Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have two virus/trojans in quarantine, computer still running out of memory


  • This topic is locked This topic is locked
26 replies to this topic

#1 crunkkcar

crunkkcar

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:27 AM

Posted 11 November 2017 - 02:53 PM

Are the virus' still infecting my PC? It has happened a few times recently and their names are: 

 

Object name: not-a-virus:HEUR:AdWare.Win32.Generic Object type: Adware
Object name: 11117 Object type: Vulnerability 
Object name: not-a-virus:HEUR:Downloader.Win32.Generic Object type: Legitimate software that can be used by criminals to damage your computer or personal data 
 
Also, my CPU has been reaching 100%, and whenever I run a program or Chrome and have only 2 tabs open (usually have 10+ open) i get popup messages saying I have to shut down and not enough memory etc, but I should have memory. Disk C only has 2.24 GB free out of 109 GB. I have 4.00 GB RAM Windows 10 Pro 64 Bit intel 4200U CPU @ 1.60 GHz. 
 
Please help. Thank you so much for your time. I really REALLY appreciate it  :)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-11-2017
Ran by Ashley (administrator) on ASHLEYXPS (11-11-2017 11:43:15)
Running from C:\Users\Ashley\Desktop
Loaded Profiles: Ashley (Available Profiles: Ashley)
Platform: Windows 10 Pro Version 1607 14393.1770 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\WINDOWS\System32\rpcnetp.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Compal Electronics, INC.) C:\Program Files\Dell\QuickSet\ResetTouch.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\WINDOWS\System32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\System32\SrTasks.exe
(Microsoft Corporation) C:\WINDOWS\System32\printfilterpipelinesvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\CompatTelRunner.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\backgroundTaskHost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5777224 2013-09-02] (Dell Inc.)
HKLM\...\Run: [ResetTouch] => C:\Program Files\Dell\QuickSet\ResetTouch.exe [2345808 2013-03-04] (Compal Electronics, INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3955888 2015-09-11] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9230304 2017-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MA3Firmware] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489920 2017-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489920 2017-07-27] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-1606907372-1565312641-48768637-1001\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1606907372-1565312641-48768637-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-1606907372-1565312641-48768637-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-05] (Google Inc.)
HKU\S-1-5-21-1606907372-1565312641-48768637-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
Startup: C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-05-29]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0c0ec946-e5c4-4381-8ac4-e1677de01062}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{9f635025-251d-41da-9c79-c7eed6095198}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1606907372-1565312641-48768637-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-10-24] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-10-24] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-13] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-10-24] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
Toolbar: HKU\S-1-5-21-1606907372-1565312641-48768637-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-13] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-13] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-13] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-13] (Microsoft Corporation)
 
Edge: 
======
Edge Extension: (OneNote Web Clipper) -> EdgeExtension_MicrosoftOneNoteWebClipper_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.OneNoteWebClipper_3.7.2.0_neutral__8wekyb3d8bbwe [2017-04-06]
Edge Extension: (Pin It Button) -> EdgeExtension_PinterestPinItButton_xnkra2w3aecd0 => C:\Program Files\WindowsApps\Pinterest.PinItButton_1.39.5.0_neutral__xnkra2w3aecd0 [2016-12-05]
 
