Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CARD CLONING


  • This topic is locked This topic is locked
8 replies to this topic

#1 ron101

ron101

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 03 April 2018 - 04:41 AM

Hi,
I'm suffering credit card loss to hackers over the last 2 years. I disabled so i don't go out at all so all my transactions are online. Ive been thinking of all the programs that Ive sign up to over the years, probably 1000 - 2000 sites including porn sites or more. WHAT can i do to get rid of them? Ive thought about changing my email address, but i don't think that will work. Which i have had for twenty years of more. Ive got more than 1 password but only about 10Pw. Ive got 10 email address but i usually use this one. Ive got KASPERSKY total Internet security, and Malwarebytes both paid for and had them for years. Ive keep one facebook account which is a private account. Don't use twitter or any one like that. Ive got DASHLANE AND KEEPASS.
Ive tried several anti virus and such like and they all seem clean. With that and the way i live, makes me think it can only come from some body is cloning my card. Latest card came to me on THURSDAY and by Tuesday they had cloned it again 4 days and i had only used it with TESCO'S. Other than that i just do not no.


Edited by ron101, 03 April 2018 - 05:03 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,668 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 PM

Posted 08 April 2018 - 04:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/674715 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,346 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 14 April 2018 - 12:15 PM

Hello ron101,

My name is King_Yoshi and I will be helping you today.

If at any point you have any comments, questions or concerns, please do not hesitate to post them.

Allow me some time to review your post.

In the meantime please review the following rules.

Basic Rules:

1. First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts.
Please try to match our commitment to you with your patience toward us.
I try to reply as soon as possible. (Typically every 24-48 hours.)

2. Please do not run any tools or take any steps other than those I provide for you.
I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take.
If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.

3. Please perform all steps in the order they are listed, in each set of instructions. Some steps may be a bit complicated.
If things are not clear, be sure to stop and let me know.

4. Please copy and paste all logs into your post, unless directed otherwise.
Please do not re-run any programs I suggest.
If you encounter problems simply stop and tell me.

5. When you post your reply, use the 2ni7laq.jpg button.

6. In the upper right hand corner of the topic you will see the 15n7fnk.jpg button.
Please click on this then choose "Immediate E-Mail notification" and then "Proceed" and you will be sent an email once I have posted a response.

7. If you do not reply to your topic after 3 days I will bump the post. After 5 days of no reply we will assume it has been abandoned and I will close it.

8. When your computer is clean I will alert you of such.
I will also provide for you detailed information about how you can prevent and combat future infections.



#4 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,346 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 16 April 2018 - 07:33 PM

Lets begin by seeing if your computer is infected.
Kindly follow the directions posted by logbot, above, and include the "FRST" logs in your next post.
 

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link
  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


#5 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,346 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 21 April 2018 - 04:15 PM

Hello ron101,

Are you still with us?
It has been 5 days since I last posted, and have not had a response from yourself.
Kindly respond to this topic in two days.
Otherwise I will have to consider it abandoned, at which point it will be locked.



#6 ron101

ron101
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 22 April 2018 - 01:20 AM

ivebin away, sorry,

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018
Ran by Ron (administrator) on RON-PC (17-04-2018 14:33:46)
Running from C:\Users\Ron\Desktop
Loaded Profiles: Ron (Available Profiles: Ron)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\PureVPN\PureVPNService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(johnsadventures.com) H:\John's Background Switcher\BackgroundSwitcher.exe
() C:\Program Files\Ditto\Ditto.exe
(DonationCoder.com) C:\Program Files (x86)\Clipboard Help+Spell\ClipboardHelpAndSpell.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Dashlane, Inc.) C:\Users\Ron\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Dashlane, Inc.) C:\Users\Ron\AppData\Roaming\Dashlane\Dashlane.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Bartels Media GmbH) G:\Dropbox\Phrase Express\PhraseExpress\phraseexpress.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(FastStone Soft) C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Zhorn Software) H:\stickies\stickies.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) G:\Dropbox\THUNDERBIRD\thunderbird.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1234064 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-04-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [1668200 2018-02-09] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1636669792-4238468484-3558046857-1001\...\Run: [BackgroundSwitcher] => H:\John's Background Switcher\BackgroundSwitcher.exe [121688 2017-09-08] (johnsadventures.com)
HKU\S-1-5-21-1636669792-4238468484-3558046857-1001\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [2791424 2017-01-29] ()
HKU\S-1-5-21-1636669792-4238468484-3558046857-1001\...\Run: [Clipboard Help+Spell] => C:\Program Files (x86)\Clipboard Help+Spell\ClipboardHelpAndSpell.exe [13397776 2017-04-25] (DonationCoder.com)
HKU\S-1-5-21-1636669792-4238468484-3558046857-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [50097088 2018-04-09] (Skype Technologies S.A.)
HKU\S-1-5-21-1636669792-4238468484-3558046857-1001\...\Run: [DashlanePlugin] => C:\Users\Ron\AppData\Roaming\Dashlane\DashlanePlugin.exe [504784 2018-03-28] (Dashlane, Inc.)
HKU\S-1-5-21-1636669792-4238468484-3558046857-1001\...\Run: [Dashlane] => C:\Users\Ron\AppData\Roaming\Dashlane\Dashlane.exe [456656 2018-03-28] (Dashlane, Inc.)
HKU\S-1-5-21-1636669792-4238468484-3558046857-1001\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1636669792-4238468484-3558046857-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-1636669792-4238468484-3558046857-1001\...\MountPoints2: {7d77b818-dfd4-11e7-88c9-00acc7375d92} - P:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk [2018-03-23]
ShortcutTarget: PhraseExpress.lnk -> G:\Dropbox\Phrase Express\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-07-12]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk [2018-04-08]
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe (FastStone Soft)
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2017-07-16]
ShortcutTarget: Stickies.lnk -> H:\stickies\stickies.exe (Zhorn Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{3E1D29EB-4838-451B-83E0-C442BEE8F014}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{51158321-D19E-46E0-A46B-232066BFD6E2}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{66929C29-D4B3-4124-8FA5-797E0776CE5C}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1636669792-4238468484-3558046857-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL => No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll => No File
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2018-03-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL => No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL No File

