Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Laptop running very slow

This is a discussion on Laptop running very slow within the Resolved HJT Threads forums, part of the Tech Support Forum category. Morning, as stated, my usually quick laptop is running very slow, also hangs when I run my CAD package. Any


 
 
Thread Tools Search this Thread
Old 01-22-2018, 05:26 PM   #1
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



Morning, as stated, my usually quick laptop is running very slow, also hangs when I run my CAD package. Any advice will be appreciated. Many thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.16299.15 BrowserJavaVersion: 11.161.2
Run by henry at 13:38:55 on 2018-01-22
Microsoft Windows 10 Pro 10.0.16299.0.1252.27.2057.18.16281.10960 [GMT 2:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k localservice -p -s bthserv
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s BthHFSrv
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k localservice -p -s nsi
C:\WINDOWS\system32\atiesrxx.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\system32\HP3DDGService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
C:\WINDOWS\system32\WLANExt.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\IntelCpHDCPSvc.exe
C:\WINDOWS\system32\EscSvc64.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
C:\WINDOWS\system32\DbxSvc.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\CxSvc\CxMonSvc.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\WINDOWS\system32\fpCSEvtSvc.exe
C:\WINDOWS\CxSvc\CxUtilSvc.exe
C:\WINDOWS\system32\ibtsiva.exe
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe
C:\Program Files (x86)\NordVPN\nordvpn-service.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
C:\WINDOWS\system32\valWBFPolicyService.exe
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s NgcCtnrSvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localservice -p -s fdPHost
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s NcdAutoSetup
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s FDResPub
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s HomeGroupProvider
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s seclogon
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s QWAVE
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s PhoneSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\taskhostw.exe
C:\Windows\System32\MicTray64.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
C:\Program Files\Conexant\SA3\HP-NB-AIO\SmartAudio3.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files (x86)\GO Contact Sync Mod\GOContactSync.exe
C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\ScanToPCActivationApp.exe
C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Users\henry\AppData\Local\Programs\deezer-desktop\Deezer.exe
C:\Users\henry\AppData\Local\Programs\deezer-desktop\Deezer.exe
C:\Users\henry\AppData\Local\Programs\deezer-desktop\Deezer.exe
C:\Users\henry\AppData\Local\Programs\deezer-desktop\Deezer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
uRun: [OneDrive] "C:\Users\henry\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [GoogleContactSync] "C:\Program Files (x86)\GO Contact Sync Mod\GOContactSync.exe"
uRun: [STUISpeedLauncher] "C:\Program Files\Samsung\Stylish UI Pack\TouchBasedUI.exe" -speedlauncher -minVer:6.6.58.0
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [HP Officejet Pro 276dw MFP (NET)] "C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\ScanToPCActivationApp.exe" -deviceID "CN31O13GD1:NW" -scfn "HP Officejet Pro 276dw MFP (NET)" -AutoStart 1
uRun: [NordVPN] C:\Program Files (x86)\NordVPN\NordVPN.exe
uRun: [com.deezer.deezer-desktop] C:\Users\henry\AppData\Local\Programs\deezer-desktop\Deezer.exe
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
mRun: [HPRadioMgr] C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [NordVPN] C:\Program Files (x86)\NordVPN\NordVPN.exe
dRunOnce: [Application Restart #0] C:\Program Files (x86)\NordVPN\NordVPN.exe
StartupFolder: C:\Users\henry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAILWA~1.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ADOBEA~1.LNK - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\CODEME~1.LNK - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MAILWA~1.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\NETWOR~1.LNK - C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableFullTrustStartupTasks = dword:2
mPolicies-System: EnableUwpStartupTasks = dword:2
mPolicies-System: SupportFullTrustStartupTasks = dword:1
mPolicies-System: SupportUwpStartupTasks = dword:1
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{47a04eb4-157c-444e-9234-c695e3d8c1d8} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableFullTrustStartupTasks = dword:2
x64-mPolicies-System: EnableUwpStartupTasks = dword:2
x64-mPolicies-System: SupportFullTrustStartupTasks = dword:1
x64-mPolicies-System: SupportUwpStartupTasks = dword:1
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);C:\WINDOWS\System32\drivers\cm_km.sys [2016-6-10 238936]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2017-2-1 1469960]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-9-29 130640]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-9-29 56728]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;C:\WINDOWS\System32\drivers\klbackupdisk.sys [2016-6-7 63920]
R0 klupd_klif_arkmon;klupd_klif_arkmon;C:\WINDOWS\System32\drivers\klupd_klif_arkmon.sys [2018-1-22 230312]
R0 klupd_klif_klbg;klupd_klif_klbg;C:\WINDOWS\System32\drivers\klupd_klif_klbg.sys [2017-12-12 107680]
R0 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2017-9-29 293272]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-9-29 15392]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-9-29 71248]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-9-29 18000]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-9-29 209304]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-9-29 240640]
R1 bam;Background Activity Moderator Driver;C:\WINDOWS\System32\drivers\bam.sys [2018-1-6 59800]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-9-29 55808]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-9-29 8192]
R1 klbackupflt;Kaspersky Lab klbackupflt;C:\WINDOWS\System32\drivers\klbackupflt.sys [2016-6-15 86352]
R1 klhk;Kaspersky Lab service driver;C:\WINDOWS\System32\drivers\klhk.sys [2017-4-29 592088]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\WINDOWS\System32\drivers\klim6.sys [2017-4-29 57424]
R1 klpd;Kaspersky Lab format recognizer driver;C:\WINDOWS\System32\drivers\klpd.sys [2016-5-31 45488]
R1 klwfp;klwfp;C:\WINDOWS\System32\drivers\klwfp.sys [2016-6-18 85320]
R1 Klwtp;KLwtp - WFP callout traffic inspector;C:\WINDOWS\System32\drivers\klwtp.sys [2017-4-29 136416]
R1 kneps;kneps;C:\WINDOWS\System32\drivers\kneps.sys [2016-6-14 199640]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2017-8-5 543112]
R2 AVP17.0.0;Kaspersky Anti-Virus Service 17.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [2016-6-28 241544]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R2 CDPUserSvc_323043b;Connected Devices Platform User Service_323043b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2018-1-6 385024]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2017-10-4 7780528]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2017-2-21 4817896]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p [2017-9-29 48688]
R2 cplspcon;Intel(R) Content Protection HDCP Service;C:\WINDOWS\System32\IntelCpHDCPSvc.exe [2017-9-7 596520]
R2 CxMonSvc;CxMonSvc;C:\Windows\CxSvc\CxMonSvc.exe [2017-9-18 34424]
R2 CxUtilSvc;CxUtilSvc;C:\Windows\CxSvc\CxUtilSvc.exe [2017-9-18 148600]
R2 DbxSvc;DbxSvc;C:\WINDOWS\System32\DbxSvc.exe [2018-1-8 51016]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc -p [2017-9-29 48688]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R2 EpsonScanSvc;Epson Scanner Service;C:\WINDOWS\System32\escsvc64.exe [2017-8-7 144560]
R2 fpCsEvtSvc;fpCsEvtSvc;C:\WINDOWS\System32\fpCSEvtSvc.exe [2017-8-9 22528]
R2 hp3ddgsrv;HP 3DDG Service;C:\WINDOWS\System32\HP3DDGService.exe [2017-10-3 130072]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-8-15 332144]
R2 HPTouchpointAnalyticsService;HP Touchpoint Analytics;C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [2017-11-26 332216]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2017-2-1 18504]
R2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2017-9-7 398376]
R2 Intel(R) TPM Provisioning Service;Intel(R) TPM Provisioning Service;C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [2017-9-21 668472]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2017-10-23 213648]
R2 kldisk;kldisk;C:\WINDOWS\System32\drivers\kldisk.sys [2016-5-31 78216]
R2 NEWDRIVER;NEWDRIVER;C:\Windows\SysWOW64\WinVDEdrv6.sys [2017-10-25 197648]
R2 nordvpn-service;nordvpn-service;C:\Program Files (x86)\NordVPN\nordvpn-service.exe [2017-11-29 413472]
R2 OneSyncSvc_323043b;Sync Host_323043b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2014-4-30 337776]
R2 SamsungUPDUtilSvc;Samsung UPD Utility Service;C:\Windows\SysWOW64\SecUPDUtilSvc.exe [2017-8-7 143664]
R2 SecurityHealthService;Windows Defender Security Centre Service;C:\WINDOWS\System32\SecurityHealthService.exe [2018-1-6 519152]
R2 SSPORT;SSPORT;C:\WINDOWS\System32\drivers\SSPORT.SYS [2017-8-7 11576]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-9-29 79872]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2017-8-19 255584]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 valWBFPolicyService;Synaptics FP WBF Policy Service;C:\WINDOWS\System32\valWBFPolicyService.exe [2017-8-9 82944]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2018-1-6 147864]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R2 WpnUserService_323043b;Windows Push Notifications User Service_323043b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2017-8-7 3756200]
R2 ZoomCptService;Zoom Sharing Service;C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe [2017-8-31 24752]
R3 BthA2DP;Bluetooth Stereo;C:\WINDOWS\System32\drivers\BthA2DP.sys [2017-9-29 191488]
R3 BthHFAud;Bluetooth Hands-Free;C:\WINDOWS\System32\drivers\BthHfAud.sys [2017-9-29 46592]
R3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-9-29 48688]
R3 bthl2cap;Microsoft Bluetooth Protocol Support Driver;C:\WINDOWS\System32\drivers\bthl2cap.sys [2017-9-29 83968]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2017-9-29 78848]
R3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-9-29 60312]
R3 hpqcaslwmiex;HP CASL Framework Service;C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [2016-6-3 1031704]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2017-4-13 244744]
R3 IntcAudioBus;Intel(R) Smart Sound Technology (Intel(R) SST) Bus;C:\WINDOWS\System32\drivers\IntcAudioBus.sys [2017-2-22 238176]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2017-9-7 825376]