FireFox:
========
FF ProfilePath: C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\t5yp6uoq.default [2017-11-11]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-10-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-04-21]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-13] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default [2017-11-11]
CHR Extension: (Slides) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Docs) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-31]
CHR Extension: (YouTube) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-31]
CHR Extension: (Google Tips) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2017-01-31]
CHR Extension: (High Contrast) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2017-08-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Sheets) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Kaspersky Protection) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-02-19]
CHR Extension: (iCloud Bookmarks) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2017-10-10]
CHR Extension: (Google Docs Offline) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-01]
CHR Extension: (OneNote Web Clipper) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojbdfnpnhogfdgjbigejoaolejmgdhk [2017-05-17]
CHR Extension: (Pinterest Save Button) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-11-11]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2017-01-31]
CHR Extension: (My Study Life) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjdjjiobjicmlhnjlogfgbibihjhkeo [2017-01-31]
CHR Extension: (Office Online) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2017-09-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2017-10-10]
CHR Extension: (Gmail) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-31]
CHR Extension: (Chrome Media Router) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-27]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122800 2017-10-04] (Microsoft Corporation)
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2017-04-11] (Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2017-04-11] (Dell Inc.)
S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
S4 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-07-07] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-07-28] (Microsoft Corporation)
S4 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
S4 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 rpcnetp; C:\WINDOWS\System32\rpcnetp.exe [17408 2017-11-11] () [File not signed]
R2 rpcnetp; C:\WINDOWS\SysWOW64\rpcnetp.exe [17408 2017-11-11] () [File not signed]
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-07-27] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-08-07] (Microsoft Corporation)
S4 SilhouetteLink; C:\Program Files (x86)\Silhouette America\Silhouette Link\Resources\Resources\SPEC_LK\SilhouetteLinkServer.32.exe [897200 2016-12-06] ()
S4 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-09-22] (Dell Inc.)
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [256688 2015-09-11] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-07] (Microsoft Corporation)
S4 aunhelper; "C:\Program Files (x86)\Common Files\aunhelper\aunhelper.exe" [X]
S4 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 26B169BC6; C:\WINDOWS\System32\drivers\26B169BC6.sys [478392 2016-12-06] (Kaspersky Lab ZAO)
S3 AirModeBtn; C:\WINDOWS\System32\drivers\AirModeBtn.sys [40976 2015-08-22] (LG Electroncis)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [76032 2015-10-21] (Advanced Micro Devices, Inc.)
S3 BT; C:\WINDOWS\System32\drivers\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 cpuz143; C:\Users\Ashley\AppData\Local\Temp\cpuz143\cpuz143_x64.sys [48952 2017-11-11] (CPUID) <==== ATTENTION
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-08-15] (OSR Open Systems Resources, Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2016-12-08] ()
R3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [46856 2015-08-29] (Intel Corporation)
S3 iaLPSS_I2C; C:\WINDOWS\System32\drivers\iaLPSS_I2C.sys [132360 2015-08-29] (Intel Corporation)
S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-02] (Intel Corporation)
S3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-02] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation)
S3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [20192 2013-09-08] (Intel Corporation)
S3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197344 2017-10-15] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [520152 2017-07-24] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [186184 2017-11-11] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1021656 2017-10-15] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-02-18] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-04-28] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-03-14] (AO Kaspersky Lab)
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [251656 2017-04-28] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [112912 2017-04-28] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173144 2017-04-28] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-03-14] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199640 2017-07-24] (AO Kaspersky Lab)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-10-10] (Malwarebytes)
S1 MpKsld02d6a8a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D15C32A-BF3E-47A5-B08B-5586E1B561C1}\MpKsld02d6a8a.sys [44928 2017-05-29] () [File not signed]
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3520264 2016-05-03] (Intel Corporation)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; c:\program files\dell\supportassist\pcdsrvc_x64.pkms [25584 2016-09-10] (PC-Doctor, Inc.)
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [32168 2015-12-09] (EldoS Corporation)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-10-05] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-10-05] (Synaptics Incorporated)
S3 SNTUSB64; C:\WINDOWS\System32\drivers\SNTUSB64.SYS [58664 2008-07-11] (SafeNet, Inc.)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [67248 2015-09-11] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-12-06] ()
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 BlueletAudio; \SystemRoot\system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; \SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 Btcsrusb; \SystemRoot\System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 VComm; \SystemRoot\system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; \SystemRoot\System32\Drivers\VcommMgr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-11 11:43 - 2017-11-11 11:43 - 000028169 _____ C:\Users\Ashley\Desktop\FRST.txt
2017-11-11 11:42 - 2017-11-11 11:42 - 000001344 _____ C:\Users\Ashley\Desktop\Should I Remove It.lnk
2017-11-11 11:42 - 2017-11-11 11:42 - 000000000 ____D C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
2017-11-11 11:42 - 2017-11-11 11:42 - 000000000 ____D C:\Program Files (x86)\Reason
2017-11-11 11:41 - 2017-11-11 11:41 - 000000000 ___HD C:\OneDriveTemp
2017-11-11 11:39 - 2017-11-11 11:42 - 002392576 _____ (Farbar) C:\Users\Ashley\Desktop\FRST64.exe
2017-11-11 11:37 - 2017-11-11 11:37 - 000000000 ____D C:\Users\Ashley\AppData\Local\ElevatedDiagnostics
2017-11-11 11:15 - 2017-11-11 11:15 - 002178872 _____ (Reason Software Company Inc.) C:\Users\Ashley\Desktop\ShouldIRemoveIt_Setup.exe
2017-11-11 11:12 - 2017-11-11 11:12 - 002001544 _____ C:\Users\Ashley\Desktop\pc-decrapifier-3.0.1.exe
2017-11-11 11:05 - 2017-11-11 11:05 - 000004458 _____ C:\Users\Ashley\Desktop\startup.txt
2017-11-11 11:03 - 2017-11-11 11:03 - 000000300 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2017-11-11 11:03 - 2017-11-11 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-11-11 10:37 - 2017-11-11 10:37 - 000014456 ____N C:\bootsqm.dat
2017-11-11 10:25 - 2017-11-11 10:25 - 000387312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-11 10:25 - 2017-11-11 10:25 - 000000000 ____D C:\WINDOWS\Panther
2017-11-11 10:07 - 2017-11-11 10:20 - 000003360 _____ C:\WINDOWS\System32\Tasks\ReimageUpdater
2017-11-11 10:06 - 2017-11-11 11:20 - 000000140 _____ C:\WINDOWS\Reimage.ini
2017-11-11 09:47 - 2017-11-11 11:03 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-11 09:47 - 2017-11-11 11:03 - 000000000 ____D C:\Program Files\CCleaner
2017-11-11 09:47 - 2017-11-11 09:47 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-11-11 09:47 - 2017-11-11 09:47 - 000002860 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-11-11 09:46 - 2017-11-11 09:46 - 010424456 _____ (Piriform Ltd) C:\Users\Ashley\Downloads\ccsetup536pro.exe
2017-11-11 06:11 - 2017-11-11 06:11 - 002275378 _____ C:\Users\Ashley\Downloads\1492808174744-classmaterials-mqs_season2_colorblockdrunkardspath_sf040.pdf
2017-11-11 06:11 - 2017-11-11 06:11 - 002275378 _____ C:\Users\Ashley\Downloads\1492808174744-classmaterials-mqs_season2_colorblockdrunkardspath_sf040 (1).pdf
2017-11-11 06:10 - 2017-11-11 06:10 - 009177310 _____ C:\Users\Ashley\Downloads\kaleidoscopequiltpattern1_aiid2254782.pdf
2017-11-11 06:09 - 2017-11-11 06:09 - 001178613 _____ C:\Users\Ashley\Downloads\tripletrianglemethodforfreedownload_aiid1585689 (2).pdf
2017-11-11 06:06 - 2017-11-11 06:06 - 001178613 _____ C:\Users\Ashley\Downloads\tripletrianglemethodforfreedownload_aiid1585689.pdf
2017-11-11 06:06 - 2017-11-11 06:06 - 001178613 _____ C:\Users\Ashley\Downloads\tripletrianglemethodforfreedownload_aiid1585689 (1).pdf
2017-11-11 04:35 - 2017-11-11 04:35 - 000000908 _____ C:\Users\Ashley\Desktop\kapersky report 1.txt
2017-11-11 04:24 - 2017-11-11 04:24 - 006299336 _____ (Piriform Ltd) C:\Users\Ashley\Desktop\spsetup131.exe
2017-11-11 04:24 - 2017-11-11 04:24 - 000000839 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-11-11 04:24 - 2017-11-11 04:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-11-11 04:24 - 2017-11-11 04:24 - 000000000 ____D C:\Program Files\Speccy
2017-11-09 14:55 - 2017-11-09 14:55 - 000029528 _____ C:\Users\Ashley\Desktop\MTB.txt
2017-11-09 14:54 - 2017-11-09 14:55 - 000029528 _____ C:\Users\Ashley\Downloads\MTB.txt
2017-11-09 14:52 - 2017-11-09 14:54 - 000892416 _____ (Farbar) C:\Users\Ashley\Downloads\MiniToolBox.exe
2017-11-07 13:50 - 2017-11-07 13:50 - 000140905 _____ C:\Users\Ashley\Downloads\giant-bicycles-gear-38643.pdf
2017-11-04 23:58 - 2017-11-04 23:58 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-11-04 23:58 - 2017-11-04 23:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-04 23:58 - 2017-11-04 23:58 - 000000000 ____D C:\Program Files\iPod
2017-11-04 23:57 - 2017-11-04 23:58 - 000000000 ____D C:\Program Files\iTunes
2017-11-04 15:08 - 2017-11-04 15:08 - 000155919 _____ C:\Users\Ashley\Downloads\ud110.pdf
2017-11-04 15:08 - 2017-11-04 15:08 - 000149426 _____ C:\Users\Ashley\Downloads\ud110s.pdf
2017-11-04 15:07 - 2017-11-04 15:08 - 000137083 _____ C:\Users\Ashley\Downloads\ud115.pdf
2017-11-04 14:54 - 2017-11-04 14:54 - 000073411 _____ C:\Users\Ashley\Downloads\ej100.pdf
2017-11-04 14:54 - 2017-11-04 14:54 - 000073411 _____ C:\Users\Ashley\Downloads\ej100 (1).pdf
2017-11-04 14:20 - 2017-11-04 14:20 - 000105150 _____ C:\Users\Ashley\Downloads\civ110.pdf
2017-11-03 07:47 - 2017-11-03 07:47 - 000002422 _____ C:\Users\Public\Desktop\Paragon Partition Manager™ 14 Free.lnk
2017-11-03 07:47 - 2017-11-03 07:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 14 Free
2017-11-03 07:47 - 2017-11-03 07:47 - 000000000 ____D C:\ProgramData\launcher
2017-11-03 07:47 - 2017-11-03 07:47 - 000000000 ____D C:\ProgramData\explauncher
2017-11-03 07:47 - 2017-11-03 07:47 - 000000000 ____D C:\Program Files\Paragon Software
2017-11-03 07:46 - 2017-11-03 07:46 - 000000000 ____D C:\Users\Ashley\AppData\Local\Downloaded Installations
2017-11-03 07:45 - 2017-11-03 07:45 - 053091632 _____ (Paragon Software ) C:\Users\Ashley\Downloads\pm14free_x64_eng.exe
2017-11-03 06:42 - 2017-11-02 16:47 - 001469483 _____ C:\Users\Ashley\OneDrive\Documents\report.pdf
2017-11-01 15:25 - 2017-11-01 15:25 - 000002891 _____ C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
2017-11-01 15:25 - 2017-11-01 15:25 - 000000000 ____D C:\Program Files (x86)\Windows Installer Clean Up
2017-11-01 15:22 - 2017-11-01 15:31 - 000000000 ____D C:\Program Files (x86)\MSECACHE
2017-11-01 15:19 - 2017-11-01 15:31 - 000359656 _____ (Microsoft Corporation) C:\Users\Ashley\Downloads\msicuu2.exe
2017-11-01 15:10 - 2017-11-01 15:10 - 000221662 _____ C:\Users\Ashley\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2017-11-01 09:34 - 2017-11-01 09:34 - 000003218 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
2017-11-01 09:33 - 2017-11-01 09:33 - 000000000 ____D C:\Program Files\Realtek
2017-11-01 09:33 - 2017-07-27 08:08 - 012935679 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-11-01 09:33 - 2017-07-27 08:08 - 003677152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-11-01 09:33 - 2017-07-27 08:08 - 003507688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-11-01 09:33 - 2017-07-27 08:08 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-11-01 09:33 - 2017-07-27 08:08 - 001347136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-11-01 09:33 - 2017-07-27 08:08 - 000691680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-11-01 09:33 - 2017-07-27 08:08 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-11-01 09:33 - 2017-07-27 08:08 - 000387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-11-01 09:33 - 2017-07-27 08:08 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-11-01 09:33 - 2017-07-27 08:08 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-11-01 09:33 - 2017-07-27 08:08 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-11-01 09:33 - 2017-07-27 08:08 - 000221960 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2017-11-01 09:33 - 2017-07-27 08:08 - 000214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-11-01 09:33 - 2017-07-27 08:08 - 000209528 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2017-11-01 09:33 - 2017-07-27 08:08 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-11-01 09:33 - 2017-07-27 08:08 - 000164424 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkXInterface64.dll