FireFox:
========
FF DefaultProfile: ko3h12t0.default-1523089079494
FF DefaultProfile: ron101@ntlworld.com
FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\ko3h12t0.default-1523089079494 [2018-04-17]
FF Session Restore: Mozilla\Firefox\Profiles\ko3h12t0.default-1523089079494 -> is enabled.
FF NewTabOverride: Mozilla\Firefox\Profiles\ko3h12t0.default-1523089079494 -> Disabled: admin@fastaddons.com_GroupSpeedDial
FF Extension: (Grammarly for Firefox) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\ko3h12t0.default-1523089079494\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-04-16]
FF Extension: (PureVPN Proxy - Free VPN to Unblock with Privacy) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\ko3h12t0.default-1523089079494\Extensions\enquiry@purevpn.com.xpi [2018-04-12]
FF Extension: (Extension List Dumper 2) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\ko3h12t0.default-1523089079494\Extensions\extension_list_dumper_2@iceberg.it.xpi [2018-04-07] [Legacy]
FF Extension: (Official My JDownloader AddOn) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\ko3h12t0.default-1523089079494\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2018-04-07] [Legacy]
FF Extension: (Auto-Sort Bookmarks) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\ko3h12t0.default-1523089079494\Extensions\sortbookmarks@bouanto.xpi [2018-04-07]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\ko3h12t0.default-1523089079494\Extensions\support@lastpass.com.xpi [2018-04-14]
FF Extension: (Thumbnail Zoom Plus) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\ko3h12t0.default-1523089079494\Extensions\thumbnailZoom@dadler.github.com.xpi [2018-04-07] [Legacy]
FF Extension: (Download with JDownloader) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\ko3h12t0.default-1523089079494\Extensions\{03e07985-30b0-4ae0-8b3e-0c7519b9bdf6}.xpi [2018-04-07]
FF Extension: (__MSG_appName__) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\ko3h12t0.default-1523089079494\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2018-04-07]
FF Extension: (Bookmark Manager and Viewer) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\ko3h12t0.default-1523089079494\Extensions\{beb1b1c0-32b9-47d8-bbd1-f65bed4e7c22}.xpi [2018-04-07]
FF Extension: (Adblock Plus) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\ko3h12t0.default-1523089079494\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-04-07]
FF Extension: (Evernote Web Clipper) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\ko3h12t0.default-1523089079494\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2018-04-07]
FF Extension: (QuickJava) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\ko3h12t0.default-1523089079494\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2018-04-07] [Legacy]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\ko3h12t0.default-1523089079494\features\{80b3ae00-104e-4af9-9691-e553f3c0bfaf}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-07] [Legacy]
FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359 [2018-04-08]
FF Session Restore: Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359 -> is enabled.
FF NewTabOverride: Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359 -> Disabled: jid1-ZAdIEUB7XOzOJw@jetpack
FF Extension: (Group Speed Dial) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\Extensions\admin@fastaddons.com_GroupSpeedDial.xpi [2018-04-07]
FF Extension: (PureVPN Proxy - Free VPN to Unblock with Privacy) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\Extensions\enquiry@purevpn.com.xpi [2018-04-07]
FF Extension: (Extension List Dumper 2) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\Extensions\extension_list_dumper_2@iceberg.it.xpi [2018-04-07] [Legacy]
FF Extension: (Pushbullet) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2018-04-07]
FF Extension: (Official My JDownloader AddOn) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2018-04-07] [Legacy]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2018-04-07]
FF Extension: (Auto-Sort Bookmarks) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\Extensions\sortbookmarks@bouanto.xpi [2018-04-07]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\Extensions\support@lastpass.com.xpi [2018-04-07]
FF Extension: (Thumbnail Zoom Plus) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\Extensions\thumbnailZoom@dadler.github.com.xpi [2018-04-07] [Legacy]
FF Extension: (Download with JDownloader) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\Extensions\{03e07985-30b0-4ae0-8b3e-0c7519b9bdf6}.xpi [2018-04-07]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\Extensions\{479f0278-2c34-4365-b9f0-1d328d0f0a40}.xpi [2018-04-07]
FF Extension: (NoScript) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-04-07]
FF Extension: (__MSG_appName__) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2018-04-07]
FF Extension: (Bookmark Manager and Viewer) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\Extensions\{beb1b1c0-32b9-47d8-bbd1-f65bed4e7c22}.xpi [2018-04-07]
FF Extension: (Adblock Plus) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-04-07]
FF Extension: (Evernote Web Clipper) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2018-04-07]
FF Extension: (QuickJava) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2018-04-07] [Legacy]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\d32nfozo.default-1523104185933-1523105472359\features\{dec6c41d-7957-4550-bf66-d3871009ddb5}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-07] [Legacy]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-02-21]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-04-09] [Legacy] [not signed]
FF HKU\S-1-5-21-1636669792-4238468484-3558046857-1001\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\Ron\AppData\Roaming\Dashlane\5.10.0.18444\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}
FF Extension: (No Name) - C:\Users\Ron\AppData\Roaming\Dashlane\5.10.0.18444\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2018-03-28] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-06-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-06-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/chrome/?installdataindex=nosearch&brand=CHIK&hl=en-GB&utm_campaign=en-GB&utm_source=en-GB-oa-emea-uk-pt-ChromeFastEMEAQ2&utm_medium=oa&site=1060702","hxxp://isearch.avg.com/?cid={16549115-F702-4F3A-A3A5-ABB55622ED8D}&mid=e9cb0e74fa8f47d08cc2d15171e57916-e37f5996882dba944e1831c4eebff8a1e11a3666&lang=en&ds=ts022&pr=sa&d=2012-07-02 19:37:42&v=11.1.0.12&sap=hp","hxxp://uk.yahoo.com?fr=fpc-comodo","hxxp://www.google.com","hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default [2018-04-17]
CHR Extension: (Google Translate) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-10-27]
CHR Extension: (Slides) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-27]
CHR Extension: (Entanglement Web App) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2017-07-20]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2017-07-27]
CHR Extension: (Docs) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-27]
CHR Extension: (Google Drive) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2017-07-20]
CHR Extension: (YouTube) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-13]
CHR Extension: (Adblock Plus) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-27]
CHR Extension: (Image Downloader) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2018-03-20]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-07-20]
CHR Extension: (Google Calendar) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-07-20]
CHR Extension: (Dashlane - Password Manager) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2018-03-07]
CHR Extension: (Sheets) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-27]
CHR Extension: (Kaspersky Protection) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-07-13]
CHR Extension: (HTTPS Everywhere) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2018-04-12]
CHR Extension: (Wiind: Send Video emails) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghagamkhlpebkolppioioanjdjkhjgko [2018-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-15]
