Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Has Kaspersky Internet Security removed Packed.Win32.Krap.hc?


  • This topic is locked This topic is locked
33 replies to this topic

#1 JD2015

JD2015

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 27 November 2017 - 08:11 AM

I got a message last night in Kaspersky Internet Security saying that C:\Program Files (x86)\Utils\Advanced SystemCare\OFCommon.dll was infected by the Packed.Win32.Krap.hc Malware.

I have ran and followed the Kaspersky instructions but i am wondering has it got rid of it? Also, what does this Malware do?


Here are the Kaspersky Logs. I am running Win Ten 64 Pro.

26.11.2017 23.05.05 Detected object (file) deleted C:\Program Files (x86)\Utils\Advanced SystemCare\OFCommon.dll File: C:\Program Files (x86)\Utils\Advanced SystemCare\OFCommon.dll Object name: Packed.Win32.Krap.hc

26.11.2017 23.01.35 Advanced Disinfection Task completed Completion time: Yesterday, 26/11/2017 23:01

26.11.2017 22.59.08 Object (file) not processed C:\Program Files (x86)\Utils\Advanced SystemCare\OFCommon.dll File: C:\Program Files (x86)\Utils\Advanced SystemCare\OFCommon.dll Object name: Packed.Win32.Krap.hc Reason: Error

26.11.2017 22.59.05 Detected object (file) deleted C:\Program Files (x86)\Utils\Advanced SystemCare\ASCService.exe File: C:\Program Files (x86)\Utils\Advanced SystemCare\ASCService.exe Object name: Packed.Win32.Krap.hc

26.11.2017 22.59.05 Detected object (file) moved to Quarantine C:\Program Files (x86)\Utils\Advanced SystemCare\ASCService.exe File: C:\Program Files (x86)\Utils\Advanced SystemCare\ASCService.exe Object name: Packed.Win32.Krap.hc

26.11.2017 22.59.01 Object (file) detected C:\Program Files (x86)\Utils\Advanced SystemCare\ASCService.exe File: C:\Program Files (x86)\Utils\Advanced SystemCare\ASCService.exe Object name: Packed.Win32.Krap.hc

26.11.2017 22.56.22 Detected object (file) will be deleted after computer restart C:\Program Files (x86)\Utils\Advanced SystemCare\OFCommon.dll File: C:\Program Files (x86)\Utils\Advanced SystemCare\OFCommon.dll Object name: Packed.Win32.Krap.hc

26.11.2017 22.56.22 Detected object (file) moved to Quarantine C:\Program Files (x86)\Utils\Advanced SystemCare\OFCommon.dll File: C:\Program Files (x86)\Utils\Advanced SystemCare\OFCommon.dll Object name: Packed.Win32.Krap.hc

26.11.2017 22.55.54 Object (file) detected C:\Program Files (x86)\Utils\Advanced SystemCare\OFCommon.dll File: C:\Program Files (x86)\Utils\Advanced SystemCare\OFCommon.dll Object name: Packed.Win32.Krap.hc

26.11.2017 22.55.52 Advanced Disinfection Task started Time: Yesterday, 26/11/2017 22:55

Thanks

Edited by JD2015, 27 November 2017 - 08:12 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 PM

Posted 02 December 2017 - 08:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/663894 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,142 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:23 PM

Posted 02 December 2017 - 05:16 PM

Greetings JD2015 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Right click on the icon and select Rename
  • Rename the icon frstenglish.exe or frst64english.exe depending on your operating system
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

===================================================

System Summary Information

--------------------

  • Press the Windows Key + R at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • FRST results
  • Addition log
  • System Summary Information

Edited by Oh My!, 02 December 2017 - 08:30 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 JD2015

JD2015
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 02 December 2017 - 06:23 PM

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by My PC (02-12-2017 23:08:02)
Running from C:\Users\My PC\Desktop
Windows 10 Pro Version 1703 15063.726 (X64) (2017-08-27 17:29:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1801752345-547683526-1453181129-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1801752345-547683526-1453181129-503 - Limited - Disabled)
Guest (S-1-5-21-1801752345-547683526-1453181129-501 - Limited - Disabled)
My PC (S-1-5-21-1801752345-547683526-1453181129-1001 - Administrator - Enabled) => C:\Users\My PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Advanced SystemCare 11 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 11.0.3 - IObit)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
AnVir Task Manager Free (HKLM-x32\...\AnVir Task Manager Free) (Version: 9.1.3 - AnVir Software)
Any Video Converter 5.9.7 (HKLM-x32\...\Any Video Converter) (Version: 5.9.7 - Anvsoft)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.50.56.2506 - BlueStack Systems, Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.00 - Canon Inc.)
Canon MG5700 series On-screen Manual (HKLM-x32\...\Canon MG5700 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG5700 series User Registration (HKLM-x32\...\Canon MG5700 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.14.0.0 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.0.0 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.14.0.0 - Canon Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{51F85784-6799-5CA3-97B2-2E5904FC3E58}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{4B01C6D5-4693-6CA8-ECF7-A0F9E7FEC6DB}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{50DBC6DD-C2A2-2C38-FE37-A48208474155}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{AD28960A-6190-C991-C964-308B86EAA2E2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C3EE628C-7394-FE2C-0C90-C05284EB528D}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{5FEACE78-C338-9AED-FF05-7DE7E273C774}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DAB44116-0266-C65B-B643-AC11217C3041}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3AF70346-52C7-0334-606F-118D1C1CB7A2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{53AE8AC7-5213-67AF-0DC0-CED696B77643}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{B3EA6CCB-F44C-DC35-94F5-1B9CC18FE598}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{AEE4C0AE-CDAF-5D37-2DA3-A2B3FDFE6E81}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE064737-1F2C-ECDD-916C-798E3D18C263}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6389 - CDBurnerXP)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Command & Conquer™ Red Alert™ 3 and Uprising (HKLM-x32\...\{3C315BF7-4B64-4024-8102-174A197437FA}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
ContextEdit (PC Magazine) (HKLM-x32\...\ContextEdit_is1) (Version: 1.2 - Ziff Davis Media, Inc.)
Cooltweak (HKLM\...\{5844F1BF-0003-0003-0000-F1452DAF087A}) (Version: 3.3.0 - Gueven)
Cybereason RansomFree 2.4.1.0 (HKLM-x32\...\{88BF86F8-A656-4397-B4CE-9C5956E82B1A}) (Version: 2.4.1.0 - Cybereason Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
Data Lifeguard Diagnostic for Windows 1.29 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
D-Fend Reloaded 1.4.4 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.4.4 - Alexander Herzog)
Diffractor (HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\Diffractor) (Version: 114 - Diffractor)
Driver Booster 4.5 (HKLM-x32\...\Driver Booster_is1) (Version: 4.5.0 - IObit)
f.lux (HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\Flux) (Version:  - )
FastStone Image Viewer 6.4 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.4 - FastStone Soft)
FastStone Photo Resizer 3.7 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.7 - FastStone Soft.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.2.25013 - Foxit Software Inc.)
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version:  - Marek Jasinski)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
gPodder version 3.9.3 (HKLM-x32\...\{ABE123A1-41D1-4917-8E1E-C7E37991B673}_is1) (Version: 3.9.3 - Thomas Perl)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.1.0.19 - IObit)
Kaspersky Internet Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
LibreOffice 5.4.2.2 (HKLM\...\{71F5B603-BA9F-41E1-BC94-9839DFE5A83E}) (Version: 5.4.2.2 - The Document Foundation)
Maelstrom (HKLM-x32\...\{DD033E4A-5E1D-4881-99F1-80C45EB45DB1}) (Version: 1.00.0000 - Codemasters)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Managed DirectX (0900) (HKLM-x32\...\{7F34A21F-2DEB-4598-BB19-611D6BD24271}) (Version: 4.09.00.0900 - Microsoft) Hidden
Mass Effect™ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
MechWarrior 3 (HKLM-x32\...\MechWarrior 3) (Version:  - )
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 57.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 57.0 (x64 en-GB)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NoVirusThanks File Shredder Tool v1.0 (HKLM\...\NoVirusThanks File Shredder Tool_is1) (Version: 1.0.0.0 - NoVirusThanks Company Srl)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
ON1 Effects 10 (HKLM\...\ON1 Effects 10 PE) (Version: 10.5.2 - ON1)
OpenTTD 1.6.1 (HKLM-x32\...\OpenTTD) (Version: 1.6.1 - OpenTTD)
Origin (HKLM-x32\...\Origin) (Version: 9.12.0.34172 - Electronic Arts, Inc.)
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141667}) (Version: 4.0.19 - dotPDN LLC)
PC Tasks Optimizer (HKLM\...\{6B1259B7-B095-4F6D-AA67-46AC643FD437}) (Version: 1.2.326 - Smart PC Utilities)
PdfBookShuffler 3.0.4 (HKLM-x32\...\PdfBookShuffler_is1) (Version:  - GAF)
Privacy Fence (HKLM\...\{4F75A9D0-178A-4BDD-8AF8-C74B10110F91}) (Version: 2.0.38 - Fortres Grand) Hidden
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 3.0.15.0 - Goversoft LLC)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
PSE10 STI Installer (HKLM-x32\...\{11D08055-939C-432b-98C3-E072478A0CD7}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Python 2.7 PyGTK 2.24.2 (HKLM-x32\...\{09F82967-D26B-48AC-830E-33191EC177C8}) (Version: 2.24.2 - hxxp://www.pygtk.org/)
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RollerCoaster Tycoon 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
SCPT UpgradeLauncher (HKLM-x32\...\{35875B38-A7EA-4195-BBBE-F86786321CED}) (Version: 1.00.000 - )
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Splinter Cell Pandora Tomorrow (HKLM-x32\...\{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}) (Version: 1.03.100 - )
Star Trek Voyager Elite Force (HKLM-x32\...\Star Trek Voyager Elite Force) (Version:  - )
TeraCopy 3.0 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Tom Clancy's Splinter Cell Double Agent (HKLM-x32\...\{CAD1691A-FA24-4B95-9009-3257B8440ECC}) (Version: 1.00.0000 - Ubisoft)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.3 - Tweaking.com)
Ultimate Settings Panel x64 (HKLM\...\{F03743CF-0DCA-4F42-84AE-DEF469436FA4}) (Version: 5.2.0 - TechyGeeksHome)
VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version:  - Ozone)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Winja version 2.0.1 (HKLM-x32\...\Winja_is1) (Version: 2.0.1 - Phrozen SAS)
XnView 2.40 (HKLM-x32\...\XnView_is1) (Version: 2.40 - Gougelet Pierre-e)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files (x86)\Utils\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files (x86)\Utils\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\Utils\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers1: [ANotepad++64] -> [CC]{B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [Cooltweak 3.3.0] -> {33e12c16-0003-0003-0000-ff4694a6914b} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [FS_CTX] -> {B3026062-4D7E-3601-9A6B-622CEAC3FC5A} => C:\Program Files (x86)\Utils\File Shredder Tool\FS_SHLEXT.dll [2016-03-06] (NoVirusThanks Company Srl)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\Utils\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-29] (AO Kaspersky Lab)
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\Utils\PrivaZer\PrivaMenu5.dll [2017-01-18] ()
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files (x86)\Utils\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\Utils\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-29] (AO Kaspersky Lab)
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\Utils\PrivaZer\PrivaMenu5.dll [2017-01-18] ()
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files (x86)\Utils\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers3: [FS_CTX] -> {B3026062-4D7E-3601-9A6B-622CEAC3FC5A} => C:\Program Files (x86)\Utils\File Shredder Tool\FS_SHLEXT.dll [2016-03-06] (NoVirusThanks Company Srl)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Utils\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\Utils\PrivaZer\PrivaMenu5.dll [2017-01-18] ()
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\Utils\Advanced SystemCare\ASCExtMenu_64.dll [2017-09-26] (IObit)
ContextMenuHandlers4: [Cooltweak 3.3.0] -> {33e12c16-0003-0003-0000-ff4694a6914b} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\Utils\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-29] (AO Kaspersky Lab)
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\Utils\PrivaZer\PrivaMenu5.dll [2017-01-18] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-11-02] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [FS_CTX] -> {B3026062-4D7E-3601-9A6B-622CEAC3FC5A} => C:\Program Files (x86)\Utils\File Shredder Tool\FS_SHLEXT.dll [2016-03-06] (NoVirusThanks Company Srl)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\Utils\IObit Uninstaller\UninstallMenuRight.dll [2017-05-22] (IObit)
ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-29] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Utils\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\Utils\PrivaZer\PrivaMenu5.dll [2017-01-18] ()
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08F8E968-59D8-4744-8119-7BA314AD0011} - System32\Tasks\{3FEC0E52-E217-4CC0-A8C2-25ABD21B7CA3} => C:\WINDOWS\system32\pcalua.exe -a D:\data\DataSetup.exe -d D:\data
Task: {1D2B4B42-EF64-443F-B95A-FED6CB1D0B7A} - System32\Tasks\{0A7BE1C7-18FD-44EC-86E2-1442E8C2F1CD} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
Task: {20098EA3-6EDB-48FE-8269-BE473EDE411B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {27AE9F37-9F7D-49DE-9EA7-3D75500D4A96} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {30828F3C-C897-423A-B45F-77ECE5F804BF} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-RBI5RP6-My PC => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {68EF2B94-B98D-480F-AAF9-6D4CBB9F1471} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {76C50323-3F29-439E-942C-36F1193FF30F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)
Task: {81779FA8-249A-43D7-9C8F-251357F7B315} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {8F2BF572-38E5-4980-B18B-E59F311A63A7} - System32\Tasks\{56844D7C-FC71-45D6-9D35-7CF0922A1DE6} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Ubisoft\Splinter Cell Pandora Tomorrow\logo_ubi.exe" -d "C:\Users\My PC\Desktop"
Task: {A264AF25-47C8-4466-82CB-E0BA6121A162} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Utils\Windows Repair 4.0\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {A38BC988-C5CD-4AEA-8EBC-E26A5D1D9CFB} - System32\Tasks\Driver Booster SkipUAC (My PC) => C:\Program Files (x86)\Utils\Driver Booster\4.5.0\DriverBooster.exe [2017-07-28] (IObit)
Task: {A3B8DDD4-1B81-4B85-B02B-794FD99683A2} - System32\Tasks\Anvirlauncher => C:\Program Files (x86)\Utils\AnVir Task Manager Free\anvirlauncher.exe [2016-02-28] (AnVir Software)
Task: {A60B594E-EBB2-4341-98EB-0C0B0297B283} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-01] (Google Inc.)
Task: {B1231E70-9E82-4041-AC43-C744C6AA78B5} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-10-08] (Cybereason)
Task: {BE9C4A1E-E7C0-40D6-B96A-3C91FE2EE52D} - \ASC11_SkipUac_My PC -> No File <==== ATTENTION
Task: {CD81A614-E093-4A05-914A-B719564DA6F6} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-10-08] (Cybereason)
Task: {EA19A0F2-05C8-400C-9DC3-BF16357D6F21} - System32\Tasks\AnVir Task Manager => C:\Program Files (x86)\Utils\AnVir Task Manager Free\anvir.exe [2017-11-02] (AnVir Software)
Task: {F0EF15FC-4114-405C-8815-8B6AC9E084A9} - System32\Tasks\Uninstaller_SkipUac_My_PC => C:\Program Files (x86)\Utils\Iobit Uninstaller\IObitUninstaler.exe [2017-10-24] (IObit)
Task: {F327ADD3-F263-4FE8-8F49-B160540282B2} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-11-02] (Advanced Micro Devices, Inc.)
Task: {FB80113C-AEC6-4B8B-BEE6-BD8FD640173E} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\Utils\PrivaZer\PrivaZer.exe [2017-01-18] (Goversoft LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_My_PC.job => C:\Program Files (x86)\Utils\Iobit Uninstaller\IObitUninstaler.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-03-18 20:58 - 2017-03-18 20:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-06 02:17 - 2016-12-07 16:40 - 003681104 _____ () C:\Program Files (x86)\Utils\TeraCopy\TeraCopyExt.dll
2017-01-18 14:59 - 2017-01-18 14:59 - 003525431 _____ () C:\Program Files (x86)\Utils\PrivaZer\PrivaMenu5.dll
2017-03-18 20:59 - 2017-03-20 03:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-25 12:25 - 2017-07-25 12:25 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-07-25 12:25 - 2017-07-25 12:25 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000770560 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
2016-06-27 23:19 - 2016-06-27 23:19 - 000865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000156672 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\WP8MSVCCommon.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000394752 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\WP8MSVCBridge.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000013824 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\WinPhoneBridge_osmeta.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000796160 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\System_osmeta.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000039424 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\pthreadVC_osmeta.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000114688 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\system_malloc_osmeta.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000680448 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\CrossPortability_osmeta.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 060620605 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\osmeta.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000015374 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\unwind_osmeta.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000930304 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\ffmpeg_osmeta.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000863744 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\c++_osmeta.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000095744 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\z_osmeta.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000081408 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\exif_osmeta.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000361472 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\SystemResources_osmeta.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000092160 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\WRTBridge_osmeta.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000086528 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\WinMediaFoundation_osmeta.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000053760 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\EGL_osmeta.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 000839168 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\GLESv2_osmeta.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 054194995 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\App.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 006611763 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\JavaScriptCore_osmeta.dll
2017-09-19 21:26 - 2017-09-19 21:27 - 001015808 _____ () C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\iconv_osmeta.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-07-15 17:39 - 2017-07-15 17:39 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1801752345-547683526-1453181129-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\My PC\AppData\Roaming\FastStone\FSIV\FSViewerWallPaper.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Linkman =>
MSCONFIG\startupreg: WindowsDefender => "C:\Program Files\windows defender\msascuil.exe"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\StartupApproved\Run: => "Uninstall C:\Users\My PC\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\StartupApproved\Run: => "Linkman"
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\StartupApproved\Run: => "NETGEARGenie"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8416C092-1A0B-4A2E-99CF-016172300C82}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{12696294-ECEF-4AC6-A675-980EA9BFC939}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FCE313F0-C503-4ED7-B772-73900B2D4016}] => (Allow) LPort=2869
FirewallRules: [{D844FAD9-264D-4932-81D1-5D191B8259CA}] => (Allow) LPort=1900
FirewallRules: [{F58835EF-9635-4DEB-81BA-47BC3036686E}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe

==================== Restore Points =========================

02-12-2017 16:37:37 Scheduled Checkpoint
02-12-2017 18:14:25 Installed Cybereason RansomFree 2.4.1.0

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2017 10:15:14 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Kaspersky Internet Security - Update 'KIS 2017 MP0 family (Patch h)' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\MSI197a8.LOG.

Error: (12/02/2017 08:40:56 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Kaspersky Internet Security - Update 'KIS 2017 MP0 family (Patch h)' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\MSI25da6.LOG.

Error: (12/02/2017 08:40:53 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.

Error: (12/02/2017 08:40:53 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.

Error: (12/02/2017 08:40:53 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.

Error: (12/02/2017 08:40:19 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Kaspersky Internet Security - Update 'KIS 2017 MP0 family (Patch h)' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\MSI197a7.LOG.

Error: (12/02/2017 06:14:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/02/2017 04:39:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/02/2017 04:16:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-RBI5RP6)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.15063.675_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (12/02/2017 02:20:12 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Kaspersky Internet Security - Update 'KIS 2017 MP0 family (Patch h)' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\MSI17414.LOG.


System errors:
=============
Error: (12/02/2017 10:15:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kaspersky Anti-Virus NDIS 6 Filter service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (12/02/2017 08:40:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kaspersky Anti-Virus NDIS 6 Filter service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (12/02/2017 08:40:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kaspersky Anti-Virus NDIS 6 Filter service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (12/02/2017 08:40:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (12/02/2017 08:38:42 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/02/2017 08:38:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (12/02/2017 04:15:16 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-RBI5RP6)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user DESKTOP-RBI5RP6\My PC SID (S-1-5-21-1801752345-547683526-1453181129-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2017 04:15:16 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-RBI5RP6)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user DESKTOP-RBI5RP6\My PC SID (S-1-5-21-1801752345-547683526-1453181129-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2017 04:15:11 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-RBI5RP6)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user DESKTOP-RBI5RP6\My PC SID (S-1-5-21-1801752345-547683526-1453181129-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2017 02:20:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kaspersky Anti-Virus NDIS 6 Filter service failed to start due to the following error:
A device attached to the system is not functioning.


==================== Memory info ===========================

Processor: AMD Phenom™ 9600S Quad-Core Processor
Percentage of memory in use: 83%
Total physical RAM: 2046.49 MB
Available physical RAM: 346.59 MB
Total Virtual: 4478.49 MB
Available Virtual: 1035.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.19 GB) (Free:837.46 GB) NTFS
Drive d: (ME2_Disc2) (CDROM) (Total:6.98 GB) (Free:0 GB) UDF
Drive f: (F-USB) (Removable) (Total:0.95 GB) (Free:0.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E58F6166)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=849 MB) - (Type=27)

========================================================
Disk: 1 (Size: 979 MB) (Disk ID: 0071AC76)
Partition 1: (Active) - (Size=978 MB) - (Type=0C)

==================== End of Addition.txt ============================

 

First.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by My PC (administrator) on DESKTOP-RBI5RP6 (02-12-2017 23:01:40)
Running from C:\Users\My PC\Desktop
Loaded Profiles: My PC (Available Profiles: My PC)
Platform: Windows 10 Pro Version 1703 15063.726 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Code Sector) C:\Program Files (x86)\Utils\TeraCopy\TeraCopyService.exe
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(IvoSoft) C:\Program Files (x86)\Utils\Classic Shell\ClassicStartMenu.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(File-New-Project) C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_1.4.4.0_x86__1sdd7yawvg6ne\EarTrumpet.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Facebook.InstagramBeta_10.1096.22724.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\My PC\Desktop\frst64english.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files (x86)\Utils\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2015-01-09] (CANON INC.)
HKLM\...\Policies\Explorer: [HideSCAPower] 1
HKLM\...\Policies\Explorer: [NoInstrumentation] 1
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Policies\Explorer: [HideRunAsVerb] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2739240 2015-11-13] ()
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\Run: [f.lux] => C:\Users\My PC\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\MountPoints2: {ac46868c-1e8e-11e6-9bc2-806e6f6e6963} - "D:\autorun.exe" -auto
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{00bb77f0-30a7-430a-bcf2-6285c9bdf887}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{17ad6dd8-0a31-4d5b-8c59-f6ce15720e36}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\Utils\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-29] (AO Kaspersky Lab)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files (x86)\Utils\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: No Name -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> No File
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-03-29] (AO Kaspersky Lab)
BHO-x32: No Name -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -> No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files (x86)\Utils\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files (x86)\Utils\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-29] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-03-29] (AO Kaspersky Lab)
Handler: wlpg - No CLSID Value