2017-11-01 09:33 - 2017-07-27 08:08 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-11-01 09:33 - 2017-07-27 08:08 - 000088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 072520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCORES64.dat
2017-11-01 09:32 - 2017-07-27 08:08 - 007172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 002210272 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 001780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 001591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 001508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 000743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 000727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 000708304 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 000504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 000447712 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 000445392 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 000441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 000253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 000253856 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 000252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 000151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 000134192 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-11-01 09:32 - 2017-07-27 08:08 - 000084608 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-11-01 09:32 - 2017-07-27 08:07 - 007096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-11-01 09:32 - 2017-07-27 08:07 - 001965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2017-11-01 09:32 - 2017-07-27 08:07 - 000327448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2017-11-01 09:32 - 2017-07-27 08:07 - 000272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2017-11-01 09:32 - 2017-07-27 08:07 - 000122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-11-01 09:31 - 2017-11-01 09:31 - 000010752 _____ C:\WINDOWS\SetupAfterRebootService.exe
2017-11-01 01:44 - 2017-11-01 01:44 - 000168131 _____ C:\Users\Ashley\Downloads\134826669-Ex-Parte-Motion-to-Stay-Execution (1).pdf
2017-11-01 01:42 - 2017-11-01 01:42 - 000122880 _____ C:\Users\Ashley\Downloads\60997398-Sample-Ex-Parte-Application-to-Vacate-Judgment-for-California.pdf
2017-11-01 01:40 - 2017-11-01 01:40 - 000168131 _____ C:\Users\Ashley\Downloads\134826669-Ex-Parte-Motion-to-Stay-Execution.pdf
2017-10-27 23:00 - 2016-09-22 13:55 - 002839520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2017-10-27 22:58 - 2017-11-01 14:23 - 000000000 ___HD C:\Program Files (x86)\Temp
2017-10-27 22:15 - 2017-10-27 22:19 - 000002568 _____ C:\WINDOWS\System32\Tasks\DriverFinder
2017-10-27 22:15 - 2017-10-27 22:17 - 000000000 ____D C:\Users\Ashley\AppData\Roaming\DriverFinder
2017-10-27 22:15 - 2017-10-27 22:15 - 000276184 _____ C:\Users\Ashley\Downloads\dfsetup.exe
2017-10-27 22:15 - 2017-10-27 22:15 - 000001126 _____ C:\Users\Public\Desktop\DriverFinder.lnk
2017-10-27 22:15 - 2017-10-27 22:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverFinder
2017-10-27 22:15 - 2017-10-27 22:15 - 000000000 ____D C:\Program Files (x86)\DriverFinder
2017-10-25 16:22 - 2017-10-25 16:23 - 000000000 ____D C:\VHD
2017-10-25 09:13 - 2017-10-25 09:13 - 000003432 _____ C:\WINDOWS\System32\Tasks\HPEA3JOBS
2017-10-25 09:13 - 2017-10-25 09:13 - 000002682 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP ePrint SW.lnk
2017-10-25 09:09 - 2017-10-25 09:11 - 011097040 _____ C:\Users\Ashley\Downloads\HPPSdr.exe
2017-10-25 09:09 - 2017-10-25 09:09 - 032701616 _____ (HP) C:\Users\Ashley\Downloads\HPEPrintAppSetupx64.exe
2017-10-25 09:08 - 2017-10-25 09:08 - 000001300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-10-25 09:08 - 2017-10-25 09:08 - 000001288 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-10-25 09:06 - 2017-10-25 09:06 - 000820320 _____ (Adobe Systems Incorporated) C:\Users\Ashley\Downloads\CreativeCloudSet-Up.exe
2017-10-25 08:51 - 2017-10-25 08:51 - 001130328 _____ (Google Inc.) C:\Users\Ashley\Downloads\ChromeSetup.exe
2017-10-19 08:17 - 2017-11-11 11:40 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.exe
2017-10-19 08:17 - 2017-11-11 11:40 - 000017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.dll
2017-10-13 13:18 - 2017-10-13 13:18 - 000002271 _____ C:\Users\Public\Desktop\Silhouette Studio.lnk
2017-10-13 13:17 - 2017-10-13 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silhouette America
2017-10-13 13:16 - 2017-10-13 13:17 - 000000000 ____D C:\Program Files (x86)\Silhouette America
2017-10-13 13:16 - 2017-10-13 13:16 - 000002287 _____ C:\Users\Public\Desktop\SilhouetteLinkConsole.lnk
2017-10-13 12:18 - 2017-09-17 18:51 - 000178016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-13 12:18 - 2017-09-17 18:49 - 001260784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-13 12:18 - 2017-09-17 18:30 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-13 12:18 - 2017-09-17 18:28 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-10-13 12:18 - 2017-09-17 18:26 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-10-13 12:18 - 2017-09-17 18:23 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-10-13 12:18 - 2017-09-17 18:19 - 000303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-13 12:18 - 2017-09-17 18:19 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-13 12:18 - 2017-09-17 18:18 - 007470592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-13 12:18 - 2017-09-17 18:14 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-10-13 12:18 - 2017-09-17 18:14 - 002483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-13 12:18 - 2017-09-17 18:14 - 001599488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-13 12:18 - 2017-09-14 14:30 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2017-10-13 12:18 - 2017-09-14 14:30 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB7.dll
2017-10-13 12:18 - 2017-09-14 14:30 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-10-13 12:18 - 2017-09-14 14:28 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-10-13 12:18 - 2017-09-14 14:26 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-10-13 12:18 - 2017-09-14 14:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2017-10-13 12:18 - 2017-09-13 18:04 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-13 12:18 - 2017-09-13 18:04 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-13 12:18 - 2017-09-13 18:04 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-13 12:17 - 2017-09-17 19:27 - 001651552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2017-10-13 12:17 - 2017-09-17 19:27 - 000218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-10-13 12:17 - 2017-09-17 19:22 - 001470816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-10-13 12:17 - 2017-09-17 19:05 - 000497424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-13 12:17 - 2017-09-17 19:04 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-13 12:17 - 2017-09-17 19:04 - 000918304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-13 12:17 - 2017-09-17 19:03 - 000791272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-13 12:17 - 2017-09-17 18:59 - 000341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-13 12:17 - 2017-09-17 18:55 - 005722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-13 12:17 - 2017-09-17 18:55 - 001431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-10-13 12:17 - 2017-09-17 18:54 - 001980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-10-13 12:17 - 2017-09-17 18:52 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-13 12:17 - 2017-09-17 18:52 - 006672680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-13 12:17 - 2017-09-17 18:52 - 004023560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-10-13 12:17 - 2017-09-17 18:52 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-10-13 12:17 - 2017-09-17 18:52 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-10-13 12:17 - 2017-09-17 18:52 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-10-13 12:17 - 2017-09-17 18:52 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-10-13 12:17 - 2017-09-17 18:49 - 001435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-13 12:17 - 2017-09-17 18:49 - 001412128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-13 12:17 - 2017-09-17 18:48 - 000117792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-13 12:17 - 2017-09-17 18:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-10-13 12:17 - 2017-09-17 18:33 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-13 12:17 - 2017-09-17 18:31 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-10-13 12:17 - 2017-09-17 18:31 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-10-13 12:17 - 2017-09-17 18:30 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-10-13 12:17 - 2017-09-17 18:29 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-10-13 12:17 - 2017-09-17 18:28 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-10-13 12:17 - 2017-09-17 18:27 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-10-13 12:17 - 2017-09-17 18:26 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-10-13 12:17 - 2017-09-17 18:26 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-13 12:17 - 2017-09-17 18:26 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-10-13 12:17 - 2017-09-17 18:26 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-10-13 12:17 - 2017-09-17 18:26 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-10-13 12:17 - 2017-09-17 18:25 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-10-13 12:17 - 2017-09-17 18:25 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-13 12:17 - 2017-09-17 18:24 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-13 12:17 - 2017-09-17 18:24 - 000819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-10-13 12:17 - 2017-09-17 18:24 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-10-13 12:17 - 2017-09-17 18:23 - 000857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-10-13 12:17 - 2017-09-17 18:23 - 000636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-10-13 12:17 - 2017-09-17 18:23 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-10-13 12:17 - 2017-09-17 18:23 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-13 12:17 - 2017-09-17 18:23 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-10-13 12:17 - 2017-09-17 18:22 - 001323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-13 12:17 - 2017-09-17 18:22 - 001137664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-13 12:17 - 2017-09-17 18:21 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-13 12:17 - 2017-09-17 18:20 - 019414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-13 12:17 - 2017-09-17 18:20 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-13 12:17 - 2017-09-17 18:20 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-10-13 12:17 - 2017-09-17 18:19 - 002750976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-10-13 12:17 - 2017-09-17 18:18 - 012204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-13 12:17 - 2017-09-17 18:17 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-10-13 12:17 - 2017-09-17 18:16 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-10-13 12:17 - 2017-09-17 18:15 - 006065152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-13 12:17 - 2017-09-17 18:14 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-10-13 12:17 - 2017-09-17 18:14 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-13 12:17 - 2017-09-17 18:14 - 002997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-13 12:17 - 2017-09-17 18:14 - 002740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-13 12:17 - 2017-09-17 18:14 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-10-13 12:17 - 2017-09-17 18:14 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-10-13 12:17 - 2017-09-17 18:14 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-10-13 12:17 - 2017-09-17 18:14 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-10-13 12:17 - 2017-09-17 18:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-10-13 12:17 - 2017-09-17 18:14 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-10-13 12:17 - 2017-09-17 18:14 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-13 12:17 - 2017-09-17 18:14 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-10-13 12:17 - 2017-09-17 18:13 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-10-13 12:17 - 2017-09-17 18:13 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-10-13 12:17 - 2017-09-17 18:13 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-10-13 12:17 - 2017-09-17 18:13 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-10-13 12:17 - 2017-09-17 18:13 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-10-13 12:17 - 2017-09-17 18:13 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-10-13 12:17 - 2017-09-17 18:13 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2017-10-13 12:17 - 2017-09-17 18:11 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-10-13 12:17 - 2017-09-17 18:11 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-13 12:17 - 2017-09-14 14:59 - 000096064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-10-13 12:17 - 2017-09-14 14:52 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-10-13 12:17 - 2017-09-14 14:49 - 001202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-10-13 12:17 - 2017-09-14 14:39 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2017-10-13 12:17 - 2017-09-14 14:39 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2017-10-13 12:17 - 2017-09-14 14:31 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-13 12:17 - 2017-09-14 14:30 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-10-13 12:17 - 2017-09-14 14:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-13 12:17 - 2017-09-14 14:28 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-10-13 12:17 - 2017-09-14 14:27 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-10-13 12:17 - 2017-09-14 14:26 - 000636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-10-13 12:17 - 2017-09-14 14:25 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-10-13 12:17 - 2017-09-14 14:21 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2017-10-13 12:17 - 2017-09-14 14:15 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-13 12:17 - 2017-03-03 22:28 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-10-13 12:17 - 