CHR Extension: (Google Calendar) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2018-04-07]
CHR Extension: (Voice Recognition) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2017-07-20]
CHR Extension: (uSelect iDownload) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc [2017-07-20]
CHR Extension: (JDownloader Integration for Google Chrome™) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\laeghehalempfenbefbjbhccjcoakpmm [2017-07-20]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-11-14]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2018-04-04]
CHR Extension: (Clean Google Calendar) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\magodclodecbbnbdfpmoehfdddkhlfmm [2017-07-20]
CHR Extension: (Poppit!) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2017-07-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Evernote Web Clipper) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2018-04-15]
CHR Extension: (Gmail) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-13]
CHR Extension: (Chrome Media Router) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-13]
CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-08]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-1636669792-4238468484-3558046857-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-03-13] (Microsoft Corporation)
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-12] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-12] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-04-12] (Dropbox, Inc.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-10-29] (Foxit Software Inc.)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S3 OpenVpnService; C:\Program Files (x86)\PureVPN\bin\openvpnserv2.exe [15872 2016-11-25] ( ) [File not signed]
R2 PureVPNService; C:\Program Files (x86)\PureVPN\PureVPNService.exe [28672 2018-02-22] () [File not signed]
S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
S2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [195288 2017-10-27] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [348376 2017-10-27] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1040584 2018-02-21] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57024 2018-02-21] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [135904 2017-03-29] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199640 2017-07-24] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-06] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-17] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-04-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-17] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-17] (Malwarebytes)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\neo_vpn.sys [29744 2016-12-20] (PureVPN)
R2 npf; C:\Windows\System32\drivers\npf.sys [40464 2009-02-08] (CACE Technologies)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [340992 2007-12-26] (NETGEAR Inc.)
S3 rtl8192U; C:\Windows\System32\DRIVERS\rtl8192U.sys [1631264 2010-04-13] (Realtek Semiconductor Corporation )
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-03] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S0 mvs91xx; system32\DRIVERS\mvs91xx.sys [X]
S3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-17 14:33 - 2018-04-17 14:34 - 000032914 _____ C:\Users\Ron\Desktop\FRST.txt
2018-04-17 14:32 - 2018-04-17 14:32 - 002403328 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe
2018-04-17 08:53 - 2018-04-17 08:53 - 003758120 _____ (Paramount Software UK Ltd) C:\Users\Ron\Desktop\ReflectDLHF.exe
2018-04-16 19:23 - 2018-04-16 19:23 - 000048986 _____ C:\Users\Ron\Desktop\sponsorship-form_12.pdf
2018-04-16 19:20 - 2018-04-16 19:21 - 050848824 _____ (Grammarly) C:\Users\Ron\Desktop\GrammarlySetup.exe
2018-04-16 11:38 - 2018-01-30 13:19 - 000027136 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2018-04-13 18:21 - 2018-04-14 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Overlook Fing
2018-04-13 18:21 - 2018-04-13 18:21 - 000000000 ____D C:\Program Files (x86)\WinPcap
2018-04-13 17:14 - 2018-04-13 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-04-13 12:12 - 2018-04-13 12:12 - 000016560 _____ C:\Users\Ron\Desktop\Timesheet - 277.PDF
2018-04-12 18:50 - 2018-04-12 18:50 - 030959481 _____ C:\Users\Ron\Downloads\Money talks - Picking up Filipina from a shopping mall - CheapAsianTeens.com.mp4
2018-04-12 09:24 - 2018-04-12 09:24 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-04-12 09:24 - 2018-04-12 09:24 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-04-12 09:24 - 2018-04-12 09:24 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-04-12 09:24 - 2018-04-12 09:24 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-04-11 17:05 - 2018-04-11 17:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2018-04-10 07:19 - 2018-04-17 14:05 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-09 11:00 - 2018-04-09 11:00 - 000000000 ____D C:\Users\Public\Documents\Logishrd
2018-04-09 11:00 - 2018-04-09 11:00 - 000000000 ____D C:\ProgramData\Logitech
2018-04-09 10:58 - 2018-04-09 10:58 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2018-04-09 10:58 - 2018-04-09 10:58 - 000000000 ____D C:\Program Files\Logitech
2018-04-09 10:57 - 2018-04-09 11:00 - 000000000 ____D C:\Users\Ron\AppData\Roaming\Logitech
2018-04-09 10:57 - 2018-04-09 10:57 - 000000000 ____D C:\Users\Ron\AppData\Roaming\Logishrd
2018-04-09 10:39 - 2018-04-09 10:39 - 000001631 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2018-04-08 08:18 - 2018-04-08 08:19 - 019562334 _____ C:\Users\Ron\Downloads\Jhen Uses Her Asian Lips To Please A White Dick.mp4
2018-04-06 08:12 - 2018-04-17 14:05 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-06 08:12 - 2018-04-17 14:05 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-06 08:12 - 2018-04-17 14:05 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-06 08:12 - 2018-04-06 08:12 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-04-06 08:12 - 2018-04-06 08:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-05 10:36 - 2018-04-05 11:08 - 000000028 _____ C:\Users\Ron\AppData\Roaming\stsetting.ini
2018-04-05 10:28 - 2018-04-09 09:14 - 000000873 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-04-05 10:28 - 2018-04-05 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-04-05 10:28 - 2018-04-05 10:28 - 000000000 ____D C:\Program Files\CCleaner
2018-04-05 10:26 - 2018-04-05 10:31 - 000000000 ____D C:\Users\Ron\AppData\Local\CrashDumps
2018-04-04 19:10 - 2018-04-04 19:10 - 000000000 ____D C:\Users\Ron\AppData\Roaming\LibreOffice
2018-04-04 19:09 - 2018-04-04 19:09 - 000001444 _____ C:\Users\Public\Desktop\LibreOffice 6.0.lnk
2018-04-04 19:09 - 2018-04-04 19:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.0
2018-04-04 19:08 - 2018-04-04 19:09 - 000000000 ____D C:\Program Files\LibreOffice
2018-04-04 08:47 - 2018-04-04 08:47 - 000000000 ____D C:\Program Files (x86)\Messenger for Desktop
2018-04-04 08:44 - 2018-04-04 08:48 - 000000000 ____D C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MessengerForDesktop.com
2018-04-04 08:43 - 2018-04-04 08:44 - 000000000 ____D C:\Users\Ron\AppData\Local\SquirrelTemp
2018-04-04 08:38 - 2018-04-04 08:38 - 029425536 _____ C:\Users\Ron\Downloads\MessengerSetup_1-4-3 (2).exe
2018-04-04 08:37 - 2018-04-04 08:37 - 029425536 _____ C:\Users\Ron\Downloads\MessengerSetup_1-4-3 (1).exe
2018-04-03 08:10 - 2018-04-03 08:10 - 000000058 _____ C:\Users\Ron\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2018-04-02 14:25 - 2018-04-02 14:25 - 000001274 _____ C:\Users\Ron\Desktop\films - Shortcut.lnk
2018-04-01 16:29 - 2018-04-01 16:29 - 000000000 ____D C:\Users\Ron\AppData\Roaming\LockHunter
2018-04-01 16:29 - 2018-04-01 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2018-04-01 16:29 - 2018-04-01 16:29 - 000000000 ____D C:\Program Files\LockHunter
2018-03-30 13:58 - 2018-03-30 13:58 - 000000974 _____ C:\Users\Public\Desktop\PWGen.lnk
2018-03-30 13:58 - 2018-03-30 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PWGen
2018-03-30 13:58 - 2018-03-30 13:58 - 000000000 ____D C:\Program Files (x86)\PWGen
2018-03-29 19:40 - 2018-03-29 19:40 - 000262459 _____ C:\Users\Ron\Desktop\xmarks-bookmarks-2018-03-29.html