R3 IntcOED;Intel(R) Smart Sound Technology (Intel(R) SST) OED;C:\WINDOWS\System32\drivers\IntcOED.sys [2017-2-22 750176]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-7 39920]
R3 klflt;Kaspersky Lab Kernel DLL;C:\WINDOWS\System32\drivers\klflt.sys [2017-8-4 197344]
R3 klids;klids;C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [2017-8-5 190832]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\WINDOWS\System32\drivers\klkbdflt.sys [2016-5-19 52136]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\WINDOWS\System32\drivers\klmouflt.sys [2015-6-7 41656]
R3 klupd_klif_kimul;klupd_klif_kimul;C:\WINDOWS\System32\drivers\klupd_klif_kimul.sys [2018-1-16 87584]
R3 klupd_klif_klark;klupd_klif_klark;C:\WINDOWS\System32\drivers\klupd_klif_klark.sys [2017-12-12 253192]
R3 klupd_klif_mark;klupd_klif_mark;C:\WINDOWS\System32\drivers\klupd_klif_mark.sys [2017-11-15 173664]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-9-29 21504]
R3 Netwtw04;Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit;C:\WINDOWS\System32\drivers\Netwtw04.sys [2017-7-13 7647232]
R3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
R3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
R3 PimIndexMaintenanceSvc_323043b;Contact Data_323043b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2017-8-5 943112]
R3 RTSPER;Realtek PCIE Card Reader - PER;C:\WINDOWS\System32\drivers\RtsPer.sys [2017-8-6 782304]
R3 SNP2UVCW10;USB2.0 PC Camera (snUVCg2);C:\WINDOWS\System32\drivers\snUVCg2.sys [2017-8-7 2528352]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 tapnordvpn;TAP-NordVPN Windows Adapter V9;C:\WINDOWS\System32\drivers\tapnordvpn.sys [2017-3-27 84432]
R3 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
R3 TokenBroker;Web Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-9-29 28568]
R3 UnistoreSvc_323043b;User Data Storage_323043b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 UserDataSvc_323043b;User Data Access_323043b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-12-13 770048]
R3 WirelessButtonDriver64;HP Wireless Button Driver Service;C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [2017-6-21 30368]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2017-9-29 25088]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-9-29 259584]
R3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Service;C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [2015-6-6 63840]
S0 klelam;klelam;C:\WINDOWS\System32\drivers\klelam.sys [2016-3-31 28792]
S1 MpKsl4a7b5545;MpKsl4a7b5545;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02C32C93-C62C-431B-B55B-9AD68EB60A85}\MpKsl4a7b5545.sys [2018-1-21 58120]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-8-5 143144]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S2 KMService;KMService;C:\WINDOWS\System32\srvany.exe --> C:\WINDOWS\System32\srvany.exe [?]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService -p [2017-9-29 48688]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-4-5 317400]
S2 UIUService;Conexant UIU Service;C:\WINDOWS\System32\UIUSrv.exe --> C:\WINDOWS\System32\UIUSrv.exe [?]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-9-29 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-9-29 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-9-29 18432]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness -p [2017-9-29 48688]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2017-9-29 126872]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2017-9-29 158616]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2017-9-29 143768]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 AssignedAccessManagerSvc;AssignedAccessManager Service;C:\WINDOWS\System32\svchost.exe -k AssignedAccessManagerSvc [2017-9-29 48688]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-9-29 9728]
S3 bttflt;Microsoft Hyper-V VHDPMEM BTT Filter;C:\WINDOWS\System32\drivers\bttflt.sys [2017-9-29 37784]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-9-29 39424]
S3 camsvc;Capability Access Manager Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-9-29 122368]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-9-29 357272]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-9-29 1723288]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx -p [2017-9-29 48688]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-8-5 143144]
S3 DevicesFlowUserSvc_323043b;DevicesFlow_323043b;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-9-29 48688]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2017-5-18 131984]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-9-29 85504]
S3 diagsvc;Diagnostic Execution Service;C:\WINDOWS\System32\svchost.exe -k diagnostics [2017-9-29 48688]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 ExpressInvoiceService;Express Invoice Invoicing Software;C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2017-8-7 2342160]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-9-29 48688]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-9-29 20992]
S3 GraphicsPerfSvc;GraphicsPerfSvc;C:\WINDOWS\System32\svchost.exe -k GraphicsPerfSvcGroup [2017-9-29 48688]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-9-29 50584]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver;C:\WINDOWS\System32\drivers\mshwnclx.sys [2017-9-29 27136]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-9-29 36864]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-9-29 91648]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-9-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-9-29 88576]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-9-29 171520]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-9-29 174592]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-9-29 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-9-29 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-9-29 674200]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-9-29 526232]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-9-29 39424]
S3 InstallService;Windows Store Install Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2017-9-21 742704]
S3 invdimm;Microsoft iNVDIMM device driver;C:\WINDOWS\System32\drivers\invdimm.sys [2017-9-29 38912]
S3 IPT;IPT;C:\WINDOWS\System32\drivers\ipt.sys [2017-9-29 26112]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 klvssbrigde64;klvssbrigde64;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [2016-6-28 77328]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-9-29 123800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-9-29 103320]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-9-29 505240]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-9-29 55840]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-9-29 63520]
S3 MessagingService_323043b;MessagingService_323043b;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-9-29 48688]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-9-29 842648]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2017-8-7 269480]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-9-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-9-29 132608]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2018-1-6 192512]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-9-29 88576]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2018-1-15 258728]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-9-29 58776]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-9-29 61848]
S3 PNPMEM;Microsoft Memory Module Driver;C:\WINDOWS\System32\drivers\pnpmem.sys [2017-9-29 16896]
S3 PrintWorkflowUserSvc_323043b;PrintWorkflow_323043b;C:\WINDOWS\System32\svchost.exe -k PrintWorkflow [2017-9-29 48688]
S3 PushToInstall;Windows PushToInstall Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 Ramdisk;Windows RAM Disk Driver;C:\WINDOWS\System32\drivers\ramdisk.sys [2017-9-29 39832]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-9-29 1849752]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-9-29 936856]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-9-29 48688]
S3 rhproxy;Resource Hub proxy driver;C:\WINDOWS\System32\drivers\rhproxy.sys [2017-9-29 103936]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-9-29 48688]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-9-29 118168]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-9-29 33176]
S3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2017-12-13 4329952]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-9-29 1288704]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-9-29 154520]
S3 SharedRealitySvc;Spatial Data Service;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-9-29 48688]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-9-29 56216]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2018-1-6 956416]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2017-5-18 166288]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2018-1-6 103320]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-12-1 45464]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-9-29 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-12-1 114688]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-9-29 146944]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-12-1 57344]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-9-29 45056]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-9-29 266648]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-9-29 97312]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-9-29 140696]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-9-29 28568]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-12-1 60824]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-9-29 27544]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-9-29 48688]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-9-29 34816]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-9-29 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p [2017-9-29 48688]
S3 vnvdimm;Microsoft virtual NVDIMM device driver;C:\WINDOWS\System32\drivers\vnvdimm.sys [2017-9-29 43008]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel -p [2017-9-29 48688]
S3 WarpJITSvc;WarpJITSvc;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-9-29 48688]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-9-29 76288]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [2018-1-20 129616]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe [2018-1-20 356168]