2017-03-03 22:24 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-10-13 12:17 - 2017-03-03 22:23 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-10-13 12:17 - 2017-03-03 22:00 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-10-13 12:17 - 2017-03-03 22:00 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-10-13 12:11 - 2017-09-17 18:31 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-13 12:11 - 2017-09-17 18:27 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-13 12:11 - 2017-09-17 18:27 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-10-13 12:11 - 2017-09-17 18:24 - 002103808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-10-13 12:11 - 2017-09-17 18:19 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-10-13 12:11 - 2017-09-17 18:17 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-13 12:11 - 2017-09-17 18:15 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-10-13 12:11 - 2017-09-17 18:15 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-13 12:11 - 2017-09-17 18:14 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-10-13 12:11 - 2017-09-14 14:22 - 000634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-10-13 12:11 - 2017-09-14 14:17 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2017-10-13 12:11 - 2017-03-03 22:11 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-10-13 12:10 - 2017-09-17 19:09 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-13 12:10 - 2017-09-17 19:08 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-13 12:10 - 2017-09-17 19:08 - 000998920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-13 12:10 - 2017-09-17 19:05 - 001177688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-13 12:10 - 2017-09-17 19:04 - 000404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-13 12:10 - 2017-09-17 19:02 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-10-13 12:10 - 2017-09-17 19:01 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-10-13 12:10 - 2017-09-17 19:01 - 000431456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-10-13 12:10 - 2017-09-17 19:01 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-13 12:10 - 2017-09-17 19:00 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-10-13 12:10 - 2017-09-17 18:59 - 022220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-13 12:10 - 2017-09-17 18:59 - 008173672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-13 12:10 - 2017-09-17 18:59 - 004260072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-10-13 12:10 - 2017-09-17 18:59 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-10-13 12:10 - 2017-09-17 18:59 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-10-13 12:10 - 2017-09-17 18:58 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-10-13 12:10 - 2017-09-17 18:58 - 000206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-13 12:10 - 2017-09-17 18:57 - 001460696 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-13 12:10 - 2017-09-17 18:57 - 001415712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-13 12:10 - 2017-09-17 18:35 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-10-13 12:10 - 2017-09-17 18:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-10-13 12:10 - 2017-09-17 18:31 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-10-13 12:10 - 2017-09-17 18:31 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-13 12:10 - 2017-09-17 18:30 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-13 12:10 - 2017-09-17 18:30 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-10-13 12:10 - 2017-09-17 18:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-10-13 12:10 - 2017-09-17 18:29 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-13 12:10 - 2017-09-17 18:29 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-13 12:10 - 2017-09-17 18:29 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-10-13 12:10 - 2017-09-17 18:29 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-10-13 12:10 - 2017-09-17 18:28 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-13 12:10 - 2017-09-17 18:28 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-10-13 12:10 - 2017-09-17 18:28 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2017-10-13 12:10 - 2017-09-17 18:28 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-10-13 12:10 - 2017-09-17 18:28 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-13 12:10 - 2017-09-17 18:27 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-10-13 12:10 - 2017-09-17 18:27 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-10-13 12:10 - 2017-09-17 18:27 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-10-13 12:10 - 2017-09-17 18:27 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-13 12:10 - 2017-09-17 18:27 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-10-13 12:10 - 2017-09-17 18:27 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-13 12:10 - 2017-09-17 18:27 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-13 12:10 - 2017-09-17 18:26 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-10-13 12:10 - 2017-09-17 18:26 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-10-13 12:10 - 2017-09-17 18:26 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2017-10-13 12:10 - 2017-09-17 18:26 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-13 12:10 - 2017-09-17 18:26 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-10-13 12:10 - 2017-09-17 18:26 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-10-13 12:10 - 2017-09-17 18:26 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-13 12:10 - 2017-09-17 18:26 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-13 12:10 - 2017-09-17 18:25 - 001914368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-13 12:10 - 2017-09-17 18:25 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-13 12:10 - 2017-09-17 18:25 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-13 12:10 - 2017-09-17 18:25 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-10-13 12:10 - 2017-09-17 18:24 - 001584640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-13 12:10 - 2017-09-17 18:24 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-13 12:10 - 2017-09-17 18:24 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-13 12:10 - 2017-09-17 18:23 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-10-13 12:10 - 2017-09-17 18:22 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-10-13 12:10 - 2017-09-17 18:22 - 003291648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-10-13 12:10 - 2017-09-17 18:22 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-13 12:10 - 2017-09-17 18:22 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-13 12:10 - 2017-09-17 18:20 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-10-13 12:10 - 2017-09-17 18:19 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-13 12:10 - 2017-09-17 18:19 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2017-10-13 12:10 - 2017-09-17 18:18 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-13 12:10 - 2017-09-17 18:18 - 008077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-13 12:10 - 2017-09-17 18:18 - 001145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-10-13 12:10 - 2017-09-17 18:18 - 000932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-10-13 12:10 - 2017-09-17 18:18 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-10-13 12:10 - 2017-09-17 18:17 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2017-10-13 12:10 - 2017-09-17 18:16 - 004743168 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-13 12:10 - 2017-09-17 18:16 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-10-13 12:10 - 2017-09-17 18:15 - 003202048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-13 12:10 - 2017-09-17 18:15 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-10-13 12:10 - 2017-09-17 18:15 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-10-13 12:10 - 2017-09-17 18:15 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-10-13 12:10 - 2017-09-17 18:15 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-13 12:10 - 2017-09-17 18:15 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-10-13 12:10 - 2017-09-17 18:14 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-13 12:10 - 2017-09-17 18:14 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-13 12:10 - 2017-09-17 18:14 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-13 12:10 - 2017-09-17 18:14 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-10-13 12:10 - 2017-09-17 18:14 - 001040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-10-13 12:10 - 2017-09-17 18:14 - 000983552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-10-13 12:10 - 2017-09-17 18:14 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-10-13 12:10 - 2017-09-17 18:14 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-10-13 12:10 - 2017-09-17 18:14 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-10-13 12:10 - 2017-09-17 18:14 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-10-13 12:10 - 2017-09-17 18:14 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-13 12:10 - 2017-09-17 18:14 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-10-13 12:10 - 2017-09-17 18:14 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-10-13 12:10 - 2017-09-17 18:14 - 000650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-13 12:10 - 2017-09-17 18:14 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-13 12:10 - 2017-09-17 18:13 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-10-13 12:10 - 2017-09-17 18:13 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-10-13 12:10 - 2017-09-17 18:13 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-10-13 12:10 - 2017-09-17 18:13 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2017-10-13 12:10 - 2017-09-17 18:12 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-10-13 12:10 - 2017-09-17 18:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-13 12:10 - 2017-09-17 18:12 - 000439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2017-10-13 12:10 - 2017-09-14 15:05 - 001302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-10-13 12:10 - 2017-09-14 14:32 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2017-10-13 12:10 - 2017-09-14 14:32 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB7.dll
2017-10-13 12:10 - 2017-09-14 14:32 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-13 12:10 - 2017-09-14 14:31 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-10-13 12:10 - 2017-09-14 14:30 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-10-13 12:10 - 2017-09-14 14:24 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-10-13 12:10 - 2017-09-14 14:22 - 000987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2017-10-13 12:10 - 2017-09-14 14:22 - 000820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-10-13 12:10 - 2017-09-14 14:20 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-10-13 12:10 - 2017-09-14 14:18 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-13 12:10 - 2017-09-14 14:18 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\umrdp.dll
2017-10-13 12:10 - 2017-09-14 14:16 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2017-10-13 12:10 - 2017-03-03 22:23 - 001184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-10-13 12:10 - 2017-03-03 22:07 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-10-13 12:10 - 2017-03-03 22:03 - 000119808 ____R (Microsoft Corporation) C:\WINDOWS\system32\SecureAssessmentHandlers.dll
2017-10-13 12:09 - 2017-09-17 19:17 - 001564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-10-13 12:09 - 2017-09-17 19:17 - 000245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-10-13 12:09 - 2017-09-17 19:17 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-10-13 12:09 - 2017-09-17 19:09 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-13 12:09 - 2017-09-17 19:09 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-13 12:09 - 2017-09-17 19:09 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-13 12:09 - 2017-09-17 19:05 - 000172536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-13 12:09 - 2017-09-17 19:05 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-10-13 12:09 - 2017-09-17 19:02 - 007213464 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-13 12:09 - 2017-09-17 19:01 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-13 12:09 - 2017-09-17 18:59 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-10-13 12:09 - 2017-09-17 18:57 - 001566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-13 12:09 - 2017-09-17 18:56 - 000057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-13 12:09 - 2017-09-17 18:36 - 022570496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-13 12:09 - 2017-09-17 18:33 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransliterationRanker.dll
2017-10-13 12:09 - 2017-09-17 18:32 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-13 12:09 - 2017-09-17 18:32 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpninputrouter.dll
2017-10-13 12:09 - 2017-09-17 18:32 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmojiDS.dll
2017-10-13 12:09 - 2017-09-17 18:32 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-13 12:09 - 2017-09-17 18:31 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\RuleBasedDS.dll
2017-10-13 12:09 - 2017-09-17 18:30 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpnranker.dll
2017-10-13 12:09 - 2017-09-17 18:30 - 000174592 _____ C:\WINDOWS\system32\IHDS.dll
2017-10-13 12:09 - 2017-09-17 18:30 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\VocabRoamingHandler.dll
2017-10-13 12:09 - 2017-09-17 18:30 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\StaticDictDS.dll
2017-10-13 12:09 - 2017-09-17 18:30 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxranker.dll
2017-10-13 12:09 - 2017-09-17 18:29 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsStrokeDS.dll
2017-10-13 12:09 - 2017-09-17 18:28 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtHkStrokeDS.dll
2017-10-13 12:09 - 2017-09-17 18:28 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsPinyinRanker.dll
2017-10-13 12:09 - 2017-09-17 18:28 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\MtfDecoder.dll
2017-10-13 12:09 - 2017-09-17 18:27 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxAPDS.dll
2017-10-13 12:09 - 2017-09-17 18:27 - 000480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimeChsPinyinMainDS.dll
2017-10-13 12:09 - 2017-09-17 18:27 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxHAPDS.dll
2017-10-13 12:09 - 2017-09-17 18:27 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtCangjieDS.dll
2017-10-13 12:09 - 2017-09-17 18:27 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtQuickDS.dll
2017-10-13 12:09 - 2017-09-17 18:27 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-10-13 12:09 - 2017-09-17 18:27 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpndecoder.dll
2017-10-13 12:09 - 2017-09-17 18:27 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxinputrouter.dll
2017-10-13 12:09 - 2017-09-17 18:27 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-13 12:09 - 2017-09-17 18:26 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-10-13 12:09 - 2017-09-17 18:24 - 013107712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-13 12:09 - 2017-09-17 18:24 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-10-13 12:09 - 2017-09-17 18:22 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-10-13 12:09 - 2017-09-17 18:20 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-13 12:09 - 2017-09-17 18:20 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-10-13 12:09 - 2017-09-17 18:18 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-13 12:09 - 2017-09-17 18:17 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-13 12:09 - 2017-09-17 18:16 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-13 12:09 - 2017-09-17 18:15 - 001231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-13 12:09 - 2017-09-17 18:14 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-13 12:09 - 2017-09-17 18:11 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\trie.dll
2017-10-13 12:09 - 2017-09-17 18:11 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFFuzzyDS.dll
2017-10-13 12:09 - 2017-09-17 18:11 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFSpellcheckDS.dll
2017-10-13 12:09 - 2017-09-14 15:14 - 000119328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-10-13 12:09 - 2017-09-14 14:32 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-10-13 12:09 - 2017-09-14 14:32 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-10-13 12:09 - 2017-09-14 14:29 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-10-13 12:09 - 2017-09-14 14:25 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2017-10-13 12:09 - 2017-09-14 14:25 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2017-10-13 12:09 - 2017-09-14 14:24 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2017-10-13 12:09 - 2017-09-14 14:19 - 001421824 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-10-13 12:08 - 2017-09-17 19:18 - 002414432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2017-10-13 12:08 - 2017-09-17 19:14 - 001408352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-10-13 12:08 - 2017-09-17 19:14 - 001054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-10-13 12:08 - 2017-09-17 19:14 - 000992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-10-13 12:08 - 2017-09-17 19:14 - 000813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-10-13 12:08 - 2017-09-17 19:14 - 000779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-10-13 12:08 - 2017-09-17 19:14 - 000766304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-10-13 12:08 - 2017-09-17 19:14 - 000699232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-10-13 12:08 - 2017-09-17 19:14 - 000513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-10-13 12:08 - 2017-09-17 19:14 - 000412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-10-13 12:08 - 2017-09-17 19:14 - 000076128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-10-13 12:08 - 2017-09-17 19:13 - 002170720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-10-13 12:08 - 2017-09-17 19:13 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-10-13 12:08 - 2017-09-17 19:13 - 000704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-10-13 12:08 - 2017-09-17 19:13 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-10-13 12:08 - 2017-09-17 19:13 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-10-13 12:08 - 2017-09-17 19:13 - 000202592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-10-13 12:08 - 2017-09-17 18:32 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-13 12:08 - 2017-09-17 18:27 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-10-13 12:08 - 2017-09-17 18:27 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-10-13 12:08 - 2017-09-17 18:27 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-10-13 12:08 - 2017-09-17 18:26 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-10-13 12:08 - 2017-09-17 18:18 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-13 12:08 - 2017-09-17 18:17 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-13 12:08 - 2017-09-17 18:15 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-13 12:08 - 2017-09-14 14:39 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2017-10-13 12:08 - 2017-09-14 14:39 - 001227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
2017-10-13 12:08 - 2017-09-14 14:39 - 001222144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2017-10-13 12:08 - 2017-09-14 14:39 - 001165824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2017-10-13 12:08 - 2017-09-14 14:39 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
2017-10-13 12:08 - 2017-09-14 14:39 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2017-10-13 12:08 - 2017-09-14 14:39 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
2017-10-13 12:08 - 2017-09-14 14:39 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ConfigWrapper.dll
2017-10-13 12:08 - 2017-09-14 14:38 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll
2017-10-13 12:08 - 2017-09-14 14:34 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-10-13 12:08 - 2017-09-14 14:31 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-13 12:08 - 2017-09-14 14:23 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-13 12:08 - 2017-09-14 14:19 - 000928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-10-13 11:59 - 2017-10-13 11:59 - 000000000 ____D C:\ProgramData\VMware
2017-10-13 11:49 - 2017-10-13 11:50 - 294328568 _____ (Silhouette America) C:\Users\Ashley\Desktop\silhouette-studio_v4.1.332.exe
2017-10-13 11:46 - 2017-10-13 01:40 - 000000122 ____R C:\Users\Ashley\OneDrive\Documents\CA Court Rules.url
2017-10-13 11:46 - 2017-10-13 01:40 - 000000122 ____R C:\Users\Ashley\OneDrive\Documents\Alameda County Local Court Rules.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-11 11:43 - 2016-12-02 02:59 - 000000000 ____D C:\FRST
2017-11-11 11:42 - 2016-03-07 23:10 - 000000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2017-11-11 11:41 - 2017-04-28 17:51 - 000000000 ___RD C:\Users\Ashley\OneDrive - Contra Costa Com College District
2017-11-11 11:41 - 2015-08-12 10:17 - 000000000 ___RD C:\Users\Ashley\OneDrive
2017-11-11 11:40 - 2017-02-14 09:21 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-11-11 11:40 - 2016-12-09 13:42 - 000029336 _____ C:\WINDOWS\system32\wpbbin.exe
2017-11-11 11:40 - 2016-09-04 01:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-11 11:40 - 2016-09-04 01:05 - 000017408 _____ C:\WINDOWS\system32\rpcnetp.exe
2017-11-11 11:40 - 2016-07-15 22:04 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-11-11 11:31 - 2017-06-16 11:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-11-11 10:42 - 2016-12-06 15:54 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-11-11 10:41 - 2016-02-20 04:36 - 006408324 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-11 10:20 - 2017-06-16 15:58 - 000003154 _____ C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater
2017-11-11 09:53 - 2017-07-15 01:55 - 000000000 ____D C:\Users\Ashley\AppData\Local\CrashDumps
2017-11-11 09:53 - 2016-07-16 03:45 - 000000000 ____D C:\WINDOWS\INF
2017-11-11 09:18 - 2016-09-04 01:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-11 06:30 - 2017-05-03 10:44 - 000000000 ____D C:\Program Files (x86)\Slotocash Casino
2017-11-11 05:58 - 2017-09-19 15:37 - 000003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-11-11 05:45 - 2016-02-20 06:38 - 000000000 ____D C:\Users\Ashley\AppData\Local\Adobe
2017-11-11 05:41 - 2016-09-04 01:08 - 000000000 ____D C:\Users\Ashley
2017-11-11 04:24 - 2016-12-05 01:34 - 000004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EAF32358-AE1B-4155-95A7-9B15BA86442E}
2017-11-11 04:21 - 2017-04-27 14:33 - 000000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAshley.job
2017-11-11 04:20 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-09 23:43 - 2017-04-27 14:33 - 000003252 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAshley
2017-11-09 13:26 - 2016-07-16 03:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-06 22:53 - 2017-07-29 04:01 - 000000000 ____D C:\Users\Ashley\OneDrive\Documents\WAFFLES
2017-11-06 14:49 - 2017-01-31 22:30 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-06 14:49 - 2017-01-31 22:30 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-03 09:32 - 2017-08-02 09:49 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1606907372-1565312641-48768637-1001
2017-11-03 09:32 - 2016-02-20 05:05 - 000002368 _____ C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-03 09:14 - 2017-08-10 06:17 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-03 06:44 - 2017-09-28 14:59 - 000000000 ____D C:\Program Files\rempl
2017-11-03 06:42 - 2016-09-04 01:07 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-11-03 06:42 - 2015-08-12 10:16 - 000000000 __SHD C:\Users\Ashley\IntelGraphicsProfiles
2017-11-02 12:28 - 2016-12-23 14:26 - 000000000 ____D C:\Users\Ashley\AppData\Roaming\com.aspexsoftware.Silhouette_Studio
2017-11-02 12:28 - 2016-05-29 11:18 - 000000000 ____D C:\Users\Ashley\Desktop\SILHOUETTE CAMEO PICS_CRAFTS
2017-11-02 12:28 - 2016-03-12 00:27 - 000000000 ____D C:\Users\Ashley\AppData\Roaming\com.silhouettesoftware
2017-11-02 10:46 - 2016-02-06 04:12 - 000000000 ____D C:\Users\Ashley\OneDrive\Documents\Court_Legal
2017-11-01 15:46 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-01 15:41 - 2017-04-20 12:18 - 000000000 ____D C:\Windows10Upgrade
2017-11-01 15:37 - 2016-07-16 03:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-01 09:34 - 2016-09-04 01:07 - 000340711 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2017-11-01 09:34 - 2016-09-04 01:07 - 000077883 _____ C:\WINDOWS\system32\Drivers\RTWAVES30.dat
2017-11-01 09:34 - 2016-09-04 01:07 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-11-01 09:34 - 2016-03-05 06:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-11-01 09:32 - 2016-03-05 05:11 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-11-01 01:55 - 2015-12-12 13:43 - 000000000 ____D C:\swsetup
2017-11-01 01:52 - 2016-09-04 01:07 - 000000000 ____D C:\Program Files\Intel
2017-11-01 01:52 - 2016-06-08 18:58 - 000000000 ____D C:\ProgramData\Intel
2017-11-01 01:52 - 2016-02-20 06:41 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-27 22:59 - 2016-03-05 05:11 - 000000000 ____D C:\Program Files (x86)\REALTEK
2017-10-26 00:58 - 2016-02-20 07:52 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-10-25 22:03 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 22:03 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-25 10:13 - 2016-11-08 17:35 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-25 10:13 - 2016-11-08 17:35 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-25 09:16 - 2016-08-14 00:55 - 000000000 ___RD C:\Users\Ashley\Creative Cloud Files
2017-10-25 09:15 - 2016-02-20 06:41 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-10-25 09:15 - 2016-02-20 05:03 - 000000000 ____D C:\Users\Ashley\AppData\Roaming\Adobe
2017-10-25 09:13 - 2017-04-21 00:59 - 000002083 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2017-10-25 09:13 - 2016-10-05 19:45 - 000000000 ____D C:\Program Files\HP
2017-10-25 09:11 - 2016-03-22 22:35 - 000000000 ____D C:\Users\Ashley\AppData\Local\HP
2017-10-25 09:03 - 2016-02-20 07:25 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-10-24 22:31 - 2017-05-09 00:50 - 000000000 ____D C:\Users\Ashley\AppData\Roaming\JAM Software
2017-10-24 22:19 - 2016-07-16 03:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-19 08:19 - 2016-11-27 06:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-10-15 04:56 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\rescache
2017-10-15 03:09 - 2017-02-17 19:11 - 001021656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2017-10-15 03:09 - 2017-02-17 19:11 - 000197344 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2017-10-15 03:07 - 2017-03-02 16:58 - 000068072 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\agremove.exe
2017-10-13 14:09 - 2016-02-20 11:46 - 000000000 ____D C:\Users\Ashley\AppData\Local\Google
2017-10-13 13:18 - 2017-05-03 20:36 - 000024070 _____ C:\Users\Ashley\OneDrive\Documents\Silhouette Studio Permissions Debug
2017-10-13 13:18 - 2016-09-07 08:10 - 000000000 ____D C:\ProgramData\com.aspexsoftware.Silhouette_Studio.8
2017-10-13 13:16 - 2016-02-20 12:52 - 000000000 ____D C:\Users\Ashley\AppData\Roaming\Silhouette America
2017-10-13 13:12 - 2015-08-06 11:40 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-13 13:09 - 2016-07-16 03:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-10-13 13:09 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-10-13 13:09 - 2016-07-16 03:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-13 13:01 - 2016-02-28 02:37 - 000007657 _____ C:\Users\Ashley\AppData\Local\Resmon.ResmonCfg
2017-10-13 12:56 - 2016-02-24 07:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-13 12:54 - 2016-07-05 17:17 - 000000000 ____D C:\Users\Ashley\AppData\Roaming\Mozilla
2017-10-13 12:11 - 2016-04-30 02:04 - 000000000 ___RD C:\Users\Ashley\Desktop\Resumes and Cover Letters etc
2017-10-13 12:11 - 2016-02-06 04:12 - 000000000 ____D C:\Users\Ashley\OneDrive\Documents\DEEGAN
2017-10-13 12:11 - 2015-08-06 12:59 - 000000000 ___RD C:\Users\Ashley\Google Drive
2017-10-13 11:58 - 2017-10-10 21:15 - 000018537 _____ C:\Users\Ashley\Desktop\error_report.txt
2017-10-13 11:57 - 2017-10-10 20:44 - 000000000 ____D C:\ProgramData\SecTaskMan
 
