - 000045723 _____ C:\WINDOWS\diagerr.xml

2017-11-20 16:58 - 2017-03-19 07:33 - 000000000 ____D C:\WINDOWS\Registration

2017-11-20 16:55 - 2017-09-30 01:34 - 000000000 ___HD C:\$WINDOWS.~BT

2017-11-20 09:04 - 2016-07-16 22:17 - 000000176 _____ C:\WINDOWS\win.ini

2017-11-19 22:16 - 2017-05-31 20:51 - 000000000 ____D C:\Users\Curri\AppData\Local\ElevatedDiagnostics

2017-11-19 01:26 - 2017-05-31 21:29 - 000000000 ____D C:\WINDOWS\system32\MRT

2017-11-19 01:15 - 2017-10-31 22:28 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe

2017-11-19 01:13 - 2017-05-31 21:18 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2017-11-18 21:59 - 2017-03-19 07:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2017-11-18 01:15 - 2017-03-19 07:33 - 000000000 ____D C:\WINDOWS\rescache

2017-11-17 15:10 - 2017-08-02 16:21 - 000000000 ____D C:\temp

2017-11-17 10:05 - 2017-03-19 07:33 - 000000000 ____D C:\WINDOWS\system32\NDF

2017-11-17 06:32 - 2016-07-30 03:57 - 000000000 __RHD C:\Users\Public\AccountPictures

2017-11-17 06:19 - 2017-07-11 21:46 - 000389872 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2017-11-17 06:09 - 2017-03-19 07:33 - 000000000 ____D C:\WINDOWS\system32\appraiser

2017-11-17 06:09 - 2017-03-19 07:33 - 000000000 ____D C:\WINDOWS\ShellExperiences

2017-11-17 06:09 - 2017-03-19 07:33 - 000000000 ____D C:\WINDOWS\Provisioning

2017-11-17 06:09 - 2017-03-19 07:33 - 000000000 ____D C:\Program Files\Windows Photo Viewer

2017-11-17 06:09 - 2017-03-19 07:33 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2017-11-16 12:25 - 2017-03-19 07:33 - 000000000 ____D C:\WINDOWS\system32\AppLocker

2017-11-14 15:53 - 2017-05-31 18:42 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-11-14 15:53 - 2017-05-31 18:42 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2017-11-14 15:53 - 2017-05-31 18:42 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk

2017-11-14 15:47 - 2017-07-11 22:45 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2017-11-14 15:47 - 2017-07-11 22:45 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2017-11-12 01:48 - 2017-05-31 16:44 - 000002374 _____ C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2017-11-12 01:42 - 2017-05-31 16:44 - 000000000 ___RD C:\Users\Curri\OneDrive

2017-11-05 12:10 - 2017-03-19 07:36 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2017-11-05 12:10 - 2017-03-19 07:36 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2017-11-01 03:44 - 2017-09-18 21:38 - 000000000 ____D C:\Users\TEMP

2017-11-01 03:17 - 2017-03-19 07:33 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll

2017-11-01 03:17 - 2017-03-19 07:33 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll

2017-11-01 00:58 - 2017-08-30 23:34 - 000000000 ____D C:\ProgramData\Malwarebytes

 

Some files in TEMP:

====================

2017-11-21 15:22 - 2017-09-05 15:56 - 001930840 _____ (Microsoft Corporation) C:\Users\Curri\AppData\Local\Temp\dllnt_dump.dll

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2017-11-29 03:49

 

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017

Ran by Curri (01-12-2017 22:03:31)

Running from C:\Users\Curri\Desktop

Windows 10 Home Version 1703 15063.726 (X64) (2017-07-11 12:50:15)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1429696996-3989237847-2058814036-500 - Administrator - Disabled)

Curri (S-1-5-21-1429696996-3989237847-2058814036-1001 - Administrator - Enabled) => C:\Users\Curri

DefaultAccount (S-1-5-21-1429696996-3989237847-2058814036-503 - Limited - Disabled)

defaultuser0 (S-1-5-21-1429696996-3989237847-2058814036-1000 - Limited - Disabled) => C:\Users\defaultuser0

Guest (S-1-5-21-1429696996-3989237847-2058814036-501 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

AS: Malwarebytes (Disabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}

AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Amazon Kindle (HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)

AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)

AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.)

AntiLogger Free version 1.8.2.320 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.320 - Zemana Ltd.)

Catalyst Control Center Next Localization BR (HKLM\...\{1BE58F4C-0F85-8B2E-5C30-F3CF4C430638}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHS (HKLM\...\{BCA67CCE-4CC6-0E38-538C-3DEE736497B3}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHT (HKLM\...\{C2AB6B4B-67D4-0EA7-B6E7-2714204F2CCE}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CS (HKLM\...\{5E575B5F-8815-855E-8D7E-831F1864B265}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DA (HKLM\...\{B2EB8ADE-75EA-C07F-E9C3-211F261F6AE9}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DE (HKLM\...\{A0AF62E7-50FA-A6D5-3A41-AB0F2B78423C}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization EL (HKLM\...\{4BA1606F-6B9D-D069-5D45-CC92C31566FD}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization ES (HKLM\...\{14594745-CBC1-9B09-97F2-D87F4083AE59}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FI (HKLM\...\{B1A0EE0D-84AD-D650-23F8-C36C02BBA33B}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FR (HKLM\...\{658CD2B5-A13F-FE0C-EB02-D032347E1E8C}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization HU (HKLM\...\{144007A2-8FB2-14E6-B0A1-ACDAB319222F}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization IT (HKLM\...\{13209EB8-E25D-6B1B-3807-581BC483A620}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization JA (HKLM\...\{AC14F193-F900-C602-EAAA-A3D21C3E3939}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization KO (HKLM\...\{11215EF3-7B35-EDD9-9735-CA1B03A71D81}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NL (HKLM\...\{4CB0C4BF-84CC-6C21-B2E6-99AA9EA3EA2B}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NO (HKLM\...\{6E42D94A-7740-BC3B-E436-32CC2098F5D9}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization PL (HKLM\...\{4748499C-DEE2-1953-7F01-BC908170709C}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization RU (HKLM\...\{0F237AD1-B58E-9D8B-9B76-621992D0F987}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization SV (HKLM\...\{3D6AB824-7B90-141C-D2AB-D88D1D90C2B2}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TH (HKLM\...\{84AF1C48-9354-E614-4959-11AD41E74CCD}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TR (HKLM\...\{05EA44C5-E136-BF7A-1F49-9110EDF3213F}) (Version: 2017.0321.2159.37738 - Advanced Micro Devices, Inc.) Hidden

CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.6714 - CyberLink Corp.)