S3 wdnsfltr;Windows Defender Network Stream Filter Driver;C:\WINDOWS\System32\drivers\wdnsfltr.sys [2017-9-29 33792]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-9-29 48688]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-9-29 32152]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2018-1-6 225792]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-9-29 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 wlpasvc;Local Profile Assistant Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p [2017-9-29 48688]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\xbgmsvc.exe [2017-9-29 59512]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-9-29 281600]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-9-29 46592]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2017-12-13 819096]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs -p [2017-9-29 48688]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService -p [2017-9-29 48688]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2017-9-29 40344]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2017-9-29 1190400]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2018-01-22 08:07:19 230312 ----a-w- C:\WINDOWS\System32\drivers\klupd_klif_arkmon.sys
2018-01-22 04:57:15 -------- d-----w- C:\WINDOWS\System32\drivers\wd
2018-01-21 07:54:14 14047160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02C32C93-C62C-431B-B55B-9AD68EB60A85}\mpengine.dll
2018-01-20 04:26:11 14047160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2018-01-19 09:26:43 97344 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2018-01-19 09:26:24 -------- d-----w- C:\Program Files (x86)\Common Files\Oracle
2018-01-16 12:16:58 87584 ----a-w- C:\WINDOWS\System32\drivers\klupd_klif_kimul.sys
2018-01-15 03:01:02 585904 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2018-01-15 02:51:46 31408 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2018-01-15 02:39:22 258728 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2018-01-12 06:35:46 -------- d-----w- C:\Program Files\Common Files\Intel
2018-01-12 06:33:25 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2018-01-09 17:52:01 -------- d-----w- C:\Users\henry\.config
2018-01-09 17:51:52 -------- d-----w- C:\Program Files (x86)\Clementine
2018-01-09 17:33:32 -------- d-----w- C:\Users\henry\AppData\Local\MusicBee
2018-01-08 21:15:16 51016 ----a-w- C:\WINDOWS\System32\DbxSvc.exe
2018-01-08 21:15:16 45672 ----a-w- C:\WINDOWS\System32\drivers\dbx-dev.sys
2018-01-08 21:15:16 45640 ----a-w- C:\WINDOWS\System32\drivers\dbx-stable.sys
2018-01-08 21:15:16 45640 ----a-w- C:\WINDOWS\System32\drivers\dbx-canary.sys
2018-01-04 08:17:04 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2018-01-04 08:16:56 -------- d-----w- C:\Program Files (x86)\AMD
2018-01-04 08:14:41 20360 ----a-w- C:\WINDOWS\SysWow64\detoured.dll
2018-01-04 08:14:41 20360 ----a-w- C:\WINDOWS\System32\detoured.dll
2018-01-04 08:14:40 112520 ----a-w- C:\WINDOWS\System32\OpenCL.dll
2018-01-04 08:14:40 103304 ----a-w- C:\WINDOWS\SysWow64\OpenCL.dll
2018-01-04 08:14:40 1032072 ----a-w- C:\WINDOWS\SysWow64\atiadlxx.dll
2018-01-04 06:22:50 152080 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe
2018-01-03 18:16:46 -------- d-----w- C:\Program Files (x86)\VideoLAN
2018-01-02 10:15:19 -------- d-----w- C:\Users\henry\AppData\Roaming\Digiarty
2018-01-02 09:22:41 -------- d-----w- C:\Users\henry\AppData\Roaming\STAMP
2017-12-31 21:38:11 -------- d-----w- C:\Users\henry\AppData\Roaming\Deezer
2017-12-31 08:42:27 -------- d-----w- C:\Users\henry\AppData\Roaming\JAM Software
2017-12-31 08:42:17 -------- d-----w- C:\Program Files (x86)\JAM Software
2017-12-23 14:35:44 -------- d-----w- C:\Users\henry\.cache
.
==================== Find3M ====================
.
2018-01-20 04:29:20 46072 ----a-w- C:\WINDOWS\System32\drivers\wd\WdBoot.sys
2018-01-20 04:29:20 288848 ----a-w- C:\WINDOWS\System32\drivers\wd\WdFilter.sys
2018-01-20 04:29:20 129616 ----a-w- C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys
2018-01-10 06:12:10 129365736 -c--a-w- C:\WINDOWS\System32\MRT-KB890830.exe
2018-01-06 06:31:23 403968 ----a-w- C:\WINDOWS\System32\WpAXHolder.dll
2018-01-06 06:31:15 106496 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2018-01-06 06:31:14 140800 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2018-01-01 17:15:38 956416 ----a-w- C:\WINDOWS\System32\Spectrum.exe
2018-01-01 12:54:36 924648 ----a-w- C:\WINDOWS\System32\winresume.exe
2018-01-01 12:53:26 1090984 ----a-w- C:\WINDOWS\System32\winresume.efi
2018-01-01 12:52:23 66712 ----a-w- C:\WINDOWS\System32\iumcrypt.dll
2018-01-01 12:51:59 59800 ----a-w- C:\WINDOWS\System32\drivers\bam.sys
2018-01-01 12:51:56 1055128 ----a-w- C:\WINDOWS\System32\hvax64.exe
2018-01-01 12:51:31 191816 ----a-w- C:\WINDOWS\System32\skci.dll
2018-01-01 12:51:23 1209240 ----a-w- C:\WINDOWS\System32\winload.exe
2018-01-01 12:51:18 1414784 ----a-w- C:\WINDOWS\System32\winload.efi
2018-01-01 12:50:58 479912 ----a-w- C:\WINDOWS\System32\ucrtbase_enclave.dll
2018-01-01 12:50:35 77208 ----a-w- C:\WINDOWS\System32\hvloader.dll
2018-01-01 12:50:17 780464 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2018-01-01 12:50:07 5905752 ----a-w- C:\WINDOWS\System32\StartTileData.dll
2018-01-01 12:49:34 8605080 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2018-01-01 12:49:34 292376 ----a-w- C:\WINDOWS\System32\wscapi.dll
2018-01-01 12:49:31 599448 ----a-w- C:\WINDOWS\System32\securekernel.exe
2018-01-01 12:49:10 319352 ----a-w- C:\WINDOWS\System32\wow64.dll
2018-01-01 12:48:26 1954048 ----a-w- C:\WINDOWS\System32\ntdll.dll
2018-01-01 12:48:18 7831760 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2018-01-01 12:48:18 382360 ----a-w- C:\WINDOWS\System32\atmfd.dll
2018-01-01 12:47:06 649304 ----a-w- C:\WINDOWS\System32\advapi32.dll
2018-01-01 12:47:01 82840 ----a-w- C:\WINDOWS\System32\drivers\volmgr.sys
2018-01-01 12:46:23 898216 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2018-01-01 12:46:21 733592 ----a-w- C:\WINDOWS\System32\drivers\acpi.sys
2018-01-01 12:45:54 2395032 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2018-01-01 12:45:48 1277848 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2018-01-01 12:45:17 398744 ----a-w- C:\WINDOWS\System32\drivers\fltMgr.sys
2018-01-01 12:43:31 1173576 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2018-01-01 12:43:16 367336 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2018-01-01 12:43:03 62872 ----a-w- C:\WINDOWS\System32\drivers\fsdepends.sys
2018-01-01 12:42:46 571288 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2018-01-01 12:42:36 494488 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2018-01-01 12:42:34 184984 ----a-w- C:\WINDOWS\System32\sspicli.dll
2018-01-01 12:42:20 109976 ----a-w- C:\WINDOWS\System32\drivers\vmbus.sys
2018-01-01 12:42:01 1029016 ----a-w- C:\WINDOWS\System32\efscore.dll
2018-01-01 12:41:32 549552 ----a-w- C:\WINDOWS\System32\WWanAPI.dll
2018-01-01 12:41:24 559512 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2018-01-01 12:41:18 7676296 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2018-01-01 12:40:19 1206680 ----a-w- C:\WINDOWS\System32\hvix64.exe
2018-01-01 12:39:58 508264 ----a-w- C:\WINDOWS\System32\systemreset.exe
2018-01-01 12:39:53 902416 ----a-w- C:\WINDOWS\System32\winhttp.dll
2018-01-01 12:39:44 362904 ----a-w- C:\WINDOWS\System32\drivers\pci.sys
2018-01-01 12:39:17 677784 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2018-01-01 12:39:06 129432 ----a-w- C:\WINDOWS\System32\drivers\hvsocket.sys
2018-01-01 12:38:53 519152 ----a-w- C:\WINDOWS\System32\SecurityHealthService.exe
2018-01-01 12:38:43 38808 ----a-w- C:\WINDOWS\System32\drivers\Diskdump.sys
2018-01-01 12:38:24 3904808 ----a-w- C:\WINDOWS\explorer.exe
2018-01-01 12:38:15 727448 ----a-w- C:\WINDOWS\System32\drivers\fvevol.sys
2018-01-01 12:38:09 103320 ----a-w- C:\WINDOWS\System32\drivers\stornvme.sys
2018-01-01 12:37:57 461720 ----a-w- C:\WINDOWS\System32\wifitask.exe
2018-01-01 12:37:09 1426664 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2018-01-01 12:36:57 113560 ----a-w- C:\WINDOWS\System32\icfupgd.dll
2018-01-01 12:36:32 57752 ----a-w- C:\WINDOWS\System32\drivers\netbios.sys
2018-01-01 12:36:25 413888 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll
2018-01-01 12:36:25 166296 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
2018-01-01 12:36:20 374032 ----a-w- C:\WINDOWS\System32\vac.exe
2018-01-01 12:35:34 75160 ----a-w- C:\WINDOWS\System32\SecurityHealthProxyStub.dll
2018-01-01 12:35:16 1170008 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2018-01-01 12:34:51 1336344 ----a-w- C:\WINDOWS\System32\ole32.dll
2018-01-01 12:34:45 7385088 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2018-01-01 12:34:45 260896 ----a-w- C:\WINDOWS\System32\mfps.dll
2018-01-01 12:34:43 87384 ----a-w- C:\WINDOWS\System32\remoteaudioendpoint.dll
2018-01-01 12:33:42 603920 ----a-w- C:\WINDOWS\System32\audiodg.exe
2018-01-01 12:33:36 2773400 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2018-01-01 12:32:57 4481240 ----a-w- C:\WINDOWS\System32\mfcore.dll
2018-01-01 12:32:30 617304 ----a-w- C:\WINDOWS\System32\TextInputFramework.dll
2018-01-01 12:27:27 713624 ----a-w- C:\WINDOWS\System32\drivers\vhdmp.sys
2018-01-01 12:27:26 163736 ----a-w- C:\WINDOWS\System32\drivers\wfplwfs.sys
2018-01-01 12:26:45 81304 ----a-w- C:\WINDOWS\System32\drivers\vmbkmcl.sys
2018-01-01 12:26:25 428952 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2018-01-01 12:25:50 147864 ----a-w- C:\WINDOWS\System32\drivers\wcifs.sys
2018-01-01 12:25:26 615768 ----a-w- C:\WINDOWS\System32\services.exe
2018-01-01 12:21:36 1103768 ----a-w- C:\WINDOWS\System32\drivers\http.sys
2018-01-01 12:21:34 614296 ----a-w- C:\WINDOWS\System32\drivers\afd.sys
2018-01-01 1249 311192 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2018-01-01 12:03:39 650328 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2018-01-01 12:03:38 777904 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2018-01-01 12:03:36 566664 ----a-w- C:\WINDOWS\SysWow64\CoreMessaging.dll
2018-01-01 12:03:03 123512 ----a-w- C:\WINDOWS\SysWow64\sspicli.dll
2018-01-01 11:53:43 1615712 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2018-01-01 11:49:35 258808 ----a-w- C:\WINDOWS\SysWow64\wscapi.dll
2018-01-01 11:49:11 481464 ----a-w- C:\WINDOWS\SysWow64\advapi32.dll
2018-01-01 11:46:57 289816 ----a-w- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
2018-01-01 11:46:25 3485392 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2018-01-01 11:45:54 5615968 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2018-01-01 11:45:34 6092152 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2018-01-01 11:45:26 450928 ----a-w- C:\WINDOWS\SysWow64\WWanAPI.dll
2018-01-01 11:42:56 982528 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2018-01-01 11:42:47 386424 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll
2018-01-01 11:42:41 4644912 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2018-01-01 11:42:40 6479552 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2018-01-01 11:42:33 1246432 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
2018-01-01 11:42:32 74992 ----a-w- C:\WINDOWS\SysWow64\remoteaudioendpoint.dll
.
============= FINISH: 13:39:16.62 ===============
Attached Files
File Type: txt attach.txt (13.7 KB, 19 views)
happydaze29 is offline  
Sponsored Links
Advertisement
 