2018-03-29 11:53 - 2018-03-29 11:53 - 000000000 ____D C:\Users\Ron\Documents\Freemake
2018-03-29 10:05 - 2018-04-04 07:02 - 000000000 ____D C:\Users\Ron\Documents\Picosmos
2018-03-29 09:50 - 2018-03-29 09:50 - 000000000 ____D C:\Users\Ron\AppData\Local\fontconfig
2018-03-29 09:49 - 2018-03-29 09:49 - 000001078 _____ C:\Users\Ron\Desktop\Format Factory.lnk
2018-03-29 09:49 - 2018-03-29 09:49 - 000000000 ____D C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2018-03-29 09:49 - 2018-03-29 09:49 - 000000000 ____D C:\Program Files (x86)\FormatFactory
2018-03-29 09:34 - 2018-03-29 09:34 - 000000000 ____D C:\ProgramData\Freemake
2018-03-29 07:28 - 2018-04-17 14:33 - 000000000 ____D C:\FRST
2018-03-28 17:27 - 2018-03-28 17:27 - 000000000 ____D C:\Users\Ron\AppData\Roaming\Google
2018-03-27 18:22 - 2018-04-09 09:14 - 000001918 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-27 18:22 - 2018-03-27 18:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-27 18:22 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-27 18:10 - 2018-03-27 18:10 - 008222496 _____ (Malwarebytes) C:\Users\Ron\Desktop\adwcleaner_7.0.8.0.exe
2018-03-26 11:35 - 2018-03-26 11:35 - 000000000 ____D C:\Users\Ron\AppData\Roaming\Jumping Bytes
2018-03-26 11:32 - 2018-03-26 12:43 - 000001299 _____ C:\Users\Public\Desktop\Wise Program Uninstaller.lnk
2018-03-26 11:32 - 2018-03-26 12:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Program Uninstaller
2018-03-26 11:32 - 2018-03-26 11:34 - 000000000 ____D C:\Users\Ron\AppData\Roaming\Wise Uninstaller
2018-03-26 11:32 - 2018-03-26 11:32 - 000000000 ____D C:\Program Files (x86)\Wise
2018-03-25 15:36 - 2018-03-26 07:12 - 000000000 ____D C:\Program Files (x86)\JAM Software
2018-03-25 15:36 - 2018-03-25 15:59 - 000000000 ____D C:\Users\Ron\AppData\Roaming\JAM Software
2018-03-22 20:19 - 2018-03-22 20:22 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-22 20:19 - 2018-03-22 20:19 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-03-22 20:01 - 2018-03-22 20:01 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-03-22 19:53 - 2018-03-22 19:53 - 000000000 ____D C:\Users\Ron\Documents\OneNote-Notizbücher
2018-03-22 19:31 - 2018-03-22 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2018-03-22 19:30 - 2018-03-22 19:30 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2018-03-20 16:20 - 2018-03-20 16:20 - 000000000 ____D C:\Users\Ron\Desktop\apps64
2018-03-20 16:20 - 2018-03-01 09:43 - 004144128 _____ (Jacek Pazera) C:\Users\Ron\Desktop\FreeAudioVideoPack64.exe
2018-03-20 13:35 - 2018-03-23 16:10 - 000000000 ____D C:\Users\Ron\AppData\Roaming\Anvsoft
2018-03-20 13:31 - 2018-03-24 21:12 - 000000000 ____D C:\Program Files (x86)\Anvsoft
2018-03-19 16:17 - 2018-03-19 16:17 - 000002122 _____ C:\Users\Ron\Desktop\IJ Scan Utility.lnk
2018-03-19 14:45 - 2018-03-19 14:45 - 000000480 _____ C:\Users\Ron\Desktop\SPARE BACKUP 1 (F) - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-17 14:31 - 2017-08-15 11:25 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-04-17 14:28 - 2017-07-12 09:23 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-04-17 14:23 - 2017-07-12 08:49 - 000000000 ____D C:\Users\Ron\AppData\LocalLow\Mozilla
2018-04-17 14:23 - 2009-07-14 05:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-17 14:23 - 2009-07-14 05:45 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-17 14:21 - 2017-08-30 11:33 - 000000000 ____D C:\Users\Ron\AppData\Roaming\Ditto
2018-04-17 14:17 - 2017-07-12 09:03 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-04-17 14:16 - 2017-07-16 11:36 - 000000000 ____D C:\Users\Ron\AppData\Roaming\stickies
2018-04-17 14:08 - 2017-11-27 11:30 - 000000000 ____D C:\Program Files (x86)\Clipboard Help+Spell
2018-04-17 14:05 - 2017-07-12 09:23 - 000000898 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-04-17 14:05 - 2017-07-12 08:55 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-17 14:05 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-17 14:04 - 2018-01-22 10:08 - 000000000 ____D C:\Users\Ron\Documents\PhraseExpress
2018-04-17 14:04 - 2017-07-12 13:00 - 000000000 ____D C:\Users\Ron\AppData\Local\Everything
2018-04-17 14:04 - 2017-07-12 12:46 - 000000000 ____D C:\Users\Ron\AppData\Roaming\Everything
2018-04-16 19:25 - 2017-07-26 20:46 - 000000000 ____D C:\Users\Ron\AppData\Roaming\Foxit Software
2018-04-16 11:39 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-04-16 11:28 - 2017-07-20 15:15 - 000000000 ____D C:\ProgramData\purevpn
2018-04-14 19:08 - 2017-07-28 13:39 - 000000000 ____D C:\Users\Ron\Desktop\TIMESHEET
2018-04-13 17:14 - 2017-07-12 09:23 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-04-13 07:23 - 2018-03-08 08:15 - 000001317 _____ C:\Users\Public\Desktop\Skype.lnk
2018-04-13 07:23 - 2018-01-16 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-04-12 19:01 - 2018-01-22 10:08 - 000000000 ____D C:\Users\Ron\AppData\Roaming\PhraseExpress
2018-04-09 10:59 - 2017-07-14 06:44 - 000000000 ____D C:\ProgramData\LogiShrd
2018-04-09 10:59 - 2017-07-14 06:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2018-04-09 10:59 - 2017-07-13 07:04 - 000000000 ____D C:\Program Files\Common Files\logishrd
2018-04-08 09:35 - 2017-07-12 14:21 - 000000000 ____D C:\Users\Ron\AppData\Roaming\MPC-HC
2018-04-07 07:24 - 2009-07-14 06:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-05 10:28 - 2017-12-21 10:13 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-04-05 07:08 - 2018-03-03 16:55 - 000150352 _____ C:\Users\Ron\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-05 07:07 - 2018-03-04 08:12 - 000586496 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-05 07:07 - 2017-11-18 14:20 - 000000000 ____D C:\Users\Ron\AppData\Local\Messenger
2018-04-04 19:29 - 2018-02-24 15:32 - 000000000 ____D C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2018-04-04 19:29 - 2018-02-24 15:32 - 000000000 ____D C:\Users\Ron\AppData\Roaming\Dashlane
2018-04-04 15:40 - 2017-10-27 15:51 - 000001163 _____ C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Messenger.lnk
2018-04-04 08:47 - 2017-10-27 15:51 - 000001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Messenger for Desktop.lnk
2018-04-04 08:47 - 2017-10-27 15:51 - 000001126 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Messenger.lnk
2018-04-04 08:47 - 2017-10-27 15:51 - 000001114 _____ C:\Users\Ron\Desktop\Messenger.lnk
2018-04-04 08:34 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2018-04-03 10:29 - 2017-08-16 08:47 - 000000000 ____D C:\AdwCleaner
2018-04-03 08:10 - 2017-11-27 11:30 - 000000000 ____D C:\Users\Ron\Documents\DonationCoder
2018-04-02 14:10 - 2017-12-19 19:27 - 000000000 ____D C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2018-03-30 13:58 - 2017-07-12 08:44 - 000000000 ____D C:\Users\Ron\AppData\Local\VirtualStore
2018-03-29 09:47 - 2018-02-20 17:19 - 000000000 ____D C:\Program Files (x86)\WonderFox Soft
2018-03-29 09:35 - 2018-02-20 17:19 - 000000000 ____D C:\Users\Ron\Documents\WonderFox Soft
2018-03-27 18:22 - 2018-03-15 16:13 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-27 18:13 - 2017-07-12 08:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-27 10:39 - 2017-12-04 21:27 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-26 07:18 - 2017-10-27 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2018-03-25 15:58 - 2017-07-12 08:44 - 000000000 ____D C:\Users\Ron
2018-03-25 15:04 - 2018-02-09 08:46 - 000000000 ____D C:\Users\Ron\Desktop\E.ON
2018-03-24 21:12 - 2018-03-09 10:54 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software
2018-03-24 21:12 - 2018-03-09 10:54 - 000000000 ____D C:\ProgramData\NCH Software
2018-03-23 15:00 - 2018-01-27 16:34 - 000000843 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhraseExpress.lnk
2018-03-23 14:50 - 2017-07-13 16:10 - 000002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-22 20:22 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-03-22 19:37 - 2017-10-28 07:34 - 000000000 ____D C:\Users\Ron\AppData\Roaming\Skype
2018-03-21 20:26 - 2017-07-13 16:10 - 000000000 ____D C:\Users\Ron\AppData\Local\Google
2018-03-18 08:45 - 2018-01-10 10:16 - 000000000 ____D C:\Windows\ShellNew
2018-03-18 08:41 - 2018-03-02 13:26 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.5

==================== Files in the root of some directories =======

2018-04-05 10:36 - 2018-04-05 11:08 - 000000028 _____ () C:\Users\Ron\AppData\Roaming\stsetting.ini
2018-01-17 20:48 - 2018-01-17 20:48 - 000000038 _____ () C:\Users\Ron\AppData\Local\cloudready_installer_uuid
2017-11-27 11:30 - 2017-11-27 11:30 - 000000058 _____ () C:\Users\Ron\AppData\Local\DonationCoder_clipboardhelpandspell_InstallInfo.dat
2018-04-03 08:10 - 2018-04-03 08:10 - 000000058 _____ () C:\Users\Ron\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat

Some files in TEMP:
====================
2018-04-09 09:10 - 2018-04-09 09:10 - 004052928 _____ (Geek Unіnstaller) C:\Users\Ron\AppData\Local\Temp\geek64.exe
2018-04-09 10:59 - 2015-07-02 21:36 - 000098760 _____ () C:\Users\Ron\AppData\Local\Temp\LMkRstPt.exe
2018-04-15 15:43 - 2018-04-15 15:43 - 000040448 ____N () C:\Users\Ron\AppData\Local\Temp\proxy_vole1443393836504175886.dll
2018-04-15 07:43 - 2018-04-15 07:43 - 000040448 _____ () C:\Users\Ron\AppData\Local\Temp\proxy_vole1652982800331038402.dll
2018-04-15 15:42 - 2018-04-15 15:42 - 000040448 ____N () C:\Users\Ron\AppData\Local\Temp\proxy_vole2215703571340130635.dll
2018-04-15 15:43 - 2018-04-15 15:43 - 000040448 ____N () C:\Users\Ron\AppData\Local\Temp\proxy_vole3497390000842702408.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-08 12:03

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Ron (17-04-2018 14:34:49)
Running from C:\Users\Ron\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2017-07-12 07:43:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1636669792-4238468484-3558046857-500 - Administrator - Disabled)
Guest (S-1-5-21-1636669792-4238468484-3558046857-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1636669792-4238468484-3558046857-1002 - Limited - Enabled)
Ron (S-1-5-21-1636669792-4238468484-3558046857-1001 - Administrator - Enabled) => C:\Users\Ron

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{120EC191-78F8-CA89-3511-7E90C23F5261}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.76 - NVIDIA Corporation) Hidden
Aspell English Dictionary-0.50-2 (HKLM-x32\...\Aspell English Dictionary_is1) (Version: - GNU)
BitMeter (HKLM-x32\...\BitMeter) (Version: - )
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)
Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Clipboard Help+Spell 2.42.0 (HKLM-x32\...\Clipboard Help+Spell_is1) (Version: - )
Dashlane (HKU\S-1-5-21-1636669792-4238468484-3558046857-1001\...\Dashlane) (Version: 5.10.0.18444 - Dashlane, Inc.)
Ditto (HKLM\...\Ditto_is1) (Version: - Scott Brogden)
Dropbox (HKLM-x32\...\Dropbox) (Version: 48.3.56 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 6.11.2 (HKLM-x32\...\{FC67AAF6-3477-11E8-B094-005056951CAD}) (Version: 6.11.2.7027 - Evernote Corp.)
Everything 1.4.1.895 (x86) (HKLM-x32\...\Everything) (Version: 1.4.1.895 - David Carpenter)
FastStone Capture 8.7 (HKLM-x32\...\FastStone Capture) (Version: 8.7 - FastStone Soft)
FormatFactory 4.3.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.3.0.0 - Free Time)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.0.29935 - Foxit Software Inc.)
GNU Aspell 0.50-3 (HKLM-x32\...\GNU Aspell_is1) (Version: - GNU)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH)
John's Background Switcher 4.16 (HKLM-x32\...\{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1) (Version: 4.16 - johnsadventures.com)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
K-Lite Codec Pack 13.7.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.7.5 - KLCP)
KLS Mail Backup 4.0.0.2 (HKLM-x32\...\KLS Mail Backup_is1) (Version: 4.0.0.2 - KirySoft)
LibreOffice 6.0.2.1 (HKLM\...\{673086D4-1E80-4ED2-A68E-2F6AF26F9760}) (Version: 6.0.2.1 - The Document Foundation)
LockHunter 3.2, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 en-US)) (Version: 52.6.0 - Mozilla)
Mozilla Thunderbird 52.7.0 (x86 en-US) (HKU\S-1-5-21-1636669792-4238468484-3558046857-1001\...\Mozilla Thunderbird 52.7.0 (x86 en-US)) (Version: 52.7.0 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
NVIDIA 3D Vision Driver 384.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 384.76 - NVIDIA Corporation)
NVIDIA Graphics Driver 384.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.76 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.6.1.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Permadelete version 0.5.2 (HKU\S-1-5-21-1636669792-4238468484-3558046857-1001\...\{67986FB6-CD87-4375-96BC-3938D01A2EA5}_is1) (Version: 0.5.2 - Developers Tree)
PhraseExpress v13.5.8 (HKLM-x32\...\PhraseExpress_is1) (Version: 13.5.8 - Bartels Media GmbH)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.) Hidden
PureVPN (HKLM-x32\...\PureVPN_is1) (Version: 6.0.1.0 - PureVPN)
PWGen 2.9.0 (HKLM-x32\...\{8A5E6B59-2804-4677-8A5F-DEBC218CE4E0}_is1) (Version: - Christian Thöing)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.6.177 - SHAREit Technologies Co.Ltd)
Skype version 8.19 (HKLM-x32\...\Skype_is1) (Version: 8.19 - Skype Technologies S.A.)
Stickies 9.0d (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
WhatsApp (HKU\S-1-5-21-1636669792-4238468484-3558046857-1001\...\WhatsApp) (Version: 0.2.8361 - WhatsApp)
winpcap-overlook 4.02 (HKLM-x32\...\winpcap-overlook) (Version: - )
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wise Program Uninstaller 2.2.4 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 2.2.4 - WiseCleaner.com, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-03-19] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ContextMenuHandlers1: [FEShlExt] -> {86D17F7B-A65C-403b-9AF8-330ED6A919B3} => -> No File
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-03-29] (AO Kaspersky Lab)
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-03-29] (AO Kaspersky Lab)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-03-29] (AO Kaspersky Lab)
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2017-07-20] (Crystal Rich Ltd)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-08-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-12] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-06-27] (NVIDIA Corporation)
ContextMenuHandlers6: [FEShlExt] -> {86D17F7B-A65C-403b-9AF8-330ED6A919B3} => -> No File
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-03-29] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07DA4CB3-FBC8-4A19-816A-5D2F9A165CD1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
Task: {16A19C0E-A827-4778-9F68-6A99C8523FB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-13] (Google Inc.)
Task: {1CC14D6C-51A7-4083-8540-BC1788281076} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-13] (Google Inc.)
Task: {3291E363-CAAA-4803-AE2D-BB4673CB6FF7} - System32\Tasks\Product Updater => C:\Program Files (x86)\Free Sound Recorder\FFProductUpdater.exe
Task: {47B70C97-853B-4BD1-9B36-C0B3C33E02E5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {4911C0EB-75E3-4F91-BA78-196B3153E67E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-13] (Microsoft Corporation)
Task: {7463DFC1-2EF7-4DF3-9AB0-EDE2612FFA1D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-13] (Microsoft Corporation)
Task: {769BC1E9-3ED9-4508-A362-6A7CFF0BC3A7} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-12] (Dropbox, Inc.)
Task: {7F8F3DDC-B12F-49F5-8A07-A560E5AB27E2} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-12-20] ()
Task: {93F9023A-034A-4CDA-BE6B-6356F30AAB7A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
Task: {95AAB41B-99F0-4352-8A49-5A58F7609FCF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {989D9BF6-FB5B-4E54-88D1-49226FA77C91} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {B55AAB00-C6A4-48EE-A369-9499F8AE301F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-12] (Dropbox, Inc.)
Task: {E21D8994-1A9E-484A-8B79-4822D3CA0713} - System32\Tasks\{731E3000-D14D-4852-A585-9BF8D137A202} => "c:\program files\mozilla firefox\firefox.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.23.0.105&LastError=404

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Clean Google Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=magodclodecbbnbdfpmoehfdddkhlfmm

==================== Loaded Modules (Whitelisted) ==============

2012-08-06 12:24 - 2012-08-06 12:24 - 000212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 16:03 - 2012-03-05 16:03 - 000677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 14:53 - 2012-02-16 14:53 - 003642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-08-06 12:24 - 2012-08-06 12:24 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2018-02-28 09:19 - 2018-02-22 21:21 - 000028672 _____ () C:\Program Files (x86)\PureVPN\PureVPNService.exe
2018-03-27 18:22 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-03-27 18:22 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-08-30 11:32 - 2017-01-29 09:23 - 002791424 _____ () C:\Program Files\Ditto\Ditto.exe
2017-07-12 12:46 - 2018-02-09 05:11 - 001668200 _____ () C:\Program Files (x86)\Everything\Everything.exe
2016-06-28 00:19 - 2016-06-28 00:19 - 000865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2018-01-16 17:53 - 2018-04-09 16:30 - 001782904 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-04-13 07:23 - 2018-04-09 16:30 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-01-27 16:34 - 2018-03-19 18:46 - 000523240 _____ () G:\Dropbox\Phrase Express\PhraseExpress\pexlang.dll
2018-03-30 18:34 - 2018-03-30 18:34 - 000668384 _____ () C:\Program Files (x86)\Evernote\Evernote\tidy.dll
2018-04-13 17:14 - 2018-04-12 09:24 - 000866120 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-04-13 17:14 - 2018-04-12 09:24 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-04-12 07:36 - 2018-04-12 09:21 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2018-04-12 07:34 - 2018-04-12 09:21 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2018-04-12 07:34 - 2018-04-12 09:27 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2018-04-12 07:36 - 2018-04-12 09:21 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2018-04-12 07:34 - 2018-04-12 09:21 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-04-13 17:14 - 2018-04-12 09:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2018-04-12 07:36 - 2018-04-12 09:21 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-04-13 17:14 - 2018-04-12 09:26 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-04-13 17:14 - 2018-04-12 09:26 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-04-13 17:14 - 2018-04-12 09:21 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-04-13 17:14 - 2018-04-12 09:24 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2018-04-12 07:34 - 2018-04-12 09:21 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2018-04-12 07:36 - 2018-04-12 09:28 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-04-13 17:14 - 2018-04-12 09:27 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2018-04-12 07:34 - 2018-04-12 09:21 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-04-13 17:14 - 2018-04-12 09:27 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-04-13 17:14 - 2018-04-12 09:24 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2018-04-13 17:14 - 2018-04-12 09:21 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2018-04-12 07:34 - 2018-04-12 09:21 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2018-04-12 07:34 - 2018-04-12 09:21 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-04-12 07:34 - 2018-04-12 09:28 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2018-04-12 07:36 - 2018-04-12 09:28 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-04-12 07:34 - 2018-04-12 09:21 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-04-12 07:34 - 2018-04-12 09:21 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2018-04-12 07:34 - 2018-04-12 09:21 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2018-04-12 07:34 - 2018-04-12 09:21 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2018-04-12 07:34 - 2018-04-12 09:21 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2018-04-12 07:34 - 2018-04-12 09:21 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2018-04-12 07:34 - 2018-04-12 09:21 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-04-13 17:14 - 2018-04-12 09:26 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-04-12 07:36 - 2018-04-12 09:28 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-04-13 17:14 - 2018-04-12 09:26 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2018-04-12 07:36 - 2018-04-12 09:28 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-04-13 17:14 - 2018-04-12 09:27 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-04-12 07:34 - 2018-04-12 09:21 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-04-13 17:14 - 2018-04-12 09:27 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-04-13 17:14 - 2018-04-12 09:27 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-04-12 07:34 - 2018-04-12 09:21 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-04-13 17:14 - 2018-04-12 09:27 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-04-13 17:14 - 2018-04-12 09:27 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-04-13 17:14 - 2018-04-12 09:27 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-04-13 17:14 - 2018-04-12 09:27 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-04-13 17:14 - 2018-04-12 09:27 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-04-13 17:14 - 2018-04-12 09:27 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-04-13 17:14 - 2018-04-12 09:27 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2018-04-12 07:36 - 2018-04-12 09:28 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-04-12 07:34 - 2018-04-12 09:21 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2018-04-12 07:36 - 2018-04-12 09:28 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2018-04-12 07:34 - 2018-04-12 09:21 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2018-04-12 07:36 - 2018-04-12 09:28 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2018-04-12 07:36 - 2018-04-12 09:28 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-04-12 07:36 - 2018-04-12 09:28 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2018-04-12 07:36 - 2018-04-12 09:28 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-04-13 17:14 - 2018-04-12 09:26 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-04-12 07:36 - 2018-04-12 09:21 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-04-12 07:36 - 2018-04-12 09:28 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-04-13 17:14 - 2018-04-12 09:27 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-04-13 17:14 - 2018-04-12 09:24 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-04-12 07:36 - 2018-04-12 09:28 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-04-13 17:14 - 2018-04-12 09:26 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-04-12 07:34 - 2018-04-12 09:28 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-04-13 17:14 - 2018-04-12 09:27 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-04-13 17:14 - 2018-04-12 09:27 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-04-12 07:36 - 2018-04-12 09:28 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-04-13 17:14 - 2018-04-12 09:27 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-04-13 17:14 - 2018-04-12 09:27 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-04-13 17:14 - 2018-04-12 09:27 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2011-11-11 14:08 - 2011-11-11 14:08 - 002145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 007956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 000342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 000029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 000128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2018-01-16 17:53 - 2018-04-09 16:30 - 002559608 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-01-16 17:53 - 2018-04-09 16:30 - 000031864 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-04-13 07:23 - 2018-04-09 16:30 - 000216520 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-04-13 07:23 - 2018-04-09 16:30 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-04-13 07:23 - 2018-04-09 16:30 - 000138688 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-04-13 07:23 - 2018-04-09 16:30 - 002230720 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1636669792-4238468484-3558046857-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1636669792-4238468484-3558046857-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D3A36E49-B7A9-49E5-92D7-B7DB345BFE55}] => (Allow) C:\Program Files (x86)\PureVPN\vpnclient.exe
FirewallRules: [{DE3FC135-5BE7-48D9-9EB5-F9EA0E9D3A0D}] => (Allow) C:\Users\Ron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{511038DB-6DD8-4CC5-88D6-C39DC5CCA067}] => (Allow) C:\Users\Ron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DE1EB2DB-7976-4129-96C2-DBF06A25888F}] => (Allow) C:\Users\Ron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{17C3AE30-BD81-474C-B129-184FCE344BE8}] => (Allow) C:\Users\Ron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DFA0E761-1315-4913-8889-908A59A62548}] => (Allow) C:\Users\Ron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{351B2355-A325-483D-B798-FC7005073158}] => (Allow) C:\Users\Ron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5696BBF7-E0F1-4997-8813-6DFED9DEC482}] => (Allow) G:\Dropbox\Phrase Express\PhraseExpress\PhraseExpress.exe
FirewallRules: [TCP Query User{84824781-07EF-49AB-9D2B-8C2EB79AA9DE}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{7843FF91-478E-44F7-A5FF-411EB546513D}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe
FirewallRules: [{0563783B-AAAD-4978-A0CA-FE3CBAABD6B1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{667F504F-1B88-4046-9216-F5123912DEB1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6A77DF05-3352-44D1-B7CC-C2B7F524EEDB}] => (Allow) LPort=1542
FirewallRules: [{28783299-FD21-47AB-81AE-C08431F189C9}] => (Allow) LPort=1542
FirewallRules: [{D674FE9A-9449-4588-BE40-C28CA66A4C83}] => (Allow) LPort=53
FirewallRules: [{20A36142-AB9E-4B21-A2F2-B8384D44F6B5}] => (Allow) LPort=67
FirewallRules: [{C127AAE0-15E5-4434-AC3E-6129F90A53A8}] => (Allow) LPort=68
FirewallRules: [{3AD30741-DDC7-44C9-BFFA-CA805593BED9}] => (Allow) LPort=53
FirewallRules: [{B741CE1E-3F3C-4E12-BDD7-1A64EE92C2D5}] => (Allow) LPort=53
FirewallRules: [{29223BC3-468A-4C05-B1BE-19DAA3F5BAC8}] => (Allow) G:\Dropbox\Phrase Express\PhraseExpress\PhraseExpress.exe
FirewallRules: [{C3D570DF-D140-48DF-83F3-91935BA3594C}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{8B6F0739-C785-42AE-84C6-04D1B294C257}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{E0DC1498-9C5A-4AEB-8D93-3A88A126561B}] => (Allow) G:\Dropbox\Phrase Express\PhraseExpress\PhraseExpress.exe
FirewallRules: [{3FAD8585-8F4F-4AEA-BF21-50E36E1D6BE6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{5513CEAD-B1E5-4685-B904-ECDB137BE8E1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AD822FCF-E187-4472-A135-1C91EBF12BBC}] => (Allow) G:\Dropbox\Phrase Express\PhraseExpress\PhraseExpress.exe
FirewallRules: [{654CEC39-67EB-4B26-B57B-6F44C9C95D49}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{2C2DBEA5-AE86-4C9D-B8B4-297DDE0673CD}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{D1671AD4-67CF-44A5-80D4-59E943EB412D}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{2BFD33CA-875F-45B9-BBD7-1141980426BB}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{E9D8951F-57E3-4D06-94D7-98F97AB8D261}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [{ACF35E9B-7A27-4029-A9F0-48246D37EBD5}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{0A0F03B5-D669-483A-BA33-A3E06CB09D2E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{2502F559-B86D-4640-83C6-EAA120456DAD}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

10-04-2018 17:11:32 Installed Evernote v. 6.11.2
11-04-2018 17:04:46 Installed Evernote v. 6.11.2
16-04-2018 11:38:46 Device Driver Package Install: TAP-Windows Provider V9 Network adapters

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2018 02:07:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/17/2018 02:04:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x6b0
Faulting application start time: 0x01d3d614ce254a74
Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Report Id: d3f9d24e-423f-11e8-944d-00acc7375d92

Error: (04/17/2018 07:33:55 AM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (4504) WebCacheLocal: An attempt to open the file "C:\Users\Ron\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (04/17/2018 07:26:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/16/2018 08:01:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x79c
Faulting application start time: 0x01d3d547d2fab52e
Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Report Id: 7ff3e5ba-41a8-11e8-9d86-00acc7375d92

Error: (04/16/2018 06:59:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/15/2018 07:48:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x77c
Faulting application start time: 0x01d3d480cc6f69d1
Faulting application path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Faulting module path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Report Id: a6678b6e-40dd-11e8-9509-00acc7375d92

Error: (04/15/2018 07:14:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (04/17/2018 02:17:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (04/17/2018 02:16:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KSDE1.0.0 service.

Error: (04/17/2018 02:15:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (04/17/2018 02:14:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/17/2018 02:14:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (04/17/2018 02:11:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Defender service hung on starting.

Error: (04/17/2018 02:05:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mvs91xx

Error: (04/17/2018 02:05:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Realtek11nSU service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================

Date: 2017-07-13 18:12:04.751
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-13 18:12:04.750
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-13 18:12:04.748
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-13 18:12:04.721
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-13 18:12:04.720
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-13 18:12:04.718
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-12 09:19:40.415
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-12 09:19:40.415
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD FX™-8350 Eight-Core Processor
Percentage of memory in use: 35%
Total physical RAM: 16348.61 MB
Available physical RAM: 10612.17 MB
Total Virtual: 32695.41 MB
Available Virtual: 26243.78 MB

==================== Drives ================================

Drive c: (WIN 7 0) (Fixed) (Total:195.21 GB) (Free:118.09 GB) NTFS
Drive e: (P 1) (Fixed) (Total:409.77 GB) (Free:100.75 GB) NTFS
Drive f: (SPARE BACKUP 1) (Fixed) (Total:1539 GB) (Free:406.87 GB) NTFS
Drive g: (DROPBOX 1) (Fixed) (Total:446.43 GB) (Free:179.89 GB) NTFS
Drive h: (PROGRAMS 0) (Fixed) (Total:50.72 GB) (Free:50.24 GB) NTFS
Drive i: (QQQQ 0) (Fixed) (Total:685.48 GB) (Free:69.83 GB) NTFS
Drive j: (SPARE BACKUP 4 1) (Fixed) (Total:399.32 GB) (Free:37.88 GB) NTFS

\\?\Volume{b8f20d60-66d4-11e7-b31b-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C69E18FC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=685.5 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 2794.5 GB) (Disk ID: 3719ACC3)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 23 April 2018 - 10:30 AM.


#7 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,346 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 23 April 2018 - 06:30 AM

Hello ron101,

ivebin away, sorry,


Not a problem.
Glad to have you back. :)

Please allow me some time to look over the logs.

#8 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,346 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 28 April 2018 - 01:32 PM

Apologies for the delay in reply.
Thank you for your patience.

 

:step1: Your computer looks clean, there are no signs of infection.
However, did you install "JDownloader"? Do you wish to keep it?

It is considered to be a PUP.


:step2: Regarding the possible credit card theft, which could also be related to identity theft, I would advise you read the below immediately.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?


:step3:

Quote

Latest card came to me on THURSDAY and by Tuesday they had cloned it again 4 days and i had only used it with TESCO'S.

I do not believe this is related to your computer, as it came up clean.

:step4:

Quote

Ive been thinking of all the programs that Ive sign up to over the years, probably 1000 - 2000 sites including porn sites or more. WHAT can i do to get rid of them?

Sadly, you will have to manually go to each and every website and close your account with them.
There is no automated process for this that I know of, since the process of closing an account varies from site to site.


Edited by King_Yoshi, 28 April 2018 - 01:33 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:25 PM

Posted 06 May 2018 - 05:48 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users