DS-620 (HKLM-x32\...\{50126EED-D623-40AE-AD0D-B98FB36E4DA9}) (Version: 6.12.15310 - Brother Industries, Ltd.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden

Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden

Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)

Kaspersky Total Security (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden

Kaspersky Total Security (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)

Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden

Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)

Lenovo Service Bridge (HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.5.7 - Lenovo)

Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8625.2139 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

NordVPN (HKLM-x32\...\{399A1E19-38E5-40C5-8ACD-BF007782F59A}) (Version: 6.6.11 - NordVPN) Hidden

NordVPN (HKLM-x32\...\NordVPN 6.6.11) (Version: 6.6.11 - NordVPN)

OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)

Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden

Panda USB Vaccine 1.0.1.16 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)

TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)

Telstra Pre-Paid 3G Wi-Fi (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)

VoodooShield version 3.59 (HKLM\...\{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 3.59 - VoodooSoft, LLC)

Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)

Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-16] ()

ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (Cyberlink)

ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2017-11-24] (AO Kaspersky Lab)

ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (Cyberlink)

ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2017-11-24] (AO Kaspersky Lab)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2017-11-24] (AO Kaspersky Lab)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-03-21] (Advanced Micro Devices, Inc.)

ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-16] ()

ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2017-11-24] (AO Kaspersky Lab)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {1543F724-58BE-4AFB-A578-6519FA87A108} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1429696996-3989237847-2058814036-1001 => C:\Users\Curri\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2017-10-10] (Lenovo Group Limited)

Task: {17D9103B-29FC-4356-A8FD-3C5CBC17A8AB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\38715169-da37-4a12-9e03-ea438001b071 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)

Task: {1B6E927A-5E66-4A07-9765-1BF0CC936B33} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService

Task: {3B50CBE8-9DAB-4486-B087-74D573E62A8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-31] (Google Inc.)

Task: {3E243AD7-CD42-41B0-BA1B-171D3F07D090} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32

Task: {42B49C4A-E353-4D83-8325-E0BDE04809DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-31] (Google Inc.)

Task: {4371A820-DA8C-442D-BAA3-CD44065CC307} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-03] ()

Task: {701913D2-099F-4BBD-8757-ABB7D0D4BA7C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)

Task: {705844CA-9E79-4D9F-84A8-F4BD0014F4CD} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2010-06-01] ()

Task: {72FD98A5-4BDD-49D2-ACE7-8F8E023ECF69} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-03] ()

Task: {990EBEE3-AAEF-49C6-B5AD-FAE60DE86E70} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7ead6ee3-0200-4f18-907d-cab37082c798 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)

Task: {9AC21FA9-EDED-4DF7-9062-D875D71BEA2E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-12-01] (Microsoft Corporation)

Task: {9BE0976C-3FBA-477F-816D-D3EB3502AB98} - System32\Tasks\S-1-5-21-1429696996-3989237847-2058814036-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-11-02] (Microsoft Corporation)

Task: {C576607A-F5A7-4C30-AF58-F91238330507} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)

Task: {C7974922-876D-40DB-BE7B-63B37F967150} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-03-21] (Advanced Micro Devices, Inc.)

Task: {E858DBE6-9461-490A-B62B-FA2341A29BD7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6537a4bb-99ef-4853-915f-378f97a8e13f => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)

Task: {F41B0977-DF7F-4147-BD8B-8F92DCD1497C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\258418c8-b205-4a24-ad21-e9000f6fc665 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-09-08] (Lenovo Group Limited)

Task: {F5668E50-29C0-483B-AB3F-FA961AEC1D6C} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [2016-07-14] (CyberLink Corp.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

ShortcutWithArgument: C:\Users\Public\Desktop\Telstra Pre-Paid 3G Wi-Fi.lnk -> C:\Program Files (x86)\Hostless Modem\Telstra Pre-Paid 3G Wi-Fi\LaunchWebUI.exe () -> hxxp://m.home

 

==================== Loaded Modules (Whitelisted) ==============

 

2017-08-02 15:49 - 2015-02-12 12:43 - 000032768 _____ () C:\Windows\Mobile_Series_Service.exe

2017-03-19 07:28 - 2017-03-19 07:28 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll

2016-09-14 04:19 - 2016-09-14 04:19 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll

2016-09-14 04:19 - 2016-09-14 04:19 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll

2016-09-14 04:19 - 2016-09-14 04:19 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

2016-09-14 04:19 - 2016-09-14 04:19 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll

2016-09-14 04:18 - 2016-09-14 04:18 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll

2016-09-14 04:18 - 2016-09-14 04:18 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll

2016-09-14 04:19 - 2016-09-14 04:19 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll

2017-11-16 09:17 - 2017-11-16 09:17 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll

2017-03-19 07:29 - 2017-03-19 13:01 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2017-11-16 05:42 - 2017-05-01 12:35 - 000265040 _____ () C:\Program Files\VoodooShield\Features.dll

2017-08-23 13:58 - 2017-08-23 13:58 - 000417456 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe

2017-08-12 19:47 - 2017-08-12 19:47 - 000217375 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\liblzo2-2.dll

2017-08-12 19:47 - 2017-08-12 19:47 - 000116546 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\libpkcs11-helper-1.dll