Old 01-26-2018, 09:18 PM   #2
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



BUMP, please
happydaze29 is offline  
Old 01-28-2018, 07:13 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 01-28-2018, 07:56 PM   #4
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



Morning,

# AdwCleaner 7.0.7.0 - Logfile created on Mon Jan 29 03:48:06 2018
# Updated on 2018/18/01 by Malwarebytes
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\henry\AppData\Local\AdvinstAnalytics


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: Fatkun Batch Download Image -
Plugin deleted: SoundCloud Downloader Free -


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1225 B] - [2018/1/29 3:47:21]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by henry (administrator) on RAKAVI (29-01-2018 05:51:22)
Running from C:\Users\henry\Desktop
Loaded Profiles: henry (Available Profiles: defaultuser0 & henry)
Platform: Windows 10 Pro Version 1709 16299.192 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(HP) C:\Windows\System32\HP3DDGService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Conexant Systems, Inc) C:\Windows\CxSvc\CxMonSvc.exe
(Conexant Systems, Inc.) C:\Windows\CxSvc\CxUtilSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Intel Corporation) C:\Windows\System32\IntelCpHDCPSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Windows\System32\fpCSEvtSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Conexant) C:\Windows\System32\MicTray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET + Big-R) C:\Program Files (x86)\GO Contact Sync Mod\GOContactSync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\ScanToPCActivationApp.exe
(Firetrust) C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\HPNetworkCommunicatorCom.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\henry\AppData\Local\Google\Chrome\User Data\SwReporter\25.139.200\software_reporter_tool.exe
(Google) C:\Users\henry\AppData\Local\Google\Chrome\User Data\SwReporter\25.139.200\software_reporter_tool.exe
(Google) C:\Users\henry\AppData\Local\Google\Chrome\User Data\SwReporter\25.139.200\software_reporter_tool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322120 2017-02-01] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-01-22] (Dropbox, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKU\S-1-5-21-90514084-1690922502-780771697-1002\...\Run: [GoogleContactSync] => C:\Program Files (x86)\GO Contact Sync Mod\GOContactSync.exe [3193856 2016-11-27] (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET + Big-R)
HKU\S-1-5-21-90514084-1690922502-780771697-1002\...\Run: [STUISpeedLauncher] => C:\Program Files\Samsung\Stylish UI Pack\TouchBasedUI.exe [411136 2015-02-09] ()
HKU\S-1-5-21-90514084-1690922502-780771697-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] ()
HKU\S-1-5-21-90514084-1690922502-780771697-1002\...\Run: [HP Officejet Pro 276dw MFP (NET)] => C:\Program Files\HP\HP Officejet Pro 276dw MFP\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-90514084-1690922502-780771697-1002\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [5863200 2017-11-29] (NordVPN)
HKU\S-1-5-21-90514084-1690922502-780771697-1002\...\Run: [com.deezer.deezer-desktop] => C:\Users\henry\AppData\Local\Programs\deezer-desktop\Deezer.exe [56505152 2018-01-16] (Deezer)
HKU\S-1-5-21-90514084-1690922502-780771697-1002\...\MountPoints2: {072b02c0-ed1b-11e7-884e-00dbdf6642b0} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-21-90514084-1690922502-780771697-1002\...\MountPoints2: {4af60bfa-dc18-11e7-8841-00dbdf6642b0} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-90514084-1690922502-780771697-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [150016 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [5863200 2017-11-29] (NordVPN)
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\NordVPN\NordVPN.exe [5863200 2017-11-29] (NordVPN)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2017-09-28]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2017-08-05]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk [2017-08-05]
ShortcutTarget: MailWasherPro.lnk -> C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe (Firetrust)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2017-08-05]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk [2017-08-06]
ShortcutTarget: MailWasherPro.lnk -> C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe (Firetrust)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{47a04eb4-157c-444e-9234-c695e3d8c1d8}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-29] (AO Kaspersky Lab)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-23] (HP Inc.)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-04-29] (AO Kaspersky Lab)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-01-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-19] (Oracle Corporation)
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated)
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-19] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-23] (HP Inc.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-29] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-04-29] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-21] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-21] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-21] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-21] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-21] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-10-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-21] (Microsoft Corporation)
FF Plugin-x32: @Java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-19] (Oracle Corporation)
FF Plugin-x32: @Java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @Videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @Videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-90514084-1690922502-780771697-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\henry\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-08-21] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/advanced_search
CHR StartupUrls: Default -> "hxxps://www.google.com/advanced_search"
CHR Profile: C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default [2018-01-29]
CHR Extension: (Slides) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-05]
CHR Extension: (Skype Calling) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-08-08]
CHR Extension: (YouTube) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-05]
CHR Extension: (DownAlbum) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2018-01-27]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-08-08]
CHR Extension: (Adobe Acrobat) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-07]
CHR Extension: (Sheets) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Kaspersky Protection) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-08-05]
CHR Extension: (Google Docs Offline) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-05]
CHR Extension: (AdBlock) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-01-28]
CHR Extension: (Pinterest Save Button) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-11-15]
CHR Extension: (Google Keep - notes and lists) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2018-01-23]
CHR Extension: (uSelect iDownload) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc [2017-08-08]
CHR Extension: (SoundCloud Downloader Free) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\libedajeiljdoodmokbppgapcfbignci [2018-01-29]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Fatkun Batch Download Image) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjjahlikiabnchcpehcpkdeckfgnohf [2018-01-29]
CHR Extension: (Adblock Pro) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2017-11-14]
CHR Extension: (Gmail) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-05]
CHR Extension: (Chrome Media Router) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-27]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-90514084-1690922502-780771697-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2017-09-21] (Adobe Systems) [File not signed]
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7780528 2018-01-15] (Microsoft Corporation)
R2 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [596520 2017-09-07] (Intel Corporation)
R2 CxMonSvc; C:\WINDOWS\CxSvc\CxMonSvc.exe [34424 2017-06-22] (Conexant Systems, Inc)
R2 CxUtilSvc; C:\WINDOWS\CxSvc\CxUtilSvc.exe [148600 2017-04-13] (Conexant Systems, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-05] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-01-22] (Dropbox, Inc.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S3 ExpressInvoiceService; C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2342160 2016-02-08] (NCH Software)
R2 fpCsEvtSvc; C:\WINDOWS\system32\fpCSEvtSvc.exe [22528 2017-08-09] ()
R2 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2017-10-03] (HP)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-26] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2017-02-01] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [398376 2017-09-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel(R) Corporation)
R2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-10-23] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
S2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [269480 2017-08-07] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [413472 2017-11-29] ()
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [143664 2017-08-07] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255584 2017-08-19] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [82944 2017-08-09] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-20] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-20] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3756200 2017-08-07] (Intel® Corporation)
S2 UIUService; %SystemRoot%\system32\UIUSrv.exe [X]
R2 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\henry\AppData\Roaming\Zoom"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [54296 2017-10-03] (HP)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318478.inf_amd64_a97041c1257fa26d\atikmdag.sys [36567432 2018-01-04] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318478.inf_amd64_a97041c1257fa26d\atikmpag.sys [520072 2018-01-04] (Advanced Micro Devices, Inc.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R3 CnxtHdAudService; C:\WINDOWS\system32\drivers\CHDRT64ISST.sys [1673240 2017-07-13] (Conexant Systems Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [40472 2017-10-03] (HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197344 2017-10-14] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [592088 2017-10-14] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [190832 2018-01-29] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1021656 2017-10-14] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [230280 2018-01-25] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2018-01-25] (AO Kaspersky Lab)
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [253200 2018-01-24] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [107680 2018-01-24] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173664 2018-01-25] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-04-29] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199640 2017-08-05] (AO Kaspersky Lab)
S1 MpKsl4a7b5545; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02C32C93-C62C-431B-B55B-9AD68EB60A85}\MpKsl4a7b5545.sys [58120 2018-01-21] () [File not signed]
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7647232 2017-10-17] (Intel Corporation)
R2 NEWDRIVER; C:\WINDOWS\SysWow64\WinVDEdrv6.sys [197648 2017-10-25] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2017-08-05] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782304 2017-08-06] (Realsil Semiconductor Corporation)
R3 SNP2UVCW10; C:\WINDOWS\system32\DRIVERS\snUVCg2.sys [2528352 2017-08-07] (Sonix Tech. Co., Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [84432 2017-03-27] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-01-20] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2018-01-20] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-20] (Microsoft Corporation)
R2 WIBUKEY; C:\WINDOWS\System32\DRIVERS\WibuKey64.sys [118200 2016-12-20] (WIBU-SYSTEMS AG)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-29 05:51 - 2018-01-29 05:51 - 000032283 _____ C:\Users\henry\Desktop\FRST.txt
2018-01-29 05:51 - 2018-01-29 05:51 - 000000000 ____D C:\FRST
2018-01-29 05:48 - 2018-01-29 05:48 - 000000004 ____H C:\ProgramData\cm-lock
2018-01-29 05:45 - 2018-01-29 05:47 - 000000000 ____D C:\AdwCleaner
2018-01-29 05:44 - 2018-01-29 05:44 - 002393088 _____ (Farbar) C:\Users\henry\Desktop\FRST64.exe
2018-01-29 05:43 - 2018-01-29 05:44 - 008206624 _____ (Malwarebytes) C:\Users\henry\Desktop\AdwCleaner.exe
2018-01-27 08:01 - 2018-01-27 08:01 - 000003392 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-01-25 09:48 - 2018-01-25 09:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-25 05:02 - 2018-01-25 08:25 - 000173664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2018-01-25 05:02 - 2018-01-25 05:02 - 000230280 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2018-01-24 14:06 - 2018-01-25 06:22 - 000087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2018-01-24 11:58 - 2018-01-24 11:58 - 000001091 _____ C:\Users\Public\Desktop\PlanetGIS Explorer 5.2.lnk
2018-01-24 10:46 - 2018-01-24 10:46 - 000253200 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2018-01-24 10:45 - 2018-01-24 10:45 - 000107680 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2018-01-24 08:48 - 2018-01-24 08:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-01-23 06:09 - 2018-01-23 06:09 - 000000000 ____D C:\WINDOWS\Panther
2018-01-22 13:39 - 2018-01-22 13:39 - 000061833 _____ C:\Users\henry\Desktop\dds.txt
2018-01-22 13:39 - 2018-01-22 13:39 - 000014052 _____ C:\Users\henry\Desktop\attach.txt
2018-01-22 13:38 - 2018-01-22 13:38 - 000688992 ____R (Swearware) C:\Users\henry\Desktop\dds.scr
2018-01-22 13:19 - 2018-01-22 13:19 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-01-22 13:19 - 2018-01-22 13:19 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-01-22 13:19 - 2018-01-22 13:19 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-01-22 13:19 - 2018-01-22 13:19 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-01-19 11:26 - 2018-01-19 11:26 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-01-19 11:26 - 2018-01-19 11:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-19 11:26 - 2018-01-19 11:26 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-17 13:33 - 2018-01-17 13:33 - 000028672 _____ C:\Users\henry\Desktop\Spa.xls
2018-01-12 08:35 - 2018-01-12 08:35 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-01-09 19:52 - 2018-01-09 19:52 - 000000000 ____D C:\Users\henry\.config
2018-01-09 19:51 - 2018-01-15 08:22 - 000000000 ____D C:\Program Files (x86)\Clementine
2018-01-09 19:50 - 2018-01-09 19:51 - 000000000 ____D C:\Users\henry\Downloads\Clementine music player
2018-01-09 19:33 - 2018-01-09 19:33 - 000000000 ____D C:\Users\henry\AppData\Local\MusicBee
2018-01-09 19:32 - 2018-01-09 19:32 - 000001090 _____ C:\Users\henry\Desktop\MusicBee.lnk
2018-01-09 19:31 - 2018-01-09 19:32 - 000000000 ____D C:\Users\henry\Downloads\Musicbee
2018-01-06 08:30 - 2018-01-01 19:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-06 08:30 - 2018-01-01 14:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-06 08:30 - 2018-01-01 14:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-06 08:30 - 2018-01-01 14:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-06 08:30 - 2018-01-01 14:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-06 08:30 - 2018-01-01 14:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-06 08:30 - 2018-01-01 14:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-06 08:30 - 2018-01-01 14:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-06 08:30 - 2018-01-01 14:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-06 08:30 - 2018-01-01 14:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-06 08:30 - 2018-01-01 14:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-06 08:30 - 2018-01-01 14:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-06 08:30 - 2018-01-01 14:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-06 08:30 - 2018-01-01 14:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-06 08:30 - 2018-01-01 14:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-06 08:30 - 2018-01-01 14:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-06 08:30 - 2018-01-01 14:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-06 08:30 - 2018-01-01 14:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-06 08:30 - 2018-01-01 14:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-06 08:30 - 2018-01-01 14:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-06 08:30 - 2018-01-01 14:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-06 08:30 - 2018-01-01 14:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-06 08:30 - 2018-01-01 14:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-06 08:30 - 2018-01-01 14:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-06 08:30 - 2018-01-01 14:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-06 08:30 - 2018-01-01 14:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-06 08:30 - 2018-01-01 14:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-06 08:30 - 2018-01-01 14:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-06 08:30 - 2018-01-01 14:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-06 08:30 - 2018-01-01 14:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-06 08:30 - 2018-01-01 14:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-06 08:30 - 2018-01-01 14:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-06 08:30 - 2018-01-01 14:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-06 08:30 - 2018-01-01 14:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-06 08:30 - 2018-01-01 14:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-06 08:30 - 2018-01-01 14:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-06 08:30 - 2018-01-01 14:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-06 08:30 - 2018-01-01 14:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-06 08:30 - 2018-01-01 14:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-06 08:30 - 2018-01-01 14:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-06 08:30 - 2018-01-01 14:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-06 08:30 - 2018-01-01 14:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-06 08:30 - 2018-01-01 14:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-06 08:30 - 2018-01-01 14:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-06 08:30 - 2018-01-01 14:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-06 08:30 - 2018-01-01 14:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-06 08:30 - 2018-01-01 14:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-06 08:30 - 2018-01-01 14:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-06 08:30 - 2018-01-01 14:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-06 08:30 - 2018-01-01 14:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-06 08:30 - 2018-01-01 14:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-06 08:30 - 2018-01-01 14:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-06 08:30 - 2018-01-01 14:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-06 08:30 - 2018-01-01 14:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-06 08:30 - 2018-01-01 14:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-06 08:30 - 2018-01-01 14:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-06 08:30 - 2018-01-01 14:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-06 08:30 - 2018-01-01 14:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-06 08:30 - 2018-01-01 14:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-06 08:30 - 2018-01-01 14:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-06 08:30 - 2018-01-01 14:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-06 08:30 - 2018-01-01 14:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-06 08:30 - 2018-01-01 14:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-06 08:30 - 2018-01-01 14:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-06 08:30 - 2018-01-01 14:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-06 08:30 - 2018-01-01 14:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-06 08:30 - 2018-01-01 14:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-06 08:30 - 2018-01-01 14:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-06 08:30 - 2018-01-01 14:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-06 08:30 - 2018-01-01 14:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-06 08:30 - 2018-01-01 14:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-06 08:30 - 2018-01-01 14:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-06 08:30 - 2018-01-01 14:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-06 08:30 - 2018-01-01 14:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-06 08:30 - 2018-01-01 14:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-06 08:30 - 2018-01-01 14:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-06 08:30 - 2018-01-01 14:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-06 08:30 - 2018-01-01 14:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-06 08:30 - 2018-01-01 14:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-06 08:30 - 2018-01-01 14:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-06 08:30 - 2018-01-01 14:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-06 08:30 - 2018-01-01 14:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-06 08:30 - 2018-01-01 13:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-06 08:30 - 2018-01-01 13:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-06 08:30 - 2018-01-01 13:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-06 08:30 - 2018-01-01 13:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-06 08:30 - 2018-01-01 13:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-06 08:30 - 2018-01-01 13:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-06 08:30 - 2018-01-01 13:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-06 08:30 - 2018-01-01 13:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-06 08:30 - 2018-01-01 13:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-06 08:30 - 2018-01-01 13:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-06 08:30 - 2018-01-01 13:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-06 08:30 - 2018-01-01 13:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-06 08:30 - 2018-01-01 13:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-06 08:30 - 2018-01-01 13:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-06 08:30 - 2018-01-01 13:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-06 08:30 - 2018-01-01 13:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-06 08:30 - 2018-01-01 13:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-06 08:30 - 2018-01-01 13:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-06 08:30 - 2018-01-01 13:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-06 08:30 - 2018-01-01 13:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-06 08:30 - 2018-01-01 13:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-06 08:30 - 2018-01-01 13:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-06 08:30 - 2018-01-01 13:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-06 08:30 - 2018-01-01 13:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-06 08:30 - 2018-01-01 13:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-06 08:30 - 2018-01-01 13:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-06 08:30 - 2018-01-01 13:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-06 08:30 - 2018-01-01 13:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-06 08:30 - 2018-01-01 13:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-06 08:30 - 2018-01-01 13:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-06 08:30 - 2018-01-01 13:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-06 08:30 - 2018-01-01 13:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-06 08:30 - 2018-01-01 13:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-06 08:30 - 2018-01-01 13:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-06 08:30 - 2018-01-01 13:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-06 08:30 - 2018-01-01 13:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-06 08:30 - 2018-01-01 13:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-06 08:30 - 2018-01-01 13:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-06 08:30 - 2018-01-01 13:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-06 08:30 - 2018-01-01 13:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll
2018-01-06 08:30 - 2018-01-01 13:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-06 08:30 - 2018-01-01 13:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-06 08:30 - 2018-01-01 13:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-06 08:30 - 2018-01-01 13:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-06 08:30 - 2018-01-01 13:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-06 08:30 - 2018-01-01 13:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-06 08:30 - 2018-01-01 13:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-06 08:30 - 2018-01-01 13:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-06 08:30 - 2018-01-01 13:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-06 08:30 - 2018-01-01 13:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-06 08:30 - 2018-01-01 13:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-06 08:30 - 2018-01-01 13:21 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2018-01-06 08:30 - 2018-01-01 13:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-06 08:30 - 2018-01-01 13:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-06 08:30 - 2018-01-01 13:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-06 08:30 - 2018-01-01 13:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-06 08:30 - 2018-01-01 13:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-06 08:30 - 2018-01-01 13:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-06 08:30 - 2018-01-01 13:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-06 08:30 - 2018-01-01 13:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-06 08:30 - 2018-01-01 13:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-06 08:30 - 2018-01-01 13:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-06 08:30 - 2018-01-01 13:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-06 08:30 - 2018-01-01 13:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-06 08:30 - 2018-01-01 13:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-06 08:30 - 2018-01-01 13:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-06 08:30 - 2018-01-01 13:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-06 08:30 - 2018-01-01 13:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-06 08:30 - 2018-01-01 13:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-06 08:30 - 2018-01-01 13:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-06 08:30 - 2018-01-01 13:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-06 08:30 - 2018-01-01 13:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-06 08:30 - 2018-01-01 13:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-06 08:30 - 2018-01-01 13:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-06 08:30 - 2018-01-01 13:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-06 08:30 - 2018-01-01 13:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-06 08:30 - 2018-01-01 13:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-06 08:30 - 2018-01-01 13:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-06 08:30 - 2018-01-01 13:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-06 08:30 - 2018-01-01 13:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-06 08:30 - 2018-01-01 13:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-06 08:30 - 2018-01-01 13:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-06 08:30 - 2018-01-01 13:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-06 08:30 - 2018-01-01 13:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-06 08:30 - 2018-01-01 13:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-06 08:30 - 2018-01-01 13:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-06 08:30 - 2018-01-01 13:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-06 08:30 - 2018-01-01 13:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-06 08:30 - 2018-01-01 13:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-06 08:30 - 2018-01-01 13:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-06 08:30 - 2018-01-01 13:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-06 08:30 - 2018-01-01 13:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-06 08:30 - 2018-01-01 13:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-06 08:30 - 2018-01-01 13:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-06 08:30 - 2018-01-01 13:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-06 08:30 - 2018-01-01 13:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-06 08:30 - 2018-01-01 13:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-06 08:30 - 2018-01-01 13:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-06 08:30 - 2018-01-01 13:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-06 08:30 - 2018-01-01 13:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-06 08:30 - 2018-01-01 13:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-06 08:30 - 2018-01-01 13:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-06 08:30 - 2018-01-01 13:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-06 08:30 - 2018-01-01 13:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-06 08:30 - 2018-01-01 13:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-06 08:30 - 2018-01-01 13:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-06 08:30 - 2018-01-01 13:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-06 08:30 - 2018-01-01 13:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-06 08:30 - 2018-01-01 13:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-06 08:30 - 2018-01-01 13:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-06 08:30 - 2018-01-01 13:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-06 08:30 - 2018-01-01 13:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-06 08:30 - 2018-01-01 13:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-06 08:30 - 2018-01-01 13:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-06 08:30 - 2018-01-01 13:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-06 08:30 - 2018-01-01 13:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-06 08:30 - 2018-01-01 13:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-06 08:30 - 2018-01-01 13:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-06 08:30 - 2018-01-01 13:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-06 08:30 - 2018-01-01 13:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-06 08:30 - 2018-01-01 13:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-06 08:30 - 2018-01-01 13:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-06 08:30 - 2018-01-01 13:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-06 08:30 - 2018-01-01 13:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-06 08:30 - 2018-01-01 13:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-06 08:30 - 2018-01-01 13:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-06 08:30 - 2018-01-01 13:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-06 08:30 - 2018-01-01 13:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-06 08:30 - 2018-01-01 13:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-06 08:30 - 2018-01-01 13:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-06 08:30 - 2018-01-01 13:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-06 08:30 - 2018-01-01 13:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-06 08:30 - 2018-01-01 13:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-06 08:30 - 2018-01-01 13:11 - 001955328 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2018-01-06 08:30 - 2018-01-01 13:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-06 08:30 - 2018-01-01 13:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-06 08:30 - 2018-01-01 13:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-06 08:30 - 2018-01-01 13:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-06 08:30 - 2018-01-01 13:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-06 08:30 - 2018-01-01 13:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-06 08:30 - 2018-01-01 13:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-06 08:30 - 2018-01-01 13:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-06 08:30 - 2018-01-01 13:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-06 08:30 - 2018-01-01 13:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-06 08:30 - 2018-01-01 13:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-06 08:30 - 2018-01-01 13:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-06 08:30 - 2018-01-01 13:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-06 08:30 - 2018-01-01 13:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-06 08:30 - 2018-01-01 13:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-06 08:30 - 2018-01-01 13:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-06 08:30 - 2018-01-01 13:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-06 08:30 - 2018-01-01 13:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-06 08:30 - 2018-01-01 13:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-06 08:30 - 2018-01-01 13:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-06 08:30 - 2018-01-01 13:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-06 08:30 - 2018-01-01 13:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-06 08:30 - 2018-01-01 13:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-05 06:36 - 2018-01-05 07:10 - 000000000 ____D C:\WINDOWS\Minidump
2018-01-04 19:24 - 2018-01-04 19:24 - 000000062 _____ C:\Users\henry\Desktop\Playlist Converter - Convert your music playlists.url
2018-01-04 10:17 - 2018-01-04 10:17 - 000003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2018-01-04 10:17 - 2018-01-04 10:17 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2018-01-04 10:16 - 2018-01-04 10:16 - 000000000 ____D C:\Program Files (x86)\AMD
2018-01-04 10:14 - 2018-01-04 10:14 - 001032072 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2018-01-04 10:14 - 2018-01-04 10:14 - 000112520 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2018-01-04 10:14 - 2018-01-04 10:14 - 000103304 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2018-01-04 10:14 - 2018-01-04 10:14 - 000020360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2018-01-04 10:14 - 2018-01-04 10:14 - 000020360 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2018-01-03 20:17 - 2018-01-26 11:23 - 000000000 ____D C:\Users\henry\AppData\Roaming\vlc
2018-01-03 20:16 - 2018-01-04 09:38 - 000001135 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-01-03 20:16 - 2018-01-03 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-01-03 20:16 - 2018-01-03 20:16 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2018-01-02 12:15 - 2018-01-02 12:15 - 000000000 ____D C:\Users\henry\AppData\Roaming\Digiarty
2018-01-02 11:22 - 2018-01-02 11:22 - 000000000 ____D C:\Users\henry\AppData\Roaming\STAMP
2018-01-02 10:04 - 2018-01-02 11:35 - 000000000 ____D C:\Users\henry\Downloads\Stamp music
2018-01-01 21:11 - 2018-01-01 21:35 - 000000000 ____D C:\Users\henry\Downloads\itunes
2018-01-01 20:02 - 2018-01-01 20:13 - 000000000 ____D C:\Users\henry\Desktop\TEMP from iPad
2017-12-31 23:38 - 2018-01-29 05:44 - 000000000 ____D C:\Users\henry\AppData\Roaming\Deezer
2017-12-31 23:38 - 2017-12-31 23:38 - 000002345 _____ C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Deezer.lnk
2017-12-31 23:38 - 2017-12-31 23:38 - 000002337 _____ C:\Users\henry\Desktop\Deezer.lnk
2017-12-31 22:07 - 2017-12-31 22:09 - 000000000 ____D C:\Users\henry\Downloads\Deezer
2017-12-31 10:42 - 2017-12-31 10:42 - 000001290 _____ C:\Users\henry\Desktop\TreeSize Free.lnk
2017-12-31 10:42 - 2017-12-31 10:42 - 000000000 ____D C:\Users\henry\AppData\Roaming\JAM Software
2017-12-31 10:42 - 2017-12-31 10:42 - 000000000 ____D C:\Program Files (x86)\JAM Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-29 05:49 - 2017-08-05 17:01 - 000000000 ____D C:\Users\henry\AppData\Roaming\GoContactSyncMOD
2018-01-29 05:48 - 2017-12-01 08:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-29 05:48 - 2017-09-29 10:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-01-29 05:48 - 2017-08-06 11:16 - 000000068 __RSH C:\WINDOWS\system32\Drivers\xboxgip.winsecurity
2018-01-29 05:48 - 2017-08-06 11:16 - 000000068 __RSH C:\WINDOWS\system32\Drivers\wmilib.winsecurity
2018-01-29 05:48 - 2017-08-05 16:25 - 000000346 _____ C:\WINDOWS\Tasks\HPCeeScheduleForhenry.job
2018-01-29 05:48 - 2017-08-05 03:02 - 000000000 ____D C:\ProgramData\Synaptics
2018-01-29 05:48 - 2017-08-04 23:00 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-01-29 05:48 - 2017-08-04 21:04 - 000000000 __SHD C:\Users\henry\IntelGraphicsProfiles
2018-01-29 05:45 - 2017-08-05 16:18 - 000000000 ____D C:\Users\henry\Documents\Outlook Files
2018-01-29 05:44 - 2017-08-05 14:25 - 000000000 ____D C:\Users\henry\GRAPHISOFT
2018-01-29 05:00 - 2017-12-01 08:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-28 10:09 - 2017-12-01 08:31 - 000003238 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForhenry
2018-01-27 14:36 - 2017-08-05 18:00 - 000000000 ___RD C:\Users\henry\Dropbox
2018-01-27 08:17 - 2017-08-04 21:33 - 000002369 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-27 08:06 - 2017-09-15 13:25 - 000000000 ____D C:\Users\henry\Desktop\TEMP FROM PHONE CAMERA
2018-01-27 08:04 - 2017-08-06 07:16 - 000000000 ____D C:\Users\henry\Documents\__Admin
2018-01-27 08:01 - 2017-08-04 23:00 - 000000000 ____D C:\Program Files\Common Files\AV
2018-01-27 07:49 - 2017-12-01 08:32 - 001262546 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-27 07:18 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-26 08:43 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-26 08:04 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-25 14:37 - 2017-10-24 17:41 - 000000000 ____D C:\Users\henry\AppData\Local\GoToMeeting
2018-01-25 11:00 - 2017-12-01 08:27 - 000000000 ____D C:\Users\henry
2018-01-24 11:58 - 2017-08-06 09:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Planet GIS
2018-01-24 11:58 - 2017-08-06 09:33 - 000000000 ____D C:\Program Files (x86)\Planet GIS
2018-01-24 11:49 - 2017-08-06 07:17 - 000000000 ____D C:\Users\henry\Documents\A-star
2018-01-24 10:07 - 2017-08-04 21:22 - 000000000 ____D C:\Users\henry\Downloads\Planet GIS
2018-01-24 08:48 - 2017-08-05 17:48 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-01-22 13:24 - 2017-08-05 14:25 - 000000000 ____D C:\Users\henry\AppData\Roaming\GRAPHISOFT
2018-01-22 12:48 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-01-22 08:31 - 2017-08-05 07:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2018-01-22 08:31 - 2017-08-05 07:06 - 000000000 ____D C:\swsetup
2018-01-22 08:31 - 2017-08-04 21:29 - 000000000 ____D C:\Program Files (x86)\HP
2018-01-22 08:27 - 2017-08-04 21:22 - 000000000 ____D C:\Users\henry\Downloads\HP
2018-01-22 07:42 - 2017-08-05 16:08 - 000000000 ____D C:\Users\henry\AppData\Local\Microsoft Help
2018-01-22 07:27 - 2017-08-06 07:06 - 000000000 ____D C:\Users\henry\AppData\Local\CrashDumps
2018-01-22 06:57 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-22 06:57 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-01-22 06:57 - 2017-09-05 20:49 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-01-22 06:57 - 2017-09-05 20:45 - 000000000 ____D C:\Program Files\Microsoft Office
2018-01-19 15:45 - 2017-08-05 18:39 - 000000000 ___RD C:\Users\henry\Documents\___draughting9
2018-01-19 08:54 - 2017-10-24 17:41 - 000000644 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-90514084-1690922502-780771697-1002.job
2018-01-19 08:54 - 2017-10-24 17:41 - 000000548 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-90514084-1690922502-780771697-1002.job
2018-01-18 14:24 - 2017-12-01 08:31 - 000003790 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-90514084-1690922502-780771697-1002
2018-01-18 14:24 - 2017-12-01 08:31 - 000003694 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-90514084-1690922502-780771697-1002
2018-01-18 10:03 - 2017-09-29 15:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-16 15:22 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-12 15:41 - 2017-08-04 20:56 - 000000000 ____D C:\Users\henry\AppData\Local\VirtualStore
2018-01-12 08:36 - 2017-08-05 11:42 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-12 08:36 - 2017-08-04 21:04 - 000000000 ____D C:\Intel
2018-01-12 08:35 - 2017-08-06 13:11 - 000000000 ____D C:\ProgramData\Intel
2018-01-12 08:35 - 2017-08-05 03:02 - 000000000 ____D C:\Program Files (x86)\Intel
2018-01-12 08:33 - 2017-08-05 03:02 - 000000000 ____D C:\Program Files\Intel
2018-01-10 08:16 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-10 08:15 - 2017-12-01 08:31 - 000003354 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-90514084-1690922502-780771697-1002
2018-01-10 08:15 - 2017-08-05 06:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-10 08:15 - 2017-08-04 20:58 - 000002359 _____ C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-10 08:15 - 2017-08-04 20:58 - 000000000 __RDL C:\Users\henry\OneDrive
2018-01-10 08:12 - 2017-10-11 09:55 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-10 08:12 - 2017-09-29 15:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-10 08:12 - 2017-08-05 06:57 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-09 12:15 - 2017-12-25 11:50 - 000001503 _____ C:\Users\henry\Documents\Music.ffs_gui
2018-01-06 17:35 - 2017-12-01 08:24 - 005205776 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-06 17:35 - 2017-10-15 17:54 - 000000000 ___RD C:\Users\henry\3D Objects
2018-01-06 17:35 - 2017-08-04 20:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-06 17:34 - 2017-09-29 15:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-06 17:34 - 2017-09-29 15:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-06 17:34 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-06 17:34 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-06 17:34 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-06 17:34 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-06 17:34 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-06 17:34 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-06 17:34 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-01-06 17:34 - 2017-09-29 10:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-06 08:31 - 2017-09-29 15:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-06 08:31 - 2017-09-29 15:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-06 08:31 - 2017-09-29 15:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-04 10:14 - 2017-08-05 11:42 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-01-04 10:14 - 2017-08-05 11:41 - 010313608 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 008471432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2018-01-04 10:14 - 2017-08-05 11:41 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2018-01-04 10:14 - 2017-08-05 11:41 - 002527624 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 002189704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 001507720 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 001032072 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000915848 _____ (AMD) C:\WINDOWS\system32\coinst_17.10.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000855432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000798648 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2018-01-04 10:14 - 2017-08-05 11:41 - 000798648 _____ C:\WINDOWS\system32\atiapfxx.blb
2018-01-04 10:14 - 2017-08-05 11:41 - 000770952 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2018-01-04 10:14 - 2017-08-05 11:41 - 000687496 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000559984 _____ C:\WINDOWS\system32\amdmiracast.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000543112 _____ C:\WINDOWS\system32\dgtrayicon.exe
2018-01-04 10:14 - 2017-08-05 11:41 - 000543112 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2018-01-04 10:14 - 2017-08-05 11:41 - 000537992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000522632 _____ C:\WINDOWS\system32\GameManager64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000505736 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000475016 _____ C:\WINDOWS\system32\atieah64.exe
2018-01-04 10:14 - 2017-08-05 11:41 - 000469384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000458632 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000356744 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000351624 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000325512 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2018-01-04 10:14 - 2017-08-05 11:41 - 000269704 _____ C:\WINDOWS\system32\clinfo.exe
2018-01-04 10:14 - 2017-08-05 11:41 - 000267656 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000236424 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000233352 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000194952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000185600 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000182664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000161160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000159112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000154152 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000147984 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000142216 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000139720 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000128968 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000126344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000124808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000121240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000121240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000114056 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000106376 _____ C:\WINDOWS\system32\atidxx64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000106248 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000103816 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000093064 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000092840 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000092840 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000090504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000082824 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000066440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000060296 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000036232 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000033672 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2018-01-04 10:14 - 2017-08-05 11:41 - 000000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2018-01-04 10:14 - 2017-08-05 11:41 - 000000144 _____ C:\WINDOWS\system32\amd-vulkan64.json
2018-01-04 10:14 - 2016-01-27 15:40 - 000402312 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2017-12-31 10:45 - 2017-12-28 07:44 - 000000000 ____D C:\Users\henry\Desktop\B&O
2017-12-30 16:50 - 2017-12-16 08:38 - 000000132 _____ C:\Users\henry\AppData\Roaming\Adobe BMP Format CS6 Prefs

==================== Files in the root of some directories =======

2017-12-16 08:38 - 2017-12-30 16:50 - 000000132 _____ () C:\Users\henry\AppData\Roaming\Adobe BMP Format CS6 Prefs
2017-11-14 14:13 - 2017-11-14 14:28 - 000000132 _____ () C:\Users\henry\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-11-14 08:58 - 2017-11-23 07:45 - 000000714 _____ () C:\Users\henry\AppData\Roaming\Contact Sheet II.xml
2017-11-14 08:58 - 2017-11-23 07:46 - 000011000 _____ () C:\Users\henry\AppData\Roaming\ContactSheetII.log
2017-09-05 10:57 - 2017-09-05 10:57 - 000001456 _____ () C:\Users\henry\AppData\Local\Adobe Save for Web 13.0 Prefs

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-23 06:19

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (73.2 KB, 6 views)
happydaze29 is offline  
Old 01-29-2018, 06:18 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello happydaze29. Not seeing any sign of infection here.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    Task: {EB3022BE-1BED-486B-9367-AFC6C46DD12D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    AlternateDataStreams: C:\Windows:CM_02a88fad02cf688c01a183f0698ad188d7e4804f708f8ffc26b028cfb5aca975 [74]
    AlternateDataStreams: C:\Windows:CM_6a9ea3a1d3822a736a9100d373ff327ca11b4a3a9d45a44b194cd8fe328fddef [74]
    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
    HKU\S-1-5-18\...\Run: [] => [X]
    BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-29-2018, 07:12 PM   #6
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



Morning, thank you for your help.

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by henry (30-01-2018 05:07:04) Run:1
Running from C:\Users\henry\Desktop
Loaded Profiles: henry (Available Profiles: defaultuser0 & henry)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {EB3022BE-1BED-486B-9367-AFC6C46DD12D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows:CM_02a88fad02cf688c01a183f0698ad188d7e4804f708f8ffc26b028cfb5aca975 [74]
AlternateDataStreams: C:\Windows:CM_6a9ea3a1d3822a736a9100d373ff327ca11b4a3a9d45a44b194cd8fe328fddef [74]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
HKU\S-1-5-18\...\Run: [] => [X]
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB3022BE-1BED-486B-9367-AFC6C46DD12D} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB3022BE-1BED-486B-9367-AFC6C46DD12D}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found
C:\Windows => ":CM_02a88fad02cf688c01a183f0698ad188d7e4804f708f8ffc26b028cfb5aca975" ADS removed successfully
C:\Windows => ":CM_6a9ea3a1d3822a736a9100d373ff327ca11b4a3a9d45a44b194cd8fe328fddef" ADS removed successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 13131776 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 99627579 B
Java, Flash, Steam htmlcache => 1289 B
Windows/system/drivers => 2756819 B
Edge => 545915 B
Chrome => 423709766 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1017882 B
systemprofile32 => 0 B
LocalService => 35404 B
NetworkService => 504742 B
defaultuser0.DESKTOP-AD2FODT => 0 B
henry => 196046573 B

RecycleBin => 688883612 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 05:08:55 ====
happydaze29 is offline  
Old 01-30-2018, 07:34 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome. Please run this online scan to help look for remnants.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-30-2018, 10:34 PM   #8
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



C:\Users\henry\Documents\_[PLANLAB]\Apps\FreeFileSync\FreeFileSync_8.6_Windows_Setup.exe a variant of Win32/FusionCore.I potentially unwanted application
C:\Users\henry\Downloads\FreeFileSync\FreeFileSync_8.10_Windows_Setup.exe a variant of Win32/FusionCore.I potentially unwanted application
C:\Users\henry\Downloads\FreeFileSync\FreeFileSync_9.0_Windows_Setup.exe a variant of Win32/FusionCore.P potentially unwanted application,a variant of Win32/FusionCore.I potentially unwanted application
C:\Users\henry\Downloads\FreeFileSync\FreeFileSync_9.1_Windows_Setup.exe a variant of Win32/FusionCore.P potentially unwanted application,a variant of Win32/FusionCore.I potentially unwanted application
C:\Users\henry\Downloads\FreeFileSync\FreeFileSync_9.2_Windows_Setup.exe a variant of Win32/FusionCore.P potentially unwanted application,a variant of Win32/FusionCore.I potentially unwanted application
C:\Users\henry\Downloads\FreeFileSync\FreeFileSync_9.3_Windows_Setup.exe a variant of Win32/FusionCore.P potentially unwanted application,a variant of Win32/FusionCore.I potentially unwanted application
C:\Users\henry\Downloads\FreeFileSync\FreeFileSync_9.4_Windows_Setup.exe a variant of Win32/FusionCore.P potentially unwanted application,a variant of Win32/FusionCore.I potentially unwanted application
C:\Users\henry\Downloads\FreeFileSync\FreeFileSync_9.5_Windows_Setup.exe Win32/FusionCore.R potentially unwanted application,a variant of Win32/FusionCore.T potentially unwanted application
C:\Users\henry\Downloads\HP Officejet Pro 276dw\OJ276_DW_188.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\henry\Downloads\Speccy\spsetup129.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\henry\Dropbox\[ HGD SHARED HGD ]\Downloads\HP Printer\OJ276_DW_188.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
happydaze29 is offline  
Old 02-01-2018, 01:37 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, happydaze29. Nothing there either. Just some potentially unwanted applications.

It appears your problems are beyond malware, and I am only trained in malware removal.

If you still have problems, I suggest you seek expert advice in our Windows 10 Support Forum

Let them know you were here first and were cleared of malware.

------------------------------------------------------

Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

Run AdwCleaner and go File > Uninstall > Yes

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-01-2018, 07:57 PM   #10
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



Good morning, thank you for your time and effort, much appreciated. I have followed the last steps. Have a great day, Henry.
happydaze29 is offline  
Old 02-02-2018, 03:25 AM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, Henry! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
How do i disable intel's graphics?
I know that my PC comes with something similiar to a graphics card, it is even wired into my windows 8 settings all by itself. I am having a tech problem, and i believe the display card is the main problem as everything else seems to check, how can i disable it and go back to the display card-less...
aayushagra Video Card Support 37 03-25-2013 09:29 AM
Windows Update and Windows Defender not working
Windows Update When I try to run windows update I get the following message: Windows Update cannot currently check for updates, because the service is not running. You may need to restart your computer. Windows Defender When I try to run windows defender I get the following message:
Eterna1 Windows 7 , Windows Vista Support 8 09-17-2012 07:18 PM
bsod help
HI there, can you please help me figure out what is causing a bsod, i have ran speccy to get as much info about the system as possible (i hope this is ok?) i have attached a rar of the minidump. I could only find a sticky for bsod instructions for vista/7, if there is one for xp can you...
dunz BSOD, App Crashes And Hangs 4 02-02-2012 10:17 AM
XP behaving weirdly!!!!
Hello I am having some problems with my xP and its behaving weirdly. This problem started after having bluescreen of death so i reinstalled my xp and formatting my harddisk. 1st: I recently used a software to check my system specs it told me my processor is intel pentium II 2503 MHz, but i bought...
arko17 RAM and Power Supply Support 25 06-21-2011 01:55 AM
Slow running Laptop
Hi Everyone I have a HP Laptop and running Windows 7. Just recently I started to get slow bootups to extremely slow...and I mean almost a hour. I'll post the log files as requested so you can take a look at it.
Uncle Bill Virus/Trojan/Spyware Help 1 05-19-2011 07:04 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:39 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts