Kerzon Posted July 3, 2017 ID:1140294 Share Posted July 3, 2017 I can't get rid of .pupoptional no drives and .pum optional no drives. As soon as I reboot and click on an .exe program it comes right back. Please help Link to post Share on other sites More sharing options...
Kerzon Posted July 7, 2017 Author ID:1141058 Share Posted July 7, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2017 Ran by Vip (administrator) on DAVID-PC (07-07-2017 00:10:11) Running from C:\Users\Vip\Desktop Loaded Profiles: Vip (Available Profiles: Vip & DefaultAppPool) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe (Microsoft Corporation) C:\Windows\System32\vds.exe () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.) HKLM\...\Run: [MBCfg64] => C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2112512 2015-06-12] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-4231015545-1375100596-497096790-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation) HKU\S-1-5-21-4231015545-1375100596-497096790-1000\...\Policies\Explorer: [NoDrives] 2 SSODL: EldosMountNotificator-cbfs6 - {27426A2E-D142-4A6A-BEDC-22752B5CE09F} - C:\Windows\system32\cbfsMntNtf6.dll (/n software, Inc.) SSODL-x32: EldosMountNotificator-cbfs6 - {27426A2E-D142-4A6A-BEDC-22752B5CE09F} - C:\Windows\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-06-10] ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk [2016-09-29] ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder5Pro\Utility\SpyderUtility.exe ((c)2016 Datacolor) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.7.1 Tcpip\..\Interfaces\{4cec1457-114d-4ad3-bd9c-9ccc461333cf}: [DhcpNameServer] 192.168.7.1 Tcpip\..\Interfaces\{8007e99f-04a7-4aa2-8bc5-7af1bbc26d21}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{e694b644-4e1b-43b1-999b-f798d5dfa8b9}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4231015545-1375100596-497096790-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-4231015545-1375100596-497096790-1000\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKLM-x32 -> DefaultScope {BF99B756-B4D2-4572-AAF9-2DB81B92E687} URL = BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab) BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab) Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-4231015545-1375100596-497096790-1000 -> hxxp://bluesnews.com/ FireFox: ======== FF Extension: (AT&T Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2017-03-09] [not signed] FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-03-30] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\npMotive.dll [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) Chrome: ======= CHR DefaultProfile: Default CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated) R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-06-10] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-06-10] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed] R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [18368 2017-01-24] (Cybereason) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.) R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-12-06] (CHENGDU YIWO Tech Development Co., Ltd) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-06-29] (SurfRight B.V.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation) R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [451072 2015-10-06] (Rivet Networks) [File not signed] S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab) R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.) R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672208 2017-04-05] (Wacom Technology, Corp.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [141896 2015-09-30] (Rivet Networks, LLC.) R1 cbfs6; C:\Windows\system32\drivers\cbfs6.sys [460992 2016-09-21] (/n software, Inc.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-05-25] () R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [52392 2016-11-28] () R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [158272 2015-09-03] (Qualcomm Atheros, Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab) R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [197336 2017-06-28] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\drivers\klhk.sys [520176 2017-06-28] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1018592 2017-06-28] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57424 2017-03-30] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab) R3 kltap; C:\Windows\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-06-28] (AO Kaspersky Lab) R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [87584 2017-07-03] (AO Kaspersky Lab) S3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [251664 2017-06-28] (AO Kaspersky Lab) R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [112912 2017-06-28] (AO Kaspersky Lab) R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [173144 2017-06-28] (AO Kaspersky Lab) S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [136416 2017-03-30] (AO Kaspersky Lab) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199392 2017-06-28] (AO Kaspersky Lab) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R1 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-06-28] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-07-07] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-07-07] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-07-07] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-07-07] (Malwarebytes) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7209bde3180ef5f7\nvlddmkm.sys [14458264 2017-05-19] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation) S3 Spyder5; C:\Windows\System32\drivers\dccmtr.sys [15360 2015-04-13] (Datacolor) R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2016-09-21] (/n software, Inc.) R3 WacHidRouterPro; C:\Windows\System32\drivers\wachidrouter.sys [120976 2017-03-27] (Wacom Technology) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-07 00:10 - 2017-07-07 00:10 - 00022391 _____ C:\Users\Vip\Desktop\FRST.txt 2017-07-07 00:09 - 2017-07-07 00:10 - 02436608 _____ (Farbar) C:\Users\Vip\Desktop\FRST64.exe 2017-07-07 00:06 - 2017-07-07 00:06 - 00511653 _____ C:\Users\Akhsw\zqFlcl.xlsx 2017-07-07 00:06 - 2017-07-07 00:06 - 00500064 _____ C:\Users\WljNV\KUPRf.xlsx 2017-07-07 00:06 - 2017-07-07 00:06 - 00231035 _____ C:\Users\Akhsw\can-established-illustrated.mdb 2017-07-07 00:06 - 2017-07-07 00:06 - 00226823 _____ C:\Users\WljNV\elder disposal los snapped.mdb 2017-07-07 00:06 - 2017-07-07 00:06 - 00067358 _____ C:\Users\Akhsw\dogs most.xls 2017-07-07 00:06 - 2017-07-07 00:06 - 00066085 _____ C:\Users\WljNV\cake-continental.xls 2017-07-07 00:06 - 2017-07-07 00:06 - 00050832 _____ C:\Users\Akhsw\dogs_abnormal_exception_eighteenth.pem 2017-07-07 00:06 - 2017-07-07 00:06 - 00050783 _____ C:\Users\WljNV\normally.doctors.parcel.everyone.pem 2017-07-07 00:06 - 2017-07-07 00:06 - 00019718 _____ C:\Users\WljNV\gxj1hgiAsK.sql 2017-07-07 00:06 - 2017-07-07 00:06 - 00015615 _____ C:\Users\Akhsw\enjoy-background-needed.sql 2017-07-07 00:06 - 2017-07-07 00:06 - 00012890 _____ C:\Users\Akhsw\BY2rvs.txt 2017-07-07 00:06 - 2017-07-07 00:06 - 00012813 _____ C:\Users\WljNV\export-pipe-shortly.txt 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 __SHD C:\Users\Vip\Desktop\ This folder protects against ransomware. Modifying it will reduce protection 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 ___HD C:\Users\WljNV 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 ___HD C:\Users\Akhsw 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 ____D C:\Xuse145 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 ____D C:\Acstores174 2017-07-06 23:33 - 2017-07-07 00:10 - 00000000 ____D C:\FRST 2017-07-06 23:33 - 2017-07-06 23:34 - 00079144 _____ C:\Users\Vip\Desktop\Addition.txt 2017-07-06 19:45 - 2017-07-06 19:45 - 00001410 _____ C:\Users\Vip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk 2017-07-06 19:45 - 2017-07-06 19:45 - 00000000 ____D C:\Users\Vip\AppData\Local\UNP 2017-07-06 18:00 - 2017-07-06 18:01 - 00000000 ____D C:\Program Files\UNP 2017-07-06 18:00 - 2017-07-06 18:00 - 00000000 ____D C:\Windows\system32\UNP 2017-07-05 02:13 - 2017-07-05 02:13 - 00000000 ____D C:\Users\Vip\AppData\Local\Steam 2017-07-05 02:12 - 2017-07-07 00:06 - 00000000 ____D C:\Program Files (x86)\Steam 2017-07-05 02:12 - 2017-07-05 02:12 - 00001032 _____ C:\Users\Public\Desktop\Steam.lnk 2017-07-05 02:12 - 2017-07-05 02:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2017-07-05 02:11 - 2017-07-05 02:12 - 01446792 _____ C:\Users\Vip\Desktop\SteamSetup.exe 2017-07-05 01:35 - 2017-07-05 01:35 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2017-07-05 01:35 - 2017-07-05 01:35 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2017-07-05 01:35 - 2017-07-05 01:35 - 00000000 ____D C:\Users\Vip\AppData\Local\Zemana 2017-07-04 15:31 - 2014-10-23 17:41 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20170704-153142.backup 2017-07-04 15:10 - 2017-07-04 15:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2017-07-04 15:10 - 2017-07-04 15:10 - 00001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2017-07-04 15:10 - 2017-07-04 15:10 - 00001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2017-07-04 15:10 - 2017-07-04 15:10 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2017-07-04 15:10 - 2017-07-04 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2017-07-04 15:10 - 2017-07-04 15:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2017-07-04 15:10 - 2017-05-23 09:22 - 00032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe 2017-07-04 15:09 - 2017-07-04 15:09 - 51725936 _____ (Safer-Networking Ltd. ) C:\Users\Vip\Desktop\spybotsd-2.6.46.exe 2017-07-04 00:47 - 2017-07-04 00:48 - 121802512 _____ (Microsoft Corporation) C:\Users\Vip\Desktop\mpam-fe.exe 2017-07-04 00:16 - 2017-07-06 19:25 - 00000000 ____D C:\AdwCleaner 2017-07-04 00:15 - 2017-07-04 00:16 - 04110280 _____ C:\Users\Vip\Desktop\adwcleaner_6.047.exe 2017-07-03 23:41 - 2017-07-04 03:01 - 00000000 ____D C:\Program Files\FreeFixer 2017-07-03 23:41 - 2017-07-03 23:56 - 00000000 ____D C:\Users\Vip\AppData\Roaming\FreeFixer 2017-07-03 23:41 - 2017-07-03 23:56 - 00000000 ____D C:\Users\Vip\AppData\Local\FreeFixer 2017-07-03 18:19 - 2017-07-03 18:19 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2017-07-03 18:19 - 2017-07-03 18:19 - 00000000 ____D C:\ProgramData\Sophos 2017-07-03 18:19 - 2017-07-03 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2017-07-03 18:19 - 2017-07-03 18:19 - 00000000 ____D C:\Program Files (x86)\Sophos 2017-07-03 18:17 - 2017-07-06 19:27 - 00000553 _____ C:\Users\Vip\Desktop\JRT.txt 2017-07-03 18:03 - 2017-07-03 18:03 - 00087584 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_kimul.sys 2017-06-29 01:19 - 2017-07-03 18:18 - 169810248 _____ (Sophos Limited) C:\Users\Vip\Desktop\Sophos Virus Removal Tool.exe 2017-06-29 01:18 - 2017-06-29 01:27 - 01663672 _____ (Malwarebytes) C:\Users\Vip\Desktop\JRT.exe 2017-06-29 00:14 - 2017-07-03 18:47 - 00000420 _____ C:\Users\Vip\Desktop\This PC - Shortcut.lnk 2017-06-29 00:04 - 2017-07-03 23:02 - 00000000 ____D C:\Program Files\HitmanPro 2017-06-29 00:04 - 2017-06-29 00:09 - 00000000 ____D C:\ProgramData\HitmanPro 2017-06-29 00:04 - 2017-06-29 00:04 - 00001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2017-06-29 00:04 - 2017-06-29 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2017-06-29 00:03 - 2017-06-29 00:03 - 11584088 _____ (SurfRight B.V.) C:\Users\Vip\Desktop\hitmanpro_x64.exe 2017-06-28 22:08 - 2017-06-28 22:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2017-06-28 21:48 - 2017-06-28 21:48 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2017-06-28 17:51 - 2017-06-28 17:51 - 00251664 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys 2017-06-28 17:51 - 2017-06-28 17:51 - 00229288 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys 2017-06-28 17:51 - 2017-06-28 17:51 - 00173144 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys 2017-06-28 17:51 - 2017-06-28 17:51 - 00112912 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys 2017-06-28 17:49 - 2017-07-07 00:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2017-06-28 17:49 - 2017-07-06 18:10 - 00003240 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2017-06-28 17:49 - 2017-06-28 17:51 - 01018592 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2017-06-28 17:49 - 2017-06-28 17:51 - 00197336 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2017-06-28 17:49 - 2017-06-28 17:50 - 00520176 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2017-06-28 17:49 - 2017-06-28 17:50 - 00000000 ____D C:\Program Files\Common Files\AV 2017-06-28 17:49 - 2017-06-28 17:49 - 00002156 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk 2017-06-28 17:49 - 2017-06-28 17:49 - 00001447 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk 2017-06-28 17:49 - 2017-06-28 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection 2017-06-28 17:49 - 2017-06-28 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2017-06-28 17:49 - 2017-06-28 17:49 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2017-06-28 17:49 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2017-06-28 03:09 - 2017-06-28 03:09 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-06-28 03:08 - 2017-07-07 00:06 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-06-28 03:08 - 2017-07-07 00:06 - 00093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-06-28 03:08 - 2017-07-07 00:06 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-06-28 03:08 - 2017-06-28 03:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-06-28 03:08 - 2017-06-28 03:08 - 00000000 ____D C:\Program Files\Malwarebytes 2017-06-28 03:08 - 2017-05-25 11:58 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-06-28 03:07 - 2017-06-28 03:08 - 64232976 _____ (Malwarebytes ) C:\Users\Vip\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe 2017-06-28 02:59 - 2017-06-28 02:59 - 00000000 ___SD C:\Windows\UpdateAssistantV2 2017-06-28 02:51 - 2017-06-03 06:50 - 00315744 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2017-06-28 02:51 - 2017-06-03 06:50 - 00192856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll 2017-06-28 02:51 - 2017-06-03 06:16 - 00279904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2017-06-28 02:51 - 2017-06-03 06:14 - 01564512 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 01214816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00629088 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00544096 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00334176 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00233824 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00136024 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00096608 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2017-06-28 02:51 - 2017-06-03 06:14 - 00034648 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe 2017-06-28 02:51 - 2017-06-03 06:11 - 01706488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2017-06-28 02:51 - 2017-06-03 06:11 - 00128864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys 2017-06-28 02:51 - 2017-06-03 06:09 - 02213760 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2017-06-28 02:51 - 2017-06-03 06:08 - 07783256 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-06-28 02:51 - 2017-06-03 06:06 - 02048496 _____ C:\Windows\SysWOW64\CoreUIComponents.dll 2017-06-28 02:51 - 2017-06-03 06:01 - 02681200 _____ C:\Windows\system32\CoreUIComponents.dll 2017-06-28 02:51 - 2017-06-03 05:59 - 01181024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2017-06-28 02:51 - 2017-06-03 05:59 - 00764392 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll 2017-06-28 02:51 - 2017-06-03 05:59 - 00118112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2017-06-28 02:51 - 2017-06-03 05:58 - 00340832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-06-28 02:51 - 2017-06-03 05:55 - 00780640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe 2017-06-28 02:51 - 2017-06-03 05:54 - 00187232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2017-06-28 02:51 - 2017-06-03 05:53 - 00404824 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-06-28 02:51 - 2017-06-03 05:52 - 01021784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll 2017-06-28 02:51 - 2017-06-03 05:52 - 00607072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll 2017-06-28 02:51 - 2017-06-03 05:52 - 00111968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll 2017-06-28 02:51 - 2017-06-03 05:51 - 02187104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2017-06-28 02:51 - 2017-06-03 05:51 - 00402272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2017-06-28 02:51 - 2017-06-03 05:50 - 00857440 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe 2017-06-28 02:51 - 2017-06-03 05:50 - 00381792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS 2017-06-28 02:51 - 2017-06-03 05:49 - 20967840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2017-06-28 02:51 - 2017-06-03 05:49 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2017-06-28 02:51 - 2017-06-03 05:49 - 00509280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2017-06-28 02:51 - 2017-06-03 05:48 - 01112416 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll 2017-06-28 02:51 - 2017-06-03 05:48 - 01100128 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe 2017-06-28 02:51 - 2017-06-03 05:48 - 00989024 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe 2017-06-28 02:51 - 2017-06-03 05:48 - 00857952 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll 2017-06-28 02:51 - 2017-06-03 05:48 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll 2017-06-28 02:51 - 2017-06-03 05:45 - 22220864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2017-06-28 02:51 - 2017-06-03 05:44 - 01600624 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2017-06-28 02:51 - 2017-06-03 05:44 - 01412640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll 2017-06-28 02:51 - 2017-06-03 05:44 - 00545944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe 2017-06-28 02:51 - 2017-06-03 05:40 - 01566552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll 2017-06-28 02:51 - 2017-06-03 05:40 - 00628552 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe 2017-06-28 02:51 - 2017-06-03 05:39 - 05686272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2017-06-28 02:51 - 2017-06-03 05:39 - 02532192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2017-06-28 02:51 - 2017-06-03 05:39 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe 2017-06-28 02:51 - 2017-06-03 05:33 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll 2017-06-28 02:51 - 2017-06-03 05:32 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2017-06-28 02:51 - 2017-06-03 05:31 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll 2017-06-28 02:51 - 2017-06-03 05:31 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2017-06-28 02:51 - 2017-06-03 05:28 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll 2017-06-28 02:51 - 2017-06-03 05:28 - 00232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edputil.dll 2017-06-28 02:51 - 2017-06-03 05:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2017-06-28 02:51 - 2017-06-03 05:26 - 00100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBrokerUI.dll 2017-06-28 02:51 - 2017-06-03 05:23 - 00306688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll 2017-06-28 02:51 - 2017-06-03 05:22 - 07217152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2017-06-28 02:51 - 2017-06-03 05:22 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll 2017-06-28 02:51 - 2017-06-03 05:22 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2017-06-28 02:51 - 2017-06-03 05:22 - 00181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll 2017-06-28 02:51 - 2017-06-03 05:20 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-06-28 02:51 - 2017-06-03 05:19 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2017-06-28 02:51 - 2017-06-03 05:18 - 22569984 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2017-06-28 02:51 - 2017-06-03 05:16 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll 2017-06-28 02:51 - 2017-06-03 05:16 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll 2017-06-28 02:51 - 2017-06-03 05:16 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 19414016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 18364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys 2017-06-28 02:51 - 2017-06-03 05:14 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe 2017-06-28 02:51 - 2017-06-03 05:14 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2017-06-28 02:51 - 2017-06-03 05:14 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe 2017-06-28 02:51 - 2017-06-03 05:14 - 00045056 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2017-06-28 02:51 - 2017-06-03 05:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdProxy.dll 2017-06-28 02:51 - 2017-06-03 05:11 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll 2017-06-28 02:51 - 2017-06-03 05:10 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll 2017-06-28 02:51 - 2017-06-03 05:10 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\edputil.dll 2017-06-28 02:51 - 2017-06-03 05:10 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\AuthBrokerUI.dll 2017-06-28 02:51 - 2017-06-03 05:09 - 00489472 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll 2017-06-28 02:51 - 2017-06-03 05:09 - 00441344 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll 2017-06-28 02:51 - 2017-06-03 05:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\NetworkBindingEngineMigPlugin.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 12187648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 02643968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 01221120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2017-06-28 02:51 - 2017-06-03 05:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll 2017-06-28 02:51 - 2017-06-03 05:07 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2017-06-28 02:51 - 2017-06-03 05:07 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\HNetCfgClient.dll 2017-06-28 02:51 - 2017-06-03 05:06 - 03664384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-06-28 02:51 - 2017-06-03 05:06 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2017-06-28 02:51 - 2017-06-03 05:05 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll 2017-06-28 02:51 - 2017-06-03 05:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hnetcfg.dll 2017-06-28 02:51 - 2017-06-03 05:04 - 06042624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2017-06-28 02:51 - 2017-06-03 05:04 - 02006528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2017-06-28 02:51 - 2017-06-03 05:04 - 00773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2017-06-28 02:51 - 2017-06-03 05:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2017-06-28 02:51 - 2017-06-03 05:03 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-06-28 02:51 - 2017-06-03 05:02 - 02997760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys 2017-06-28 02:51 - 2017-06-03 05:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll 2017-06-28 02:51 - 2017-06-03 05:00 - 23677440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-06-28 02:51 - 2017-06-03 04:58 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll 2017-06-28 02:51 - 2017-06-03 04:56 - 13091840 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-06-28 02:51 - 2017-06-03 04:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll 2017-06-28 02:51 - 2017-06-03 04:53 - 08125440 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2017-06-28 02:51 - 2017-06-03 04:52 - 03403264 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2017-06-28 02:51 - 2017-06-03 04:52 - 02510848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll 2017-06-28 02:51 - 2017-06-03 04:52 - 00975872 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe 2017-06-28 02:51 - 2017-06-03 04:52 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2017-06-28 02:51 - 2017-06-03 04:51 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2017-06-28 02:51 - 2017-06-03 04:51 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll 2017-06-28 02:51 - 2017-06-03 04:50 - 04744704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-06-28 02:51 - 2017-06-03 04:50 - 02538496 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 03615744 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2017-06-28 02:51 - 2017-06-03 04:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 02475520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 02318848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys 2017-06-28 02:51 - 2017-06-03 04:49 - 00903680 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2017-06-28 02:51 - 2017-06-03 04:49 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\hnetcfg.dll 2017-06-28 02:51 - 2017-06-03 04:48 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-06-28 02:51 - 2017-06-03 04:48 - 01131008 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2017-06-28 02:51 - 2017-06-03 04:48 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2017-06-28 02:51 - 2017-06-03 04:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll 2017-06-28 02:51 - 2017-06-03 04:46 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll 2017-06-28 02:51 - 2017-06-03 04:40 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll 2017-06-28 02:51 - 2017-06-03 02:08 - 00080078 _____ C:\Windows\system32\normidna.nls 2017-06-28 02:51 - 2017-05-25 01:56 - 00038752 _____ (Microsoft Corporation) C:\Windows\system32\OOBEUpdater.exe 2017-06-28 02:51 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll 2017-06-28 02:51 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2017-06-28 02:51 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2017-06-28 02:51 - 2017-03-04 02:16 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll 2017-06-28 02:51 - 2016-09-07 00:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll 2017-06-28 01:46 - 2017-06-28 01:46 - 00221662 _____ C:\Users\Vip\Desktop\MicrosoftProgram_Install_and_Uninstall.meta.diagcab 2017-06-27 23:03 - 2017-06-28 02:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2017-06-27 23:03 - 2017-06-27 23:03 - 00000000 ____D C:\Users\Vip\AppData\Local\VS Revo Group 2017-06-27 23:03 - 2017-06-27 23:03 - 00000000 ____D C:\Program Files\VS Revo Group 2017-06-27 22:59 - 2017-06-27 23:51 - 00000000 ____D C:\Users\Vip\AppData\Local\FSDART 2017-06-27 22:58 - 2017-06-27 22:59 - 00000000 ____D C:\ProgramData\F-Secure 2017-06-27 22:53 - 2017-07-06 18:00 - 00000000 ____D C:\Windows\AppReadiness 2017-06-25 22:39 - 2017-04-26 23:06 - 00000212 _____ C:\Users\Vip\Desktop\Quake Champions - Copy.url 2017-06-14 01:41 - 2017-06-14 01:41 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignf57f9f0cc86e6ddc 2017-06-14 01:40 - 2017-06-14 01:40 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignb3ba178d79cc01a7 2017-06-14 01:40 - 2017-06-14 01:40 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsigna41dd740b34459f5 2017-06-13 01:38 - 2017-06-13 01:38 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignd65ff44b5298eeea 2017-06-13 01:38 - 2017-06-13 01:38 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignd3f5e24ce0496af3 2017-06-13 01:38 - 2017-06-13 01:38 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsigna4424e0c7eede1fc 2017-06-13 01:34 - 2017-06-13 01:34 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignf22dd545ab646d49 2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignf6a88d3f54ff399d 2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign9feb417eec8f690e 2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign7714ab2c9d7bcf20 2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign70645c119295cd18 2017-06-13 01:25 - 2017-06-13 01:25 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignbe3464da20722781 2017-06-13 01:24 - 2017-06-13 01:24 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign31970de1abe526bd 2017-06-13 01:24 - 2017-06-13 01:24 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign2a9916bd7dde60e0 2017-06-12 16:47 - 2017-06-12 16:47 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignd0c5e5f8ac9abec6 2017-06-12 16:47 - 2017-06-12 16:47 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign8648e4ec335b2301 2017-06-12 16:45 - 2017-06-12 16:45 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsigna4b0e26bf721c2fc 2017-06-12 16:45 - 2017-06-12 16:45 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign4bec702507c20320 2017-06-12 00:56 - 2017-06-12 00:56 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign281b8bbd60b42903 2017-06-12 00:54 - 2017-06-12 00:54 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2017-06-12 00:54 - 2017-06-12 00:54 - 00001214 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2017-06-12 00:54 - 2017-06-12 00:54 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignffd8c8d0349ad9c4 2017-06-12 00:54 - 2017-06-12 00:54 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign595e2eb32506f4be 2017-06-12 00:54 - 2017-06-12 00:54 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign101e901e80c322d5 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-07 00:06 - 2016-09-23 05:24 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-07-07 00:06 - 2016-09-23 04:56 - 00000000 ____D C:\ProgramData\NVIDIA 2017-07-07 00:06 - 2015-01-14 00:47 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-07-07 00:05 - 2016-09-23 05:00 - 00000000 ____D C:\Users\Vip 2017-07-07 00:05 - 2016-07-16 02:04 - 01048576 _____ C:\Windows\system32\config\BBI 2017-07-06 23:20 - 2016-06-17 07:14 - 00000000 ____D C:\Users\Vip\AppData\Local\CrashDumps 2017-07-06 22:16 - 2016-09-23 04:54 - 00000000 ____D C:\Windows\system32\SleepStudy 2017-07-06 18:00 - 2016-09-23 04:59 - 03234816 _____ C:\Windows\system32\PerfStringBackup.INI 2017-07-06 18:00 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-07-06 17:59 - 2014-08-16 00:11 - 00000000 ____D C:\Users\Vip\AppData\Local\Adobe 2017-07-06 17:55 - 2016-07-16 02:04 - 00032768 _____ C:\Windows\system32\config\ELAM 2017-07-05 04:07 - 2017-04-26 23:03 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher 2017-07-05 01:23 - 2015-07-03 22:23 - 00000000 ____D C:\Program Files (x86)\QuickTime 2017-07-05 01:23 - 2014-02-26 16:42 - 00000000 ____D C:\ProgramData\Apple Computer 2017-07-04 16:38 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\rescache 2017-07-04 14:40 - 2014-03-14 19:28 - 00000000 ____D C:\Users\Vip\Documents\My Games 2017-07-04 00:40 - 2014-01-04 21:41 - 00000000 ____D C:\Users\Vip\Documents\Adobe 2017-07-03 20:26 - 2015-07-31 01:26 - 00000000 ____D C:\Users\Vip\AppData\Local\Packages 2017-07-03 20:23 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-07-03 20:23 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\Macromed 2017-07-03 20:23 - 2013-08-12 16:35 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-07-03 11:08 - 2016-07-16 07:45 - 00000000 ____D C:\Windows\INF 2017-07-03 11:04 - 2014-10-09 20:56 - 00000000 ____D C:\Windows\pss 2017-06-28 22:23 - 2014-10-20 15:06 - 01321850 _____ C:\Windows\ntbtlog.txt 2017-06-28 17:51 - 2016-06-14 17:47 - 00199392 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys 2017-06-28 17:49 - 2016-07-16 07:47 - 00000000 ___HD C:\Windows\ELAMBKUP 2017-06-28 17:49 - 2015-10-30 02:28 - 00000000 ____D C:\Users\Default.migrated 2017-06-28 15:29 - 2015-01-14 00:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-06-28 03:08 - 2014-10-20 21:47 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-06-28 03:00 - 2016-09-23 04:54 - 00194192 _____ C:\Windows\system32\FNTCACHE.DAT 2017-06-28 03:00 - 2015-07-31 01:26 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-06-28 03:00 - 2013-12-12 16:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2017-06-28 03:00 - 2013-12-12 16:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2017-06-28 02:59 - 2016-07-16 07:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel 2017-06-28 02:59 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\appraiser 2017-06-28 02:59 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\ShellExperiences 2017-06-28 02:57 - 2013-08-14 00:42 - 00000000 ____D C:\Windows\system32\MRT 2017-06-28 02:55 - 2013-12-12 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2017-06-28 02:55 - 2013-08-13 14:48 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-06-28 02:54 - 2016-07-16 07:36 - 00000000 ____D C:\Windows\CbsTemp 2017-06-28 02:14 - 2016-07-16 07:47 - 00000000 ___RD C:\Program Files\Windows Defender 2017-06-28 02:14 - 2016-06-17 07:01 - 00000000 ____D C:\Users\Vip\AppData\Local\NVIDIA 2017-06-28 02:13 - 2016-09-23 05:00 - 00000000 ____D C:\Users\DefaultAppPool 2017-06-28 02:13 - 2016-09-23 04:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-06-28 02:13 - 2016-09-23 04:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-06-28 02:13 - 2016-07-16 07:49 - 00000000 ____D C:\Windows\Setup 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\SysWOW64\F12 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\SysWOW64\DiagSvcs 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\system32\F12 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\system32\dsc 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\system32\DiagSvcs 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___RD C:\Windows\PrintDialog 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\SysWOW64\setup 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\SysWOW64\oobe 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\SysWOW64\inetsrv 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\WinBioPlugIns 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\SystemResetPlatform 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\setup 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\oobe 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\migwiz 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\lv-LV 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\lt-LT 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\inetsrv 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\et-EE 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\es-MX 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\en-GB 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\IME 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2017-06-28 02:13 - 2016-07-16 02:04 - 00000000 ____D C:\Windows\SysWOW64\Dism 2017-06-28 02:13 - 2016-07-16 02:04 - 00000000 ____D C:\Windows\system32\Sysprep 2017-06-28 02:13 - 2016-07-16 02:04 - 00000000 ____D C:\Windows\system32\Dism 2017-06-28 02:13 - 2016-07-16 02:04 - 00000000 ____D C:\Windows\servicing 2017-06-28 02:13 - 2016-06-17 07:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-06-28 02:13 - 2014-10-23 16:36 - 00000000 ____D C:\Windows\erdnt 2017-06-28 02:13 - 2014-04-25 22:47 - 00000000 ____D C:\Windows\en 2017-06-28 02:13 - 2013-10-23 20:54 - 00000000 ____D C:\Netgear 2017-06-28 02:12 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\SysWOW64\Configuration 2017-06-28 02:12 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\Vss 2017-06-28 02:12 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\registration 2017-06-28 02:11 - 2016-07-16 07:47 - 00000000 __RSD C:\Windows\Media 2017-06-28 02:11 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\system32\Configuration 2017-06-28 02:11 - 2016-07-16 07:47 - 00000000 ___RD C:\Windows\MiracastView 2017-06-28 02:11 - 2014-05-29 22:08 - 00000000 ___RD C:\Users\Vip\Dropbox 2017-06-28 02:10 - 2016-09-23 04:56 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-06-28 00:53 - 2015-02-03 02:18 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2017-06-27 15:53 - 2013-12-12 01:38 - 00000000 ____D C:\Users\Vip\AppData\Local\ElevatedDiagnostics 2017-06-13 01:24 - 2015-04-27 02:38 - 00000000 ___RD C:\Users\Vip\Creative Cloud Files 2017-06-12 00:54 - 2013-08-12 17:07 - 00000000 ____D C:\Users\Vip\AppData\Roaming\Adobe 2017-06-12 00:54 - 2013-08-12 17:06 - 00000000 ____D C:\Program Files (x86)\Adobe 2017-06-10 00:10 - 2016-06-17 07:02 - 00000000 ____D C:\Users\Vip\AppData\Local\NVIDIA Corporation 2017-06-08 13:06 - 2015-04-27 02:47 - 00001016 _____ C:\Users\Vip\Desktop\Adobe Lightroom.lnk ==================== Files in the root of some directories ======= 2014-02-09 02:54 - 2014-02-09 03:10 - 0000402 _____ () C:\Users\Vip\AppData\Roaming\burnaware.ini 2014-10-18 13:36 - 2016-06-26 15:46 - 0007612 _____ () C:\Users\Vip\AppData\Local\Resmon.ResmonCfg 2013-12-12 00:23 - 2013-12-12 01:09 - 0000041 _____ () C:\ProgramData\.zreglib 2015-12-06 04:53 - 2015-12-06 04:53 - 0000000 _____ () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-07-03 19:41 ==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2017 Ran by Vip (administrator) on DAVID-PC (07-07-2017 00:10:11) Running from C:\Users\Vip\Desktop Loaded Profiles: Vip (Available Profiles: Vip & DefaultAppPool) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe (Microsoft Corporation) C:\Windows\System32\vds.exe () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.) HKLM\...\Run: [MBCfg64] => C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2112512 2015-06-12] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-4231015545-1375100596-497096790-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation) HKU\S-1-5-21-4231015545-1375100596-497096790-1000\...\Policies\Explorer: [NoDrives] 2 SSODL: EldosMountNotificator-cbfs6 - {27426A2E-D142-4A6A-BEDC-22752B5CE09F} - C:\Windows\system32\cbfsMntNtf6.dll (/n software, Inc.) SSODL-x32: EldosMountNotificator-cbfs6 - {27426A2E-D142-4A6A-BEDC-22752B5CE09F} - C:\Windows\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-06-10] ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk [2016-09-29] ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder5Pro\Utility\SpyderUtility.exe ((c)2016 Datacolor) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.7.1 Tcpip\..\Interfaces\{4cec1457-114d-4ad3-bd9c-9ccc461333cf}: [DhcpNameServer] 192.168.7.1 Tcpip\..\Interfaces\{8007e99f-04a7-4aa2-8bc5-7af1bbc26d21}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{e694b644-4e1b-43b1-999b-f798d5dfa8b9}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4231015545-1375100596-497096790-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-4231015545-1375100596-497096790-1000\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKLM-x32 -> DefaultScope {BF99B756-B4D2-4572-AAF9-2DB81B92E687} URL = BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab) BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab) Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-4231015545-1375100596-497096790-1000 -> hxxp://bluesnews.com/ FireFox: ======== FF Extension: (AT&T Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2017-03-09] [not signed] FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-03-30] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\npMotive.dll [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) Chrome: ======= CHR DefaultProfile: Default CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated) R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-06-10] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-06-10] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed] R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [18368 2017-01-24] (Cybereason) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.) R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-12-06] (CHENGDU YIWO Tech Development Co., Ltd) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-06-29] (SurfRight B.V.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation) R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [451072 2015-10-06] (Rivet Networks) [File not signed] S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab) R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.) R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672208 2017-04-05] (Wacom Technology, Corp.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [141896 2015-09-30] (Rivet Networks, LLC.) R1 cbfs6; C:\Windows\system32\drivers\cbfs6.sys [460992 2016-09-21] (/n software, Inc.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-05-25] () R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [52392 2016-11-28] () R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [158272 2015-09-03] (Qualcomm Atheros, Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab) R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [197336 2017-06-28] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\drivers\klhk.sys [520176 2017-06-28] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1018592 2017-06-28] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57424 2017-03-30] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab) R3 kltap; C:\Windows\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-06-28] (AO Kaspersky Lab) R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [87584 2017-07-03] (AO Kaspersky Lab) S3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [251664 2017-06-28] (AO Kaspersky Lab) R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [112912 2017-06-28] (AO Kaspersky Lab) R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [173144 2017-06-28] (AO Kaspersky Lab) S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [136416 2017-03-30] (AO Kaspersky Lab) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199392 2017-06-28] (AO Kaspersky Lab) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R1 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-06-28] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-07-07] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-07-07] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-07-07] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-07-07] (Malwarebytes) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7209bde3180ef5f7\nvlddmkm.sys [14458264 2017-05-19] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation) S3 Spyder5; C:\Windows\System32\drivers\dccmtr.sys [15360 2015-04-13] (Datacolor) R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2016-09-21] (/n software, Inc.) R3 WacHidRouterPro; C:\Windows\System32\drivers\wachidrouter.sys [120976 2017-03-27] (Wacom Technology) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-07 00:10 - 2017-07-07 00:10 - 00022391 _____ C:\Users\Vip\Desktop\FRST.txt 2017-07-07 00:09 - 2017-07-07 00:10 - 02436608 _____ (Farbar) C:\Users\Vip\Desktop\FRST64.exe 2017-07-07 00:06 - 2017-07-07 00:06 - 00511653 _____ C:\Users\Akhsw\zqFlcl.xlsx 2017-07-07 00:06 - 2017-07-07 00:06 - 00500064 _____ C:\Users\WljNV\KUPRf.xlsx 2017-07-07 00:06 - 2017-07-07 00:06 - 00231035 _____ C:\Users\Akhsw\can-established-illustrated.mdb 2017-07-07 00:06 - 2017-07-07 00:06 - 00226823 _____ C:\Users\WljNV\elder disposal los snapped.mdb 2017-07-07 00:06 - 2017-07-07 00:06 - 00067358 _____ C:\Users\Akhsw\dogs most.xls 2017-07-07 00:06 - 2017-07-07 00:06 - 00066085 _____ C:\Users\WljNV\cake-continental.xls 2017-07-07 00:06 - 2017-07-07 00:06 - 00050832 _____ C:\Users\Akhsw\dogs_abnormal_exception_eighteenth.pem 2017-07-07 00:06 - 2017-07-07 00:06 - 00050783 _____ C:\Users\WljNV\normally.doctors.parcel.everyone.pem 2017-07-07 00:06 - 2017-07-07 00:06 - 00019718 _____ C:\Users\WljNV\gxj1hgiAsK.sql 2017-07-07 00:06 - 2017-07-07 00:06 - 00015615 _____ C:\Users\Akhsw\enjoy-background-needed.sql 2017-07-07 00:06 - 2017-07-07 00:06 - 00012890 _____ C:\Users\Akhsw\BY2rvs.txt 2017-07-07 00:06 - 2017-07-07 00:06 - 00012813 _____ C:\Users\WljNV\export-pipe-shortly.txt 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 __SHD C:\Users\Vip\Desktop\ This folder protects against ransomware. Modifying it will reduce protection 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 ___HD C:\Users\WljNV 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 ___HD C:\Users\Akhsw 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 ____D C:\Xuse145 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 ____D C:\Acstores174 2017-07-06 23:33 - 2017-07-07 00:10 - 00000000 ____D C:\FRST 2017-07-06 23:33 - 2017-07-06 23:34 - 00079144 _____ C:\Users\Vip\Desktop\Addition.txt 2017-07-06 19:45 - 2017-07-06 19:45 - 00001410 _____ C:\Users\Vip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk 2017-07-06 19:45 - 2017-07-06 19:45 - 00000000 ____D C:\Users\Vip\AppData\Local\UNP 2017-07-06 18:00 - 2017-07-06 18:01 - 00000000 ____D C:\Program Files\UNP 2017-07-06 18:00 - 2017-07-06 18:00 - 00000000 ____D C:\Windows\system32\UNP 2017-07-05 02:13 - 2017-07-05 02:13 - 00000000 ____D C:\Users\Vip\AppData\Local\Steam 2017-07-05 02:12 - 2017-07-07 00:06 - 00000000 ____D C:\Program Files (x86)\Steam 2017-07-05 02:12 - 2017-07-05 02:12 - 00001032 _____ C:\Users\Public\Desktop\Steam.lnk 2017-07-05 02:12 - 2017-07-05 02:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2017-07-05 02:11 - 2017-07-05 02:12 - 01446792 _____ C:\Users\Vip\Desktop\SteamSetup.exe 2017-07-05 01:35 - 2017-07-05 01:35 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2017-07-05 01:35 - 2017-07-05 01:35 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2017-07-05 01:35 - 2017-07-05 01:35 - 00000000 ____D C:\Users\Vip\AppData\Local\Zemana 2017-07-04 15:31 - 2014-10-23 17:41 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20170704-153142.backup 2017-07-04 15:10 - 2017-07-04 15:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2017-07-04 15:10 - 2017-07-04 15:10 - 00001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2017-07-04 15:10 - 2017-07-04 15:10 - 00001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2017-07-04 15:10 - 2017-07-04 15:10 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2017-07-04 15:10 - 2017-07-04 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2017-07-04 15:10 - 2017-07-04 15:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2017-07-04 15:10 - 2017-05-23 09:22 - 00032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe 2017-07-04 15:09 - 2017-07-04 15:09 - 51725936 _____ (Safer-Networking Ltd. ) C:\Users\Vip\Desktop\spybotsd-2.6.46.exe 2017-07-04 00:47 - 2017-07-04 00:48 - 121802512 _____ (Microsoft Corporation) C:\Users\Vip\Desktop\mpam-fe.exe 2017-07-04 00:16 - 2017-07-06 19:25 - 00000000 ____D C:\AdwCleaner 2017-07-04 00:15 - 2017-07-04 00:16 - 04110280 _____ C:\Users\Vip\Desktop\adwcleaner_6.047.exe 2017-07-03 23:41 - 2017-07-04 03:01 - 00000000 ____D C:\Program Files\FreeFixer 2017-07-03 23:41 - 2017-07-03 23:56 - 00000000 ____D C:\Users\Vip\AppData\Roaming\FreeFixer 2017-07-03 23:41 - 2017-07-03 23:56 - 00000000 ____D C:\Users\Vip\AppData\Local\FreeFixer 2017-07-03 18:19 - 2017-07-03 18:19 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2017-07-03 18:19 - 2017-07-03 18:19 - 00000000 ____D C:\ProgramData\Sophos 2017-07-03 18:19 - 2017-07-03 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2017-07-03 18:19 - 2017-07-03 18:19 - 00000000 ____D C:\Program Files (x86)\Sophos 2017-07-03 18:17 - 2017-07-06 19:27 - 00000553 _____ C:\Users\Vip\Desktop\JRT.txt 2017-07-03 18:03 - 2017-07-03 18:03 - 00087584 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_kimul.sys 2017-06-29 01:19 - 2017-07-03 18:18 - 169810248 _____ (Sophos Limited) C:\Users\Vip\Desktop\Sophos Virus Removal Tool.exe 2017-06-29 01:18 - 2017-06-29 01:27 - 01663672 _____ (Malwarebytes) C:\Users\Vip\Desktop\JRT.exe 2017-06-29 00:14 - 2017-07-03 18:47 - 00000420 _____ C:\Users\Vip\Desktop\This PC - Shortcut.lnk 2017-06-29 00:04 - 2017-07-03 23:02 - 00000000 ____D C:\Program Files\HitmanPro 2017-06-29 00:04 - 2017-06-29 00:09 - 00000000 ____D C:\ProgramData\HitmanPro 2017-06-29 00:04 - 2017-06-29 00:04 - 00001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2017-06-29 00:04 - 2017-06-29 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2017-06-29 00:03 - 2017-06-29 00:03 - 11584088 _____ (SurfRight B.V.) C:\Users\Vip\Desktop\hitmanpro_x64.exe 2017-06-28 22:08 - 2017-06-28 22:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2017-06-28 21:48 - 2017-06-28 21:48 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2017-06-28 17:51 - 2017-06-28 17:51 - 00251664 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys 2017-06-28 17:51 - 2017-06-28 17:51 - 00229288 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys 2017-06-28 17:51 - 2017-06-28 17:51 - 00173144 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys 2017-06-28 17:51 - 2017-06-28 17:51 - 00112912 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys 2017-06-28 17:49 - 2017-07-07 00:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2017-06-28 17:49 - 2017-07-06 18:10 - 00003240 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2017-06-28 17:49 - 2017-06-28 17:51 - 01018592 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2017-06-28 17:49 - 2017-06-28 17:51 - 00197336 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2017-06-28 17:49 - 2017-06-28 17:50 - 00520176 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2017-06-28 17:49 - 2017-06-28 17:50 - 00000000 ____D C:\Program Files\Common Files\AV 2017-06-28 17:49 - 2017-06-28 17:49 - 00002156 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk 2017-06-28 17:49 - 2017-06-28 17:49 - 00001447 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk 2017-06-28 17:49 - 2017-06-28 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection 2017-06-28 17:49 - 2017-06-28 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2017-06-28 17:49 - 2017-06-28 17:49 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2017-06-28 17:49 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2017-06-28 03:09 - 2017-06-28 03:09 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-06-28 03:08 - 2017-07-07 00:06 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-06-28 03:08 - 2017-07-07 00:06 - 00093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-06-28 03:08 - 2017-07-07 00:06 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-06-28 03:08 - 2017-06-28 03:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-06-28 03:08 - 2017-06-28 03:08 - 00000000 ____D C:\Program Files\Malwarebytes 2017-06-28 03:08 - 2017-05-25 11:58 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-06-28 03:07 - 2017-06-28 03:08 - 64232976 _____ (Malwarebytes ) C:\Users\Vip\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe 2017-06-28 02:59 - 2017-06-28 02:59 - 00000000 ___SD C:\Windows\UpdateAssistantV2 2017-06-28 02:51 - 2017-06-03 06:50 - 00315744 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2017-06-28 02:51 - 2017-06-03 06:50 - 00192856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll 2017-06-28 02:51 - 2017-06-03 06:16 - 00279904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2017-06-28 02:51 - 2017-06-03 06:14 - 01564512 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 01214816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00629088 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00544096 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00334176 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00233824 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00136024 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00096608 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2017-06-28 02:51 - 2017-06-03 06:14 - 00034648 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe 2017-06-28 02:51 - 2017-06-03 06:11 - 01706488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2017-06-28 02:51 - 2017-06-03 06:11 - 00128864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys 2017-06-28 02:51 - 2017-06-03 06:09 - 02213760 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2017-06-28 02:51 - 2017-06-03 06:08 - 07783256 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-06-28 02:51 - 2017-06-03 06:06 - 02048496 _____ C:\Windows\SysWOW64\CoreUIComponents.dll 2017-06-28 02:51 - 2017-06-03 06:01 - 02681200 _____ C:\Windows\system32\CoreUIComponents.dll 2017-06-28 02:51 - 2017-06-03 05:59 - 01181024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2017-06-28 02:51 - 2017-06-03 05:59 - 00764392 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll 2017-06-28 02:51 - 2017-06-03 05:59 - 00118112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2017-06-28 02:51 - 2017-06-03 05:58 - 00340832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-06-28 02:51 - 2017-06-03 05:55 - 00780640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe 2017-06-28 02:51 - 2017-06-03 05:54 - 00187232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2017-06-28 02:51 - 2017-06-03 05:53 - 00404824 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-06-28 02:51 - 2017-06-03 05:52 - 01021784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll 2017-06-28 02:51 - 2017-06-03 05:52 - 00607072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll 2017-06-28 02:51 - 2017-06-03 05:52 - 00111968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll 2017-06-28 02:51 - 2017-06-03 05:51 - 02187104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2017-06-28 02:51 - 2017-06-03 05:51 - 00402272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2017-06-28 02:51 - 2017-06-03 05:50 - 00857440 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe 2017-06-28 02:51 - 2017-06-03 05:50 - 00381792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS 2017-06-28 02:51 - 2017-06-03 05:49 - 20967840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2017-06-28 02:51 - 2017-06-03 05:49 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2017-06-28 02:51 - 2017-06-03 05:49 - 00509280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2017-06-28 02:51 - 2017-06-03 05:48 - 01112416 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll 2017-06-28 02:51 - 2017-06-03 05:48 - 01100128 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe 2017-06-28 02:51 - 2017-06-03 05:48 - 00989024 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe 2017-06-28 02:51 - 2017-06-03 05:48 - 00857952 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll 2017-06-28 02:51 - 2017-06-03 05:48 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll 2017-06-28 02:51 - 2017-06-03 05:45 - 22220864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2017-06-28 02:51 - 2017-06-03 05:44 - 01600624 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2017-06-28 02:51 - 2017-06-03 05:44 - 01412640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll 2017-06-28 02:51 - 2017-06-03 05:44 - 00545944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe 2017-06-28 02:51 - 2017-06-03 05:40 - 01566552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll 2017-06-28 02:51 - 2017-06-03 05:40 - 00628552 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe 2017-06-28 02:51 - 2017-06-03 05:39 - 05686272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2017-06-28 02:51 - 2017-06-03 05:39 - 02532192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2017-06-28 02:51 - 2017-06-03 05:39 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe 2017-06-28 02:51 - 2017-06-03 05:33 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll 2017-06-28 02:51 - 2017-06-03 05:32 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2017-06-28 02:51 - 2017-06-03 05:31 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll 2017-06-28 02:51 - 2017-06-03 05:31 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2017-06-28 02:51 - 2017-06-03 05:28 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll 2017-06-28 02:51 - 2017-06-03 05:28 - 00232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edputil.dll 2017-06-28 02:51 - 2017-06-03 05:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2017-06-28 02:51 - 2017-06-03 05:26 - 00100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBrokerUI.dll 2017-06-28 02:51 - 2017-06-03 05:23 - 00306688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll 2017-06-28 02:51 - 2017-06-03 05:22 - 07217152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2017-06-28 02:51 - 2017-06-03 05:22 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll 2017-06-28 02:51 - 2017-06-03 05:22 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2017-06-28 02:51 - 2017-06-03 05:22 - 00181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll 2017-06-28 02:51 - 2017-06-03 05:20 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-06-28 02:51 - 2017-06-03 05:19 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2017-06-28 02:51 - 2017-06-03 05:18 - 22569984 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2017-06-28 02:51 - 2017-06-03 05:16 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll 2017-06-28 02:51 - 2017-06-03 05:16 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll 2017-06-28 02:51 - 2017-06-03 05:16 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 19414016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 18364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys 2017-06-28 02:51 - 2017-06-03 05:14 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe 2017-06-28 02:51 - 2017-06-03 05:14 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2017-06-28 02:51 - 2017-06-03 05:14 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe 2017-06-28 02:51 - 2017-06-03 05:14 - 00045056 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2017-06-28 02:51 - 2017-06-03 05:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdProxy.dll 2017-06-28 02:51 - 2017-06-03 05:11 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll 2017-06-28 02:51 - 2017-06-03 05:10 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll 2017-06-28 02:51 - 2017-06-03 05:10 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\edputil.dll 2017-06-28 02:51 - 2017-06-03 05:10 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\AuthBrokerUI.dll 2017-06-28 02:51 - 2017-06-03 05:09 - 00489472 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll 2017-06-28 02:51 - 2017-06-03 05:09 - 00441344 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll 2017-06-28 02:51 - 2017-06-03 05:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\NetworkBindingEngineMigPlugin.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 12187648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 02643968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 01221120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2017-06-28 02:51 - 2017-06-03 05:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll 2017-06-28 02:51 - 2017-06-03 05:07 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2017-06-28 02:51 - 2017-06-03 05:07 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\HNetCfgClient.dll 2017-06-28 02:51 - 2017-06-03 05:06 - 03664384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-06-28 02:51 - 2017-06-03 05:06 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2017-06-28 02:51 - 2017-06-03 05:05 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll 2017-06-28 02:51 - 2017-06-03 05:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hnetcfg.dll 2017-06-28 02:51 - 2017-06-03 05:04 - 06042624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2017-06-28 02:51 - 2017-06-03 05:04 - 02006528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2017-06-28 02:51 - 2017-06-03 05:04 - 00773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2017-06-28 02:51 - 2017-06-03 05:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2017-06-28 02:51 - 2017-06-03 05:03 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-06-28 02:51 - 2017-06-03 05:02 - 02997760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys 2017-06-28 02:51 - 2017-06-03 05:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll 2017-06-28 02:51 - 2017-06-03 05:00 - 23677440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-06-28 02:51 - 2017-06-03 04:58 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll 2017-06-28 02:51 - 2017-06-03 04:56 - 13091840 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-06-28 02:51 - 2017-06-03 04:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll 2017-06-28 02:51 - 2017-06-03 04:53 - 08125440 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2017-06-28 02:51 - 2017-06-03 04:52 - 03403264 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2017-06-28 02:51 - 2017-06-03 04:52 - 02510848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll 2017-06-28 02:51 - 2017-06-03 04:52 - 00975872 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe 2017-06-28 02:51 - 2017-06-03 04:52 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2017-06-28 02:51 - 2017-06-03 04:51 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2017-06-28 02:51 - 2017-06-03 04:51 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll 2017-06-28 02:51 - 2017-06-03 04:50 - 04744704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-06-28 02:51 - 2017-06-03 04:50 - 02538496 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 03615744 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2017-06-28 02:51 - 2017-06-03 04:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 02475520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 02318848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys 2017-06-28 02:51 - 2017-06-03 04:49 - 00903680 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2017-06-28 02:51 - 2017-06-03 04:49 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\hnetcfg.dll 2017-06-28 02:51 - 2017-06-03 04:48 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-06-28 02:51 - 2017-06-03 04:48 - 01131008 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2017-06-28 02:51 - 2017-06-03 04:48 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2017-06-28 02:51 - 2017-06-03 04:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll 2017-06-28 02:51 - 2017-06-03 04:46 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll 2017-06-28 02:51 - 2017-06-03 04:40 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll 2017-06-28 02:51 - 2017-06-03 02:08 - 00080078 _____ C:\Windows\system32\normidna.nls 2017-06-28 02:51 - 2017-05-25 01:56 - 00038752 _____ (Microsoft Corporation) C:\Windows\system32\OOBEUpdater.exe 2017-06-28 02:51 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll 2017-06-28 02:51 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2017-06-28 02:51 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2017-06-28 02:51 - 2017-03-04 02:16 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll 2017-06-28 02:51 - 2016-09-07 00:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll 2017-06-28 01:46 - 2017-06-28 01:46 - 00221662 _____ C:\Users\Vip\Desktop\MicrosoftProgram_Install_and_Uninstall.meta.diagcab 2017-06-27 23:03 - 2017-06-28 02:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2017-06-27 23:03 - 2017-06-27 23:03 - 00000000 ____D C:\Users\Vip\AppData\Local\VS Revo Group 2017-06-27 23:03 - 2017-06-27 23:03 - 00000000 ____D C:\Program Files\VS Revo Group 2017-06-27 22:59 - 2017-06-27 23:51 - 00000000 ____D C:\Users\Vip\AppData\Local\FSDART 2017-06-27 22:58 - 2017-06-27 22:59 - 00000000 ____D C:\ProgramData\F-Secure 2017-06-27 22:53 - 2017-07-06 18:00 - 00000000 ____D C:\Windows\AppReadiness 2017-06-25 22:39 - 2017-04-26 23:06 - 00000212 _____ C:\Users\Vip\Desktop\Quake Champions - Copy.url 2017-06-14 01:41 - 2017-06-14 01:41 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignf57f9f0cc86e6ddc 2017-06-14 01:40 - 2017-06-14 01:40 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignb3ba178d79cc01a7 2017-06-14 01:40 - 2017-06-14 01:40 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsigna41dd740b34459f5 2017-06-13 01:38 - 2017-06-13 01:38 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignd65ff44b5298eeea 2017-06-13 01:38 - 2017-06-13 01:38 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignd3f5e24ce0496af3 2017-06-13 01:38 - 2017-06-13 01:38 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsigna4424e0c7eede1fc 2017-06-13 01:34 - 2017-06-13 01:34 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignf22dd545ab646d49 2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignf6a88d3f54ff399d 2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign9feb417eec8f690e 2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign7714ab2c9d7bcf20 2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign70645c119295cd18 2017-06-13 01:25 - 2017-06-13 01:25 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignbe3464da20722781 2017-06-13 01:24 - 2017-06-13 01:24 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign31970de1abe526bd 2017-06-13 01:24 - 2017-06-13 01:24 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign2a9916bd7dde60e0 2017-06-12 16:47 - 2017-06-12 16:47 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignd0c5e5f8ac9abec6 2017-06-12 16:47 - 2017-06-12 16:47 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign8648e4ec335b2301 2017-06-12 16:45 - 2017-06-12 16:45 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsigna4b0e26bf721c2fc 2017-06-12 16:45 - 2017-06-12 16:45 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign4bec702507c20320 2017-06-12 00:56 - 2017-06-12 00:56 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign281b8bbd60b42903 2017-06-12 00:54 - 2017-06-12 00:54 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2017-06-12 00:54 - 2017-06-12 00:54 - 00001214 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2017-06-12 00:54 - 2017-06-12 00:54 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignffd8c8d0349ad9c4 2017-06-12 00:54 - 2017-06-12 00:54 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign595e2eb32506f4be 2017-06-12 00:54 - 2017-06-12 00:54 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign101e901e80c322d5 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-07 00:06 - 2016-09-23 05:24 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-07-07 00:06 - 2016-09-23 04:56 - 00000000 ____D C:\ProgramData\NVIDIA 2017-07-07 00:06 - 2015-01-14 00:47 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-07-07 00:05 - 2016-09-23 05:00 - 00000000 ____D C:\Users\Vip 2017-07-07 00:05 - 2016-07-16 02:04 - 01048576 _____ C:\Windows\system32\config\BBI 2017-07-06 23:20 - 2016-06-17 07:14 - 00000000 ____D C:\Users\Vip\AppData\Local\CrashDumps 2017-07-06 22:16 - 2016-09-23 04:54 - 00000000 ____D C:\Windows\system32\SleepStudy 2017-07-06 18:00 - 2016-09-23 04:59 - 03234816 _____ C:\Windows\system32\PerfStringBackup.INI 2017-07-06 18:00 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-07-06 17:59 - 2014-08-16 00:11 - 00000000 ____D C:\Users\Vip\AppData\Local\Adobe 2017-07-06 17:55 - 2016-07-16 02:04 - 00032768 _____ C:\Windows\system32\config\ELAM 2017-07-05 04:07 - 2017-04-26 23:03 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher 2017-07-05 01:23 - 2015-07-03 22:23 - 00000000 ____D C:\Program Files (x86)\QuickTime 2017-07-05 01:23 - 2014-02-26 16:42 - 00000000 ____D C:\ProgramData\Apple Computer 2017-07-04 16:38 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\rescache 2017-07-04 14:40 - 2014-03-14 19:28 - 00000000 ____D C:\Users\Vip\Documents\My Games 2017-07-04 00:40 - 2014-01-04 21:41 - 00000000 ____D C:\Users\Vip\Documents\Adobe 2017-07-03 20:26 - 2015-07-31 01:26 - 00000000 ____D C:\Users\Vip\AppData\Local\Packages 2017-07-03 20:23 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-07-03 20:23 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\Macromed 2017-07-03 20:23 - 2013-08-12 16:35 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-07-03 11:08 - 2016-07-16 07:45 - 00000000 ____D C:\Windows\INF 2017-07-03 11:04 - 2014-10-09 20:56 - 00000000 ____D C:\Windows\pss 2017-06-28 22:23 - 2014-10-20 15:06 - 01321850 _____ C:\Windows\ntbtlog.txt 2017-06-28 17:51 - 2016-06-14 17:47 - 00199392 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys 2017-06-28 17:49 - 2016-07-16 07:47 - 00000000 ___HD C:\Windows\ELAMBKUP 2017-06-28 17:49 - 2015-10-30 02:28 - 00000000 ____D C:\Users\Default.migrated 2017-06-28 15:29 - 2015-01-14 00:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-06-28 03:08 - 2014-10-20 21:47 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-06-28 03:00 - 2016-09-23 04:54 - 00194192 _____ C:\Windows\system32\FNTCACHE.DAT 2017-06-28 03:00 - 2015-07-31 01:26 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-06-28 03:00 - 2013-12-12 16:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2017-06-28 03:00 - 2013-12-12 16:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2017-06-28 02:59 - 2016-07-16 07:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel 2017-06-28 02:59 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\appraiser 2017-06-28 02:59 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\ShellExperiences 2017-06-28 02:57 - 2013-08-14 00:42 - 00000000 ____D C:\Windows\system32\MRT 2017-06-28 02:55 - 2013-12-12 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2017-06-28 02:55 - 2013-08-13 14:48 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-06-28 02:54 - 2016-07-16 07:36 - 00000000 ____D C:\Windows\CbsTemp 2017-06-28 02:14 - 2016-07-16 07:47 - 00000000 ___RD C:\Program Files\Windows Defender 2017-06-28 02:14 - 2016-06-17 07:01 - 00000000 ____D C:\Users\Vip\AppData\Local\NVIDIA 2017-06-28 02:13 - 2016-09-23 05:00 - 00000000 ____D C:\Users\DefaultAppPool 2017-06-28 02:13 - 2016-09-23 04:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-06-28 02:13 - 2016-09-23 04:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-06-28 02:13 - 2016-07-16 07:49 - 00000000 ____D C:\Windows\Setup 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\SysWOW64\F12 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\SysWOW64\DiagSvcs 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\system32\F12 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\system32\dsc 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\system32\DiagSvcs 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___RD C:\Windows\PrintDialog 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\SysWOW64\setup 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\SysWOW64\oobe 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\SysWOW64\inetsrv 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\WinBioPlugIns 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\SystemResetPlatform 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\setup 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\oobe 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\migwiz 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\lv-LV 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\lt-LT 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\inetsrv 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\et-EE 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\es-MX 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\en-GB 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\IME 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2017-06-28 02:13 - 2016-07-16 02:04 - 00000000 ____D C:\Windows\SysWOW64\Dism 2017-06-28 02:13 - 2016-07-16 02:04 - 00000000 ____D C:\Windows\system32\Sysprep 2017-06-28 02:13 - 2016-07-16 02:04 - 00000000 ____D C:\Windows\system32\Dism 2017-06-28 02:13 - 2016-07-16 02:04 - 00000000 ____D C:\Windows\servicing 2017-06-28 02:13 - 2016-06-17 07:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-06-28 02:13 - 2014-10-23 16:36 - 00000000 ____D C:\Windows\erdnt 2017-06-28 02:13 - 2014-04-25 22:47 - 00000000 ____D C:\Windows\en 2017-06-28 02:13 - 2013-10-23 20:54 - 00000000 ____D C:\Netgear 2017-06-28 02:12 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\SysWOW64\Configuration 2017-06-28 02:12 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\Vss 2017-06-28 02:12 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\registration 2017-06-28 02:11 - 2016-07-16 07:47 - 00000000 __RSD C:\Windows\Media 2017-06-28 02:11 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\system32\Configuration 2017-06-28 02:11 - 2016-07-16 07:47 - 00000000 ___RD C:\Windows\MiracastView 2017-06-28 02:11 - 2014-05-29 22:08 - 00000000 ___RD C:\Users\Vip\Dropbox 2017-06-28 02:10 - 2016-09-23 04:56 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-06-28 00:53 - 2015-02-03 02:18 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2017-06-27 15:53 - 2013-12-12 01:38 - 00000000 ____D C:\Users\Vip\AppData\Local\ElevatedDiagnostics 2017-06-13 01:24 - 2015-04-27 02:38 - 00000000 ___RD C:\Users\Vip\Creative Cloud Files 2017-06-12 00:54 - 2013-08-12 17:07 - 00000000 ____D C:\Users\Vip\AppData\Roaming\Adobe 2017-06-12 00:54 - 2013-08-12 17:06 - 00000000 ____D C:\Program Files (x86)\Adobe 2017-06-10 00:10 - 2016-06-17 07:02 - 00000000 ____D C:\Users\Vip\AppData\Local\NVIDIA Corporation 2017-06-08 13:06 - 2015-04-27 02:47 - 00001016 _____ C:\Users\Vip\Desktop\Adobe Lightroom.lnk ==================== Files in the root of some directories ======= 2014-02-09 02:54 - 2014-02-09 03:10 - 0000402 _____ () C:\Users\Vip\AppData\Roaming\burnaware.ini 2014-10-18 13:36 - 2016-06-26 15:46 - 0007612 _____ () C:\Users\Vip\AppData\Local\Resmon.ResmonCfg 2013-12-12 00:23 - 2013-12-12 01:09 - 0000041 _____ () C:\ProgramData\.zreglib 2015-12-06 04:53 - 2015-12-06 04:53 - 0000000 _____ () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-07-03 19:41 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2017 Ran by Vip (administrator) on DAVID-PC (07-07-2017 00:10:11) Running from C:\Users\Vip\Desktop Loaded Profiles: Vip (Available Profiles: Vip & DefaultAppPool) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe (Microsoft Corporation) C:\Windows\System32\vds.exe () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.) HKLM\...