==================== Files in the root of some directories =======
 
2016-05-29 01:44 - 2016-06-15 01:51 - 000000033 _____ () C:\Users\Ashley\AppData\Roaming\AdobeWLCMCache.dat
2016-12-23 14:14 - 2016-12-23 14:14 - 000000008 _____ () C:\Users\Ashley\AppData\Roaming\com.silhouettesoftware.id
2016-11-26 21:52 - 2016-11-26 21:52 - 000000600 _____ () C:\Users\Ashley\AppData\Roaming\winscp.rnd
2016-11-26 22:32 - 2016-11-26 22:32 - 001092881 _____ () C:\Users\Ashley\AppData\Local\CrashDumps.zip
2016-05-29 11:17 - 2016-05-29 11:17 - 000005056 _____ () C:\Users\Ashley\AppData\Local\recently-used.xbel
2016-02-28 02:37 - 2017-10-13 13:01 - 000007657 _____ () C:\Users\Ashley\AppData\Local\Resmon.ResmonCfg
2016-03-22 22:36 - 2016-03-22 22:36 - 000000057 _____ () C:\ProgramData\Ament.ini
2016-09-04 01:07 - 2016-09-04 01:07 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2013-10-05 00:38 - 2013-10-05 00:38 - 000455328 _____ (Microsoft Corporation) C:\Users\Ashley\AppData\Local\Temp\msvcp120.dll
2013-10-05 00:38 - 2013-10-05 00:38 - 000970912 _____ (Microsoft Corporation) C:\Users\Ashley\AppData\Local\Temp\msvcr120.dll
2016-07-30 16:08 - 2016-07-30 16:08 - 003112960 _____ (Jason York) C:\Users\Ashley\AppData\Local\Temp\pc-decrapifier.exe
2017-11-11 10:06 - 2017-11-11 10:06 - 013489912 _____ (Reimage) C:\Users\Ashley\AppData\Local\Temp\ReimagePackage.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-10-10 23:48
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-11-2017
Ran by Ashley (11-11-2017 11:44:17)
Running from C:\Users\Ashley\Desktop
Windows 10 Pro Version 1607 14393.1770 (X64) (2016-09-04 09:21:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1606907372-1565312641-48768637-500 - Administrator - Disabled)
Ashley (S-1-5-21-1606907372-1565312641-48768637-1001 - Administrator - Enabled) => C:\Users\Ashley
DefaultAccount (S-1-5-21-1606907372-1565312641-48768637-503 - Limited - Disabled)
Guest (S-1-5-21-1606907372-1565312641-48768637-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.478.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.4.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM\...\{18EF001B-B005-46CB-917B-112BA69ED85E}) (Version: 2.0.3.10 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Dell Update - SupportAssist Update Plugin (HKLM\...\{2228BC43-73DA-4F9A-BEE6-8E9C15328513}) (Version: 3.1.1.3832 - Dell Inc.)
Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
DriverFinder (HKLM-x32\...\DriverFinder) (Version: 3.7.0 - DeskToolsSoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.89 - Google Inc.)
Google Drive (HKLM-x32\...\{AC117AF9-316B-4E1D-959E-F0EB85B0DC5F}) (Version: 2.34.7100.0000 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.8.37.11 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4463 - Intel Corporation)
Intel® Visual Fortran Redistributables on IA-32 (HKLM-x32\...\{F4DA0EDD-E9AC-4808-8B64-8FD33C51BD0F}) (Version: 14.0.237 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{0E13241D-76B0-4A4C-9665-3969F55C08D5}) (Version: 19.40.1702.1091 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.14393.0 (HKLM-x32\...\{26D23C60-AC47-46E5-8EDF-D19F41CAB666}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kits Configuration Installer (HKLM-x32\...\{76825BA0-C536-C284-BAA1-9DB7A2D30D54}) (Version: 10.1.14393.33 - Microsoft) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8201.2200 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1606907372-1565312641-48768637-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Support and Recovery Assistant for Office 365 (HKU\S-1-5-21-1606907372-1565312641-48768637-1001\...\4415f693b586d348) (Version: 16.0.1753.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8201.2200 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2200 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2200 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
OneNote Diagnostics (HKLM-x32\...\{DF95A11D-A0DF-458A-96B9-44B07895D611}) (Version: 1.0.0.0 - Microsoft)
Paragon Partition Manager™ 14 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.001 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8198 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
SDK Debuggers (HKLM-x32\...\{F894B529-9F16-1890-3474-0AA0AEAC6D67}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Should I Remove It (HKU\S-1-5-21-1606907372-1565312641-48768637-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Silhouette Link (HKLM-x32\...\{C2136C80-F9D4-4096-86D4-C641BB36DFF3}) (Version: 1.0.096 - Silhouette America)
Silhouette Studio (HKLM-x32\...\{9B7A7D40-6585-473B-8A50-18BA95E3885E}) (Version: 4.1.332 - Silhouette America)
Slotocash Casino (HKLM-x32\...\{142777A7-94CA-477E-8820-1A0C259AD900}) (Version: 17.04.0-RTG - RealTimeGaming Software)
Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Universal CRT Redistributable (HKLM-x32\...\{302A9B8D-5111-6C51-BB99-FF394C4A4255}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{17515373-7495-4995-9089-B7D6DF455C38}) (Version: 2.6.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinAppDeploy (HKLM-x32\...\{1182888E-EDC9-05C5-33BD-B61DA5B1F916}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{45D392D2-5956-4646-9CA6-83CBF67507B6}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.15 (HKLM-x32\...\{28a123e5-1799-4f20-9bd8-7c46f30eb7bf}) (Version: 10.1.10586.15 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.33 (HKLM-x32\...\{f23f94c5-8bba-4202-85ad-c83d4402cdc1}) (Version: 10.1.14393.33 - Microsoft Corporation)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{01F53182-F1C8-8A72-5C86-B6612BDD4815}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{2AC000E5-E5E6-75B7-7FC2-9ECA8C57CA98}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{6DF5B5E1-A8A0-B617-AADB-31C3709A3C41}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{1AAB8359-4433-FF39-D420-0AD429993AD7}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{CB7AC790-0E8B-D6C9-CE1E-655793E7D541}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{87775501-5259-6A7C-51A6-71C832DB7ABA}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{CFD0294B-945D-62E4-7959-9B22A160496F}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{F75FD5E5-1F33-AE2B-715A-F829F8A8F51D}) (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WPT Redistributables (HKLM-x32\...\{DD255C7D-9DB3-1857-A39A-0B0EA49420B8}) (Version: 10.1.10586.15 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{F08D7DBF-B07E-96CC-6EDE-400D2452EF84}) (Version: 10.1.10586.15 - Microsoft) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1606907372-1565312641-48768637-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-09] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-09] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-10-09] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-10-09] (Google)
ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-10-09] (Google)
ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-07-07] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-03-14] (AO Kaspersky Lab)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00E01C35-E166-4F89-AB69-1E891194E791} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-09-22] (Dell Inc.)
Task: {0249DFA5-2C4B-425C-BDE6-F5D08A16B1CB} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-12-12] (Oracle Corporation)
Task: {081FD9B4-4CED-464E-BC63-754942F1B57C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-10-24] (Microsoft Corporation)
Task: {0A484E62-9C7C-412E-920A-DC1D648A3151} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {0F230CF3-18FA-43D1-9582-E87B3F7F668B} - \AVGPCTuneUp_Task_BkGndMaintenance -> No File <==== ATTENTION
Task: {2C7AAA2A-153A-4F16-A914-E07F004A585A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {34F0B57A-B62E-4C48-A327-2AD7B564E860} - System32\Tasks\{F8844A10-F93F-45BD-A2F3-C0EC87C3C55D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Ashley\Downloads\win64.exe -d C:\Users\Ashley\Downloads
Task: {4F09613B-26BD-4D04-B830-5ED852A6A2F3} - System32\Tasks\{C2395AAA-061E-4DFB-A181-229DEAAF227E} => C:\WINDOWS\system32\pcalua.exe -a "D:\OBDII On Window PC software\Bluesoleil_3.2_VoIP_Multilingual_070406\instmsiw.exe" -d "D:\OBDII On Window PC software\Bluesoleil_3.2_VoIP_Multilingual_070406"
Task: {4FE8E168-D65B-40C3-AEA1-3CB83B7EF40F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-04] (Microsoft Corporation)
Task: {5765EEBC-2AC4-4A7C-B486-FC01545CB256} - System32\Tasks\HPCeeScheduleForAshley => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {5E8CEC84-CE46-4B63-A4BB-1A822D9BE0DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {66CE78DA-5B35-4C67-B429-E81B5C48A8CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {686B15C6-B95D-4499-BE97-652E03857E2B} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{DCB209E6-BE29-49E2-9377-0A759573F56D}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {686B15C6-B95D-4499-BE97-652E03857E2B} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{DCB209E6-BE29-49E2-9377-0A759573F56D}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{DCB209E6-BE29-49E2-9377-0A759573F56D}_System Diagnostics"
Task: {6CEB761C-B948-4ED4-90DD-3B953EFC0E38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {6FEC18D8-3962-451A-A93A-05FEED226716} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{BCECB0F0-D06F-4EA7-93BB-34403F7D5450}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {6FEC18D8-3962-451A-A93A-05FEED226716} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{BCECB0F0-D06F-4EA7-93BB-34403F7D5450}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{BCECB0F0-D06F-4EA7-93BB-34403F7D5450}_System Diagnostics"
Task: {74E6A720-BCA1-4953-9191-54D1D37A64FE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-10-24] (Microsoft Corporation)
Task: {76403AEE-A9C6-4B09-96F3-36E59DE976A9} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{AF3E0BBB-1F5A-4C90-8DFE-5945B798E08F}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {76403AEE-A9C6-4B09-96F3-36E59DE976A9} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{AF3E0BBB-1F5A-4C90-8DFE-5945B798E08F}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{AF3E0BBB-1F5A-4C90-8DFE-5945B798E08F}_System Diagnostics"
Task: {7EBD8863-9F20-417F-B1A6-4F8B18ECBEE0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-13] ()
Task: {8076F6D2-3B54-434D-947B-96492D494205} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {81523624-F7E5-4EF1-9E13-30A485979CCF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {855F3ED5-30B8-4A2D-9922-8C854F3184C8} - System32\Tasks\DriverFinder => C:\Program Files (x86)\DriverFinder\DriverFinder.exe [2017-02-04] ()
Task: {9644A9B6-4F4E-4BF8-B4FC-742283FEC7A1} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{92CD044B-9F77-471E-B98C-1C7EDFC296D5}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {9644A9B6-4F4E-4BF8-B4FC-742283FEC7A1} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{92CD044B-9F77-471E-B98C-1C7EDFC296D5}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{92CD044B-9F77-471E-B98C-1C7EDFC296D5}_System Diagnostics"
Task: {985431E7-9B82-4357-A25B-7D107312CB60} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {9AF031C9-2309-4957-AB01-2AE16D588949} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{4BC57EBF-E9D4-4930-8CFE-B2EA433F0700}_System Performance => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Performance" "$(Arg0)"
Task: {9AF031C9-2309-4957-AB01-2AE16D588949} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{4BC57EBF-E9D4-4930-8CFE-B2EA433F0700}_System Performance => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{4BC57EBF-E9D4-4930-8CFE-B2EA433F0700}_System Performance"
Task: {9DE58E62-C94A-42DE-A084-E79C21AA828D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-05] (Google Inc.)
Task: {A5AA5252-6DE0-4C70-B15E-ECD3C18EC4DF} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {A9F431B7-6C1C-450C-872A-3487DFE3D53E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-13] ()
Task: {B3CC7FBD-A4B5-47C9-A0AB-1590611BF4C3} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2017-09-20] (Adobe Systems Incorporated)
Task: {B68808F8-BA81-46A9-80D0-59D223EE321A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
Task: {BE2AD1D5-5763-4005-8652-FFDA2390B4F6} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-07-27] (Realtek Semiconductor)
Task: {C54E342D-C8FA-42AF-9FFF-3C35402FCE9E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {C7165AA1-C27B-4BC2-A913-58AEC27A0F04} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
Task: {CF1E4D6C-E3D1-4324-8EB3-22633C77826C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-05] (Google Inc.)
Task: {D1BB65EE-AD60-4BCD-A8B2-AEE1C2A7D355} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-04] (Microsoft Corporation)
Task: {E1AC4F72-E336-4BE9-86EF-F7A75315470C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {E4047C79-174F-4D50-9B35-169F3F7A9538} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {E49FD0FE-E1B0-4518-97B2-0DAE5073CE16} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {E570CE7B-BA92-4FEA-891B-84D0623ED7DA} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ashleyharris313@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {E7A713F8-B8E2-43C0-BB03-C4C826BF9137} - System32\Tasks\CMPCUAC => C:\Program Files\CleanMyPC\CleanMyPC.exe
Task: {E8907927-04C7-4859-8823-79FCCE137DB6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {F01C3074-B580-400B-84AA-5EF68B16E9C6} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {F5D51707-C3BB-4326-A222-5D21BE9CD722} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-10-24] (Microsoft Corporation)
Task: {F8124A54-3A85-4302-8B7F-4DE0243E0D0F} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{63686B08-F4F3-4CE8-82D8-044B1163D4BE}_System Performance => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Performance" "$(Arg0)"
Task: {F8124A54-3A85-4302-8B7F-4DE0243E0D0F} - C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\{63686B08-F4F3-4CE8-82D8-044B1163D4BE}_System Performance => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{63686B08-F4F3-4CE8-82D8-044B1163D4BE}_System Performance"
Task: {F9BEB12B-7D57-413B-938C-BBF2FE197739} - System32\Tasks\{837BF622-4F2B-44D2-B71C-288F414469CD} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Ashley\AppData\Local\Apps\2.0\PQCZ5425.ZCY\V72R4YNL.KNJ\dell..tion_6d0a76327dca4869_0007.0005_6511721dc5d99fcd\Uninstaller.exe -c uninstall
Task: {FA5E68C9-8BAC-4D70-A242-2FF21B3385A4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAshley.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Ashley\Desktop\PC TOOLS\repairmsi.bat - Shortcut.lnk -> C:\Users\Ashley\Documents\repairmsi.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 03:42 - 2016-07-16 03:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-14 06:51 - 2017-09-06 22:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 22:51 - 2017-10-18 22:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-04 01:05 - 2017-11-11 11:40 - 000017408 _____ () C:\WINDOWS\System32\rpcnetp.exe
2016-09-15 13:52 - 2016-09-06 20:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-17 17:54 - 2017-03-03 22:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-17 17:54 - 2017-03-03 22:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-17 17:54 - 2017-03-03 22:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-17 17:54 - 2017-03-03 22:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-10-13 12:09 - 2017-09-17 18:13 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-10-13 12:09 - 2017-09-17 18:14 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-10-13 12:09 - 2017-09-17 18:16 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-17 17:54 - 2017-03-03 22:04 - 000114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2017-09-26 01:52 - 2017-09-26 01:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2016-08-27 00:39 - 2017-10-13 14:03 - 008931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-11-06 14:49 - 2017-11-05 01:12 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libglesv2.dll
2017-11-06 14:49 - 2017-11-05 01:12 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libegl.dll
2017-10-09 04:22 - 2017-10-09 04:22 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll
2017-10-13 12:09 - 2017-09-14 15:18 - 003388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2017-10-13 12:09 - 2017-09-14 15:10 - 002263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2017-10-31 16:05 - 2017-10-31 16:05 - 091212288 _____ () C:\Program Files\WindowsApps\Fitbit.Fitbit_2.27.1318.0_x64__6mqt6hf9g46tw\Fitbit.dll
2017-10-31 16:05 - 2017-10-31 16:05 - 000015872 _____ () C:\Program Files\WindowsApps\Fitbit.Fitbit_2.27.1318.0_x64__6mqt6hf9g46tw\ReplayGainPort.dll
2017-10-31 16:04 - 2017-10-31 16:04 - 000061952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 000865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2017-07-09 16:55 - 2017-07-09 16:55 - 017818112 _____ () C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.8.1.0_x86__wgeqdkkx372wm\Twitter.Windows.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Ashley\Desktop\grill veggie-fruits.png:3or4kl4x13tuuug3Byamue2s4b [95]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\25795275.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\26B169BC6.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\28785297.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\35866911.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\54198737.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70193062.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\25795275.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\26B169BC6.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\28785297.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\35866911.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\54198737.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70193062.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-02-20 04:21 - 2016-02-20 04:20 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1606907372-1565312641-48768637-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ashley\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\59557.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: klvssbrigde64 => 3
MSCONFIG\Services: KSDE1.0.0 => 2
MSCONFIG\Services: rpcnetp => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SilhouetteLink => 2
MSCONFIG\Services: SilhouetteLinkServer.32.exe => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: SynTPEnhService => 2
HKLM\...\StartupApproved\StartupFolder: => "Kaspersky Software Updater Beta.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVBg_MA3Firmware"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "iolo Startup"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "WRSVC"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-1606907372-1565312641-48768637-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1606907372-1565312641-48768637-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1606907372-1565312641-48768637-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E21A55733DE47A9C91846541BA1A406D"
HKU\S-1-5-21-1606907372-1565312641-48768637-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-1606907372-1565312641-48768637-1001\...\StartupApproved\Run: => "DellSystemDetect"
HKU\S-1-5-21-1606907372-1565312641-48768637-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1606907372-1565312641-48768637-1001\...\StartupApproved\Run: => "Application Restart #2"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{2E6D2AF9-D768-41FE-B1B1-DAAD3C553D04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{99908F53-432B-4BC4-AA78-6B785D68A04E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9924D3F8-AB62-485B-9BC0-04319175C337}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{744F63D9-95DC-4F1B-9AEA-0B129C6636C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{C811F32D-DCFF-424E-94B9-018FCD2D26C3}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [TCP Query User{FC2CD980-9CF1-451C-B30A-0149E1AF37C3}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [{46F82013-C733-4585-8718-5BF01C4113ED}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{28BC2CDF-1136-4EEE-B36A-AD78D30EC89A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{FC92E484-E3B3-4FD6-979A-2DA25F29B77E}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe
FirewallRules: [{151FF010-4434-455D-AF16-30E4A76B4779}] => (Allow) LPort=5357
FirewallRules: [{F759515D-8DDA-474A-BA25-1C882B04105E}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{ECC5B5BD-86EF-4416-A2B5-3D5692F9C9F5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1DF5B727-8006-45EA-8523-970368AD6FDD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2186ADCC-D3D8-42B1-A58D-6542A12AA9BF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1EE9400C-BC5D-4C2D-BA5B-7BF9568D8FC3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8BD0AE23-8B7A-496E-A5EA-B9986BD0AFAC}] => (Allow) C:\Users\Ashley\AppData\Local\Temp\7zS01D3\HPDiagnosticCoreUI.exe
FirewallRules: [{895B0C4B-37EB-4333-BF5A-DAB60C5C6A23}] => (Allow) C:\Users\Ashley\AppData\Local\Temp\7zS01D3\HPDiagnosticCoreUI.exe
FirewallRules: [{19AF28B5-E1F7-4836-B1F9-5EB2B8A30BA7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{62ACDDB1-1EA3-49FE-8FC4-C9E5C721FCB0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BB601AAA-12F9-4FDE-9006-1E6557177D8B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AAF4FC6B-FDF7-4300-A588-847CA2E19966}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{99ADBD62-5DAC-4B1B-BA72-2CF9C8AE4B5E}] => (Allow) C:\Users\Ashley\AppData\Local\Temp\7zS1A83\HPDiagnosticCoreUI.exe
FirewallRules: [{B3E34A22-1CE1-491C-A0B9-99A040F752BD}] => (Allow) C:\Users\Ashley\AppData\Local\Temp\7zS1A83\HPDiagnosticCoreUI.exe
FirewallRules: [{0178B8B2-D2F9-4853-92F8-F97BD39FCF12}] => (Allow) C:\Program Files (x86)\Silhouette America\Silhouette Link\SilhouetteLinkConsole.exe
FirewallRules: [{15693165-1682-4A16-9A4E-E9AB23248E4F}] => (Allow) C:\Program Files (x86)\Silhouette America\Silhouette Link\Resources\Resources\SPEC_LK\SilhouetteLinkServer.32.exe
FirewallRules: [{D198BC72-6274-4078-BF0F-8DBD5DA8D165}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F2C2E089-5ECF-4252-94B0-EA3EE03ACB2D}] => (Allow) C:\Users\Ashley\AppData\Local\Temp\7zS37E0\HPDiagnosticCoreUI.exe
FirewallRules: [{47464C07-206A-4BBE-8F55-2A0E4D5BA1C8}] => (Allow) C:\Users\Ashley\AppData\Local\Temp\7zS37E0\HPDiagnosticCoreUI.exe
FirewallRules: [{14D955D5-BC27-489B-A47E-B50C3D9884AE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8E842B71-975A-4EAE-9A28-C7BFDB0C0269}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
01-11-2017 15:25:55 Installed Microsoft Solution - B4164D8C-3813-495A-BBBC-BA51D122A226
03-11-2017 07:47:01 Installed Paragon Partition Manager™ 14 Free.
11-11-2017 11:41:52 Installed Should I Remove It
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/11/2017 11:42:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (11/11/2017 11:39:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ASHLEYXPS)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/11/2017 11:32:32 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" ; Description = Revo Uninstaller's restore point - SDK Debuggers; Error = 0x8007043c).
 
Error: (11/11/2017 11:31:24 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" ; Description = Revo Uninstaller's restore point - FMW 1; Error = 0x8007043c).
 
Error: (11/11/2017 11:26:02 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" ; Description = Revo Uninstaller's restore point - AVG; Error = 0x8007043c).
 
Error: (11/11/2017 11:23:52 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" ; Description = Revo Uninstaller's restore point - Security Task Manager 2.1j; Error = 0x8007043c).
 
Error: (11/11/2017 11:20:35 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" ; Description = Revo Uninstaller's restore point - Reimage Repair; Error = 0x8007043c).
 
Error: (11/11/2017 10:42:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ASHLEYXPS)
Description: Activation of app Microsoft.Getstarted_5.12.2691.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/11/2017 10:27:37 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/11/2017 10:25:22 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
 
System errors:
=============
Error: (11/11/2017 11:40:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/11/2017 11:40:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/11/2017 11:40:34 AM) (Source: RemoteAccess) (EventID: 20063) (User: )
Description: Remote Access Connection Manager failed to start because the Protocol engine [IKEv2] failed to initialize. The request is not supported.
 
Error: (11/11/2017 11:40:34 AM) (Source: RemoteAccess) (EventID: 20063) (User: )
Description: Remote Access Connection Manager failed to start because the Protocol engine [rasgreeng.dll] failed to initialize. The specified module could not be found.
 
Error: (11/11/2017 11:40:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error: 
An attempt was made to reference a token that does not exist.
 
Error: (11/11/2017 11:40:30 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (11/11/2017 11:40:27 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.
 
Error: (11/11/2017 11:40:22 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.
 
Error: (11/11/2017 11:40:14 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (11/11/2017 11:40:14 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
 
CodeIntegrity:
===================================
  Date: 2017-11-11 11:40:57.695
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-11 10:26:02.056
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-11 09:18:11.877
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-11 05:42:27.173
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-09 14:51:57.524
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-09 13:21:34.974
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-09 13:17:16.498
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\remote_eka_prague_loader.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-07 14:29:18.629
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-07 14:18:01.666
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-07 14:16:07.370
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\product_info.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 84%
Total physical RAM: 4001.41 MB
Available physical RAM: 633.88 MB
Total Virtual: 6252.38 MB
Available Virtual: 1884.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:109.63 GB) (Free:1.92 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: A38B386D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 AM

Posted 11 November 2017 - 05:29 PM

Greetings crunkkcar and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 AM

Posted 11 November 2017 - 09:38 PM

Greetings.

As you indicated, your computer is running out of resources, both memory (using 84%) and available hard drive space (less than 2% free space). These factors alone will severly hamper your overall computer performance.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
Toolbar: HKLM - No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
Toolbar: HKLM-x32 - No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [No File]
S4 aunhelper; "C:\Program Files (x86)\Common Files\aunhelper\aunhelper.exe" [X]
S3 BlueletAudio; \SystemRoot\system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; \SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 Btcsrusb; \SystemRoot\System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 VComm; \SystemRoot\system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; \SystemRoot\System32\Drivers\VcommMgr.sys [X]
2017-10-27 22:58 - 2017-11-01 14:23 - 000000000 ___HD C:\Program Files (x86)\Temp
Task: {0F230CF3-18FA-43D1-9582-E87B3F7F668B} - \AVGPCTuneUp_Task_BkGndMaintenance -> No File <==== ATTENTION
Task: {C7165AA1-C27B-4BC2-A913-58AEC27A0F04} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
C:\Program Files\Reimage
AlternateDataStreams: C:\Users\Ashley\Desktop\grill veggie-fruits.png:3or4kl4x13tuuug3Byamue2s4b [95]
Virustotal: C:\WINDOWS\System32\rpcnetp.exe
Virustotal: C:\WINDOWS\SysWOW64\rpcnetp.dll
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 crunkkcar

crunkkcar
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:27 AM

Posted 14 November 2017 - 04:39 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by Ashley (14-11-2017 01:35:58) Run:3
Running from C:\Users\Ashley\Desktop
Loaded Profiles: Ashley (Available Profiles: Ashley)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Toolbar: HKLM - No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
Toolbar: HKLM-x32 - No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [No File]
S4 aunhelper; "C:\Program Files (x86)\Common Files\aunhelper\aunhelper.exe" [X]
S3 BlueletAudio; \SystemRoot\system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; \SystemRoot\system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 Btcsrusb; \SystemRoot\System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 VComm; \SystemRoot\system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; \SystemRoot\System32\Drivers\VcommMgr.sys [X]
2017-10-27 22:58 - 2017-11-01 14:23 - 000000000 ___HD C:\Program Files (x86)\Temp
Task: {0F230CF3-18FA-43D1-9582-E87B3F7F668B} - \AVGPCTuneUp_Task_BkGndMaintenance -> No File <==== ATTENTION
Task: {C7165AA1-C27B-4BC2-A913-58AEC27A0F04} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
C:\Program Files\Reimage
AlternateDataStreams: C:\Users\Ashley\Desktop\grill veggie-fruits.png:3or4kl4x13tuuug3Byamue2s4b [95]
Virustotal: C:\WINDOWS\System32\rpcnetp.exe
Virustotal: C:\WINDOWS\SysWOW64\rpcnetp.dll
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{093F479D-712E-46CD-9E06-62E734A05F68} => value removed successfully
HKLM\Software\Classes\CLSID\{093F479D-712E-46CD-9E06-62E734A05F68} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{093F479D-712E-46CD-9E06-62E734A05F68} => value removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{093F479D-712E-46CD-9E06-62E734A05F68} => key not found. 
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.121.2 => key removed successfully
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2 => key removed successfully
HKLM\System\CurrentControlSet\Services\aunhelper => key removed successfully
aunhelper => service removed successfully
HKLM\System\CurrentControlSet\Services\BlueletAudio => key removed successfully
BlueletAudio => service removed successfully
HKLM\System\CurrentControlSet\Services\BlueletSCOAudio => key removed successfully
BlueletSCOAudio => service removed successfully
HKLM\System\CurrentControlSet\Services\Btcsrusb => key removed successfully
Btcsrusb => service removed successfully
HKLM\System\CurrentControlSet\Services\BTHidEnum => key removed successfully
BTHidEnum => service removed successfully
HKLM\System\CurrentControlSet\Services\BTHidMgr => key removed successfully
BTHidMgr => service removed successfully
HKLM\System\CurrentControlSet\Services\Partizan => key removed successfully
Partizan => service removed successfully
HKLM\System\CurrentControlSet\Services\VComm => key removed successfully
VComm => service removed successfully
HKLM\System\CurrentControlSet\Services\VcommMgr => key removed successfully
VcommMgr => service removed successfully
C:\Program Files (x86)\Temp => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F230CF3-18FA-43D1-9582-E87B3F7F668B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F230CF3-18FA-43D1-9582-E87B3F7F668B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGPCTuneUp_Task_BkGndMaintenance => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C7165AA1-C27B-4BC2-A913-58AEC27A0F04} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7165AA1-C27B-4BC2-A913-58AEC27A0F04} => key removed successfully
C:\WINDOWS\System32\Tasks\ReimageUpdater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater => key removed successfully
"C:\Program Files\Reimage" => not found.
C:\Users\Ashley\Desktop\grill veggie-fruits.png => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22017740 B
Java, Flash, Steam htmlcache => 611 B
Windows/system/drivers => 3120289 B
Edge => 18347 B
Chrome => 333258510 B
Firefox => 8976082 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 822 B
NetworkService => 0 B
Ashley => 67227108 B
 
RecycleBin => 0 B
EmptyTemp: => 414.5 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 01:36:27 ====


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 AM

Posted 14 November 2017 - 09:38 AM

Greetings,

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Safe Mode

--------------------
  • Boot into Safe Mode
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
move: C:\WINDOWS\System32\rpcnetp.exe C:\WINDOWS\System32\rpcnetp.exe.old
move: C:\WINDOWS\SysWOW64\rpcnetp.dll C:\WINDOWS\SysWOW64\rpcnetp.dllrpcnetp.dll.old
AlternateDataStreams: C:\Users\Ashley\Desktop\grill veggie-fruits.png:3or4kl4x13tuuug3Byamue2s4b [95]
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 crunkkcar

crunkkcar
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:27 AM

Posted 15 November 2017 - 04:15 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by Ashley (15-11-2017 01:15:25) Run:4
Running from C:\Users\Ashley\Desktop
Loaded Profiles: Ashley (Available Profiles: Ashley)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
move: C:\WINDOWS\System32\rpcnetp.exe C:\WINDOWS\System32\rpcnetp.exe.old
move: C:\WINDOWS\SysWOW64\rpcnetp.dll C:\WINDOWS\SysWOW64\rpcnetp.dllrpcnetp.dll.old
AlternateDataStreams: C:\Users\Ashley\Desktop\grill veggie-fruits.png:3or4kl4x13tuuug3Byamue2s4b [95]
 
*****************
 
"C:\WINDOWS\System32\rpcnetp.exe" moved successfully to C:\WINDOWS\System32\rpcnetp.exe.old
"C:\WINDOWS\SysWOW64\rpcnetp.dll" moved successfully to C:\WINDOWS\SysWOW64\rpcnetp.dllrpcnetp.dll.old
C:\Users\Ashley\Desktop\grill veggie-fruits.png => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
 
==== End of Fixlog 01:15:25 ====


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 AM

Posted 15 November 2017 - 10:50 AM

Thank you.

Are you familiar with this file?

C:\Users\Ashley\Desktop\grill veggie-fruits.png


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 crunkkcar

crunkkcar
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:27 AM

Posted 15 November 2017 - 11:39 AM

Yes, its a picture of a recipe from a magazine. Its on my desktop and I have no opened it in a very long time. 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 AM

Posted 15 November 2017 - 12:56 PM

OK, then we won't worry about it.

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Analysis log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 crunkkcar

crunkkcar
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:27 AM

Posted 15 November 2017 - 01:03 PM

Should I stay in Safe Mode or reboot back to Normal mode before starting ESET scanner?



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 AM

Posted 15 November 2017 - 01:04 PM

You can go back to Normal Boot.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 crunkkcar

crunkkcar
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:27 AM

Posted 15 November 2017 - 07:19 PM

C:\Users\Ashley\Downloads\ccsetup536pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Ashley\Downloads\EN5530_198.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\WINDOWS\System32\wpbbin.exe a variant of Win32/CompuTrace.B potentially unsafe application cleaned by deleting
 
 
Result of Security Analysis by Rocket Grannie (x86) Updated: 12th Novemeber, 2017
Running from:C:\Users\Ashley\Desktop (16:18:19 - 11/15/2017)
***---------------------------------------------------------***
Microsoft Windows 10 Pro X64
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Kaspersky Total Security (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Kaspersky Total Security (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Kaspersky Total Security (Enabled)
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (27.0.0.183)
CCleaner (5.36)
Google Chrome (62.0.3202.94)
Java (8.0.1210.13)
Microsoft Silverlight (5.1.50907.0)
 
***----------------Analysis Complete-------------------------***
 
 
 
 
It seems to be running better... but it still says i only have about 2 gigs left of space ? 


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 AM

Posted 15 November 2017 - 08:09 PM

Those reports look good.

Your hard drive is only 110GB and you are maxing out your memory (4GB). That is not much for a Windows 10 Pro computer.

Please do this.

===================================================

Autoruns

--------------------
  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder (or if necessary right click and select Extract)
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Hit the Ctrl + S key at the same time
  • Save the file to your Desktop as autoruns
  • Please zip and upload the file here
===================================================

Folder Size

--------------------
  • Download Folder Size and save it on your Desktop
  • Right click on the icon and select Run as administrator
  • Click Next
  • Select I accept the agreement then click Next
  • Click Next 3 times then click Install
  • Close the browser window that will appear
  • Double click Finish
  • Left click on C:\ in the lower left hand corner to highlight the line
  • Click Scan, then Scan Selected Drive
  • When the scan has completed click the Size column to the right of Name so that the largest size is on top
  • Please take a screen shot of this window and attach it to your reply
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • Attached Autoruns file
  • Attached screen shot

Edited by Oh My!, 15 November 2017 - 08:28 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 crunkkcar

crunkkcar
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:27 AM

Posted 16 November 2017 - 03:01 AM

attached autoruns(1).zip and screenshot 

Attached Files



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 AM

Posted 16 November 2017 - 01:48 PM

Thank you.

===================================================

Disabling Autoruns Entries

--------------------

Autoruns Explained

Many programs, when installed, create registry or file entries which instruct the program to launch at system startup whether or not that program is essential or advantageous to run in the background. By disabling the autorun feature we do not delete or otherwise prohibit the program from running, rather the program is not started until it is needed. Think of it like a car. Sometime today you might to use the car to go to the store. The car can be in one of two conditions before you decide. You can leave the car running all day long even though you may or may not use it (enabling autorun) or you can start the car when you are ready (disabling autorun then launching a program). Either way the car will work for you it is just a matter of how ready it will be if/when it is time. Just as gas is wasted by leaving the car running, your computer resources are "wasted" because programs are running in the backgroud that you may not be using.
  • Right click on autoruns.exe (not autorunsc.exe), select Run as administrator, then click Run until the information is populate
  • Uncheck any items you do not need to launch at startup

iTunesHelper
Adobe Creative Cloud
CCleaner Monitoring
HP ENVY 5530 series (NET)
OneDrive Microsoft OneDrive (***if you don't use this****)
Send to OneNote.lnk
Microsoft Windows Media Player

  • Once completed simply close the window
===================================================

Folder Size

-----
  • Please launch Folder Size again
  • Click on the Folder icon located among the line of icons near the top of the window
  • Using the arrows to expand the categories navigate to and select C:\Users\Ashley
  • Once the calculation is done please provide another screen shot of the window
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Autoruns disabled?
  • Folder size screen shot

Edited by Oh My!, 16 November 2017 - 01:49 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users