2017-09-14 15:55 - 2017-09-14 15:55 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2017-11-08 10:54 - 2017-11-08 11:18 - 001919680 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8700.40675.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll

2017-11-08 10:54 - 2017-11-08 11:18 - 001226416 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8700.40675.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll

2017-10-09 17:44 - 2017-10-09 17:45 - 003553704 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8700.40675.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2017-11-24 14:39 - 2017-11-24 14:39 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\kpcengine.2.3.dll

2017-11-24 14:40 - 2017-11-24 14:40 - 001105704 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\KasperskyLab.Ksde.NativeInterop.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01949803.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38395128.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45487959.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01949803.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38395128.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45487959.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2016-07-16 22:17 - 2016-07-16 22:15 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1429696996-3989237847-2058814036-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg

DNS Servers: 103.86.99.99 - 103.86.96.96

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

HKLM\...\StartupApproved\Run: => "SecurityHealth"

HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"

HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"

HKLM\...\StartupApproved\Run: => "LenovoUtility"

HKLM\...\StartupApproved\Run: => "RTHDVCPL"

HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df"

HKLM\...\StartupApproved\Run32: => "CheckNDISPortf0acae"

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-1429696996-3989237847-2058814036-1001\...\StartupApproved\Run: => "NordVPN"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{A8DF7BF0-2535-49A3-BC98-DAF6A43D12F2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe

FirewallRules: [{785BB22B-7AC8-4CD6-8686-0EBA16832C24}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe

FirewallRules: [{0330F62C-4E09-4D75-9351-68508EB858EB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe

FirewallRules: [{2E51B10F-6529-42DB-A4DD-55D4D22C2018}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe

FirewallRules: [{54B8536F-B7B6-4554-8CE2-3B53B47F5100}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe

FirewallRules: [{BF24BEDC-750F-46B9-A897-FB234DBB3D0F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

FirewallRules: [{FD10FC98-A730-4328-9B5E-9E76F154A4E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

Check "winmgmt" service or repair WMI.

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/01/2017 09:51:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-CB5ICRTF)

Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (11/30/2017 02:58:36 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\WINDOWS\system32\msiexec.exe /V; Description = Removed Sophos Virus Removal Tool.; Error = 0x80070005).

 

Error: (11/30/2017 02:56:56 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\WINDOWS\system32\msiexec.exe /V; Description = Removed Sophos Virus Removal Tool.; Error = 0x80070005).

 

Error: (11/30/2017 02:48:52 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.724_none_9e8a868b2d8a538d\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070005).

 

Error: (11/30/2017 02:31:35 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\Program Files (x86)\InstallShield Installation Information\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\Setup.exe Files (x86)\InstallShield Installation Information\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\Setup.exe" /z-uninstall; Description = Configured Power2Go; Error = 0x80070005).

 

Error: (11/30/2017 02:12:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-CB5ICRTF)

Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (11/29/2017 10:20:31 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\Users\Curri\Desktop\NEW M\hitmanpro_x64.exe M\hitmanpro_x64.exe" ; Description = Checkpoint by HitmanPro; Error = 0x80070005).

 

Error: (11/29/2017 09:18:22 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.15063.0, time stamp: 0x58ccbd2e

Faulting module name: Windows.UI.Xaml.dll, version: 10.0.15063.674, time stamp: 0xaf452875

Exception code: 0xc000027b

Fault offset: 0x0000000000443b5f

Faulting process id: 0x1c6c

Faulting application start time: 0x01d3681cc98449a9

Faulting application path: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll

Report Id: b04463bb-4fd1-48c7-bb97-2769d81b6eea

Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.15063.675_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

 

Error: (11/29/2017 10:56:19 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-CB5ICRTF)

Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (11/29/2017 10:55:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-CB5ICRTF)

Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

 

System errors:

=============

Error: (12/01/2017 09:52:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070005: 9WZDNCRFJ3P2-Microsoft.ZuneVideo.

 

Error: (12/01/2017 09:51:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070005: 9WZDNCRFJ364-Microsoft.SkypeApp.

 

Error: (12/01/2017 09:51:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070005: 9WZDNCRFJBQ6-Microsoft.Messaging.

 

Error: (12/01/2017 09:49:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070005: 9NBLGGH52NGZ-Ghostery.Ghostery.

 

Error: (12/01/2017 09:43:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error: 

Access is denied.

 

Error: (12/01/2017 05:59:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{D63B10C5-BB46-4990-A94F-E40B9D520160}

 and APPID 

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (11/30/2017 02:55:54 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error: 

Access is denied.

 

Error: (11/30/2017 02:55:54 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error: 

Access is denied.

 

Error: (11/30/2017 02:52:08 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error: 

Access is denied.

 

Error: (11/30/2017 02:48:52 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error: 

Access is denied.

 

 

CodeIntegrity:

===================================

  Date: 2017-11-20 09:44:16.172

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-11-16 09:14:01.108

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\remote_eka_prague_loader.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2017-11-16 07:39:12.073

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-11-16 07:35:22.889

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-11-16 04:24:38.789

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-11-15 18:38:51.698

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\remote_eka_prague_loader.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2017-11-14 02:47:39.141

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-11-14 01:46:06.983

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-11-13 16:20:36.849

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2017-11-13 16:20:30.554

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\dumpwriter.dll that did not meet the Microsoft signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics 

Percentage of memory in use: 67%

Total physical RAM: 6322.6 MB

Available physical RAM: 2063.28 MB

Total Virtual: 13234.07 MB

Available Virtual: 2819.34 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:887.47 GB) (Free:813.66 GB) NTFS

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.62 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 399418D1)

 

Partition: GPT.

 

==================== End of Addition.txt ============================

 

 

Users shortcut scan result (x64) Version: 30-11-2017

Ran by Curri (01-12-2017 22:05:59)

Running from C:\Users\Curri\Desktop

Boot Mode: Normal

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

 

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\Curri\OneDrive\Documents ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\Curri\Downloads ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\Curri\Music ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\Curri\OneDrive\Pictures ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\Curri\Videos ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\Curri ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware\Zemana AntiMalware.lnk -> C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Copyright 2017.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free\AntiLogger Free.lnk -> C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free\Uninstall AntiLogger Free.lnk -> C:\Program Files (x86)\Zemana AntiLogger Free\unins000.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield\Uninstall VoodooShield.lnk -> C:\Program Files\VoodooShield\unins000.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield\VoodooShield.lnk -> C:\Program Files\VoodooShield\VoodooShield.exe (VoodooSoft, LLC )

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create\CyberLink PowerDVD 14.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD14\PDVDLP.exe (CyberLink Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda USB Vaccine\Uninstall Panda USB Vaccine.lnk -> C:\Program Files (x86)\Panda USB Vaccine\unins000.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN\NordVPN.lnk -> C:\Program Files (x86)\NordVPN\NordVPN.exe (NordVPN)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\OneKey Recovery\OneKey Recovery.lnk -> C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe (CyberLink)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security\End User License Agreement.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\Doc\en\license.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security\Kaspersky Total Security.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe (AO Kaspersky Lab)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security\Visit Kaspersky Lab on the Web.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\kl.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection\End User License Agreement.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\Doc\en\license.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection\My Kaspersky.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\kl.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother DS-620 Scanner\DSmobileCapture.lnk -> C:\Windows\twain_32\Brother\DS-620\Capture Tool.exe (BROTHER)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings\AMD Settings.lnk -> C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Advanced Micro Devices, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings\AMD Radeon Settings.lnk -> C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Advanced Micro Devices, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\Links\cache.lnk -> C:\Users\Curri\Searches\cache.search-ms ()

Shortcut: C:\Users\Curri\Links\Dangerous But Useful Search.lnk -> C:\Users\Curri\Searches\Dangerous But Useful Search.search-ms ()

Shortcut: C:\Users\Curri\Links\Desktop.lnk -> C:\Users\Curri\Desktop ()

Shortcut: C:\Users\Curri\Links\Downloads.lnk -> C:\Users\Curri\Downloads ()

Shortcut: C:\Users\Curri\Links\GUR.lnk -> C:\Users\Curri\Searches\GUR.search-ms ()

Shortcut: C:\Users\Curri\Links\OneDrive.lnk -> C:\Users\Curri\OneDrive ()

Shortcut: C:\Users\Curri\Desktop\Kindle.lnk -> C:\Users\Curri\AppData\Local\Amazon\Kindle\application\Kindle.exe (Amazon.com)

Shortcut: C:\Users\Curri\Desktop\SystemData - Shortcut.lnk -> C:\ProgramData\Microsoft\Windows\SystemData ()

Shortcut: C:\Users\Curri\Desktop\Mmmmm\dism.log - Shortcut.lnk -> C:\Windows\Logs\DISM\dism.log ()

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Curri\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk -> C:\Windows\System32\fodhelper.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk -> C:\Windows\System32\UNP\UNPUXHost.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.lnk -> C:\Users\Curri\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe (Lenovo Group Limited)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Uninstall Lenovo Service Bridge.lnk -> C:\Users\Curri\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\unins000.exe ()

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon Kindle\Kindle.lnk -> C:\Users\Curri\AppData\Local\Amazon\Kindle\application\Kindle.exe (Amazon.com)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon Kindle\Uninstall Kindle.lnk -> C:\Users\Curri\AppData\Local\Amazon\Kindle\application\uninstall.exe (Amazon.com)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()

Shortcut: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()

Shortcut: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)

Shortcut: C:\Users\Curri\AppData\Local\Microsoft\Windows\FileHistory\Data\33\C\Users\Curri\Desktop\dism.log - Shortcut.lnk -> C:\Windows\Logs\DISM\dism.log ()

Shortcut: C:\Users\Curri\AppData\Local\Microsoft\Windows\FileHistory\Data\111\C\Users\Curri\Desktop\Install Kaspersky Total Security version 18.0.0.405.lnk -> C:\Users\Curri\Downloads\startup.exe (No File)

Shortcut: C:\Users\Curri\AppData\Local\Microsoft\Windows\FileHistory\Data\111\C\Users\Curri\Desktop\SystemData - Shortcut.lnk -> C:\ProgramData\Microsoft\Windows\SystemData ()

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk -> C:\Windows\System32\fodhelper.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30

Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()

Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()

Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)

Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)

Shortcut: C:\Users\Public\Desktop\AntiLogger Free.lnk -> C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.)

Shortcut: C:\Users\Public\Desktop\BOL web site.lnk -> C:\Windows\twain_32\Brother\DS-620\BOL web site.url ()

Shortcut: C:\Users\Public\Desktop\DSmobileCapture.lnk -> C:\Windows\twain_32\Brother\DS-620\Capture Tool.exe (BROTHER)

Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\Public\Desktop\Kaspersky Total Security.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe (AO Kaspersky Lab)

Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)

Shortcut: C:\Users\Public\Desktop\NordVPN.lnk -> C:\Program Files (x86)\NordVPN\NordVPN.exe (NordVPN)

Shortcut: C:\Users\Public\Desktop\Voodoo Shield.lnk -> C:\Program Files\VoodooShield\VoodooShield.exe (VoodooSoft, LLC )

Shortcut: C:\Users\Public\Desktop\Zemana AntiMalware.lnk -> C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Copyright 2017.)

Shortcut: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30

Shortcut: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()

Shortcut: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()

Shortcut: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)

Shortcut: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)

 

 

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telstra Pre-Paid 3G Wi-Fi\Telstra Pre-Paid 3G Wi-Fi.lnk -> C:\Program Files (x86)\Hostless Modem\Telstra Pre-Paid 3G Wi-Fi\LaunchWebUI.exe () -> hxxp://m.home

ShortcutWithArgument: C:\Users\Public\Desktop\Telstra Pre-Paid 3G Wi-Fi.lnk -> C:\Program Files (x86)\Hostless Modem\Telstra Pre-Paid 3G Wi-Fi\LaunchWebUI.exe () -> hxxp://m.home

 

 

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free\Generate Log File\Generate Log File.lnk -> C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.) -> /CRASH

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telstra Pre-Paid 3G Wi-Fi\Uninstall.lnk -> C:\Windows\SysWOW64\SupportAppPBHostless Modem\Setup.exe () -> /Uninstall

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda USB Vaccine\Panda USB Vaccine.lnk -> C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Panda Security) -> /resident /hidetray /autovaccinate /experimentalntfs  /shownow

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins001.exe () ->  /LOG

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security\Remove Kaspersky Total Security.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i{5AAE61FF-858E-453E-B8F3-944618149975} REMOVE=ALL

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection\Kaspersky Secure Connection.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe (AO Kaspersky Lab) -> -navigate ksde://mainwindow

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection\Remove Kaspersky Secure Connection.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i{F33C0717-8E04-4EB5-90C8-47221287DB4F} REMOVE=ALL

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother DS-620 Scanner\Uninstall Driver.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{50126EED-D623-40AE-AD0D-B98FB36E4DA9}\setup.exe (Brother Industries, Ltd.) -> -runfromtemp -l0x0409

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX

ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\HideBatteryGauge.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,HideBatteryGauge

ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\ShowBatteryGauge.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,ShowBatteryGauge

ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\UnloadBatteryGaugeFromExplorer.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,UnloadBatteryGaugeFromExplorer

ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\UnpinFromTaskbar.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,UnpinFromTaskbar

ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\HideBatteryGauge.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,HideBatteryGauge

ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\ShowBatteryGauge.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,ShowBatteryGauge

ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\UnloadBatteryGaugeFromExplorer.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,UnloadBatteryGaugeFromExplorer

ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\UnpinFromTaskbar.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,UnpinFromTaskbar

ShortcutWithArgument: C:\Users\Curri\AppData\Roaming\Microsoft\Word\SOS%201306257251108422053\SOS%201.docx.lnk -> C:\Users\Curri\Desktop\Swiss Drumming Band\SOS 1.docx () -> 0

ShortcutWithArgument: C:\Users\Curri\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}

ShortcutWithArgument: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus

ShortcutWithArgument: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager

ShortcutWithArgument: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System

ShortcutWithArgument: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo

ShortcutWithArgument: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions

ShortcutWithArgument: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep

ShortcutWithArgument: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes

ShortcutWithArgument: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures

ShortcutWithArgument: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}

ShortcutWithArgument: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0

ShortcutWithArgument: C:\Users\Curri\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

ShortcutWithArgument: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}

ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus

ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager

ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System

ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo

ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions

ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep

ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes

ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures

ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}

ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0

ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

ShortcutWithArgument: C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe (AO Kaspersky Lab) -> -navigate ksde://mainwindow

ShortcutWithArgument: C:\Users\Public\Desktop\Safe Money.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe (AO Kaspersky Lab) -> -safebanking

ShortcutWithArgument: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus

ShortcutWithArgument: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager

ShortcutWithArgument: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo

ShortcutWithArgument: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep

ShortcutWithArgument: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes

ShortcutWithArgument: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}

ShortcutWithArgument: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0

ShortcutWithArgument: C:\Users\TEMP\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

 

 

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free\AntiLogger Free on the Web.url -> URL: hxxp://www.zemana.com/

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield\VoodooShield on the Web.url -> URL: hxxp://www.voodooshield.com/

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda USB Vaccine\Panda USB Vaccine on the Web.url -> URL: hxxp://research.pandasecurity.com/archive/Panda-USB-and-AutoRun-Vaccine.aspx

InternetURL: C:\Users\Curri\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

InternetURL: C:\Users\Curri\Favorites\Lenovo\Lenovo Support.url -> URL: hxxp://support.lenovo.com/

InternetURL: C:\Users\Curri\Favorites\Lenovo\Lenovo.url -> URL: hxxp://www.lenovo.com/

InternetURL: C:\Users\Curri\AppData\Local\Microsoft\Windows\FileHistory\Data\94\C\Users\Curri\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

InternetURL: C:\Users\Curri\AppData\Local\Microsoft\Windows\FileHistory\Data\67\C\Users\Curri\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

InternetURL: C:\Users\Curri\AppData\Local\Microsoft\Windows\FileHistory\Data\111\C\Users\Curri\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

InternetURL: C:\Users\Curri\AppData\Local\Microsoft\Windows\FileHistory\Data\105\C\Users\Curri\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

InternetURL: C:\Users\Curri\AppData\Local\Microsoft\Windows\FileHistory\Data\105\C\Users\Curri\Favorites\Lenovo\Lenovo Support.url -> URL: hxxp://support.lenovo.com/

InternetURL: C:\Users\Curri\AppData\Local\Microsoft\Windows\FileHistory\Data\105\C\Users\Curri\Favorites\Lenovo\Lenovo.url -> URL: hxxp://www.lenovo.com/

InternetURL: C:\Users\Default\Favorites\Lenovo\Lenovo Support.url -> URL: hxxp://support.lenovo.com/

InternetURL: C:\Users\Default\Favorites\Lenovo\Lenovo.url -> URL: hxxp://www.lenovo.com/

InternetURL: C:\Users\defaultuser0\Favorites\Lenovo\Lenovo Support.url -> URL: hxxp://support.lenovo.com/

InternetURL: C:\Users\defaultuser0\Favorites\Lenovo\Lenovo.url -> URL: hxxp://www.lenovo.com/

InternetURL: C:\Users\TEMP\Favorites\Lenovo\Lenovo Support.url -> URL: hxxp://support.lenovo.com/

InternetURL: C:\Users\TEMP\Favorites\Lenovo\Lenovo.url -> URL: hxxp://www.lenovo.com/

 

==================== End of Shortcut.txt =============================


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#9 Unworn_Kilt

Unworn_Kilt
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:42 PM

Posted 02 December 2017 - 04:00 PM

Hi Pranav,

 

 

In order to keep you updated, I need to advise you of the following:

 

 

The whatever this is, it seems to have "taken over" Malwarebytes. The majority of the realtime functions are not operating at all. The service is apparently faulting, as demonstrated here:

 

Application errors:

==================

Error: (12/02/2017 12:38:01 AM) (Source: Application Error) (User: )

Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb

Faulting module name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb

Exception code: 0xc0000005

Fault offset: 0x00000000001c6e66

Faulting process id: 0x28cc

Faulting application start time: 0xmbamservice.exe0

Faulting application path: mbamservice.exe1

Faulting module path: mbamservice.exe2

Report Id: mbamservice.exe3

Faulting package full name: mbamservice.exe4

Faulting package-relative application ID: mbamservice.exe5

 

 

 

The Reported Version in the above appears to be 3.1.0.505, rather than the version shown on the GUI, which shows as Malwarebytes version: 3.3.1.2183; Component package version: 1.0.236; Update package version 1.0.3392.

 

(NOTE: This information came to hand after the Farbar logs were submitted, and whilst assisting another member.)

 

 

Later, I attempted to run Security Check (by screen317) to assist a Member. Now, I'm aware this program does not officially support Windows 10, however, I have used it on this platform with good results. The only anomaly I've ever seen is a % in place of the numeric value for Amount of Disk Fragmentation. This time was very different. I was met by an "Open With" box (after the Admin Prompt) asking if I wanted to open "SecurityCheck.bat" with either "TableTextServiceYi.txt" or Look in Store for an App.

 

 

The supplied FARBAR logs can not be relied upon. They do not seem to portray the actual state of the system. The system is, in fact, in a constant state of "flux." It is changing and reconfiguring from minute to minute.

 

FARBAR may have failed to accurately report relevant files in the root of the Windows directory, particularly *.sys files.

 

There is a massive difference between the reported Data throughput from the Kaspersky Firewall and what is actually being used. Kaspersky reports a total throughput of 1.18 GB, whereas the actual data used for the current period exceeds 18 GB.

 

The boot process has been interefered with. A) It is impossible to boot from anything but the HDD. B ) The Recovery Environment has also been changed.

 

The Hard Drive Partitions appear not to be being accurately reported by the WMI. Via a Command Prompt, using DiskPart, there are far more partitions reported than via the Disk Management in the WMI tools. Create Restore Point is Disabled and all Points were "deleted" quite some time back.

 

Defogger ran without finding anything to turn off.

 

 

Apologies for the interruption.

 

 

Cheers,

 

 

 

Ruth.


Edited by Unworn_Kilt, 02 December 2017 - 04:05 PM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#10 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:12 AM

Posted 03 December 2017 - 02:59 PM

Greetings Ruth,

 


Apologies for the delay in getting back to you. I spent some time in hospital.

I hope you are alright now and nothing serious :)

 


Yes, it appears that this machine is still compromised.

 

The issues remain pretty much the same, but I now have a new Folder, which may be normal, in the C:\ directory. It's called $WINDOWS.~BT

 

Quite a few programs seem to be running from in there in the Sub Directory NewOS. It also contains a Program Files (x86) folder and others one would expect to be in the standard directory tree.

 

The Farbar Logs seem Inaccurate. Specially FRST.TXT. It is failing to show the 109,859 Files, 24,260 Folders sitting in C:\$WINDOWS.~BT (Size (17.5 GB (18,823,530,491 bytes)), (Size on Disk = 18.0 GB (19,354,988,544 bytes)) which is basically the Entire File System Repeated, at times, Twelvefold. Also Windows now appears to be running from there, not C:\Windows as a base. The majority of these files are showing an Install Date within the last 30 days but a Date Created of ‎Saturday, ‎30 ‎September ‎2017, ‏‎00:34:53 (+/-) Depending on the file.

 

There is also a C:\Windows.old folder which is not being shown in 

 

None of the above are being shown in the Farbar scans.  The C:\$WINDOWS.~BT folder also contains copies of \Program Files (x86), \Program Files and many copies of user files, documents and settings etc.

That folder is completely legit. That folder along with Windows.old is created when you upgrade from a previous installation of Windows or there has been a major update applied to Windows. I recently had my machine installing the Fall Update and after the update, it also created the above folders. So please don't worry about them.

 

FRST is very intelligent while scanning and there is a reason why it doesn't report all of the files. It is because it has a database which it checks to report files. If it were to report all of the files found, we helpers would be frankly speaking overwhelmed with the amount of lines in a single log.

 


All data on the Web appears to be being routed through an unknown server.

May I know the server? Also, from where are you finding all this?

 

 

I see that you are using Nord VPN service. Can you try disabling that and see how the system performs?

 

Also, do you know the following files?

2017-11-15 23:40 - 2008-12-12 01:57 - 000078336 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\Agent.OMZ.Fix.exe

2017-11-15 23:40 - 2008-11-29 18:58 - 000082944 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\IEDFix.C.exe

2017-11-15 23:40 - 2008-10-01 15:51 - 000087552 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\VACFix.exe

2017-11-15 23:40 - 2008-09-20 12:45 - 000080384 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\o4Patch.exe

2017-11-15 23:40 - 2008-08-18 12:19 - 000082432 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\404Fix.exe

2017-11-15 23:40 - 2008-05-18 21:40 - 000082944 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\IEDFix.exe

2017-11-15 23:40 - 2007-09-06 00:22 - 000289144 _____ (S!Ri) C:\WINDOWS\SysWOW64\VCCLSID.exe

 

It is very late over here. Please expect a detailed reply from me within like 12-15 hours since going to sleep :yawn: . Thanks for your patience :hug:

 

 

Thanks,

Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#11 Unworn_Kilt

Unworn_Kilt
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:42 PM

Posted 03 December 2017 - 04:42 PM

Hello Pranav,

 

Thank you for getting back to me.

 

Yes, thank you, all is fine now. It wasn't too serious. That was my friend actually. I'm in hospital most days as I'm a nurse. :)

 

That's good news about the Folder. I was very concerned when I saw the number of files.

 

To be honest I can't recall the name of the domain exactly. I know it was suggestive of some form of proxy and contained CDN. I'll endeavor to obtain it from my friend.

 

We have tried disabling for days NordVpn, but it made no difference. I think it was uninstalled and then reinstalled.

 

Regarding the files you mentioned: No, I don't recognize any of them.

 

All that is really installed on this computer is Microsoft Office, Malwarebytes, Chrome, Kaspersky, VooDooShield(which my friend put on,) Zemana Anti-Keylogger(free,) and some tools my friend was using to try to remove the virus/hacker thing.  He'll be back tomorrow and has only just left a few minutes ago.

 

It is getting tiresome when I'm working on an assignment and the document window moves around or closes. The computer has also been turning on and off by itself. He'll be back tomorrow and has just left.

 

There is also some software that came installed on the computer. It's Cyberlink Power DVD14. Plus some Lenovo Apps.

 

My friend mentioned that he was unable to uninstall Cyberlink as nothing would happen. It would say it was uninstalling but then was still in the Add/Remove programs part of control panel. He also said it was still in the program files folder and that there were some very strange looking files there too.

 

I hope this information is of some use.

 

I'd like to thank you very much for your help too.

 

My friend knows a lot more about this and was messaging you on my behalf before. He will take over again later today.

 

I hope you have a good sleep Pranav. Sounds like you need it. I hope you sleep well.

 

 

Thank you.

 

 

 

Ruth. :kiss:

My friend is better at this sort of thing than I am. 


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#12 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:12 AM

Posted 04 December 2017 - 01:49 PM

Greetings Ruth,
 
 

Thank you for getting back to me.
 
Yes, thank you, all is fine now. It wasn't too serious. That was my friend actually. I'm in hospital most days as I'm a nurse.  :)
 
That's good news about the Folder. I was very concerned when I saw the number of files.
 
To be honest I can't recall the name of the domain exactly. I know it was suggestive of some form of proxy and contained CDN. I'll endeavor to obtain it from my friend.

Glad to hear that nothing was serious . Please feel free to ask any questions which you might have and I will try my best to answer them :hug:
 

We have tried disabling for days NordVpn, but it made no difference. I think it was uninstalled and then reinstalled.

Let's uninstall that.
 

Regarding the files you mentioned: No, I don't recognize any of them.
 
All that is really installed on this computer is Microsoft Office, Malwarebytes, Chrome, Kaspersky, VooDooShield(which my friend put on,) Zemana Anti-Keylogger(free,) and some tools my friend was using to try to remove the virus/hacker thing.  He'll be back tomorrow and has only just left a few minutes ago.
 
It is getting tiresome when I'm working on an assignment and the document window moves around or closes. The computer has also been turning on and off by itself. He'll be back tomorrow and has just left.

What do you mean by the document windows moving around? o.o
Don't worry, will try my best to get rid of whatever is lurking on your system (If anything is there ;) )
 

My friend mentioned that he was unable to uninstall Cyberlink as nothing would happen. It would say it was uninstalling but then was still in the Add/Remove programs part of control panel. He also said it was still in the program files folder and that there were some very strange looking files there too.
 
I hope this information is of some use.
 
I'd like to thank you very much for your help too.
 
My friend knows a lot more about this and was messaging you on my behalf before. He will take over again later today.
 
I hope you have a good sleep Pranav. Sounds like you need it. I hope you sleep well.
 
 
Thank you.

Yep. I had a good sleep. I am now trying to sleep a bit early and then wake up early. That increases the length of day for me :0)

 
We need to remove programs using "Programs and Features"

Open Computer and click on the "Computer" tab, then click on Uninstall or Change a Program.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking the below entries and selecting "Remove":

Nord VPN

Additional instructions can be found here if needed.
 
 

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
 


Let me know how it goes!


Have a nice day!

Regards,
Pranav

Attached Files


Edited by blueelvis, 04 December 2017 - 01:50 PM.

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#13 Unworn_Kilt

Unworn_Kilt
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:42 PM

Posted 04 December 2017 - 02:00 PM

Hi Pranav.

 

Thanks for getting back to me.

 

NordVpn is uninstalled.

 

I'll now execute the other commands.

 

Hopefully I'll return from the reboot.

 

 

Cheers,

 

Kilt.


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#14 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:12 AM

Posted 04 December 2017 - 02:10 PM

Hi Pranav.

 

Thanks for getting back to me.

 

NordVpn is uninstalled.

 

I'll now execute the other commands.

 

Hopefully I'll return from the reboot.

 

 

Cheers,

 

Kilt.

Sure thing. Let me know how everything goes!

 

 

-Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#15 Unworn_Kilt

Unworn_Kilt
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:42 PM

Posted 04 December 2017 - 10:32 PM

This is the BEST I can give you at present.

I've had to convert to HTML then hand edit out the code.

The endless reboot loops were failing with a message like: RPC Failure, Login Cancelled.

I'll repair Windows somehow and be back as soon as possible.

Take care in the meantime.

I think I managed to msg boop. Every time I tried to submit something it would log me out.

Be back later.

Cheers,

Kilt.



Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Curri (05-12-2017 05:36:32) Run:1
Running from C:\Users\Curri\Desktop
Loaded Profiles: defaultuser0 & Curri (Available Profiles: defaultuser0 & Curri)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
EmptyTemp:


BHO: No Name {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - No File

CHR DefaultSearchKeyword: Default - lp

S3 MFE_RR; C:\Users\Curri\AppData\Local\Temp\mfe_rr.sys [24120 2017-11-17] (McAfee, Inc.) <==== ATTENTION
C:\Users\Curri\AppData\Local\Temp\mfe_rr.sys

File: C:\local.conf

Folder: C:\ProgramData\sa8o
Folder: C:\ProgramData\s6e8
Folder: C:\ProgramData\saho
Folder: C:\ProgramData\s7b4
Folder: C:\ProgramData\s4e0
Folder: C:\ProgramData\s460
Folder: C:\ProgramData\sf48
Folder: C:\ProgramData\seac
Folder: C:\ProgramData\s58s

2017-11-15 23:42 - 2017-11-15 23:42 - 000000684 _____ C:\WINDOWS\SysWOW64\tmp.reg
2017-11-15 23:42 - 2017-11-15 23:42 - 000000000 _____ C:\WINDOWS\SysWOW64\tmp.txt
2017-11-15 23:40 - 2009-06-02 11:17 - 000075776 _____ C:\WINDOWS\SysWOW64\WS2Fix.exe
2017-11-15 23:40 - 2008-12-12 01:57 - 000078336 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\Agent.OMZ.Fix.exe
2017-11-15 23:40 - 2008-11-29 18:58 - 000082944 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\IEDFix.C.exe
2017-11-15 23:40 - 2008-10-01 15:51 - 000087552 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\VACFix.exe
2017-11-15 23:40 - 2008-09-20 12:45 - 000080384 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\o4Patch.exe
2017-11-15 23:40 - 2008-08-18 12:19 - 000082432 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\404Fix.exe
2017-11-15 23:40 - 2008-05-18 21:40 - 000082944 _____ (S!Ri.URZ) C:\WINDOWS\SysWOW64\IEDFix.exe
2017-11-15 23:40 - 2007-09-06 00:22 - 000289144 _____ (S!Ri) C:\WINDOWS\SysWOW64\VCCLSID.exe
2017-11-15 23:40 - 2006-04-27 17:49 - 000288417 _____ (S!Ri) C:\WINDOWS\SysWOW64\SrchSTS.exe
2017-11-15 23:40 - 2006-01-09 10:36 - 000040960 _____ C:\WINDOWS\SysWOW64\swsc.exe
2017-11-15 23:40 - 2004-07-31 18:50 - 000051200 _____ C:\WINDOWS\SysWOW64\dumphive.exe
2017-11-15 23:40 - 2003-06-05 21:13 - 000053248 _____ (hxxp://www.beyondlogic.org) C:\WINDOWS\SysWOW64\Process.exe

NordVPN (HKLM-x32\...\{399A1E19-38E5-40C5-8ACD-BF007782F59A}) (Version: 6.6.11 - NordVPN) Hidden

StartRegedit:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005

EndRegedit:

CMD: net stop winmgmt
CMD: net start winmgmt

CMD: netsh winsock reset
CMD: netsh int ip reset
CMD: ipconfig /flushdns
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key removed successfully
HKLM\Software\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key not found
Chrome DefaultSearchKeyword => removed successfully
HKLM\System\CurrentControlSet\Services\MFE_RR => key removed successfully
MFE_RR => service removed successfully
C:\Users\Curri\AppData\Local\Temp\mfe_rr.sys => moved successfully

========================= File: C:\local.conf ========================

C:\local.conf
File not signed
MD5: 7010EBD57805147EAD1248848FFB0EFD
Creation and modification date: 2017-11-22 06:33 - 2017-11-22 06:33
Size: 000000114
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======


========================= Folder: C:\ProgramData\sa8o ========================


====== End of Folder: ======


========================= Folder: C:\ProgramData\s6e8 ========================


====== End of Folder: ======


========================= Folder: C:\ProgramData\saho ========================


====== End of Folder: ======


========================= Folder: C:\ProgramData\s7b4 ========================


====== End of Folder: ======


========================= Folder: C:\ProgramData\s4e0 ========================


====== End of Folder: ======


========================= Folder: C:\ProgramData\s460 ========================


====== End of Folder: ======


========================= Folder: C:\ProgramData\sf48 ========================


====== End of Folder: ======


========================= Folder: C:\ProgramData\seac ========================


====== End of Folder: ======


========================= Folder: C:\ProgramData\s58s ========================


====== End of Folder: ======

C:\WINDOWS\SysWOW64\tmp.reg => moved successfully
C:\WINDOWS\SysWOW64\tmp.txt => moved successfully
C:\WINDOWS\SysWOW64\WS2Fix.exe => moved successfully
C:\WINDOWS\SysWOW64\Agent.OMZ.Fix.exe => moved successfully
C:\WINDOWS\SysWOW64\IEDFix.C.exe => moved successfully
C:\WINDOWS\SysWOW64\VACFix.exe => moved successfully
C:\WINDOWS\SysWOW64\o4Patch.exe => moved successfully
C:\WINDOWS\SysWOW64\404Fix.exe => moved successfully
C:\WINDOWS\SysWOW64\IEDFix.exe => moved successfully
C:\WINDOWS\SysWOW64\VCCLSID.exe => moved successfully
C:\WINDOWS\SysWOW64\SrchSTS.exe => moved successfully
C:\WINDOWS\SysWOW64\swsc.exe => moved successfully
C:\WINDOWS\SysWOW64\dumphive.exe => moved successfully
C:\WINDOWS\SysWOW64\Process.exe => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{399A1E19-38E5-40C5-8ACD-BF007782F59A}\\SystemComponent => value not found.

====> Registry

========= net stop winmgmt =========

The following services are dependent on the Windows Management Instrumentation service.
Stopping the Windows Management Instrumentation service will also stop these services.

Security Center
IP Helper

Do you want to continue this operation? (Y/N) [N]:
No valid response was provided.

========= End of CMD: =========


========= net start winmgmt =========

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.


========= End of CMD: =========


========= netsh winsock reset =========

Access is denied.



========= End of CMD: =========


========= netsh int ip reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 104738970 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 3644457802 B
Edge => 1699304 B
Chrome => 523496966 B
Firefox =>; 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 238676 B
NetworkService => 73147092 B
defaultuser0 => 0 B
Curri => 396713972 B

RecycleBin => 0 B
EmptyTemp: => 4.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 05:41:45 ====

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users