\Run: [MBCfg64] => C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2112512 2015-06-12] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-4231015545-1375100596-497096790-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation) HKU\S-1-5-21-4231015545-1375100596-497096790-1000\...\Policies\Explorer: [NoDrives] 2 SSODL: EldosMountNotificator-cbfs6 - {27426A2E-D142-4A6A-BEDC-22752B5CE09F} - C:\Windows\system32\cbfsMntNtf6.dll (/n software, Inc.) SSODL-x32: EldosMountNotificator-cbfs6 - {27426A2E-D142-4A6A-BEDC-22752B5CE09F} - C:\Windows\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-06-10] ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk [2016-09-29] ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder5Pro\Utility\SpyderUtility.exe ((c)2016 Datacolor) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.7.1 Tcpip\..\Interfaces\{4cec1457-114d-4ad3-bd9c-9ccc461333cf}: [DhcpNameServer] 192.168.7.1 Tcpip\..\Interfaces\{8007e99f-04a7-4aa2-8bc5-7af1bbc26d21}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{e694b644-4e1b-43b1-999b-f798d5dfa8b9}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4231015545-1375100596-497096790-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-4231015545-1375100596-497096790-1000\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKLM-x32 -> DefaultScope {BF99B756-B4D2-4572-AAF9-2DB81B92E687} URL = BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab) BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab) Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-4231015545-1375100596-497096790-1000 -> hxxp://bluesnews.com/ FireFox: ======== FF Extension: (AT&T Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2017-03-09] [not signed] FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-03-30] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\npMotive.dll [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) Chrome: ======= CHR DefaultProfile: Default CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated) R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-06-10] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-06-10] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed] R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [18368 2017-01-24] (Cybereason) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.) R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-12-06] (CHENGDU YIWO Tech Development Co., Ltd) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-06-29] (SurfRight B.V.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation) R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [451072 2015-10-06] (Rivet Networks) [File not signed] S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab) R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.) R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672208 2017-04-05] (Wacom Technology, Corp.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [141896 2015-09-30] (Rivet Networks, LLC.) R1 cbfs6; C:\Windows\system32\drivers\cbfs6.sys [460992 2016-09-21] (/n software, Inc.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-05-25] () R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [52392 2016-11-28] () R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [158272 2015-09-03] (Qualcomm Atheros, Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab) R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [197336 2017-06-28] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\drivers\klhk.sys [520176 2017-06-28] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1018592 2017-06-28] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57424 2017-03-30] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab) R3 kltap; C:\Windows\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-06-28] (AO Kaspersky Lab) R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [87584 2017-07-03] (AO Kaspersky Lab) S3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [251664 2017-06-28] (AO Kaspersky Lab) R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [112912 2017-06-28] (AO Kaspersky Lab) R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [173144 2017-06-28] (AO Kaspersky Lab) S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [136416 2017-03-30] (AO Kaspersky Lab) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199392 2017-06-28] (AO Kaspersky Lab) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R1 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-06-28] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-07-07] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-07-07] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-07-07] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-07-07] (Malwarebytes) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7209bde3180ef5f7\nvlddmkm.sys [14458264 2017-05-19] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation) S3 Spyder5; C:\Windows\System32\drivers\dccmtr.sys [15360 2015-04-13] (Datacolor) R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2016-09-21] (/n software, Inc.) R3 WacHidRouterPro; C:\Windows\System32\drivers\wachidrouter.sys [120976 2017-03-27] (Wacom Technology) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-07 00:10 - 2017-07-07 00:10 - 00022391 _____ C:\Users\Vip\Desktop\FRST.txt 2017-07-07 00:09 - 2017-07-07 00:10 - 02436608 _____ (Farbar) C:\Users\Vip\Desktop\FRST64.exe 2017-07-07 00:06 - 2017-07-07 00:06 - 00511653 _____ C:\Users\Akhsw\zqFlcl.xlsx 2017-07-07 00:06 - 2017-07-07 00:06 - 00500064 _____ C:\Users\WljNV\KUPRf.xlsx 2017-07-07 00:06 - 2017-07-07 00:06 - 00231035 _____ C:\Users\Akhsw\can-established-illustrated.mdb 2017-07-07 00:06 - 2017-07-07 00:06 - 00226823 _____ C:\Users\WljNV\elder disposal los snapped.mdb 2017-07-07 00:06 - 2017-07-07 00:06 - 00067358 _____ C:\Users\Akhsw\dogs most.xls 2017-07-07 00:06 - 2017-07-07 00:06 - 00066085 _____ C:\Users\WljNV\cake-continental.xls 2017-07-07 00:06 - 2017-07-07 00:06 - 00050832 _____ C:\Users\Akhsw\dogs_abnormal_exception_eighteenth.pem 2017-07-07 00:06 - 2017-07-07 00:06 - 00050783 _____ C:\Users\WljNV\normally.doctors.parcel.everyone.pem 2017-07-07 00:06 - 2017-07-07 00:06 - 00019718 _____ C:\Users\WljNV\gxj1hgiAsK.sql 2017-07-07 00:06 - 2017-07-07 00:06 - 00015615 _____ C:\Users\Akhsw\enjoy-background-needed.sql 2017-07-07 00:06 - 2017-07-07 00:06 - 00012890 _____ C:\Users\Akhsw\BY2rvs.txt 2017-07-07 00:06 - 2017-07-07 00:06 - 00012813 _____ C:\Users\WljNV\export-pipe-shortly.txt 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 __SHD C:\Users\Vip\Desktop\ This folder protects against ransomware. Modifying it will reduce protection 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 ___HD C:\Users\WljNV 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 ___HD C:\Users\Akhsw 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 ____D C:\Xuse145 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 ____D C:\Acstores174 2017-07-06 23:33 - 2017-07-07 00:10 - 00000000 ____D C:\FRST 2017-07-06 23:33 - 2017-07-06 23:34 - 00079144 _____ C:\Users\Vip\Desktop\Addition.txt 2017-07-06 19:45 - 2017-07-06 19:45 - 00001410 _____ C:\Users\Vip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk 2017-07-06 19:45 - 2017-07-06 19:45 - 00000000 ____D C:\Users\Vip\AppData\Local\UNP 2017-07-06 18:00 - 2017-07-06 18:01 - 00000000 ____D C:\Program Files\UNP 2017-07-06 18:00 - 2017-07-06 18:00 - 00000000 ____D C:\Windows\system32\UNP 2017-07-05 02:13 - 2017-07-05 02:13 - 00000000 ____D C:\Users\Vip\AppData\Local\Steam 2017-07-05 02:12 - 2017-07-07 00:06 - 00000000 ____D C:\Program Files (x86)\Steam 2017-07-05 02:12 - 2017-07-05 02:12 - 00001032 _____ C:\Users\Public\Desktop\Steam.lnk 2017-07-05 02:12 - 2017-07-05 02:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2017-07-05 02:11 - 2017-07-05 02:12 - 01446792 _____ C:\Users\Vip\Desktop\SteamSetup.exe 2017-07-05 01:35 - 2017-07-05 01:35 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2017-07-05 01:35 - 2017-07-05 01:35 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2017-07-05 01:35 - 2017-07-05 01:35 - 00000000 ____D C:\Users\Vip\AppData\Local\Zemana 2017-07-04 15:31 - 2014-10-23 17:41 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20170704-153142.backup 2017-07-04 15:10 - 2017-07-04 15:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2017-07-04 15:10 - 2017-07-04 15:10 - 00001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2017-07-04 15:10 - 2017-07-04 15:10 - 00001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2017-07-04 15:10 - 2017-07-04 15:10 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2017-07-04 15:10 - 2017-07-04 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2017-07-04 15:10 - 2017-07-04 15:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2017-07-04 15:10 - 2017-05-23 09:22 - 00032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe 2017-07-04 15:09 - 2017-07-04 15:09 - 51725936 _____ (Safer-Networking Ltd. ) C:\Users\Vip\Desktop\spybotsd-2.6.46.exe 2017-07-04 00:47 - 2017-07-04 00:48 - 121802512 _____ (Microsoft Corporation) C:\Users\Vip\Desktop\mpam-fe.exe 2017-07-04 00:16 - 2017-07-06 19:25 - 00000000 ____D C:\AdwCleaner 2017-07-04 00:15 - 2017-07-04 00:16 - 04110280 _____ C:\Users\Vip\Desktop\adwcleaner_6.047.exe 2017-07-03 23:41 - 2017-07-04 03:01 - 00000000 ____D C:\Program Files\FreeFixer 2017-07-03 23:41 - 2017-07-03 23:56 - 00000000 ____D C:\Users\Vip\AppData\Roaming\FreeFixer 2017-07-03 23:41 - 2017-07-03 23:56 - 00000000 ____D C:\Users\Vip\AppData\Local\FreeFixer 2017-07-03 18:19 - 2017-07-03 18:19 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2017-07-03 18:19 - 2017-07-03 18:19 - 00000000 ____D C:\ProgramData\Sophos 2017-07-03 18:19 - 2017-07-03 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2017-07-03 18:19 - 2017-07-03 18:19 - 00000000 ____D C:\Program Files (x86)\Sophos 2017-07-03 18:17 - 2017-07-06 19:27 - 00000553 _____ C:\Users\Vip\Desktop\JRT.txt 2017-07-03 18:03 - 2017-07-03 18:03 - 00087584 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_kimul.sys 2017-06-29 01:19 - 2017-07-03 18:18 - 169810248 _____ (Sophos Limited) C:\Users\Vip\Desktop\Sophos Virus Removal Tool.exe 2017-06-29 01:18 - 2017-06-29 01:27 - 01663672 _____ (Malwarebytes) C:\Users\Vip\Desktop\JRT.exe 2017-06-29 00:14 - 2017-07-03 18:47 - 00000420 _____ C:\Users\Vip\Desktop\This PC - Shortcut.lnk 2017-06-29 00:04 - 2017-07-03 23:02 - 00000000 ____D C:\Program Files\HitmanPro 2017-06-29 00:04 - 2017-06-29 00:09 - 00000000 ____D C:\ProgramData\HitmanPro 2017-06-29 00:04 - 2017-06-29 00:04 - 00001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2017-06-29 00:04 - 2017-06-29 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2017-06-29 00:03 - 2017-06-29 00:03 - 11584088 _____ (SurfRight B.V.) C:\Users\Vip\Desktop\hitmanpro_x64.exe 2017-06-28 22:08 - 2017-06-28 22:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2017-06-28 21:48 - 2017-06-28 21:48 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2017-06-28 17:51 - 2017-06-28 17:51 - 00251664 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys 2017-06-28 17:51 - 2017-06-28 17:51 - 00229288 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys 2017-06-28 17:51 - 2017-06-28 17:51 - 00173144 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys 2017-06-28 17:51 - 2017-06-28 17:51 - 00112912 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys 2017-06-28 17:49 - 2017-07-07 00:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2017-06-28 17:49 - 2017-07-06 18:10 - 00003240 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2017-06-28 17:49 - 2017-06-28 17:51 - 01018592 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2017-06-28 17:49 - 2017-06-28 17:51 - 00197336 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2017-06-28 17:49 - 2017-06-28 17:50 - 00520176 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2017-06-28 17:49 - 2017-06-28 17:50 - 00000000 ____D C:\Program Files\Common Files\AV 2017-06-28 17:49 - 2017-06-28 17:49 - 00002156 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk 2017-06-28 17:49 - 2017-06-28 17:49 - 00001447 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk 2017-06-28 17:49 - 2017-06-28 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection 2017-06-28 17:49 - 2017-06-28 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2017-06-28 17:49 - 2017-06-28 17:49 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2017-06-28 17:49 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2017-06-28 03:09 - 2017-06-28 03:09 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-06-28 03:08 - 2017-07-07 00:06 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-06-28 03:08 - 2017-07-07 00:06 - 00093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-06-28 03:08 - 2017-07-07 00:06 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-06-28 03:08 - 2017-06-28 03:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-06-28 03:08 - 2017-06-28 03:08 - 00000000 ____D C:\Program Files\Malwarebytes 2017-06-28 03:08 - 2017-05-25 11:58 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-06-28 03:07 - 2017-06-28 03:08 - 64232976 _____ (Malwarebytes ) C:\Users\Vip\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe 2017-06-28 02:59 - 2017-06-28 02:59 - 00000000 ___SD C:\Windows\UpdateAssistantV2 2017-06-28 02:51 - 2017-06-03 06:50 - 00315744 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2017-06-28 02:51 - 2017-06-03 06:50 - 00192856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll 2017-06-28 02:51 - 2017-06-03 06:16 - 00279904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2017-06-28 02:51 - 2017-06-03 06:14 - 01564512 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 01214816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00629088 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00544096 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00334176 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00233824 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00136024 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00096608 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2017-06-28 02:51 - 2017-06-03 06:14 - 00034648 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe 2017-06-28 02:51 - 2017-06-03 06:11 - 01706488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2017-06-28 02:51 - 2017-06-03 06:11 - 00128864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys 2017-06-28 02:51 - 2017-06-03 06:09 - 02213760 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2017-06-28 02:51 - 2017-06-03 06:08 - 07783256 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-06-28 02:51 - 2017-06-03 06:06 - 02048496 _____ C:\Windows\SysWOW64\CoreUIComponents.dll 2017-06-28 02:51 - 2017-06-03 06:01 - 02681200 _____ C:\Windows\system32\CoreUIComponents.dll 2017-06-28 02:51 - 2017-06-03 05:59 - 01181024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2017-06-28 02:51 - 2017-06-03 05:59 - 00764392 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll 2017-06-28 02:51 - 2017-06-03 05:59 - 00118112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2017-06-28 02:51 - 2017-06-03 05:58 - 00340832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-06-28 02:51 - 2017-06-03 05:55 - 00780640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe 2017-06-28 02:51 - 2017-06-03 05:54 - 00187232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2017-06-28 02:51 - 2017-06-03 05:53 - 00404824 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-06-28 02:51 - 2017-06-03 05:52 - 01021784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll 2017-06-28 02:51 - 2017-06-03 05:52 - 00607072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll 2017-06-28 02:51 - 2017-06-03 05:52 - 00111968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll 2017-06-28 02:51 - 2017-06-03 05:51 - 02187104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2017-06-28 02:51 - 2017-06-03 05:51 - 00402272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2017-06-28 02:51 - 2017-06-03 05:50 - 00857440 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe 2017-06-28 02:51 - 2017-06-03 05:50 - 00381792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS 2017-06-28 02:51 - 2017-06-03 05:49 - 20967840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2017-06-28 02:51 - 2017-06-03 05:49 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2017-06-28 02:51 - 2017-06-03 05:49 - 00509280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2017-06-28 02:51 - 2017-06-03 05:48 - 01112416 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll 2017-06-28 02:51 - 2017-06-03 05:48 - 01100128 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe 2017-06-28 02:51 - 2017-06-03 05:48 - 00989024 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe 2017-06-28 02:51 - 2017-06-03 05:48 - 00857952 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll 2017-06-28 02:51 - 2017-06-03 05:48 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll 2017-06-28 02:51 - 2017-06-03 05:45 - 22220864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2017-06-28 02:51 - 2017-06-03 05:44 - 01600624 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2017-06-28 02:51 - 2017-06-03 05:44 - 01412640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll 2017-06-28 02:51 - 2017-06-03 05:44 - 00545944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe 2017-06-28 02:51 - 2017-06-03 05:40 - 01566552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll 2017-06-28 02:51 - 2017-06-03 05:40 - 00628552 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe 2017-06-28 02:51 - 2017-06-03 05:39 - 05686272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2017-06-28 02:51 - 2017-06-03 05:39 - 02532192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2017-06-28 02:51 - 2017-06-03 05:39 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe 2017-06-28 02:51 - 2017-06-03 05:33 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll 2017-06-28 02:51 - 2017-06-03 05:32 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2017-06-28 02:51 - 2017-06-03 05:31 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll 2017-06-28 02:51 - 2017-06-03 05:31 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2017-06-28 02:51 - 2017-06-03 05:28 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll 2017-06-28 02:51 - 2017-06-03 05:28 - 00232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edputil.dll 2017-06-28 02:51 - 2017-06-03 05:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2017-06-28 02:51 - 2017-06-03 05:26 - 00100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBrokerUI.dll 2017-06-28 02:51 - 2017-06-03 05:23 - 00306688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll 2017-06-28 02:51 - 2017-06-03 05:22 - 07217152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2017-06-28 02:51 - 2017-06-03 05:22 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll 2017-06-28 02:51 - 2017-06-03 05:22 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2017-06-28 02:51 - 2017-06-03 05:22 - 00181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll 2017-06-28 02:51 - 2017-06-03 05:20 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-06-28 02:51 - 2017-06-03 05:19 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2017-06-28 02:51 - 2017-06-03 05:18 - 22569984 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2017-06-28 02:51 - 2017-06-03 05:16 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll 2017-06-28 02:51 - 2017-06-03 05:16 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll 2017-06-28 02:51 - 2017-06-03 05:16 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 19414016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 18364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys 2017-06-28 02:51 - 2017-06-03 05:14 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe 2017-06-28 02:51 - 2017-06-03 05:14 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2017-06-28 02:51 - 2017-06-03 05:14 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe 2017-06-28 02:51 - 2017-06-03 05:14 - 00045056 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2017-06-28 02:51 - 2017-06-03 05:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdProxy.dll 2017-06-28 02:51 - 2017-06-03 05:11 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll 2017-06-28 02:51 - 2017-06-03 05:10 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll 2017-06-28 02:51 - 2017-06-03 05:10 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\edputil.dll 2017-06-28 02:51 - 2017-06-03 05:10 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\AuthBrokerUI.dll 2017-06-28 02:51 - 2017-06-03 05:09 - 00489472 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll 2017-06-28 02:51 - 2017-06-03 05:09 - 00441344 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll 2017-06-28 02:51 - 2017-06-03 05:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\NetworkBindingEngineMigPlugin.