FireFox:
========
FF DefaultProfile: 9q7bnpzp.default-1508500183743
FF ProfilePath: C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\9q7bnpzp.default-1508500183743 [2017-12-02]
FF user.js: detected! => C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\9q7bnpzp.default-1508500183743\user.js [2017-11-24]
FF Extension: (Ghostery) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\9q7bnpzp.default-1508500183743\Extensions\firefox@ghostery.com.xpi [2017-12-02]
FF Extension: (Forecastfox (fix version)) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\9q7bnpzp.default-1508500183743\Extensions\forecastfox@s3_fix_version.xpi [2017-10-20]
FF Extension: (HTTPS Everywhere) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\9q7bnpzp.default-1508500183743\Extensions\https-everywhere@eff.org.xpi [2017-11-22]
FF Extension: (LastPass: Free Password Manager) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\9q7bnpzp.default-1508500183743\Extensions\support@lastpass.com.xpi [2017-11-11]
FF Extension: (NoScript) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\9q7bnpzp.default-1508500183743\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-12-02]
FF Extension: (Pouch - Instantly get voucher codes & coupons) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\9q7bnpzp.default-1508500183743\Extensions\{7c9aa7cd-0b7a-4618-a6c5-42b0ad013d16}.xpi [2017-12-01]
FF Extension: (History Cleaner) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\9q7bnpzp.default-1508500183743\Extensions\{a138007c-5ff6-4d10-83d9-0afaf0efbe5e}.xpi [2017-10-20]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\My PC\AppData\Roaming\Mozilla\Firefox\Profiles\9q7bnpzp.default-1508500183743\features\{a69af43b-88aa-48ab-ac01-9908d2890e6f}\disable-media-wmf-nv12@mozilla.org.xpi [2017-11-22] [Lagacy]
FF ProfilePath: C:\Users\My PC\AppData\Roaming\KompoZer\Profiles\0m8458qa.default [2016-05-24]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-10-14]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atiesrxx.exe [472456 2017-11-02] (AMD)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [13824 2017-10-08] (Cybereason) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
S3 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-08-25] (Foxit Software Inc.)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
S2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S3 MBAMService; C:\Program Files (x86)\Utils\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2017-01-19] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R2 TeraCopyService; C:\Program Files (x86)\Utils\TeraCopy\TeraCopyService.exe [110416 2017-01-31] (Code Sector)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atikmdag.sys [40034184 2017-11-02] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0320046.inf_amd64_8e8f6af872d98101\atikmpag.sys [536456 2017-11-02] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [118960 2017-10-13] (Advanced Micro Devices)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-10-12] (Bluestack System Inc. )
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-24] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-24] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R2 FgcPac; C:\WINDOWS\System32\DRIVERS\fgcpac.sys [439856 2013-07-30] (Fortres Grand Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-05-20] (REALiX™)
S3 IUFileFilter; C:\Program Files (x86)\Utils\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-06-06] (IObit.com)
S3 IURegProcessFilter; C:\Program Files (x86)\Utils\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [39792 2017-09-28] (IObit.com)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-14] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-30] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197344 2017-10-14] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [592088 2017-10-14] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [186184 2017-12-02] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1021656 2017-10-14] (AO Kaspersky Lab)
S1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-03-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-18] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
S3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [230312 2017-11-15] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-11-30] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [253200 2017-11-15] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [107680 2017-11-15] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173664 2017-11-15] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-03-29] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199640 2017-07-24] (AO Kaspersky Lab)
S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-08-12] (Malwarebytes)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2016-05-20] ()
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2016-11-23] (CACE Technologies, Inc.)
U5 nvstor64; C:\Windows\System32\Drivers\nvstor64.sys [130080 2016-06-02] (NVIDIA Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
U4 WMPNetworkSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-02 23:01 - 2017-12-02 23:05 - 000020038 _____ C:\Users\My PC\Desktop\FRST.txt
2017-12-02 23:01 - 2017-12-02 23:01 - 000000000 ____D C:\FRST
2017-12-02 22:58 - 2017-12-02 22:58 - 002391552 _____ (Farbar) C:\Users\My PC\Desktop\frst64english.exe
2017-12-02 20:55 - 2017-12-02 20:55 - 000003392 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-12-02 20:38 - 2017-12-02 20:39 - 000000000 __SHD C:\Users\My PC\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2017-12-02 20:38 - 2017-12-02 20:38 - 000530474 ____N C:\Users\Rd8hwgq\charles maturity.xlsx
2017-12-02 20:38 - 2017-12-02 20:38 - 000501028 ____N C:\Users\Ajxhk3\information.management.xlsx
2017-12-02 20:38 - 2017-12-02 20:38 - 000204442 ____N C:\Users\Rd8hwgq\findingownership.mdb
2017-12-02 20:38 - 2017-12-02 20:38 - 000202678 ____N C:\Users\Ajxhk3\mend-worthy-genuine.mdb
2017-12-02 20:38 - 2017-12-02 20:38 - 000079594 ____N C:\Users\Ajxhk3\submittedmatsuo.xls
2017-12-02 20:38 - 2017-12-02 20:38 - 000064354 ____N C:\Users\Rd8hwgq\indication_hole_ending_transport.xls
2017-12-02 20:38 - 2017-12-02 20:38 - 000057171 ____N C:\Users\Ajxhk3\gov-friendship.pem
2017-12-02 20:38 - 2017-12-02 20:38 - 000053506 ____N C:\Users\Rd8hwgq\tall_normal_homemade_compute.pem
2017-12-02 20:38 - 2017-12-02 20:38 - 000032994 ____N C:\Users\Ajxhk3\propensitydebtmoved.txt
2017-12-02 20:38 - 2017-12-02 20:38 - 000026436 ____N C:\Users\Rd8hwgq\certain seated hurried.txt
2017-12-02 20:38 - 2017-12-02 20:38 - 000018508 ____N C:\Users\Rd8hwgq\peter remove.sql
2017-12-02 20:38 - 2017-12-02 20:38 - 000012911 ____N C:\Users\Ajxhk3\innovationworeprecedingskills.sql
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ___HD C:\Users\Rd8hwgq
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ___HD C:\Users\My PC\Documents\Uversions26
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ___HD C:\Users\My PC\Documents\Alorganized78
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ___HD C:\Users\Ajxhk3
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ____D C:\zJdefinitions135
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ____D C:\Acscan2
2017-12-02 18:15 - 2017-12-02 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cybereason RansomFree
2017-12-02 18:15 - 2017-12-02 18:15 - 000004090 _____ C:\WINDOWS\System32\Tasks\Cybereason RansomFree Keepalive
2017-12-02 18:15 - 2017-12-02 18:15 - 000003196 _____ C:\WINDOWS\System32\Tasks\Cybereason RansomFree Autostart
2017-12-02 17:47 - 2017-12-02 17:47 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\10906CB3.sys
2017-12-02 13:50 - 2017-12-02 13:55 - 004198400 _____ C:\Users\My PC\Downloads\CybereasonRansomFree.msi
2017-11-30 21:13 - 2017-11-30 21:13 - 000306264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-30 14:24 - 2017-11-30 16:29 - 000087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2017-11-29 10:42 - 2017-11-29 10:42 - 000003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-11-29 10:33 - 2017-09-13 23:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-11-29 10:33 - 2017-09-13 23:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-11-29 10:33 - 2017-09-13 23:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-11-29 10:33 - 2017-09-13 23:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-11-29 10:21 - 2017-11-29 10:21 - 000000000 ____D C:\Users\My PC\AppData\Local\RadeonInstaller
2017-11-29 10:17 - 2017-11-29 10:18 - 025900000 _____ (AMD Inc.) C:\Users\My PC\Downloads\radeon-crimson-relive-17.11.1-minimalsetup-171109_64bit.exe
2017-11-28 16:07 - 2017-11-28 16:07 - 000003656 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-11-27 12:55 - 2017-11-27 12:55 - 000401190 _____ C:\Users\My PC\Downloads\flashgot-1.5.6.13.xpi
2017-11-26 22:45 - 2017-11-26 22:45 - 001174986 _____ C:\Users\My PC\Downloads\DMCZS8 E.pdf
2017-11-26 22:15 - 2017-11-26 22:15 - 000004089 _____ C:\Users\My PC\Downloads\Amazon High Volume Hiring.txt
2017-11-24 15:00 - 2017-11-24 15:00 - 000008916 _____ C:\Users\My PC\Downloads\Flight of the Amazon Queen walkthrough - solution.TXT
2017-11-24 14:08 - 2017-11-24 14:08 - 000000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-11-24 13:55 - 2017-11-24 13:56 - 000000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2017-11-24 13:55 - 2017-11-24 13:55 - 000001188 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk
2017-11-22 23:02 - 2017-11-22 23:02 - 000019124 _____ C:\Users\My PC\Downloads\Flight of the Amazon Queen Walkthrough.txt
2017-11-17 22:46 - 2017-11-17 22:46 - 007444047 _____ C:\Users\My PC\Downloads\flight-of-the-amazon-queen.zip
2017-11-17 22:38 - 2017-11-17 22:38 - 000239213 _____ C:\Users\My PC\Downloads\full-throttle_dos_04cw.pdf
2017-11-17 22:34 - 2017-11-17 22:39 - 262667957 _____ C:\Users\My PC\Downloads\full-throttle.zip
2017-11-17 14:31 - 2017-11-05 01:40 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-17 14:31 - 2017-11-05 01:40 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-17 14:12 - 2017-11-02 05:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-17 14:12 - 2017-11-02 04:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-17 14:12 - 2017-11-02 04:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-17 14:12 - 2017-11-02 04:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-17 14:12 - 2017-11-02 04:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-17 14:12 - 2017-11-02 04:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-17 14:12 - 2017-11-02 04:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-17 14:12 - 2017-11-02 04:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-17 14:12 - 2017-11-02 04:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-17 14:12 - 2017-11-02 04:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-17 14:12 - 2017-11-02 04:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-17 14:12 - 2017-11-02 04:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-17 14:12 - 2017-11-02 04:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-17 14:12 - 2017-11-02 04:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-17 14:12 - 2017-11-02 04:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-17 14:12 - 2017-11-02 04:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-17 14:12 - 2017-11-02 04:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-17 14:12 - 2017-11-02 04:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-17 14:12 - 2017-11-02 04:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-17 14:12 - 2017-11-02 04:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-17 14:12 - 2017-11-02 04:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-17 14:12 - 2017-11-02 04:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-17 14:12 - 2017-11-02 04:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-17 14:12 - 2017-11-02 04:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-17 14:12 - 2017-11-02 04:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-17 14:12 - 2017-11-02 04:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-17 14:12 - 2017-11-02 04:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-17 14:12 - 2017-11-02 04:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-17 14:12 - 2017-11-02 04:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-17 14:12 - 2017-11-02 04:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-17 14:12 - 2017-11-02 04:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-17 14:12 - 2017-11-02 04:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-17 14:12 - 2017-11-02 04:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-17 14:12 - 2017-11-02 04:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-17 14:12 - 2017-11-02 04:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-17 14:12 - 2017-11-02 04:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-17 14:12 - 2017-11-02 04:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-17 14:12 - 2017-11-02 04:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-17 14:12 - 2017-11-02 04:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-17 14:12 - 2017-11-02 04:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-17 14:12 - 2017-11-02 04:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-17 14:12 - 2017-11-02 04:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-17 14:12 - 2017-11-02 04:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-17 14:12 - 2017-11-02 04:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-17 14:12 - 2017-11-02 04:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-17 14:12 - 2017-11-02 04:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-17 14:12 - 2017-10-25 07:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-17 14:12 - 2017-10-15 15:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-17 14:12 - 2017-10-15 15:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-17 14:12 - 2017-10-15 14:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-17 14:12 - 2017-10-15 14:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-17 14:12 - 2017-10-15 14:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-17 14:12 - 2017-10-15 14:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-17 14:12 - 2017-10-15 14:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-17 14:12 - 2017-10-15 14:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-17 14:12 - 2017-10-15 14:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-17 14:12 - 2017-10-15 14:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-17 14:12 - 2017-10-15 14:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-17 14:12 - 2017-10-15 14:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-17 14:12 - 2017-10-15 14:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-17 14:11 - 2017-11-02 05:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-17 14:11 - 2017-11-02 04:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-17 14:11 - 2017-10-15 15:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-17 14:07 - 2017-11-02 05:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-17 14:07 - 2017-11-02 04:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-17 14:07 - 2017-11-02 04:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-17 14:07 - 2017-11-02 04:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-17 14:07 - 2017-11-02 04:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-17 14:07 - 2017-11-02 04:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-17 14:07 - 2017-11-02 04:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-17 14:06 - 2017-11-02 05:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-17 14:06 - 2017-11-02 05:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-17 14:06 - 2017-11-02 05:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-17 14:06 - 2017-11-02 05:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-17 14:06 - 2017-11-02 05:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-17 14:06 - 2017-11-02 05:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-17 14:06 - 2017-11-02 05:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-17 14:06 - 2017-11-02 04:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-17 14:06 - 2017-11-02 04:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-17 14:06 - 2017-11-02 04:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-17 14:06 - 2017-11-02 04:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-17 14:06 - 2017-11-02 04:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-17 14:06 - 2017-11-02 04:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-17 14:06 - 2017-11-02 04:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-17 14:06 - 2017-11-02 04:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-17 14:06 - 2017-11-02 04:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-17 14:06 - 2017-11-02 04:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-17 14:06 - 2017-11-02 04:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-17 14:06 - 2017-11-02 04:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-17 14:06 - 2017-11-02 04:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-17 14:06 - 2017-11-02 04:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-17 14:06 - 2017-11-02 04:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-17 14:06 - 2017-11-02 04:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-17 14:06 - 2017-11-02 04:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-17 14:06 - 2017-11-02 04:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-17 14:06 - 2017-11-02 04:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-17 14:06 - 2017-11-02 04:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-17 14:06 - 2017-11-02 04:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-17 14:06 - 2017-11-02 04:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-17 14:06 - 2017-11-02 04:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-17 14:06 - 2017-11-02 04:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-17 14:06 - 2017-11-02 04:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-17 14:06 - 2017-11-02 04:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-17 14:06 - 2017-11-02 04:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-17 14:06 - 2017-11-02 04:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-17 14:06 - 2017-11-02 04:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-17 14:06 - 2017-11-02 04:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-17 14:06 - 2017-11-02 04:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-17 14:06 - 2017-11-02 04:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-17 14:06 - 2017-11-02 04:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-17 14:06 - 2017-11-02 04:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-17 14:06 - 2017-11-02 04:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-17 14:06 - 2017-11-02 04:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-17 14:06 - 2017-10-15 14:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-17 14:06 - 2017-10-15 14:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-17 14:06 - 2017-10-15 14:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-17 14:06 - 2017-10-15 14:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-17 14:06 - 2017-10-15 14:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-17 14:06 - 2017-10-15 14:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-17 14:06 - 2017-10-15 14:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-17 14:06 - 2017-10-15 14:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-17 14:05 - 2017-11-02 05:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-17 14:05 - 2017-11-02 05:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-17 14:05 - 2017-11-02 05:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-17 14:05 - 2017-11-02 05:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-17 14:05 - 2017-11-02 05:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-17 14:05 - 2017-11-02 04:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-17 14:05 - 2017-11-02 04:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-17 14:05 - 2017-11-02 04:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-17 14:05 - 2017-11-02 04:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-17 14:05 - 2017-11-02 04:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-17 14:05 - 2017-11-02 04:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-17 14:05 - 2017-11-02 04:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-17 14:05 - 2017-11-02 04:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-17 14:05 - 2017-11-02 04:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-17 14:05 - 2017-10-15 14:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-17 14:05 - 2017-10-15 14:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-17 14:05 - 2017-10-15 14:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-17 14:05 - 2017-10-15 14:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-17 14:05 - 2017-10-15 14:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-17 14:04 - 2017-11-02 05:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-17 14:04 - 2017-11-02 05:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-17 14:04 - 2017-11-02 05:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-17 14:04 - 2017-11-02 05:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-17 14:04 - 2017-11-02 05:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-17 14:04 - 2017-11-02 05:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-17 14:04 - 2017-11-02 05:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-17 14:04 - 2017-11-02 05:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-17 14:04 - 2017-11-02 05:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-17 14:04 - 2017-11-02 05:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-17 14:04 - 2017-11-02 05:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-17 14:04 - 2017-11-02 05:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-17 14:04 - 2017-11-02 05:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-17 14:04 - 2017-11-02 05:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-17 14:04 - 2017-11-02 05:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-17 14:04 - 2017-11-02 05:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-17 14:04 - 2017-11-02 05:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-17 14:04 - 2017-11-02 05:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-17 14:04 - 2017-11-02 04:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-17 14:04 - 2017-11-02 04:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-17 14:04 - 2017-11-02 04:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-17 14:04 - 2017-11-02 04:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-17 14:04 - 2017-11-02 04:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-17 14:04 - 2017-11-02 04:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-17 14:04 - 2017-11-02 04:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-17 14:04 - 2017-11-02 04:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-17 14:04 - 2017-11-02 04:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-17 14:04 - 2017-11-02 04:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-17 14:04 - 2017-11-02 04:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-17 14:04 - 2017-11-02 04:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-17 14:04 - 2017-11-02 04:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-17 14:04 - 2017-11-02 04:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-17 14:04 - 2017-11-02 04:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-17 14:04 - 2017-11-02 04:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-17 14:04 - 2017-11-02 04:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-17 14:04 - 2017-11-02 04:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-17 14:04 - 2017-11-02 04:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-17 14:04 - 2017-11-02 04:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-17 14:04 - 2017-10-15 14:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-17 14:04 - 2017-10-15 14:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-17 14:04 - 2017-10-15 14:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-17 14:04 - 2017-10-15 14:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-17 14:04 - 2017-10-15 14:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-17 14:04 - 2017-10-15 14:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-17 14:03 - 2017-11-02 05:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-17 14:03 - 2017-11-02 05:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-17 14:03 - 2017-11-02 05:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-17 14:03 - 2017-11-02 05:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-17 14:03 - 2017-11-02 05:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-17 14:03 - 2017-11-02 05:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-17 14:03 - 2017-11-02 05:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-17 14:03 - 2017-11-02 05:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-17 14:03 - 2017-11-02 05:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-17 14:03 - 2017-11-02 05:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-17 14:03 - 2017-11-02 05:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-17 14:03 - 2017-11-02 05:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-17 14:03 - 2017-11-02 05:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-17 14:03 - 2017-11-02 04:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-17 14:03 - 2017-11-02 04:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-17 14:03 - 2017-11-02 04:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-17 14:03 - 2017-11-02 04:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-17 14:03 - 2017-11-02 04:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-17 14:03 - 2017-10-15 14:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-17 14:03 - 2017-10-15 14:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-15 23:19 - 2017-11-20 11:58 - 000002618 _____ C:\WINDOWS\System32\Tasks\AnVir Task Manager
2017-11-15 23:18 - 2017-11-20 11:58 - 000002562 _____ C:\WINDOWS\System32\Tasks\Anvirlauncher
2017-11-15 23:17 - 2017-11-15 23:28 - 000000000 ____D C:\Users\My PC\AppData\Local\AnVir
2017-11-15 15:38 - 2017-11-15 15:38 - 000253200 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2017-11-15 15:37 - 2017-11-15 15:37 - 000230312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2017-11-15 15:37 - 2017-11-15 15:37 - 000173664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2017-11-15 15:37 - 2017-11-15 15:37 - 000107680 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2017-11-14 13:15 - 2017-11-14 13:15 - 000000000 ____D C:\Users\Public\Documents\sun
2017-11-14 13:09 - 2017-11-14 13:09 - 000001193 _____ C:\Users\Public\Desktop\LibreOffice 5.4.lnk
2017-11-14 13:07 - 2017-11-14 13:08 - 000000000 ____D C:\Program Files\LibreOffice 5
2017-11-12 22:12 - 2017-11-12 22:15 - 244957184 _____ C:\Users\My PC\Downloads\LibreOffice_5.4.2_Win_x64.msi
2017-11-11 13:02 - 2017-11-11 13:02 - 002969472 _____ C:\Users\My PC\ZHPCleaner.exe
2017-11-06 11:22 - 2017-11-06 11:22 - 000001941 _____ C:\Users\My PC\Desktop\PhotoshopElementsEditor.exe - Shortcut.lnk
2017-11-05 17:45 - 1998-10-29 16:45 - 000306688 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
2017-11-05 17:39 - 2017-11-05 17:39 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2017-11-05 17:39 - 2017-11-05 17:39 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2017-11-05 17:39 - 2017-11-05 17:39 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2017-11-05 17:39 - 2017-11-05 17:39 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2017-11-05 17:39 - 2017-11-05 17:39 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2017-11-05 17:39 - 2017-11-05 17:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2017-11-05 17:39 - 2017-11-05 17:39 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2017-11-05 17:39 - 2017-11-05 17:39 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2017-11-05 17:39 - 2017-11-05 17:39 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2017-11-05 17:39 - 2017-11-05 17:39 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2017-11-05 17:39 - 2017-11-05 17:39 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2017-11-05 17:39 - 2017-11-05 17:39 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2017-11-05 17:39 - 2017-11-05 17:39 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2017-11-05 17:39 - 2017-11-05 17:39 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2017-11-05 17:39 - 2017-11-05 17:39 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2017-11-05 17:39 - 2017-11-05 17:39 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2017-11-05 17:39 - 2017-11-05 17:39 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2017-11-05 17:39 - 2017-11-05 17:39 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2017-11-05 17:36 - 2017-11-14 11:48 - 000000000 ____D C:\Users\My PC\AppData\Roaming\Adobe
2017-11-05 17:36 - 2017-11-05 17:36 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-11-05 17:32 - 2017-11-05 17:44 - 000000000 ____D C:\ProgramData\Adobe
2017-11-05 17:32 - 2017-11-05 17:32 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-05 14:58 - 1998-11-03 14:31 - 000061440 _____ (Immersion Corporation) C:\WINDOWS\SysWOW64\IFORCE2.dll
2017-11-05 14:58 - 1997-01-22 21:26 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCP50.DLL
2017-11-05 14:57 - 2017-11-05 14:57 - 000000216 _____ C:\WINDOWS\PowerReg.dat
2017-11-02 19:13 - 2017-11-02 19:13 - 000470920 _____ C:\WINDOWS\system32\dgtrayicon.exe
2017-11-02 19:13 - 2017-11-02 19:13 - 000449416 _____ C:\WINDOWS\system32\GameManager64.dll
2017-11-02 19:13 - 2017-11-02 19:13 - 000357256 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2017-11-02 19:13 - 2017-11-02 19:13 - 000020360 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2017-11-02 19:12 - 2017-11-02 19:12 - 000698760 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2017-11-02 19:12 - 2017-11-02 19:12 - 000547208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2017-11-02 19:12 - 2017-11-02 19:12 - 000461192 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2017-11-02 19:12 - 2017-11-02 19:12 - 000405384 _____ C:\WINDOWS\system32\atieah64.exe
2017-11-02 19:12 - 2017-11-02 19:12 - 000325512 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2017-11-02 19:12 - 2017-11-02 19:12 - 000223112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2017-11-02 19:12 - 2017-11-02 19:12 - 000194440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2017-11-02 19:12 - 2017-11-02 19:12 - 000149896 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2017-11-02 19:12 - 2017-11-02 19:12 - 000148496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2017-11-02 19:12 - 2017-11-02 19:12 - 000140232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2017-11-02 19:12 - 2017-11-02 19:12 - 000126344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2017-11-02 19:12 - 2017-11-02 19:12 - 000115592 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2017-11-02 19:12 - 2017-11-02 19:12 - 000036232 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2017-11-02 19:12 - 2017-11-02 19:12 - 000033160 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2017-11-02 19:12 - 2017-11-02 19:12 - 000020360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2017-11-02 19:11 - 2017-11-02 19:11 - 000534216 _____ C:\WINDOWS\system32\amdmiracast.dll
2017-11-02 19:11 - 2017-11-02 19:11 - 000458632 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2017-11-02 19:11 - 2017-11-02 19:11 - 000175288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2017-11-02 19:11 - 2017-11-02 19:11 - 000170888 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2017-11-02 19:11 - 2017-11-02 19:11 - 000153640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2017-11-02 19:11 - 2017-11-02 19:11 - 000141704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2017-11-02 19:11 - 2017-11-02 19:11 - 000111440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2017-11-02 19:11 - 2017-11-02 19:11 - 000111440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2017-11-02 19:11 - 2017-11-02 19:11 - 000107912 _____ C:\WINDOWS\system32\atidxx64.dll
2017-11-02 19:11 - 2017-11-02 19:11 - 000092552 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2017-11-02 19:11 - 2017-11-02 19:11 - 000092328 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2017-11-02 19:11 - 2017-11-02 19:11 - 000092328 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2017-11-02 19:11 - 2017-11-02 19:11 - 000060296 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2017-11-02 19:10 - 2017-11-02 19:10 - 002915208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2017-11-02 19:10 - 2017-11-02 19:10 - 001454984 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2017-11-02 19:10 - 2017-11-02 19:10 - 001052040 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2017-11-02 19:10 - 2017-11-02 19:10 - 001052040 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2017-11-02 19:10 - 2017-11-02 19:10 - 000866184 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2017-11-02 19:10 - 2017-11-02 19:10 - 000694664 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2017-11-02 19:10 - 2017-11-02 19:10 - 000342920 _____ C:\WINDOWS\system32\clinfo.exe
2017-11-02 19:10 - 2017-11-02 19:10 - 000267656 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2017-11-02 19:10 - 2017-11-02 19:10 - 000233352 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2017-11-02 19:10 - 2017-11-02 19:10 - 000148360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2017-11-02 19:10 - 2017-11-02 19:10 - 000124296 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2017-11-02 19:10 - 2017-11-02 19:10 - 000120680 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2017-11-02 19:10 - 2017-11-02 19:10 - 000105736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2017-11-02 19:10 - 2017-11-02 19:10 - 000104840 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2017-11-02 19:10 - 2017-11-02 19:10 - 000089992 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2017-11-02 19:09 - 2017-11-02 19:09 - 013527944 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2017-11-02 19:09 - 2017-11-02 19:09 - 011090824 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2017-11-02 19:09 - 2017-11-02 19:09 - 002533256 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2017-11-02 19:09 - 2017-11-02 19:09 - 001232264 _____ (AMD) C:\WINDOWS\system32\coinst_17.40.dll
2017-11-02 19:09 - 2017-11-02 19:09 - 000543624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2017-11-02 19:09 - 2017-11-02 19:09 - 000436616 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2017-11-02 19:09 - 2017-11-02 19:09 - 000373640 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2017-11-02 19:09 - 2017-11-02 19:09 - 000352136 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2017-11-02 19:09 - 2017-11-02 19:09 - 000159624 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-11-02 19:09 - 2017-11-02 19:09 - 000136584 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-11-02 18:30 - 2017-11-02 18:30 - 000835448 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2017-11-02 18:30 - 2017-11-02 18:30 - 000835448 _____ C:\WINDOWS\system32\atiapfxx.blb
2017-11-02 18:27 - 2017-11-02 18:27 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2017-11-02 18:22 - 2017-11-02 18:22 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-02 22:59 - 2017-03-06 02:18 - 000000000 ____D C:\Users\My PC\AppData\Roaming\TeraCopy
2017-12-02 22:58 - 2017-08-19 16:54 - 000000000 ____D C:\Users\My PC\AppData\Roaming\Thunderbird
2017-12-02 22:58 - 2017-06-20 13:58 - 000000000 ____D C:\Users\My PC\AppData\Roaming\Mozilla
2017-12-02 22:58 - 2017-06-20 13:58 - 000000000 ____D C:\Users\My PC\AppData\LocalLow\Mozilla
2017-12-02 22:09 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-02 22:05 - 2016-05-20 16:10 - 000000000 ____D C:\Users\My PC\AppData\Local\ClassicShell
2017-12-02 22:05 - 2016-05-20 13:59 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-12-02 20:39 - 2016-05-20 15:00 - 000000000 ____D C:\Users\My PC\.rainlendar2
2017-12-02 20:38 - 2017-08-27 17:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-02 18:18 - 2017-08-27 16:59 - 000000000 ____D C:\Users\My PC
2017-12-02 18:18 - 2017-08-27 16:57 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-12-02 18:18 - 2017-03-18 11:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-02 18:16 - 2017-05-17 14:06 - 000000000 ____D C:\Users\My PC\AppData\Roaming\Cybereason
2017-12-02 18:16 - 2016-05-20 16:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools
2017-12-02 18:12 - 2016-11-30 13:32 - 000000000 ____D C:\Users\My PC\AppData\Roaming\ZHP
2017-12-02 18:12 - 2016-05-20 14:00 - 000000000 ____D C:\Users\My PC\AppData\Roaming\IObit
2017-12-02 17:46 - 2017-08-27 16:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-02 16:16 - 2016-10-27 12:10 - 000000000 ____D C:\Users\My PC\Documents\gPodder
2017-12-02 12:15 - 2017-07-30 13:21 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-12-02 00:24 - 2016-10-29 00:08 - 000000000 ____D C:\Users\My PC\AppData\LocalLow\AMD
2017-12-01 22:36 - 2017-03-18 21:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-01 14:17 - 2016-05-20 14:30 - 000000000 ____D C:\TEMP
2017-12-01 01:44 - 2017-10-04 13:09 - 000000000 ___HD C:\zIB
2017-12-01 01:44 - 2016-12-18 13:24 - 000000000 ____D C:\Backup
2017-11-30 21:21 - 2017-08-03 12:28 - 000000000 ____D C:\Users\My PC\AppData\Roaming\MPC-HC
2017-11-30 00:03 - 2017-08-27 16:57 - 000000000 ____D C:\Program Files\AMD
2017-11-30 00:03 - 2017-03-18 21:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-29 23:53 - 2016-06-06 10:45 - 000000000 ____D C:\send
2017-11-29 10:33 - 2016-11-05 14:44 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-29 10:21 - 2017-06-29 21:28 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2017-11-28 10:49 - 2017-08-01 14:25 - 000000310 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_My_PC.job
2017-11-27 22:16 - 2017-08-27 17:17 - 000002302 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_My_PC
2017-11-27 17:31 - 2017-07-31 13:54 - 000000000 ____D C:\Users\My PC\AppData\Roaming\XnView
2017-11-27 17:31 - 2016-05-21 15:25 - 000000000 ____D C:\Users\My PC\AppData\Local\paint.net
2017-11-26 22:57 - 2017-03-18 11:40 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2017-11-26 21:59 - 2016-05-20 14:00 - 000000000 ____D C:\ProgramData\IObit
2017-11-24 14:31 - 2016-05-20 14:01 - 000000000 ____D C:\ProgramData\ProductData
2017-11-24 14:06 - 2016-06-06 10:15 - 000000000 ____D C:\Users\My PC\AppData\Roaming\GlarySoft
2017-11-24 14:06 - 2016-05-20 13:59 - 000000000 ____D C:\Program Files (x86)\Utils
2017-11-21 12:44 - 2016-06-10 12:11 - 000000000 ____D C:\Users\My PC\AppData\Local\PrivaZer
2017-11-21 00:31 - 2017-01-18 00:38 - 000000000 ____D C:\Users\My PC\dwhelper
2017-11-19 12:13 - 2017-06-20 13:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-19 12:13 - 2017-06-20 13:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-18 17:16 - 2017-06-20 13:58 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-18 11:33 - 2017-08-27 17:18 - 001016438 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-17 23:26 - 2016-05-20 16:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
2017-11-17 23:04 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-17 21:18 - 2016-05-20 16:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-17 21:05 - 2017-10-10 21:36 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-17 21:05 - 2016-05-20 16:01 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-17 20:41 - 2016-11-22 23:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-17 20:36 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-11-17 20:36 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-11-17 20:36 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-17 20:36 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-17 20:36 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-17 20:36 - 2017-03-18 21:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-17 20:36 - 2017-03-18 21:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-17 14:47 - 2017-03-18 20:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-14 20:50 - 2017-03-31 13:19 - 000000000 ____D C:\Users\My PC\AppData\Roaming\vlc
2017-11-14 14:28 - 2017-11-01 23:07 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-14 14:28 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-14 14:27 - 2017-03-18 21:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-14 11:54 - 2016-07-01 15:58 - 000000000 ____D C:\Users\My PC\AppData\Roaming\Google
2017-11-14 11:44 - 2016-05-20 14:10 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-05 16:10 - 2016-06-18 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-11-05 14:56 - 2016-06-17 15:42 - 000000000 ____D C:\Program Files (x86)\Games
2017-11-04 22:03 - 2016-05-20 16:10 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applications

==================== Files in the root of some directories =======

2017-11-11 13:02 - 2017-11-11 13:02 - 002969472 _____ () C:\Users\My PC\ZHPCleaner.exe
2017-05-02 15:53 - 2017-05-02 15:56 - 000000409 _____ () C:\Users\My PC\AppData\Local\kdeglobals
2017-05-02 15:49 - 2017-05-02 15:57 - 000003881 _____ () C:\Users\My PC\AppData\Local\kdenliverc
2017-06-11 19:53 - 2017-06-11 19:53 - 000001225 _____ () C:\Users\My PC\AppData\Local\recently-used.xbel
2016-10-23 12:15 - 2016-10-25 10:54 - 000007639 _____ () C:\Users\My PC\AppData\Local\Resmon.ResmonCfg
2017-03-03 15:00 - 2017-03-10 13:15 - 000000552 _____ () C:\Users\My PC\AppData\Local\TroubleshooterConfig.json
2017-05-02 15:49 - 2017-05-02 15:49 - 000000533 _____ () C:\Users\My PC\AppData\Local\user-places.xbel
2017-05-02 15:49 - 2017-05-02 15:49 - 000000000 _____ () C:\Users\My PC\AppData\Local\user-places.xbel.tbcache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-28 13:26

==================== End of FRST.txt ============================

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,142 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:23 PM

Posted 02 December 2017 - 09:01 PM

Thank you.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\MountPoints2: {ac46868c-1e8e-11e6-9bc2-806e6f6e6963} - "D:\autorun.exe" -auto
BHO: No Name -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4}
BHO-x32: No Name -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8}
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} 
2017-12-02 20:38 - 2017-12-02 20:39 - 000000000 __SHD C:\Users\My PC\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2017-12-02 20:38 - 2017-12-02 20:38 - 000530474 ____N C:\Users\Rd8hwgq\charles maturity.xlsx
2017-12-02 20:38 - 2017-12-02 20:38 - 000501028 ____N C:\Users\Ajxhk3\information.management.xlsx
2017-12-02 20:38 - 2017-12-02 20:38 - 000204442 ____N C:\Users\Rd8hwgq\findingownership.mdb
2017-12-02 20:38 - 2017-12-02 20:38 - 000202678 ____N C:\Users\Ajxhk3\mend-worthy-genuine.mdb
2017-12-02 20:38 - 2017-12-02 20:38 - 000079594 ____N C:\Users\Ajxhk3\submittedmatsuo.xls
2017-12-02 20:38 - 2017-12-02 20:38 - 000064354 ____N C:\Users\Rd8hwgq\indication_hole_ending_transport.xls
2017-12-02 20:38 - 2017-12-02 20:38 - 000057171 ____N C:\Users\Ajxhk3\gov-friendship.pem
2017-12-02 20:38 - 2017-12-02 20:38 - 000053506 ____N C:\Users\Rd8hwgq\tall_normal_homemade_compute.pem
2017-12-02 20:38 - 2017-12-02 20:38 - 000032994 ____N C:\Users\Ajxhk3\propensitydebtmoved.txt
2017-12-02 20:38 - 2017-12-02 20:38 - 000026436 ____N C:\Users\Rd8hwgq\certain seated hurried.txt
2017-12-02 20:38 - 2017-12-02 20:38 - 000018508 ____N C:\Users\Rd8hwgq\peter remove.sql
2017-12-02 20:38 - 2017-12-02 20:38 - 000012911 ____N C:\Users\Ajxhk3\innovationworeprecedingskills.sql
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ___HD C:\Users\Rd8hwgq
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ___HD C:\Users\My PC\Documents\Uversions26
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ___HD C:\Users\My PC\Documents\Alorganized78
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ___HD C:\Users\Ajxhk3
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ____D C:\zJdefinitions135
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ____D C:\Acscan2
Task: {BE9C4A1E-E7C0-40D6-B96A-3C91FE2EE52D} - \ASC11_SkipUac_My PC
Folder: C:\Backup
Folder: C:\zIB
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Type the following in the Search Field
OFCommon.dll
  • Click Search File(s) button
  • A Search.txt document will be saved to your USB device
  • Copy and paste the contents of that document your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Fixlog
  • Search.txt

Edited by Oh My!, 03 December 2017 - 09:13 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 JD2015

JD2015
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 03 December 2017 - 09:35 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by My PC (03-12-2017 14:17:31) Run:2
Running from C:\Users\My PC\Desktop
Loaded Profiles: My PC (Available Profiles: My PC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\...\MountPoints2: {ac46868c-1e8e-11e6-9bc2-806e6f6e6963} - "D:\autorun.exe" -auto
BHO: No Name -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4}
BHO-x32: No Name -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8}
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6}
2017-12-02 20:38 - 2017-12-02 20:39 - 000000000 __SHD C:\Users\My PC\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2017-12-02 20:38 - 2017-12-02 20:38 - 000530474 ____N C:\Users\Rd8hwgq\charles maturity.xlsx
2017-12-02 20:38 - 2017-12-02 20:38 - 000501028 ____N C:\Users\Ajxhk3\information.management.xlsx
2017-12-02 20:38 - 2017-12-02 20:38 - 000204442 ____N C:\Users\Rd8hwgq\findingownership.mdb
2017-12-02 20:38 - 2017-12-02 20:38 - 000202678 ____N C:\Users\Ajxhk3\mend-worthy-genuine.mdb
2017-12-02 20:38 - 2017-12-02 20:38 - 000079594 ____N C:\Users\Ajxhk3\submittedmatsuo.xls
2017-12-02 20:38 - 2017-12-02 20:38 - 000064354 ____N C:\Users\Rd8hwgq\indication_hole_ending_transport.xls
2017-12-02 20:38 - 2017-12-02 20:38 - 000057171 ____N C:\Users\Ajxhk3\gov-friendship.pem
2017-12-02 20:38 - 2017-12-02 20:38 - 000053506 ____N C:\Users\Rd8hwgq\tall_normal_homemade_compute.pem
2017-12-02 20:38 - 2017-12-02 20:38 - 000032994 ____N C:\Users\Ajxhk3\propensitydebtmoved.txt
2017-12-02 20:38 - 2017-12-02 20:38 - 000026436 ____N C:\Users\Rd8hwgq\certain seated hurried.txt
2017-12-02 20:38 - 2017-12-02 20:38 - 000018508 ____N C:\Users\Rd8hwgq\peter remove.sql
2017-12-02 20:38 - 2017-12-02 20:38 - 000012911 ____N C:\Users\Ajxhk3\innovationworeprecedingskills.sql
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ___HD C:\Users\Rd8hwgq
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ___HD C:\Users\My PC\Documents\Uversions26
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ___HD C:\Users\My PC\Documents\Alorganized78
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ___HD C:\Users\Ajxhk3
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ____D C:\zJdefinitions135
2017-12-02 20:38 - 2017-12-02 20:38 - 000000000 ____D C:\Acscan2
Task: {BE9C4A1E-E7C0-40D6-B96A-3C91FE2EE52D} - \ASC11_SkipUac_My PC
Folder: C:\Backup

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => key not found
HKU\S-1-5-21-1801752345-547683526-1453181129-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac46868c-1e8e-11e6-9bc2-806e6f6e6963} => key not found
HKLM\Software\Classes\CLSID\{ac46868c-1e8e-11e6-9bc2-806e6f6e6963} => key not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: No Name -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} => key not found
HKLM\Software\Classes\CLSID\BHO: No Name -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} => key not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO-x32: No Name -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} => key not found
HKLM\Software\Wow6432Node\Classes\CLSID\BHO-x32: No Name -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} => key not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found
HKLM\Software\Wow6432Node\Classes\CLSID\BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found
C:\Users\My PC\Desktop\0K, this directory is for Ransomware detection (just leave it here) => moved successfully
"C:\Users\Rd8hwgq\charles maturity.xlsx" => not found.
"C:\Users\Ajxhk3\information.management.xlsx" => not found.
"C:\Users\Rd8hwgq\findingownership.mdb" => not found.
"C:\Users\Ajxhk3\mend-worthy-genuine.mdb" => not found.
"C:\Users\Ajxhk3\submittedmatsuo.xls" => not found.
"C:\Users\Rd8hwgq\indication_hole_ending_transport.xls" => not found.
"C:\Users\Ajxhk3\gov-friendship.pem" => not found.
"C:\Users\Rd8hwgq\tall_normal_homemade_compute.pem" => not found.
"C:\Users\Ajxhk3\propensitydebtmoved.txt" => not found.
"C:\Users\Rd8hwgq\certain seated hurried.txt" => not found.
"C:\Users\Rd8hwgq\peter remove.sql" => not found.
"C:\Users\Ajxhk3\innovationworeprecedingskills.sql" => not found.
"C:\Users\Rd8hwgq" => not found.
"C:\Users\My PC\Documents\Uversions26" => not found.
"C:\Users\My PC\Documents\Alorganized78" => not found.
"C:\Users\Ajxhk3" => not found.
"C:\zJdefinitions135" => not found.
"C:\Acscan2" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE9C4A1E-E7C0-40D6-B96A-3C91FE2EE52D} => key not found

========================= Folder: C:\Backup ========================

2017-11-25 14:28 - 2017-11-27 14:57 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Backup\100CANON
2017-11-25 17:42 - 2017-11-25 17:42 - 005361382 ____A [8D3E9D5BE27A14586F8E2654B5ED8DE0] () C:\Backup\100CANON\IMG_2729.JPG
2017-11-25 17:43 - 2017-11-25 17:43 - 007293979 ____A [0167F31BC3BAC90D833A34F7E636955A] () C:\Backup\100CANON\IMG_2731.JPG
2017-11-25 18:03 - 2017-11-25 18:03 - 003181983 ____A [4CC45AFFD1B395F8CF83930BB973FDA0] () C:\Backup\100CANON\IMG_2747.JPG
2017-11-25 18:06 - 2017-11-25 18:06 - 003360775 ____A [6A65BB5919A959CE19063E5E0E20FA93] () C:\Backup\100CANON\IMG_2755.JPG
2017-11-25 18:07 - 2017-11-25 18:07 - 003359215 ____A [960B5A28CB83A4D5F98582C733FF75D5] () C:\Backup\100CANON\IMG_2756.JPG
2017-11-25 18:10 - 2017-11-25 18:10 - 003529711 ____A [53156082338D0CCD10B5AABA84826725] () C:\Backup\100CANON\IMG_2762.JPG
2017-11-25 18:10 - 2017-11-25 18:10 - 006716352 ____A [076F23CE95A37AC786250BCFC12F6B21] () C:\Backup\100CANON\IMG_2763.JPG
2017-11-25 18:11 - 2017-11-25 18:11 - 006298333 ____A [3380993E4DF5AC09E67E347133AC5E6B] () C:\Backup\100CANON\IMG_2764.JPG
2017-11-25 18:11 - 2017-11-25 18:11 - 005914966 ____A [B11FC1A4892D9370BE1B61E5E735FE7A] () C:\Backup\100CANON\IMG_2765.JPG
2017-11-25 18:11 - 2017-11-25 18:11 - 006143019 ____A [B586AAC5A57DF86E0ED608049462305B] () C:\Backup\100CANON\IMG_2766.JPG
2017-11-25 18:12 - 2017-11-25 18:12 - 006320360 ____A [CBCC15C315EBDB90484F3AFF5906ED48] () C:\Backup\100CANON\IMG_2767.JPG
2017-11-25 18:12 - 2017-11-25 18:12 - 006618568 ____A [F86A1E5B03B6F820311B387122BA7050] () C:\Backup\100CANON\IMG_2768.JPG
2017-11-25 18:13 - 2017-11-25 18:13 - 006734742 ____A [C240265271431771C5D27ED5CB180CBF] () C:\Backup\100CANON\IMG_2769.JPG
2017-11-25 18:14 - 2017-11-25 18:14 - 004373954 ____A [E2A4209D5864C1B0F76D9EEA4D1C69CA] () C:\Backup\100CANON\IMG_2781.JPG
2017-11-25 18:14 - 2017-11-25 18:14 - 004064738 ____A [BFC4458865068B22A3CB80AFAAB3F226] () C:\Backup\100CANON\IMG_2782.JPG
2017-11-25 18:14 - 2017-11-25 18:14 - 003666091 ____A [D2627FFDD49028EB62245B56B5BF581B] () C:\Backup\100CANON\IMG_2783.JPG
2017-11-25 18:15 - 2017-11-25 18:15 - 003492862 ____A [C977A0DB662195D1804A0926A23E3E2C] () C:\Backup\100CANON\IMG_2800.JPG
2017-11-25 18:15 - 2017-11-25 18:15 - 003627956 ____A [7EF1EE5123165C98F0090DADBF3E3178] () C:\Backup\100CANON\IMG_2801.JPG
2017-11-25 18:15 - 2017-11-25 18:15 - 003526523 ____A [82CB30F0294DA51E900FA301717D7E2B] () C:\Backup\100CANON\IMG_2802.JPG
2017-11-25 18:15 - 2017-11-25 18:15 - 003314540 ____A [DBD61CF2EDC897A13EEC407894613BCB] () C:\Backup\100CANON\IMG_2803.JPG
2017-11-25 18:15 - 2017-11-25 18:15 - 003431605 ____A [AB8E4023FF30F3E8737C90D9E52C1A7D] () C:\Backup\100CANON\IMG_2804.JPG
2017-11-25 18:18 - 2017-11-25 18:18 - 004629991 ____A [539464C0B4D865DBD1D91A22E8480687] () C:\Backup\100CANON\IMG_2833.JPG
2017-11-25 18:18 - 2017-11-25 18:18 - 004238870 ____A [EE99498B028969985C2DC11DFD752187] () C:\Backup\100CANON\IMG_2834.JPG
2017-11-25 18:18 - 2017-11-25 18:18 - 003743743 ____A [FF07BD753D20A0363BC8554CEAACC513] () C:\Backup\100CANON\IMG_2835.JPG
2017-11-25 18:18 - 2017-11-25 18:18 - 003660474 ____A [4C9B7461FEE128AF31277E494A4EA651] () C:\Backup\100CANON\IMG_2836.JPG
2017-11-25 18:18 - 2017-11-25 18:18 - 003411750 ____A [42EBD367AE9DE50EC65C390AB4E59BFE] () C:\Backup\100CANON\IMG_2837.JPG
2017-11-25 18:18 - 2017-11-25 18:18 - 003401856 ____A [9716EA8111FA39EF421B40611E27B139] () C:\Backup\100CANON\IMG_2838.JPG
2017-11-25 18:18 - 2017-11-25 18:18 - 003748424 ____A [D3066266537F428F95A3B98B8532AF32] () C:\Backup\100CANON\IMG_2839.JPG
2017-11-25 18:18 - 2017-11-25 18:18 - 003589304 ____A [CF3E7C47672C8059C8F1724325986E15] () C:\Backup\100CANON\IMG_2840.JPG
2017-11-25 18:18 - 2017-11-25 18:18 - 004166175 ____A [F4AA12F3B15E9BD6FBD56D71089C89AE] () C:\Backup\100CANON\IMG_2843.JPG
2017-11-25 18:18 - 2017-11-25 18:18 - 003709532 ____A [A9DD15F024F55DA9DC9E821749DED906] () C:\Backup\100CANON\IMG_2844.JPG
2017-11-25 18:18 - 2017-11-25 18:18 - 003564378 ____A [2125183F6BE71C24225EF3BC320D3770] () C:\Backup\100CANON\IMG_2845.JPG
2017-11-25 18:18 - 2017-11-25 18:18 - 003418775 ____A [BCF6EBF8BD3C05BC281254D7A4E0F74A] () C:\Backup\100CANON\IMG_2846.JPG
2017-11-25 18:18 - 2017-11-25 18:18 - 003430752 ____A [11CD8AB65C76DA92AE0CE6F9D6103400] () C:\Backup\100CANON\IMG_2847.JPG
2017-11-25 18:19 - 2017-11-25 18:19 - 004815088 ____A [142271BE17ED09169A08A6AE41EF73DF] () C:\Backup\100CANON\IMG_2848.JPG
2017-11-25 18:19 - 2017-11-25 18:19 - 004571092 ____A [8E5E8066A5FA27C87B28FAAC67AFD7C2] () C:\Backup\100CANON\IMG_2849.JPG
2017-11-25 18:19 - 2017-11-25 18:19 - 004515866 ____A [A6DE2963C0D8BE489794023D932968A0] () C:\Backup\100CANON\IMG_2850.JPG
2017-11-25 18:20 - 2017-11-25 18:20 - 004456329 ____A [E94A40163FA9EFE2563D5F1FC3C92A1A] () C:\Backup\100CANON\IMG_2856.JPG
2017-11-25 18:20 - 2017-11-25 18:20 - 004452214 ____A [748D6143772956EA1FE05C7D4D0B4063] () C:\Backup\100CANON\IMG_2857.JPG
2017-11-25 18:21 - 2017-11-25 18:21 - 002958147 ____A [682DD3EE0848F28108BE83073B543090] () C:\Backup\100CANON\IMG_2860.JPG
2017-11-25 18:21 - 2017-11-25 18:21 - 005692452 ____A [F23BF70B11F1B66A21938A19E5BA2857] () C:\Backup\100CANON\IMG_2861.JPG
2017-11-25 18:22 - 2017-11-25 18:22 - 005744321 ____A [B31095A474518A81FC8AED118140AC62] () C:\Backup\100CANON\IMG_2862.JPG
2017-11-25 18:22 - 2017-11-25 18:22 - 005604353 ____A [1F48863722F93FFE7C2F3E33C3FAE682] () C:\Backup\100CANON\IMG_2863.JPG
2017-11-25 18:22 - 2017-11-25 18:22 - 005717697 ____A [AD148B4AD686CDBC8F01B779793C81DD] () C:\Backup\100CANON\IMG_2864.JPG
2017-11-25 18:22 - 2017-11-25 18:22 - 005713461 ____A [1A22CEE11BDD5149769F58907FC59329] () C:\Backup\100CANON\IMG_2865.JPG
2017-11-25 18:22 - 2017-11-25 18:22 - 005788462 ____A [0CD436864F51786091ECBF99F321B5F2] () C:\Backup\100CANON\IMG_2866.JPG
2017-11-25 18:22 - 2017-11-25 18:22 - 005865375 ____A [6BCEE45EB5943C265F06A66942CE4EA3] () C:\Backup\100CANON\IMG_2867.JPG
2017-11-25 18:23 - 2017-11-25 18:23 - 005922163 ____A [CF1877E3DE1493A05994B030CEB3CD7C] () C:\Backup\100CANON\IMG_2868.JPG
2017-11-25 18:23 - 2017-11-25 18:23 - 005961865 ____A [9341E87D0BD38D678A3A9E0C0353445A] () C:\Backup\100CANON\IMG_2870.JPG
2017-11-25 18:23 - 2017-11-25 18:23 - 005953911 ____A [3B25F689063E72C25E59639DBD5D7100] () C:\Backup\100CANON\IMG_2872.JPG
2016-12-18 14:18 - 2017-06-17 12:42 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Backup\Text
2017-04-15 11:33 - 2017-04-15 11:39 - 000000876 ____A [215189A6D67201674B49CBED35710A79] () C:\Backup\Text\Baird.txt
2017-04-17 16:57 - 2017-04-17 16:57 - 000065257 ____A [254C2824910A9A2567B853A34764D801] () C:\Backup\Text\Book template.odt
2016-08-05 11:26 - 2016-08-05 12:47 - 000000287 ____A [708BCD853342F076D6A56E38E89803C3] () C:\Backup\Text\Bow Plate of R34 Airship (2).txt
2016-08-05 11:26 - 2016-08-05 12:47 - 000000287 ____A [708BCD853342F076D6A56E38E89803C3] () C:\Backup\Text\Bow Plate of R34 Airship.txt
2016-08-05 11:26 - 2016-08-05 12:47 - 000000287 ____A [708BCD853342F076D6A56E38E89803C3] () C:\Backup\Text\Bow Plate of R34 Airship_2.txt
2016-12-13 00:03 - 2016-12-13 15:56 - 000008702 ____A [4E2D7B27C33582DA158CDF4189C56B36] () C:\Backup\Text\Bypass mouse speed and control.txt
2016-12-13 00:03 - 2016-12-13 15:56 - 000008702 ____A [4E2D7B27C33582DA158CDF4189C56B36] () C:\Backup\Text\Bypass mouse speed and control_2.txt
2017-04-25 14:15 - 2017-04-19 22:46 - 000076796 ____A [007C3CA7B43D629EB0EB9702706C76A4] () C:\Backup\Text\Christina (2).odt
2017-04-19 22:34 - 2017-04-19 22:46 - 000076796 ____A [007C3CA7B43D629EB0EB9702706C76A4] () C:\Backup\Text\Christina.odt
2016-06-17 14:06 - 2016-06-17 14:08 - 000395039 ____A [A48578BA5AC3A1A4119932110E53382C] () C:\Backup\Text\Clydebuilt -The Ships That Made The Commonwealth (2).odt
2016-06-17 14:06 - 2016-06-17 14:08 - 000395039 ____A [A48578BA5AC3A1A4119932110E53382C] () C:\Backup\Text\Clydebuilt -The Ships That Made The Commonwealth.odt
2017-04-25 14:15 - 2017-04-03 22:36 - 000000431 ____A [BE2573813306368CD219CA51C9CABBF3] () C:\Backup\Text\Concorde Flight Test Crew Suit & Helmet 1969..txt
2017-05-02 22:45 - 2017-05-02 23:03 - 000000619 ____A [9206A028D5CC1D40CCAA3B99C4E1E6E9] () C:\Backup\Text\Crossing the Forth Road Bridge.txt
2016-09-26 12:46 - 2017-01-26 22:49 - 000000726 ____A [D3B29F17F3A7EF4033124594F650CE04] () C:\Backup\Text\Crowning Glory (2).txt
2016-09-26 12:46 - 2016-09-26 12:46 - 000000637 ____A [9E42223715969938D54AAB6BDAF6DC8D] () C:\Backup\Text\Crowning Glory.txt
2016-08-25 15:01 - 2016-08-25 15:01 - 000001823 ____A [EDB56D451300A3C06D09CDD5D7A1E7EA] () C:\Backup\Text\Dazzle Ship Scotland (2).txt
2016-08-25 15:01 - 2016-08-25 15:01 - 000001823 ____A [EDB56D451300A3C06D09CDD5D7A1E7EA] () C:\Backup\Text\Dazzle Ship Scotland.txt
2016-12-08 14:02 - 2016-12-08 14:02 - 000000128 ____A [76907F53294C98FD82C88D48E9A3E264] () C:\Backup\Text\dc10.txt
2016-08-05 10:51 - 2016-08-05 10:51 - 000000698 ____A [C00A8EBA9DC0F914CD86BFF93219C62F] () C:\Backup\Text\de Havilland Dove (2).txt
2016-08-05 10:51 - 2016-08-05 10:51 - 000000698 ____A [C00A8EBA9DC0F914CD86BFF93219C62F] () C:\Backup\Text\de Havilland Dove.txt
2016-08-05 10:53 - 2016-08-05 11:20 - 000000716 ____A [B2A0DAE08548D8FB0E30DCC35F3B1C39] () C:\Backup\Text\de Havilland Dragon (2).txt
2016-08-05 10:53 - 2016-08-05 11:20 - 000000716 ____A [B2A0DAE08548D8FB0E30DCC35F3B1C39] () C:\Backup\Text\de Havilland Dragon.txt
2016-10-15 20:47 - 2016-10-15 20:47 - 000124369 ____A [2837853FE32C5B3711013F4EA53859C8] () C:\Backup\Text\DESKTOP-RBI5RP6 (2).txt
2016-10-15 20:47 - 2016-10-15 20:47 - 000124369 ____A [2837853FE32C5B3711013F4EA53859C8] () C:\Backup\Text\DESKTOP-RBI5RP6.txt
2016-12-22 23:19 - 2016-12-23 15:28 - 000002591 ____A [D718BD00295FE64E757E37E7738B6737] () C:\Backup\Text\Door Bypassing techniques ME2.txt
2016-07-30 20:45 - 2016-07-30 20:45 - 000000152 ____A [89B1D0BA155575FFC574F6F76689AF6F] () C:\Backup\Text\Edinbugh Thistles.txt
2017-04-04 15:18 - 2017-04-04 15:33 - 000026110 ____A [8257429EF1F78DE1B039649C29DA35AC] () C:\Backup\Text\Edinburgh Free Stuff.odt
2016-10-19 13:00 - 2016-10-19 13:00 - 000021217 ____A [731D821DFB1E7DD51A2883EF687F8607] () C:\Backup\Text\Employment Agencies and Jobsearch Websites (2).docx
2016-10-19 13:00 - 2016-10-19 13:00 - 000021217 ____A [731D821DFB1E7DD51A2883EF687F8607] () C:\Backup\Text\Employment Agencies and Jobsearch Websites.docx
2016-05-20 14:32 - 2016-02-28 09:38 - 026082653 ____A [BBAFA4BAD7079F1D4556DD22E8475E84] () C:\Backup\Text\EOS_1200D_Instruction_Manual_EN.pdf
2016-05-14 01:44 - 2016-04-12 05:36 - 000000010 ____A [5353C327EE237A3B1332502DC415FF33] () C:\Backup\Text\Flicker.txt
2015-10-20 14:35 - 2015-10-20 14:35 - 000000547 ____A [9E96EE7E9B89983CEB254B5AAD120466] () C:\Backup\Text\Giraffe info.txt
2016-07-27 09:39 - 2015-12-13 07:03 - 000000947 ____A [9596902148134256997EEFE73C0C6B68] () C:\Backup\Text\Have you read me.txt
2015-10-20 14:35 - 2015-10-20 14:35 - 000000261 ____A [9751C909730E77A440E0256D3156B88A] () C:\Backup\Text\Holmes Info.txt
2016-07-11 14:18 - 2016-07-11 14:20 - 000004785 ____A [D9E50ECF70FE29D2A3EC13E17BC3EE0A] () C:\Backup\Text\How do I Install Far Cry 1 on a Windows Ten Pro 64 PC  _ Forums.txt
2017-01-17 19:33 - 2017-01-17 19:33 - 000005497 ____A [07DF8C02ADA4DAF2A16651C0654D122C] () C:\Backup\Text\How to Format USB Drives on Windows 10.txt
2016-08-11 13:28 - 2016-08-28 22:05 - 000003509 ____A [6DA648206C6AF3F7EE487E0FF148BA8B] () C:\Backup\Text\How to Make a Collage in Photoshop Elements 11 - For Dummies.txt
2015-10-20 14:35 - 2015-10-20 14:35 - 000001072 ____A [F41D13F2E0A61CCC3790904962D0CA39] () C:\Backup\Text\Hutton.txt
2016-07-30 20:43 - 2016-07-30 20:43 - 000001449 ____A [3C6C6F80893F4CB810DE4AF6A3975A64] () C:\Backup\Text\Ingliston House.txt
2016-05-20 14:31 - 2017-05-15 14:55 - 000000056 ____A [5D9F29BF94A09E475DA985FE03F6D9C3] () C:\Backup\Text\instagram u.n.txt
2017-04-14 13:25 - 2017-04-14 13:30 - 000000663 ____A [1A08988303C6A628BD5077B06AD1B9C6] () C:\Backup\Text\James Watt.txt
2017-04-04 22:08 - 2017-04-04 22:34 - 000018847 ____A [90DD60939DF4D1F019DE041DD6384A4B] () C:\Backup\Text\Jobs Emails.odt
2016-11-09 15:37 - 2016-11-08 15:13 - 000003346 ____A [39D1323DA869D87A39A968534E6F6684] () C:\Backup\Text\John Thompson's Goalkeeper Jersey (2).txt
2016-11-08 15:13 - 2016-11-08 15:13 - 000003346 ____A [39D1323DA869D87A39A968534E6F6684] () C:\Backup\Text\John Thompson's Goalkeeper Jersey.txt
2015-10-20 14:35 - 2015-10-20 14:35 - 000000281 ____A [7C1861EE65934518AE3C8D1E14E4E2C1] () C:\Backup\Text\Make a Watermark.txt
2017-04-16 21:46 - 2017-04-16 21:47 - 000000413 ____A [490B058697C5CA51139FA289DE9BC1EB] () C:\Backup\Text\Motorcycles.txt
2016-10-15 20:22 - 2016-10-15 20:22 - 000016835 ____A [DC11325CE22CC59EAA1003E0AC597E5F] () C:\Backup\Text\My PC Report (2).txt
2016-10-15 20:22 - 2016-10-15 20:22 - 000016835 ____A [DC11325CE22CC59EAA1003E0AC597E5F] () C:\Backup\Text\My PC Report.txt
2016-07-13 22:29 - 2016-10-19 10:03 - 000000696 ____A [274C589FB70091A9C1C4E85F044E9F32] () C:\Backup\Text\Notes (2).txt
2016-07-13 22:29 - 2016-10-19 10:03 - 000000696 ____A [274C589FB70091A9C1C4E85F044E9F32] () C:\Backup\Text\Notes.txt
2016-11-13 22:58 - 2016-12-05 13:37 - 000057744 ____A [143E5F30CF08105448A802922D2E9FE7] () C:\Backup\Text\PC Tweaks (Mass Effect 2) _ Mass Effect Wiki.txt
2016-05-14 01:46 - 2015-10-20 14:35 - 000001456 ____A [5BF741C65A340CC1E5A974C96ECA8E89] () C:\Backup\Text\Photoshop Elements Help _ Add a watermark to photos.txt
2015-10-20 14:35 - 2016-12-04 12:24 - 000000352 ____A [018E7219E339D983A70A8DF018BF94F0] () C:\Backup\Text\Plus Net - Router Settings (2).txt
2016-12-01 11:20 - 2016-12-04 10:18 - 000000209 ____A [C64DDFBF039010C1C5C29F442E7A046B] () C:\Backup\Text\Plus Net - Router Settings.txt
2015-10-20 14:35 - 2015-10-20 14:35 - 000000206 ____A [B6768F6CA372D4BB982B2F2103CFA170] () C:\Backup\Text\Plus Net - Router Settings_2.txt
2016-11-07 14:01 - 2016-11-07 14:01 - 000000096 ____A [14A334BCBACB321DA4B675788C7ACBF3] () C:\Backup\Text\QM Ferry.txt
2015-10-20 14:35 - 2015-10-20 14:35 - 000001225 ____A [B49AF575E91FC91A4206AD139F00EC67] () C:\Backup\Text\Ravenscraig Castle.txt
2016-07-27 09:50 - 2015-10-05 15:39 - 000001086 ____A [3FD18CE8EDD08D4CF53B30EB01960C4D] () C:\Backup\Text\Read Me First.txt
2016-09-29 16:54 - 2016-09-29 16:54 - 000010721 ____A [0DDCD14858277046FABD2339B9EA18F9] () C:\Backup\Text\readme_en-GB.txt
2016-07-13 22:33 - 2016-07-13 22:33 - 000017825 ____A [B2EFAC2C1A73804F7213AFAE11FE21FF] () C:\Backup\Text\SCOTVEC (2).odt
2016-07-13 22:33 - 2016-07-13 22:33 - 000017825 ____A [B2EFAC2C1A73804F7213AFAE11FE21FF] () C:\Backup\Text\SCOTVEC.odt
2017-04-18 12:20 - 2017-04-18 12:33 - 000001444 ____A [C64A1DA21BA8A993428EFA646D93DDF0] () C:\Backup\Text\Shared Autonomy - The Future of Interactive Robotics.txt
2017-04-06 13:57 - 2017-04-06 13:57 - 000020884 ____A [67972887775C07D3B3257DBCFB3C3CF9] () C:\Backup\Text\Shared Autonomy-The Future of Interactive Robotics.odt
2017-06-17 12:42 - 2017-06-17 12:42 - 000111052 ____A [16015B63EB2E52DDA037ACE6A2F85D6A] () C:\Backup\Text\Software List.txt
2016-03-08 23:32 - 2016-03-08 23:41 - 000002451 ____A [331793B709C33A9D8FAD1E5DCFC3E804] () C:\Backup\Text\Solved  Sim won't go to work - Answer HQ.txt
2016-07-13 21:55 - 2016-07-13 21:55 - 000014829 ____A [1F87158D119A356871BD6CE90989E86A] () C:\Backup\Text\Spec Letter - Email (2).odt
2016-07-13 21:55 - 2016-07-13 21:55 - 000014829 ____A [1F87158D119A356871BD6CE90989E86A] () C:\Backup\Text\Spec Letter - Email.odt
2016-08-21 21:41 - 2016-08-21 21:41 - 000000943 ____A [E1166372B782AA6462E74CFFFDF15284] () C:\Backup\Text\Splinter Cell Chaos Theory Cheats, Codes (2).txt
2016-08-21 21:41 - 2016-08-21 21:41 - 000000943 ____A [E1166372B782AA6462E74CFFFDF15284] () C:\Backup\Text\Splinter Cell Chaos Theory Cheats, Codes.txt
2015-10-20 14:35 - 2015-10-20 14:35 - 000002858 ____A [3C9F4F639CD6232C3D43FBB8AC18F718] () C:\Backup\Text\St Andrews Castle.txt
2015-10-20 14:35 - 2015-10-20 14:35 - 000002870 ____A [48F0859BDF6475F37244B0F037F7E474] () C:\Backup\Text\St Andrews Cathedral.txt
2015-10-20 14:35 - 2015-10-20 14:35 - 000002004 ____A [144002FBE1A621E22D9641DBBD1C054E] () C:\Backup\Text\Stanes Info.txt
2016-10-20 14:41 - 2016-10-20 14:42 - 000410038 ____A [99F99DEE8891E089CD81B4286F89B8A7] () C:\Backup\Text\Stronghold 2 FAQ for PC by bullet sword - GameFAQs.txt
2016-10-25 11:14 - 2016-10-25 11:14 - 000002891 ____A [F2D5F22A761E97D1B674CEA50DFBAA3B] () C:\Backup\Text\Stronghold 2 Heaven  Path of War, Chapter 2, Mission 3.TXT
2016-11-09 15:37 - 2016-11-04 23:27 - 000000611 ____A [35187B623BE1F6E735B3A19257A52A5A] () C:\Backup\Text\Sys Info (2).txt
2016-11-04 23:27 - 2016-11-04 23:27 - 000000611 ____A [35187B623BE1F6E735B3A19257A52A5A] () C:\Backup\Text\Sys Info.txt
2016-06-22 13:15 - 2016-07-09 15:31 - 000011919 ____A [BE066E5EF38F626B5AC42DD5A4F6FC4E] () C:\Backup\Text\Tags (2).odt
2016-06-08 14:25 - 2017-02-17 15:02 - 000000817 ____A [D39EAA2DD4DD4E61B539275233C2CCA1] () C:\Backup\Text\Tags (2).txt
2016-06-22 13:15 - 2016-07-09 15:31 - 000011919 ____A [BE066E5EF38F626B5AC42DD5A4F6FC4E] () C:\Backup\Text\Tags.odt
2016-06-08 14:25 - 2016-11-10 16:04 - 000000781 ____A [D2FB78C15A6B8CE59B1C39ACDD1C3A47] () C:\Backup\Text\Tags.txt
2016-09-04 15:27 - 2016-09-04 15:27 - 000016220 ____A [6E14250F343A8FC8779E8BB54497DF07] () C:\Backup\Text\TCSCCT (2).txt
2016-09-04 15:27 - 2016-09-04 15:27 - 000016220 ____A [6E14250F343A8FC8779E8BB54497DF07] () C:\Backup\Text\TCSCCT.txt
2017-04-16 21:36 - 2017-04-16 21:36 - 000000549 ____A [D56FBAE763D9AC6407304D4481B38802] () C:\Backup\Text\The Argyll Factory.txt
2016-06-16 19:35 - 2016-06-17 13:58 - 001066304 ____A [61BB3224FCC6F5E0CB1FD8026050ED49] () C:\Backup\Text\The Dambusters (2).odt
2016-06-16 19:35 - 2016-06-17 13:58 - 001066304 ____A [61BB3224FCC6F5E0CB1FD8026050ED49] () C:\Backup\Text\The Dambusters.odt
2016-11-03 12:39 - 2016-11-09 15:30 - 000001567 ____A [05C2B0E94561CCB7C8A5BE5E779E365D] () C:\Backup\Text\The Murder of William Douglas (2).txt
2016-11-03 12:39 - 2016-11-25 15:09 - 000001767 ____A [341D94E7CC81F3F6B650EACDC50876F2] () C:\Backup\Text\The Murder of William Douglas.txt
2016-08-29 14:21 - 2017-01-05 00:25 - 000000961 ____A [F1C9BF9372E76DC9615BFF067E609D1E] () C:\Backup\Text\The Royal Scots Greys Monument (2).txt
2016-08-29 14:21 - 2016-11-09 15:17 - 000000675 ____A [11448923F290060C48DAD30DB3C741A4] () C:\Backup\Text\The Royal Scots Greys Monument.txt
2016-08-29 14:17 - 2016-08-29 14:17 - 000002920 ____A [B850AE51BB36A6036BB3E43D446D8A53] () C:\Backup\Text\The Vintage Mobile Cinema (2).txt
2016-08-29 14:17 - 2016-08-29 14:17 - 000002920 ____A [B850AE51BB36A6036BB3E43D446D8A53] () C:\Backup\Text\The Vintage Mobile Cinema.txt
2016-08-04 14:10 - 2016-08-04 14:13 - 000215619 ____A [0606DF4128BA951FB4CB03D194D1D2ED] () C:\Backup\Text\Tom Clancy's Splinter Cell  Chaos Theory - VampireHorde.txt
2016-07-22 00:42 - 2016-07-31 19:04 - 000174419 ____A [DF5E2F629C70987941CFC3899244EF81] () C:\Backup\Text\Tom Clancy's Splinter Cell FAQ_Walkthrough for PC.txt
2017-03-21 15:11 - 2017-03-21 15:12 - 000018527 ____A [FC51500C3CBDB9AADDA0AFB5B9312EED] () C:\Backup\Text\unemployed-cover-letter-template_1.odt
2017-04-16 11:55 - 2017-04-16 11:55 - 000014560 ____A [703723144AD7693AFCB8D98701748348] () C:\Backup\Text\Untitled 1.odt
2017-04-12 23:30 - 2017-04-25 16:06 - 000001299 ____A [AE60E11331A4EE34B86BF63246AD1CAE] () C:\Backup\Text\Welcome to Guerrilla Mail.txt
2016-08-01 15:36 - 2015-06-15 17:35 - 000008102 ____A [5FE14BE5CFDA53C88015CFBC94CAE6EA] () C:\Backup\Text\WinDlg.txt
2016-05-20 14:33 - 2015-10-29 06:39 - 000001625 ____A [4B57D76233BDADD5B063DC74407981F5] () C:\Backup\Text\WordNet_license.txt

====== End of Folder: ======


The system needed a reboot.

==== End of Fixlog 14:19:29 ====



#7 JD2015

JD2015
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 03 December 2017 - 09:46 AM

Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by My PC (03-12-2017 14:39:48)
Running from C:\Users\My PC\Desktop
Boot Mode: Normal

================== Search Files: "OFCommon.dll" =============

C:\AdwCleaner\quarantine\1xVPfvJcrg\OFCommon.dll
[2017-09-13 10:03][2016-11-10 15:17] 000895776 _____ (IObit) 68017BE79D2E4409802671197CDBEAA8 [File is digitally signed]


====== End of Search ======



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,142 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:23 PM

Posted 03 December 2017 - 04:47 PM

Did you happen to run the Fixlist twice?

That C:\Program Files (x86)\Utils\Advanced SystemCare\OFCommon.dll detection is a false positive. You can add an exclusion to Kaspersky.

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Run Fixlist twice?
  • ESET log
  • Security Analysis log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,142 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:23 PM

Posted 06 December 2017 - 10:48 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 JD2015

JD2015
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 07 December 2017 - 09:24 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.

  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

 

 



#11 JD2015

JD2015
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 07 December 2017 - 09:38 AM

"That C:\Program Files (x86)\Utils\Advanced SystemCare\OFCommon.dll detection is a false positive. You can add an exclusion to Kaspersky". I can't as it says it cant be found and it only does EXE files. I might have run the Fixlist twice.

 

 

Sorry i was unable to connect to download the ESET Prog. I will post results after it has done its scan.



#12 JD2015

JD2015
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 08 December 2017 - 05:18 PM

I think i might have run Fixlist twice.

 

ESET Log

 

C:\AdwCleaner\quarantine\files\jptyrumrcdeafasaxsdpwmovyizkvzbb\Browser Care\Setup\SetupCustom.dll    a variant of Win32/Auslogics.K potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\Utils\Cheat Engine 6.6\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\Utils\Disk Defrag\Setup\SetupCustom.dll    a variant of Win32/Auslogics.J potentially unwanted application    cleaned by deleting

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 4th December, 2017
Running from:C:\Users\My PC\Desktop (22:13:04 - 12/08/2017)
***---------------------------------------------------------***
Microsoft Windows 10 Pro X64
UAC is Enabled
Internet Explorer 11
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (27.0.0.187)
Malwarebytes (3.1.2.1733) ==> is out of Date
Mozilla Firefox (57.0.1)
Windows Live Essentials (16.4.3528.0331) ==> is no longer supported

***----------------Analysis Complete-------------------------***
 

I have problems with Firefox not responding and also task manager not responding sometimes. But the Task Manager stuff was before this. I still think i might need to do a clean Windows reinstall.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,142 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:23 PM

Posted 08 December 2017 - 08:21 PM

Greetings.

Are you planning on reinstalling the operating system now?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 JD2015

JD2015
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 09 December 2017 - 08:56 AM

I would rather wait for now as i need the PC for Job hunting etc at the moment. My Nephew though has got me a new Motherboard so i wil have to do a reinstall at some point lol.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,142 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:23 PM

Posted 09 December 2017 - 09:00 AM

OK, then let's continue on.

Can you tell me if Internet Explorer works OK? Other than the browser and Task Manager does your computer appear to hang?

Please do this.

===================================================

Running Firefox in Browser Safe Mode
  • Launch Firefox normally
  • Click Help, then Troubleshooting information
  • Click Restart with Add-ons Disabled...
  • Click Restart
  • Click Start in Safe Mode
  • Check the browser performance and report the results in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Firefox

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users