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 12187648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 02643968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 01221120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2017-06-28 02:51 - 2017-06-03 05:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll 2017-06-28 02:51 - 2017-06-03 05:07 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2017-06-28 02:51 - 2017-06-03 05:07 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\HNetCfgClient.dll 2017-06-28 02:51 - 2017-06-03 05:06 - 03664384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-06-28 02:51 - 2017-06-03 05:06 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2017-06-28 02:51 - 2017-06-03 05:05 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll 2017-06-28 02:51 - 2017-06-03 05:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hnetcfg.dll 2017-06-28 02:51 - 2017-06-03 05:04 - 06042624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2017-06-28 02:51 - 2017-06-03 05:04 - 02006528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2017-06-28 02:51 - 2017-06-03 05:04 - 00773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2017-06-28 02:51 - 2017-06-03 05:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2017-06-28 02:51 - 2017-06-03 05:03 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-06-28 02:51 - 2017-06-03 05:02 - 02997760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys 2017-06-28 02:51 - 2017-06-03 05:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll 2017-06-28 02:51 - 2017-06-03 05:00 - 23677440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-06-28 02:51 - 2017-06-03 04:58 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll 2017-06-28 02:51 - 2017-06-03 04:56 - 13091840 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-06-28 02:51 - 2017-06-03 04:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll 2017-06-28 02:51 - 2017-06-03 04:53 - 08125440 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2017-06-28 02:51 - 2017-06-03 04:52 - 03403264 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2017-06-28 02:51 - 2017-06-03 04:52 - 02510848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll 2017-06-28 02:51 - 2017-06-03 04:52 - 00975872 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe 2017-06-28 02:51 - 2017-06-03 04:52 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2017-06-28 02:51 - 2017-06-03 04:51 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2017-06-28 02:51 - 2017-06-03 04:51 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll 2017-06-28 02:51 - 2017-06-03 04:50 - 04744704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-06-28 02:51 - 2017-06-03 04:50 - 02538496 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 03615744 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2017-06-28 02:51 - 2017-06-03 04:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 02475520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 02318848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys 2017-06-28 02:51 - 2017-06-03 04:49 - 00903680 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2017-06-28 02:51 - 2017-06-03 04:49 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\hnetcfg.dll 2017-06-28 02:51 - 2017-06-03 04:48 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-06-28 02:51 - 2017-06-03 04:48 - 01131008 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2017-06-28 02:51 - 2017-06-03 04:48 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2017-06-28 02:51 - 2017-06-03 04:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll 2017-06-28 02:51 - 2017-06-03 04:46 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll 2017-06-28 02:51 - 2017-06-03 04:40 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll 2017-06-28 02:51 - 2017-06-03 02:08 - 00080078 _____ C:\Windows\system32\normidna.nls 2017-06-28 02:51 - 2017-05-25 01:56 - 00038752 _____ (Microsoft Corporation) C:\Windows\system32\OOBEUpdater.exe 2017-06-28 02:51 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll 2017-06-28 02:51 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2017-06-28 02:51 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2017-06-28 02:51 - 2017-03-04 02:16 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll 2017-06-28 02:51 - 2016-09-07 00:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll 2017-06-28 01:46 - 2017-06-28 01:46 - 00221662 _____ C:\Users\Vip\Desktop\MicrosoftProgram_Install_and_Uninstall.meta.diagcab 2017-06-27 23:03 - 2017-06-28 02:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2017-06-27 23:03 - 2017-06-27 23:03 - 00000000 ____D C:\Users\Vip\AppData\Local\VS Revo Group 2017-06-27 23:03 - 2017-06-27 23:03 - 00000000 ____D C:\Program Files\VS Revo Group 2017-06-27 22:59 - 2017-06-27 23:51 - 00000000 ____D C:\Users\Vip\AppData\Local\FSDART 2017-06-27 22:58 - 2017-06-27 22:59 - 00000000 ____D C:\ProgramData\F-Secure 2017-06-27 22:53 - 2017-07-06 18:00 - 00000000 ____D C:\Windows\AppReadiness 2017-06-25 22:39 - 2017-04-26 23:06 - 00000212 _____ C:\Users\Vip\Desktop\Quake Champions - Copy.url 2017-06-14 01:41 - 2017-06-14 01:41 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignf57f9f0cc86e6ddc 2017-06-14 01:40 - 2017-06-14 01:40 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignb3ba178d79cc01a7 2017-06-14 01:40 - 2017-06-14 01:40 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsigna41dd740b34459f5 2017-06-13 01:38 - 2017-06-13 01:38 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignd65ff44b5298eeea 2017-06-13 01:38 - 2017-06-13 01:38 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignd3f5e24ce0496af3 2017-06-13 01:38 - 2017-06-13 01:38 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsigna4424e0c7eede1fc 2017-06-13 01:34 - 2017-06-13 01:34 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignf22dd545ab646d49 2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignf6a88d3f54ff399d 2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign9feb417eec8f690e 2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign7714ab2c9d7bcf20 2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign70645c119295cd18 2017-06-13 01:25 - 2017-06-13 01:25 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignbe3464da20722781 2017-06-13 01:24 - 2017-06-13 01:24 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign31970de1abe526bd 2017-06-13 01:24 - 2017-06-13 01:24 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign2a9916bd7dde60e0 2017-06-12 16:47 - 2017-06-12 16:47 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignd0c5e5f8ac9abec6 2017-06-12 16:47 - 2017-06-12 16:47 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign8648e4ec335b2301 2017-06-12 16:45 - 2017-06-12 16:45 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsigna4b0e26bf721c2fc 2017-06-12 16:45 - 2017-06-12 16:45 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign4bec702507c20320 2017-06-12 00:56 - 2017-06-12 00:56 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign281b8bbd60b42903 2017-06-12 00:54 - 2017-06-12 00:54 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2017-06-12 00:54 - 2017-06-12 00:54 - 00001214 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2017-06-12 00:54 - 2017-06-12 00:54 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignffd8c8d0349ad9c4 2017-06-12 00:54 - 2017-06-12 00:54 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign595e2eb32506f4be 2017-06-12 00:54 - 2017-06-12 00:54 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign101e901e80c322d5 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-07 00:06 - 2016-09-23 05:24 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-07-07 00:06 - 2016-09-23 04:56 - 00000000 ____D C:\ProgramData\NVIDIA 2017-07-07 00:06 - 2015-01-14 00:47 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-07-07 00:05 - 2016-09-23 05:00 - 00000000 ____D C:\Users\Vip 2017-07-07 00:05 - 2016-07-16 02:04 - 01048576 _____ C:\Windows\system32\config\BBI 2017-07-06 23:20 - 2016-06-17 07:14 - 00000000 ____D C:\Users\Vip\AppData\Local\CrashDumps 2017-07-06 22:16 - 2016-09-23 04:54 - 00000000 ____D C:\Windows\system32\SleepStudy 2017-07-06 18:00 - 2016-09-23 04:59 - 03234816 _____ C:\Windows\system32\PerfStringBackup.INI 2017-07-06 18:00 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-07-06 17:59 - 2014-08-16 00:11 - 00000000 ____D C:\Users\Vip\AppData\Local\Adobe 2017-07-06 17:55 - 2016-07-16 02:04 - 00032768 _____ C:\Windows\system32\config\ELAM 2017-07-05 04:07 - 2017-04-26 23:03 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher 2017-07-05 01:23 - 2015-07-03 22:23 - 00000000 ____D C:\Program Files (x86)\QuickTime 2017-07-05 01:23 - 2014-02-26 16:42 - 00000000 ____D C:\ProgramData\Apple Computer 2017-07-04 16:38 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\rescache 2017-07-04 14:40 - 2014-03-14 19:28 - 00000000 ____D C:\Users\Vip\Documents\My Games 2017-07-04 00:40 - 2014-01-04 21:41 - 00000000 ____D C:\Users\Vip\Documents\Adobe 2017-07-03 20:26 - 2015-07-31 01:26 - 00000000 ____D C:\Users\Vip\AppData\Local\Packages 2017-07-03 20:23 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-07-03 20:23 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\Macromed 2017-07-03 20:23 - 2013-08-12 16:35 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-07-03 11:08 - 2016-07-16 07:45 - 00000000 ____D C:\Windows\INF 2017-07-03 11:04 - 2014-10-09 20:56 - 00000000 ____D C:\Windows\pss 2017-06-28 22:23 - 2014-10-20 15:06 - 01321850 _____ C:\Windows\ntbtlog.txt 2017-06-28 17:51 - 2016-06-14 17:47 - 00199392 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys 2017-06-28 17:49 - 2016-07-16 07:47 - 00000000 ___HD C:\Windows\ELAMBKUP 2017-06-28 17:49 - 2015-10-30 02:28 - 00000000 ____D C:\Users\Default.migrated 2017-06-28 15:29 - 2015-01-14 00:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-06-28 03:08 - 2014-10-20 21:47 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-06-28 03:00 - 2016-09-23 04:54 - 00194192 _____ C:\Windows\system32\FNTCACHE.DAT 2017-06-28 03:00 - 2015-07-31 01:26 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-06-28 03:00 - 2013-12-12 16:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2017-06-28 03:00 - 2013-12-12 16:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2017-06-28 02:59 - 2016-07-16 07:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel 2017-06-28 02:59 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\appraiser 2017-06-28 02:59 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\ShellExperiences 2017-06-28 02:57 - 2013-08-14 00:42 - 00000000 ____D C:\Windows\system32\MRT 2017-06-28 02:55 - 2013-12-12 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2017-06-28 02:55 - 2013-08-13 14:48 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-06-28 02:54 - 2016-07-16 07:36 - 00000000 ____D C:\Windows\CbsTemp 2017-06-28 02:14 - 2016-07-16 07:47 - 00000000 ___RD C:\Program Files\Windows Defender 2017-06-28 02:14 - 2016-06-17 07:01 - 00000000 ____D C:\Users\Vip\AppData\Local\NVIDIA 2017-06-28 02:13 - 2016-09-23 05:00 - 00000000 ____D C:\Users\DefaultAppPool 2017-06-28 02:13 - 2016-09-23 04:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-06-28 02:13 - 2016-09-23 04:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-06-28 02:13 - 2016-07-16 07:49 - 00000000 ____D C:\Windows\Setup 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\SysWOW64\F12 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\SysWOW64\DiagSvcs 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\system32\F12 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\system32\dsc 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\system32\DiagSvcs 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___RD C:\Windows\PrintDialog 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\SysWOW64\setup 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\SysWOW64\oobe 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\SysWOW64\inetsrv 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\WinBioPlugIns 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\SystemResetPlatform 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\setup 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\oobe 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\migwiz 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\lv-LV 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\lt-LT 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\inetsrv 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\et-EE 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\es-MX 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\en-GB 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\IME 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2017-06-28 02:13 - 2016-07-16 02:04 - 00000000 ____D C:\Windows\SysWOW64\Dism 2017-06-28 02:13 - 2016-07-16 02:04 - 00000000 ____D C:\Windows\system32\Sysprep 2017-06-28 02:13 - 2016-07-16 02:04 - 00000000 ____D C:\Windows\system32\Dism 2017-06-28 02:13 - 2016-07-16 02:04 - 00000000 ____D C:\Windows\servicing 2017-06-28 02:13 - 2016-06-17 07:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-06-28 02:13 - 2014-10-23 16:36 - 00000000 ____D C:\Windows\erdnt 2017-06-28 02:13 - 2014-04-25 22:47 - 00000000 ____D C:\Windows\en 2017-06-28 02:13 - 2013-10-23 20:54 - 00000000 ____D C:\Netgear 2017-06-28 02:12 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\SysWOW64\Configuration 2017-06-28 02:12 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\Vss 2017-06-28 02:12 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\registration 2017-06-28 02:11 - 2016-07-16 07:47 - 00000000 __RSD C:\Windows\Media 2017-06-28 02:11 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\system32\Configuration 2017-06-28 02:11 - 2016-07-16 07:47 - 00000000 ___RD C:\Windows\MiracastView 2017-06-28 02:11 - 2014-05-29 22:08 - 00000000 ___RD C:\Users\Vip\Dropbox 2017-06-28 02:10 - 2016-09-23 04:56 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-06-28 00:53 - 2015-02-03 02:18 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2017-06-27 15:53 - 2013-12-12 01:38 - 00000000 ____D C:\Users\Vip\AppData\Local\ElevatedDiagnostics 2017-06-13 01:24 - 2015-04-27 02:38 - 00000000 ___RD C:\Users\Vip\Creative Cloud Files 2017-06-12 00:54 - 2013-08-12 17:07 - 00000000 ____D C:\Users\Vip\AppData\Roaming\Adobe 2017-06-12 00:54 - 2013-08-12 17:06 - 00000000 ____D C:\Program Files (x86)\Adobe 2017-06-10 00:10 - 2016-06-17 07:02 - 00000000 ____D C:\Users\Vip\AppData\Local\NVIDIA Corporation 2017-06-08 13:06 - 2015-04-27 02:47 - 00001016 _____ C:\Users\Vip\Desktop\Adobe Lightroom.lnk ==================== Files in the root of some directories ======= 2014-02-09 02:54 - 2014-02-09 03:10 - 0000402 _____ () C:\Users\Vip\AppData\Roaming\burnaware.ini 2014-10-18 13:36 - 2016-06-26 15:46 - 0007612 _____ () C:\Users\Vip\AppData\Local\Resmon.ResmonCfg 2013-12-12 00:23 - 2013-12-12 01:09 - 0000041 _____ () C:\ProgramData\.zreglib 2015-12-06 04:53 - 2015-12-06 04:53 - 0000000 _____ () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-07-03 19:41 ==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2017 Ran by Vip (administrator) on DAVID-PC (07-07-2017 00:10:11) Running from C:\Users\Vip\Desktop Loaded Profiles: Vip (Available Profiles: Vip & DefaultAppPool) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe (Microsoft Corporation) C:\Windows\System32\vds.exe () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.) HKLM\...\Run: [MBCfg64] => C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2112512 2015-06-12] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-4231015545-1375100596-497096790-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation) HKU\S-1-5-21-4231015545-1375100596-497096790-1000\...\Policies\Explorer: [NoDrives] 2 SSODL: EldosMountNotificator-cbfs6 - {27426A2E-D142-4A6A-BEDC-22752B5CE09F} - C:\Windows\system32\cbfsMntNtf6.dll (/n software, Inc.) SSODL-x32: EldosMountNotificator-cbfs6 - {27426A2E-D142-4A6A-BEDC-22752B5CE09F} - C:\Windows\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-06-10] ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk [2016-09-29] ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder5Pro\Utility\SpyderUtility.exe ((c)2016 Datacolor) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.7.1 Tcpip\..\Interfaces\{4cec1457-114d-4ad3-bd9c-9ccc461333cf}: [DhcpNameServer] 192.168.7.1 Tcpip\..\Interfaces\{8007e99f-04a7-4aa2-8bc5-7af1bbc26d21}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{e694b644-4e1b-43b1-999b-f798d5dfa8b9}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-4231015545-1375100596-497096790-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-4231015545-1375100596-497096790-1000\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKLM-x32 -> DefaultScope {BF99B756-B4D2-4572-AAF9-2DB81B92E687} URL = BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab) BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab) Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-03-30] (AO Kaspersky Lab) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-4231015545-1375100596-497096790-1000 -> hxxp://bluesnews.com/ FireFox: ======== FF Extension: (AT&T Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2017-03-09] [not signed] FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-03-30] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\npMotive.dll [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) Chrome: ======= CHR DefaultProfile: Default CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated) R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-06-10] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-06-10] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed] R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [18368 2017-01-24] (Cybereason) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.) R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-12-06] (CHENGDU YIWO Tech Development Co., Ltd) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-06-29] (SurfRight B.V.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation) R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [451072 2015-10-06] (Rivet Networks) [File not signed] S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab) R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.) R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672208 2017-04-05] (Wacom Technology, Corp.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [141896 2015-09-30] (Rivet Networks, LLC.) R1 cbfs6; C:\Windows\system32\drivers\cbfs6.sys [460992 2016-09-21] (/n software, Inc.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-05-25] () R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [52392 2016-11-28] () R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [158272 2015-09-03] (Qualcomm Atheros, Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab) R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [197336 2017-06-28] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\drivers\klhk.sys [520176 2017-06-28] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1018592 2017-06-28] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57424 2017-03-30] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab) R3 kltap; C:\Windows\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-06-28] (AO Kaspersky Lab) R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [87584 2017-07-03] (AO Kaspersky Lab) S3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [251664 2017-06-28] (AO Kaspersky Lab) R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [112912 2017-06-28] (AO Kaspersky Lab) R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [173144 2017-06-28] (AO Kaspersky Lab) S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [136416 2017-03-30] (AO Kaspersky Lab) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199392 2017-06-28] (AO Kaspersky Lab) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R1 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-06-28] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-07-07] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-07-07] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-07-07] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-07-07] (Malwarebytes) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7209bde3180ef5f7\nvlddmkm.sys [14458264 2017-05-19] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation) S3 Spyder5; C:\Windows\System32\drivers\dccmtr.sys [15360 2015-04-13] (Datacolor) R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2016-09-21] (/n software, Inc.) R3 WacHidRouterPro; C:\Windows\System32\drivers\wachidrouter.sys [120976 2017-03-27] (Wacom Technology) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-07 00:10 - 2017-07-07 00:10 - 00022391 _____ C:\Users\Vip\Desktop\FRST.txt 2017-07-07 00:09 - 2017-07-07 00:10 - 02436608 _____ (Farbar) C:\Users\Vip\Desktop\FRST64.exe 2017-07-07 00:06 - 2017-07-07 00:06 - 00511653 _____ C:\Users\Akhsw\zqFlcl.xlsx 2017-07-07 00:06 - 2017-07-07 00:06 - 00500064 _____ C:\Users\WljNV\KUPRf.xlsx 2017-07-07 00:06 - 2017-07-07 00:06 - 00231035 _____ C:\Users\Akhsw\can-established-illustrated.mdb 2017-07-07 00:06 - 2017-07-07 00:06 - 00226823 _____ C:\Users\WljNV\elder disposal los snapped.mdb 2017-07-07 00:06 - 2017-07-07 00:06 - 00067358 _____ C:\Users\Akhsw\dogs most.xls 2017-07-07 00:06 - 2017-07-07 00:06 - 00066085 _____ C:\Users\WljNV\cake-continental.xls 2017-07-07 00:06 - 2017-07-07 00:06 - 00050832 _____ C:\Users\Akhsw\dogs_abnormal_exception_eighteenth.pem 2017-07-07 00:06 - 2017-07-07 00:06 - 00050783 _____ C:\Users\WljNV\normally.doctors.parcel.everyone.pem 2017-07-07 00:06 - 2017-07-07 00:06 - 00019718 _____ C:\Users\WljNV\gxj1hgiAsK.sql 2017-07-07 00:06 - 2017-07-07 00:06 - 00015615 _____ C:\Users\Akhsw\enjoy-background-needed.sql 2017-07-07 00:06 - 2017-07-07 00:06 - 00012890 _____ C:\Users\Akhsw\BY2rvs.txt 2017-07-07 00:06 - 2017-07-07 00:06 - 00012813 _____ C:\Users\WljNV\export-pipe-shortly.txt 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 __SHD C:\Users\Vip\Desktop\ This folder protects against ransomware. Modifying it will reduce protection 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 ___HD C:\Users\WljNV 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 ___HD C:\Users\Akhsw 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 ____D C:\Xuse145 2017-07-07 00:06 - 2017-07-07 00:06 - 00000000 ____D C:\Acstores174 2017-07-06 23:33 - 2017-07-07 00:10 - 00000000 ____D C:\FRST 2017-07-06 23:33 - 2017-07-06 23:34 - 00079144 _____ C:\Users\Vip\Desktop\Addition.txt 2017-07-06 19:45 - 2017-07-06 19:45 - 00001410 _____ C:\Users\Vip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk 2017-07-06 19:45 - 2017-07-06 19:45 - 00000000 ____D C:\Users\Vip\AppData\Local\UNP 2017-07-06 18:00 - 2017-07-06 18:01 - 00000000 ____D C:\Program Files\UNP 2017-07-06 18:00 - 2017-07-06 18:00 - 00000000 ____D C:\Windows\system32\UNP 2017-07-05 02:13 - 2017-07-05 02:13 - 00000000 ____D C:\Users\Vip\AppData\Local\Steam 2017-07-05 02:12 - 2017-07-07 00:06 - 00000000 ____D C:\Program Files (x86)\Steam 2017-07-05 02:12 - 2017-07-05 02:12 - 00001032 _____ C:\Users\Public\Desktop\Steam.lnk 2017-07-05 02:12 - 2017-07-05 02:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2017-07-05 02:11 - 2017-07-05 02:12 - 01446792 _____ C:\Users\Vip\Desktop\SteamSetup.exe 2017-07-05 01:35 - 2017-07-05 01:35 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2017-07-05 01:35 - 2017-07-05 01:35 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2017-07-05 01:35 - 2017-07-05 01:35 - 00000000 ____D C:\Users\Vip\AppData\Local\Zemana 2017-07-04 15:31 - 2014-10-23 17:41 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20170704-153142.backup 2017-07-04 15:10 - 2017-07-04 15:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2017-07-04 15:10 - 2017-07-04 15:10 - 00001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2017-07-04 15:10 - 2017-07-04 15:10 - 00001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2017-07-04 15:10 - 2017-07-04 15:10 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2017-07-04 15:10 - 2017-07-04 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2017-07-04 15:10 - 2017-07-04 15:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2017-07-04 15:10 - 2017-05-23 09:22 - 00032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe 2017-07-04 15:09 - 2017-07-04 15:09 - 51725936 _____ (Safer-Networking Ltd. ) C:\Users\Vip\Desktop\spybotsd-2.6.46.exe 2017-07-04 00:47 - 2017-07-04 00:48 - 121802512 _____ (Microsoft Corporation) C:\Users\Vip\Desktop\mpam-fe.exe 2017-07-04 00:16 - 2017-07-06 19:25 - 00000000 ____D C:\AdwCleaner 2017-07-04 00:15 - 2017-07-04 00:16 - 04110280 _____ C:\Users\Vip\Desktop\adwcleaner_6.047.exe 2017-07-03 23:41 - 2017-07-04 03:01 - 00000000 ____D C:\Program Files\FreeFixer 2017-07-03 23:41 - 2017-07-03 23:56 - 00000000 ____D C:\Users\Vip\AppData\Roaming\FreeFixer 2017-07-03 23:41 - 2017-07-03 23:56 - 00000000 ____D C:\Users\Vip\AppData\Local\FreeFixer 2017-07-03 18:19 - 2017-07-03 18:19 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2017-07-03 18:19 - 2017-07-03 18:19 - 00000000 ____D C:\ProgramData\Sophos 2017-07-03 18:19 - 2017-07-03 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2017-07-03 18:19 - 2017-07-03 18:19 - 00000000 ____D C:\Program Files (x86)\Sophos 2017-07-03 18:17 - 2017-07-06 19:27 - 00000553 _____ C:\Users\Vip\Desktop\JRT.txt 2017-07-03 18:03 - 2017-07-03 18:03 - 00087584 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_kimul.sys 2017-06-29 01:19 - 2017-07-03 18:18 - 169810248 _____ (Sophos Limited) C:\Users\Vip\Desktop\Sophos Virus Removal Tool.exe 2017-06-29 01:18 - 2017-06-29 01:27 - 01663672 _____ (Malwarebytes) C:\Users\Vip\Desktop\JRT.exe 2017-06-29 00:14 - 2017-07-03 18:47 - 00000420 _____ C:\Users\Vip\Desktop\This PC - Shortcut.lnk 2017-06-29 00:04 - 2017-07-03 23:02 - 00000000 ____D C:\Program Files\HitmanPro 2017-06-29 00:04 - 2017-06-29 00:09 - 00000000 ____D C:\ProgramData\HitmanPro 2017-06-29 00:04 - 2017-06-29 00:04 - 00001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2017-06-29 00:04 - 2017-06-29 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2017-06-29 00:03 - 2017-06-29 00:03 - 11584088 _____ (SurfRight B.V.) C:\Users\Vip\Desktop\hitmanpro_x64.exe 2017-06-28 22:08 - 2017-06-28 22:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2017-06-28 21:48 - 2017-06-28 21:48 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2017-06-28 17:51 - 2017-06-28 17:51 - 00251664 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys 2017-06-28 17:51 - 2017-06-28 17:51 - 00229288 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys 2017-06-28 17:51 - 2017-06-28 17:51 - 00173144 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys 2017-06-28 17:51 - 2017-06-28 17:51 - 00112912 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys 2017-06-28 17:49 - 2017-07-07 00:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2017-06-28 17:49 - 2017-07-06 18:10 - 00003240 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2017-06-28 17:49 - 2017-06-28 17:51 - 01018592 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2017-06-28 17:49 - 2017-06-28 17:51 - 00197336 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2017-06-28 17:49 - 2017-06-28 17:50 - 00520176 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2017-06-28 17:49 - 2017-06-28 17:50 - 00000000 ____D C:\Program Files\Common Files\AV 2017-06-28 17:49 - 2017-06-28 17:49 - 00002156 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk 2017-06-28 17:49 - 2017-06-28 17:49 - 00001447 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk 2017-06-28 17:49 - 2017-06-28 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection 2017-06-28 17:49 - 2017-06-28 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2017-06-28 17:49 - 2017-06-28 17:49 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2017-06-28 17:49 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2017-06-28 03:09 - 2017-06-28 03:09 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-06-28 03:08 - 2017-07-07 00:06 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-06-28 03:08 - 2017-07-07 00:06 - 00093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-06-28 03:08 - 2017-07-07 00:06 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-06-28 03:08 - 2017-06-28 03:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-06-28 03:08 - 2017-06-28 03:08 - 00000000 ____D C:\Program Files\Malwarebytes 2017-06-28 03:08 - 2017-05-25 11:58 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-06-28 03:07 - 2017-06-28 03:08 - 64232976 _____ (Malwarebytes ) C:\Users\Vip\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe 2017-06-28 02:59 - 2017-06-28 02:59 - 00000000 ___SD C:\Windows\UpdateAssistantV2 2017-06-28 02:51 - 2017-06-03 06:50 - 00315744 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2017-06-28 02:51 - 2017-06-03 06:50 - 00192856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll 2017-06-28 02:51 - 2017-06-03 06:16 - 00279904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2017-06-28 02:51 - 2017-06-03 06:14 - 01564512 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 01214816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00629088 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00544096 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00334176 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00233824 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00136024 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll 2017-06-28 02:51 - 2017-06-03 06:14 - 00096608 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2017-06-28 02:51 - 2017-06-03 06:14 - 00034648 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe 2017-06-28 02:51 - 2017-06-03 06:11 - 01706488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2017-06-28 02:51 - 2017-06-03 06:11 - 00128864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys 2017-06-28 02:51 - 2017-06-03 06:09 - 02213760 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2017-06-28 02:51 - 2017-06-03 06:08 - 07783256 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-06-28 02:51 - 2017-06-03 06:06 - 02048496 _____ C:\Windows\SysWOW64\CoreUIComponents.dll 2017-06-28 02:51 - 2017-06-03 06:01 - 02681200 _____ C:\Windows\system32\CoreUIComponents.dll 2017-06-28 02:51 - 2017-06-03 05:59 - 01181024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2017-06-28 02:51 - 2017-06-03 05:59 - 00764392 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll 2017-06-28 02:51 - 2017-06-03 05:59 - 00118112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2017-06-28 02:51 - 2017-06-03 05:58 - 00340832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-06-28 02:51 - 2017-06-03 05:55 - 00780640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe 2017-06-28 02:51 - 2017-06-03 05:54 - 00187232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2017-06-28 02:51 - 2017-06-03 05:53 - 00404824 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-06-28 02:51 - 2017-06-03 05:52 - 01021784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll 2017-06-28 02:51 - 2017-06-03 05:52 - 00607072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll 2017-06-28 02:51 - 2017-06-03 05:52 - 00111968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll 2017-06-28 02:51 - 2017-06-03 05:51 - 02187104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2017-06-28 02:51 - 2017-06-03 05:51 - 00402272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2017-06-28 02:51 - 2017-06-03 05:50 - 00857440 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe 2017-06-28 02:51 - 2017-06-03 05:50 - 00381792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS 2017-06-28 02:51 - 2017-06-03 05:49 - 20967840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2017-06-28 02:51 - 2017-06-03 05:49 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2017-06-28 02:51 - 2017-06-03 05:49 - 00509280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2017-06-28 02:51 - 2017-06-03 05:48 - 01112416 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll 2017-06-28 02:51 - 2017-06-03 05:48 - 01100128 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe 2017-06-28 02:51 - 2017-06-03 05:48 - 00989024 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe 2017-06-28 02:51 - 2017-06-03 05:48 - 00857952 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll 2017-06-28 02:51 - 2017-06-03 05:48 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll 2017-06-28 02:51 - 2017-06-03 05:45 - 22220864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2017-06-28 02:51 - 2017-06-03 05:44 - 01600624 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2017-06-28 02:51 - 2017-06-03 05:44 - 01412640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll 2017-06-28 02:51 - 2017-06-03 05:44 - 00545944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe 2017-06-28 02:51 - 2017-06-03 05:40 - 01566552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll 2017-06-28 02:51 - 2017-06-03 05:40 - 00628552 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe 2017-06-28 02:51 - 2017-06-03 05:39 - 05686272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2017-06-28 02:51 - 2017-06-03 05:39 - 02532192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2017-06-28 02:51 - 2017-06-03 05:39 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe 2017-06-28 02:51 - 2017-06-03 05:33 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll 2017-06-28 02:51 - 2017-06-03 05:32 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2017-06-28 02:51 - 2017-06-03 05:31 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll 2017-06-28 02:51 - 2017-06-03 05:31 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2017-06-28 02:51 - 2017-06-03 05:28 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll 2017-06-28 02:51 - 2017-06-03 05:28 - 00232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edputil.dll 2017-06-28 02:51 - 2017-06-03 05:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2017-06-28 02:51 - 2017-06-03 05:26 - 00100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBrokerUI.dll 2017-06-28 02:51 - 2017-06-03 05:23 - 00306688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll 2017-06-28 02:51 - 2017-06-03 05:22 - 07217152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2017-06-28 02:51 - 2017-06-03 05:22 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll 2017-06-28 02:51 - 2017-06-03 05:22 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2017-06-28 02:51 - 2017-06-03 05:22 - 00181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll 2017-06-28 02:51 - 2017-06-03 05:20 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-06-28 02:51 - 2017-06-03 05:19 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2017-06-28 02:51 - 2017-06-03 05:18 - 22569984 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2017-06-28 02:51 - 2017-06-03 05:16 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll 2017-06-28 02:51 - 2017-06-03 05:16 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll 2017-06-28 02:51 - 2017-06-03 05:16 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 19414016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 18364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll 2017-06-28 02:51 - 2017-06-03 05:15 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys 2017-06-28 02:51 - 2017-06-03 05:14 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe 2017-06-28 02:51 - 2017-06-03 05:14 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2017-06-28 02:51 - 2017-06-03 05:14 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe 2017-06-28 02:51 - 2017-06-03 05:14 - 00045056 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2017-06-28 02:51 - 2017-06-03 05:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdProxy.dll 2017-06-28 02:51 - 2017-06-03 05:11 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll 2017-06-28 02:51 - 2017-06-03 05:10 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll 2017-06-28 02:51 - 2017-06-03 05:10 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\edputil.dll 2017-06-28 02:51 - 2017-06-03 05:10 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\AuthBrokerUI.dll 2017-06-28 02:51 - 2017-06-03 05:09 - 00489472 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll 2017-06-28 02:51 - 2017-06-03 05:09 - 00441344 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll 2017-06-28 02:51 - 2017-06-03 05:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\NetworkBindingEngineMigPlugin.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 12187648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 02643968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 01221120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll 2017-06-28 02:51 - 2017-06-03 05:08 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2017-06-28 02:51 - 2017-06-03 05:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll 2017-06-28 02:51 - 2017-06-03 05:07 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2017-06-28 02:51 - 2017-06-03 05:07 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\HNetCfgClient.dll 2017-06-28 02:51 - 2017-06-03 05:06 - 03664384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-06-28 02:51 - 2017-06-03 05:06 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2017-06-28 02:51 - 2017-06-03 05:05 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll 2017-06-28 02:51 - 2017-06-03 05:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hnetcfg.dll 2017-06-28 02:51 - 2017-06-03 05:04 - 06042624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2017-06-28 02:51 - 2017-06-03 05:04 - 02006528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2017-06-28 02:51 - 2017-06-03 05:04 - 00773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2017-06-28 02:51 - 2017-06-03 05:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2017-06-28 02:51 - 2017-06-03 05:03 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-06-28 02:51 - 2017-06-03 05:02 - 02997760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys 2017-06-28 02:51 - 2017-06-03 05:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll 2017-06-28 02:51 - 2017-06-03 05:00 - 23677440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-06-28 02:51 - 2017-06-03 04:58 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll 2017-06-28 02:51 - 2017-06-03 04:56 - 13091840 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-06-28 02:51 - 2017-06-03 04:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll 2017-06-28 02:51 - 2017-06-03 04:53 - 08125440 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2017-06-28 02:51 - 2017-06-03 04:52 - 03403264 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2017-06-28 02:51 - 2017-06-03 04:52 - 02510848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll 2017-06-28 02:51 - 2017-06-03 04:52 - 00975872 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe 2017-06-28 02:51 - 2017-06-03 04:52 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2017-06-28 02:51 - 2017-06-03 04:51 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2017-06-28 02:51 - 2017-06-03 04:51 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll 2017-06-28 02:51 - 2017-06-03 04:50 - 04744704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-06-28 02:51 - 2017-06-03 04:50 - 02538496 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 03615744 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2017-06-28 02:51 - 2017-06-03 04:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 02475520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 02318848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2017-06-28 02:51 - 2017-06-03 04:49 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys 2017-06-28 02:51 - 2017-06-03 04:49 - 00903680 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2017-06-28 02:51 - 2017-06-03 04:49 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\hnetcfg.dll 2017-06-28 02:51 - 2017-06-03 04:48 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-06-28 02:51 - 2017-06-03 04:48 - 01131008 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2017-06-28 02:51 - 2017-06-03 04:48 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2017-06-28 02:51 - 2017-06-03 04:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll 2017-06-28 02:51 - 2017-06-03 04:46 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll 2017-06-28 02:51 - 2017-06-03 04:40 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll 2017-06-28 02:51 - 2017-06-03 02:08 - 00080078 _____ C:\Windows\system32\normidna.nls 2017-06-28 02:51 - 2017-05-25 01:56 - 00038752 _____ (Microsoft Corporation) C:\Windows\system32\OOBEUpdater.exe 2017-06-28 02:51 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll 2017-06-28 02:51 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2017-06-28 02:51 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2017-06-28 02:51 - 2017-03-04 02:16 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll 2017-06-28 02:51 - 2016-09-07 00:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll 2017-06-28 01:46 - 2017-06-28 01:46 - 00221662 _____ C:\Users\Vip\Desktop\MicrosoftProgram_Install_and_Uninstall.meta.diagcab 2017-06-27 23:03 - 2017-06-28 02:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2017-06-27 23:03 - 2017-06-27 23:03 - 00000000 ____D C:\Users\Vip\AppData\Local\VS Revo Group 2017-06-27 23:03 - 2017-06-27 23:03 - 00000000 ____D C:\Program Files\VS Revo Group 2017-06-27 22:59 - 2017-06-27 23:51 - 00000000 ____D C:\Users\Vip\AppData\Local\FSDART 2017-06-27 22:58 - 2017-06-27 22:59 - 00000000 ____D C:\ProgramData\F-Secure 2017-06-27 22:53 - 2017-07-06 18:00 - 00000000 ____D C:\Windows\AppReadiness 2017-06-25 22:39 - 2017-04-26 23:06 - 00000212 _____ C:\Users\Vip\Desktop\Quake Champions - Copy.url 2017-06-14 01:41 - 2017-06-14 01:41 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignf57f9f0cc86e6ddc 2017-06-14 01:40 - 2017-06-14 01:40 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignb3ba178d79cc01a7 2017-06-14 01:40 - 2017-06-14 01:40 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsigna41dd740b34459f5 2017-06-13 01:38 - 2017-06-13 01:38 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignd65ff44b5298eeea 2017-06-13 01:38 - 2017-06-13 01:38 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignd3f5e24ce0496af3 2017-06-13 01:38 - 2017-06-13 01:38 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsigna4424e0c7eede1fc 2017-06-13 01:34 - 2017-06-13 01:34 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignf22dd545ab646d49 2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignf6a88d3f54ff399d 2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign9feb417eec8f690e 2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign7714ab2c9d7bcf20 2017-06-13 01:33 - 2017-06-13 01:33 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign70645c119295cd18 2017-06-13 01:25 - 2017-06-13 01:25 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignbe3464da20722781 2017-06-13 01:24 - 2017-06-13 01:24 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign31970de1abe526bd 2017-06-13 01:24 - 2017-06-13 01:24 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign2a9916bd7dde60e0 2017-06-12 16:47 - 2017-06-12 16:47 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignd0c5e5f8ac9abec6 2017-06-12 16:47 - 2017-06-12 16:47 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign8648e4ec335b2301 2017-06-12 16:45 - 2017-06-12 16:45 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsigna4b0e26bf721c2fc 2017-06-12 16:45 - 2017-06-12 16:45 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign4bec702507c20320 2017-06-12 00:56 - 2017-06-12 00:56 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign281b8bbd60b42903 2017-06-12 00:54 - 2017-06-12 00:54 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2017-06-12 00:54 - 2017-06-12 00:54 - 00001214 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2017-06-12 00:54 - 2017-06-12 00:54 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsignffd8c8d0349ad9c4 2017-06-12 00:54 - 2017-06-12 00:54 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign595e2eb32506f4be 2017-06-12 00:54 - 2017-06-12 00:54 - 00000000 ____D C:\Users\Vip\AppData\Local\Tempzxpsign101e901e80c322d5 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-07 00:06 - 2016-09-23 05:24 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-07-07 00:06 - 2016-09-23 04:56 - 00000000 ____D C:\ProgramData\NVIDIA 2017-07-07 00:06 - 2015-01-14 00:47 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-07-07 00:05 - 2016-09-23 05:00 - 00000000 ____D C:\Users\Vip 2017-07-07 00:05 - 2016-07-16 02:04 - 01048576 _____ C:\Windows\system32\config\BBI 2017-07-06 23:20 - 2016-06-17 07:14 - 00000000 ____D C:\Users\Vip\AppData\Local\CrashDumps 2017-07-06 22:16 - 2016-09-23 04:54 - 00000000 ____D C:\Windows\system32\SleepStudy 2017-07-06 18:00 - 2016-09-23 04:59 - 03234816 _____ C:\Windows\system32\PerfStringBackup.INI 2017-07-06 18:00 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-07-06 17:59 - 2014-08-16 00:11 - 00000000 ____D C:\Users\Vip\AppData\Local\Adobe 2017-07-06 17:55 - 2016-07-16 02:04 - 00032768 _____ C:\Windows\system32\config\ELAM 2017-07-05 04:07 - 2017-04-26 23:03 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher 2017-07-05 01:23 - 2015-07-03 22:23 - 00000000 ____D C:\Program Files (x86)\QuickTime 2017-07-05 01:23 - 2014-02-26 16:42 - 00000000 ____D C:\ProgramData\Apple Computer 2017-07-04 16:38 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\rescache 2017-07-04 14:40 - 2014-03-14 19:28 - 00000000 ____D C:\Users\Vip\Documents\My Games 2017-07-04 00:40 - 2014-01-04 21:41 - 00000000 ____D C:\Users\Vip\Documents\Adobe 2017-07-03 20:26 - 2015-07-31 01:26 - 00000000 ____D C:\Users\Vip\AppData\Local\Packages 2017-07-03 20:23 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-07-03 20:23 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\Macromed 2017-07-03 20:23 - 2013-08-12 16:35 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-07-03 11:08 - 2016-07-16 07:45 - 00000000 ____D C:\Windows\INF 2017-07-03 11:04 - 2014-10-09 20:56 - 00000000 ____D C:\Windows\pss 2017-06-28 22:23 - 2014-10-20 15:06 - 01321850 _____ C:\Windows\ntbtlog.txt 2017-06-28 17:51 - 2016-06-14 17:47 - 00199392 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys 2017-06-28 17:49 - 2016-07-16 07:47 - 00000000 ___HD C:\Windows\ELAMBKUP 2017-06-28 17:49 - 2015-10-30 02:28 - 00000000 ____D C:\Users\Default.migrated 2017-06-28 15:29 - 2015-01-14 00:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-06-28 03:08 - 2014-10-20 21:47 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-06-28 03:00 - 2016-09-23 04:54 - 00194192 _____ C:\Windows\system32\FNTCACHE.DAT 2017-06-28 03:00 - 2015-07-31 01:26 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-06-28 03:00 - 2013-12-12 16:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2017-06-28 03:00 - 2013-12-12 16:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2017-06-28 02:59 - 2016-07-16 07:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel 2017-06-28 02:59 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\appraiser 2017-06-28 02:59 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\ShellExperiences 2017-06-28 02:57 - 2013-08-14 00:42 - 00000000 ____D C:\Windows\system32\MRT 2017-06-28 02:55 - 2013-12-12 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2017-06-28 02:55 - 2013-08-13 14:48 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-06-28 02:54 - 2016-07-16 07:36 - 00000000 ____D C:\Windows\CbsTemp 2017-06-28 02:14 - 2016-07-16 07:47 - 00000000 ___RD C:\Program Files\Windows Defender 2017-06-28 02:14 - 2016-06-17 07:01 - 00000000 ____D C:\Users\Vip\AppData\Local\NVIDIA 2017-06-28 02:13 - 2016-09-23 05:00 - 00000000 ____D C:\Users\DefaultAppPool 2017-06-28 02:13 - 2016-09-23 04:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-06-28 02:13 - 2016-09-23 04:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-06-28 02:13 - 2016-07-16 07:49 - 00000000 ____D C:\Windows\Setup 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\SysWOW64\F12 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\SysWOW64\DiagSvcs 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\system32\F12 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\system32\dsc 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\system32\DiagSvcs 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ___RD C:\Windows\PrintDialog 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\SysWOW64\setup 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\SysWOW64\oobe 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\SysWOW64\inetsrv 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\WinBioPlugIns 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\SystemResetPlatform 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\setup 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\oobe 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\migwiz 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\lv-LV 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\lt-LT 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\inetsrv 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\et-EE 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\es-MX 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\system32\en-GB 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\IME 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-06-28 02:13 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2017-06-28 02:13 - 2016-07-16 02:04 - 00000000 ____D C:\Windows\SysWOW64\Dism 2017-06-28 02:13 - 2016-07-16 02:04 - 00000000 ____D C:\Windows\system32\Sysprep 2017-06-28 02:13 - 2016-07-16 02:04 - 00000000 ____D C:\Windows\system32\Dism 2017-06-28 02:13 - 2016-07-16 02:04 - 00000000 ____D C:\Windows\servicing 2017-06-28 02:13 - 2016-06-17 07:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-06-28 02:13 - 2014-10-23 16:36 - 00000000 ____D C:\Windows\erdnt 2017-06-28 02:13 - 2014-04-25 22:47 - 00000000 ____D C:\Windows\en 2017-06-28 02:13 - 2013-10-23 20:54 - 00000000 ____D C:\Netgear 2017-06-28 02:12 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\SysWOW64\Configuration 2017-06-28 02:12 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\Vss 2017-06-28 02:12 - 2016-07-16 07:47 - 00000000 ____D C:\Windows\registration 2017-06-28 02:11 - 2016-07-16 07:47 - 00000000 __RSD C:\Windows\Media 2017-06-28 02:11 - 2016-07-16 07:47 - 00000000 ___SD C:\Windows\system32\Configuration 2017-06-28 02:11 - 2016-07-16 07:47 - 00000000 ___RD C:\Windows\MiracastView 2017-06-28 02:11 - 2014-05-29 22:08 - 00000000 ___RD C:\Users\Vip\Dropbox 2017-06-28 02:10 - 2016-09-23 04:56 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-06-28 00:53 - 2015-02-03 02:18 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2017-06-27 15:53 - 2013-12-12 01:38 - 00000000 ____D C:\Users\Vip\AppData\Local\ElevatedDiagnostics 2017-06-13 01:24 - 2015-04-27 02:38 - 00000000 ___RD C:\Users\Vip\Creative Cloud Files 2017-06-12 00:54 - 2013-08-12 17:07 - 00000000 ____D C:\Users\Vip\AppData\Roaming\Adobe 2017-06-12 00:54 - 2013-08-12 17:06 - 00000000 ____D C:\Program Files (x86)\Adobe 2017-06-10 00:10 - 2016-06-17 07:02 - 00000000 ____D C:\Users\Vip\AppData\Local\NVIDIA Corporation 2017-06-08 13:06 - 2015-04-27 02:47 - 00001016 _____ C:\Users\Vip\Desktop\Adobe Lightroom.lnk ==================== Files in the root of some directories ======= 2014-02-09 02:54 - 2014-02-09 03:10 - 0000402 _____ () C:\Users\Vip\AppData\Roaming\burnaware.ini 2014-10-18 13:36 - 2016-06-26 15:46 - 0007612 _____ () C:\Users\Vip\AppData\Local\Resmon.ResmonCfg 2013-12-12 00:23 - 2013-12-12 01:09 - 0000041 _____ () C:\ProgramData\.zreglib 2015-12-06 04:53 - 2015-12-06 04:53 - 0000000 _____ () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-07-03 19:41 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
Aura Posted September 1, 2017 ID:1159478 Share Posted September 1, 2017 Hi Kerzon My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry! If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely goneThis being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread This being said, it's time to clean-up some malware, so let's get started, shall we? Do you still need assistance with your issue? Since this thread has been up and without any replies for a while, I'll be closing it in 72 hours if you don't reply before that. If you notice my message after this thread gets closed, feel free to send me a PM to get it opened again. Link to post Share on other sites More sharing options...
Aura Posted September 4, 2017 ID:1160300 Share Posted September 4, 2017 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts