Please help ensure malware is removed.
Nephew downloaded Minecraft.exe on 17 June 2017 @ 19:30 from http://download894.m...x/minecraft.exe
Apps installed at that time included:
- Relevant Knowledge
- Helper Toolbar for Chrome
- Instant Support - Instant Computer Associates 866-818-5310
- Prime Updater
- PC Accelerator Pro
- Web Discover Browser
- Candy Crush Soda Saga
- KNCTR (Itibiti)
- Paid WiFiCellular (MS)
- PR.Updater
- Sentinel Runtime (Gemalto)
- Special Search Option
Only downloads showing was:
- PrimeUpdate.exe
- Minecraft.exe
- 131874 (file)
Found Isass in Task Manager, this and all apps listed above were stopped then uninstalled. Rebooted.
Ran Kaspersky IS, Windows Defender and MS Windows Malicious Software Removal Tool, nothing found.
Ran AutoRuns and PSEplorer from Sysinternals. CCSDK.exe (Lenovo 1/60) and hasplms.exe (SafeNet 1/61)
Exported registry and created restore point.
Ran Adware Cleaner, identified 70 - cleaned. Rebooted.
Ran MalwareBytes, 13 threats - 5 malware, 8 PUP, quarantined rescan found 5 more threats, quarantined, rescan nothing found. Rebooted each time.
Ran HitManPro, 447 found - deleted. Rebooted.
Nothing showing when any of above programs rerun 2 days later but computer still seems to occasionally have unusual activity.
Ran FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01
Ran by Tommie (administrator) on LAPTOP-6Q1DPAHG (21-06-2017 19:58:10)
Running from C:\Users\Tommie\Desktop
Loaded Profiles: Tommie (Available Profiles: Tommie & IBGri)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_12cbd645391cbdcb\igfxCUIService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(SafeNet, Inc.) C:\Windows\System32\hasplms.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_12cbd645391cbdcb\IntelCpHDCPSvc.exe
() C:\Program Files (x86)\Windows NT\Accessories\WinUtilityHelper\wuhelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_12cbd645391cbdcb\IntelCpHeciSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_12cbd645391cbdcb\igfxEM.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(KSIN Luxembourg II Sarl.) C:\Program Files (x86)\VSMSoftware\Premier+\EmbMachineComms.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3743648 2015-08-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-04-19] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-09] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [916184 2014-07-02] (Conexant Systems, Inc.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [528384 2016-11-03] (Greenshot)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110008 2015-07-21] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492472 2015-07-21] (CyberLink Corp.)
HKU\S-1-5-21-280923207-1676988664-3169647480-1001\...\Run: [PhotoMasterImportAgent] => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterImportAgent.exe [675608 2016-04-22] (CyberLink Corp.)
HKU\S-1-5-21-280923207-1676988664-3169647480-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-280923207-1676988664-3169647480-1001\...\Run: [GoogleChromeAutoLaunch_830FF46DA7936AFE84AD5A85CEC647B1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640 2017-05-09] (Google Inc.)
HKU\S-1-5-21-280923207-1676988664-3169647480-1001\...\Run: [EmbMachineComms.exe] => C:\Program Files (x86)\VSMSoftware\Premier+\EmbMachineComms.exe [146616 2017-03-08] (KSIN Luxembourg II Sarl.)
HKU\S-1-5-21-280923207-1676988664-3169647480-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [VsmSoftware Icon Overlay Handler ()] -> {B6DBA0C2-C2FF-42B5-8F57-8B7A947DA001} => C:\Program Files (x86)\VSMSoftware\Premier+Explorer\VsmPreviewThumbnailHandler-x64.dll [2017-03-08] ()
ShellIconOverlayIdentifiers: [VsmSoftware Icon Overlay Handler (.4qb)] -> {A0C2041A-B78A-42F0-829D-0B0D528330AB} => C:\Program Files (x86)\VSMSoftware\Premier+Explorer\VsmPreviewThumbnailHandler-x64.dll [2017-03-08] ()
ShellIconOverlayIdentifiers: [VsmSoftware Icon Overlay Handler (.edo)] -> {472B864E-3F37-454D-A352-FFCA59E07A04} => C:\Program Files (x86)\VSMSoftware\Premier+Explorer\VsmPreviewThumbnailHandler-x64.dll [2017-03-08] ()
ShellIconOverlayIdentifiers: [VsmSoftware Icon Overlay Handler (.krz)] -> {6C189747-E079-420D-A89E-680D23AABE0B} => C:\Program Files (x86)\VSMSoftware\Premier+Explorer\VsmPreviewThumbnailHandler-x64.dll [2017-03-08] ()
ShellIconOverlayIdentifiers-x32: [VsmSoftware Icon Overlay Handler ()] -> {B6DBA0C2-C2FF-42B5-8F57-8B7A947DA001} => C:\Program Files (x86)\VSMSoftware\Premier+Explorer\VsmPreviewThumbnailHandler.dll [2017-03-08] ()
ShellIconOverlayIdentifiers-x32: [VsmSoftware Icon Overlay Handler (.4qb)] -> {A0C2041A-B78A-42F0-829D-0B0D528330AB} => C:\Program Files (x86)\VSMSoftware\Premier+Explorer\VsmPreviewThumbnailHandler.dll [2017-03-08] ()
ShellIconOverlayIdentifiers-x32: [VsmSoftware Icon Overlay Handler (.edo)] -> {472B864E-3F37-454D-A352-FFCA59E07A04} => C:\Program Files (x86)\VSMSoftware\Premier+Explorer\VsmPreviewThumbnailHandler.dll [2017-03-08] ()
ShellIconOverlayIdentifiers-x32: [VsmSoftware Icon Overlay Handler (.krz)] -> {6C189747-E079-420D-A89E-680D23AABE0B} => C:\Program Files (x86)\VSMSoftware\Premier+Explorer\VsmPreviewThumbnailHandler.dll [2017-03-08] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
Tcpip\Parameters: [DhcpNameServer] 192.168.50.1
Tcpip\..\Interfaces\{37f50752-400e-4944-acf7-ef68ca3d5b67}: [DhcpNameServer] 150.209.1.2
Tcpip\..\Interfaces\{3a0b2c84-9ccc-456e-8d3e-4bf9ca26389d}: [DhcpNameServer] 192.168.50.1
Internet Explorer:
==================
HKU\S-1-5-21-280923207-1676988664-3169647480-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-280923207-1676988664-3169647480-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-13] (AO Kaspersky Lab)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-01-13] (AO Kaspersky Lab)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-13] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-01-13] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-280923207-1676988664-3169647480-1001 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-13] (AO Kaspersky Lab)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-01-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxps://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1#identifier","hxxp://www.cmcss.net/","hxxp://www.facebook.com/profile.php?id=100002613466054","hxxp://www.msn.com/?pc=msnHomeST&OCID=msnHomepage","hxxp://google.com/"
CHR Profile: C:\Users\Tommie\AppData\Local\Google\Chrome\User Data\Default [2017-06-21]
CHR Extension: (Google Slides) - C:\Users\Tommie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-26]
CHR Extension: (Google Docs) - C:\Users\Tommie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-26]
CHR Extension: (Google Drive) - C:\Users\Tommie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-26]
CHR Extension: (YouTube) - C:\Users\Tommie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-26]
CHR Extension: (Google Sheets) - C:\Users\Tommie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-26]
CHR Extension: (Google Docs Offline) - C:\Users\Tommie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-26]
CHR Extension: (Pinterest Save Button) - C:\Users\Tommie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tommie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Users\Tommie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-26]
CHR Extension: (Chrome Media Router) - C:\Users\Tommie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-15]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"wuhelper" => service was unlocked. <===== ATTENTION
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (Lenovo)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_12cbd645391cbdcb\IntelCpHeciSvc.exe [303056 2017-04-28] (Intel Corporation)
R3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_12cbd645391cbdcb\IntelCpHDCPSvc.exe [480720 2017-04-28] (Intel Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2015-08-02] (ELAN Microelectronics Corp.)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-29] (Lenovo)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4565832 2017-01-04] (SafeNet, Inc.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4859528 2017-06-19] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_12cbd645391cbdcb\igfxCUIService.exe [341456 2017-04-28] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (Lenovo Group Limited)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31176 2016-01-20] (SHAREit Technologies Co.Ltd)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
R2 wuhelper; C:\Program Files (x86)\Windows NT\Accessories\WinUtilityHelper\wuhelper.exe [139776 2017-05-19] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 akshasp; C:\WINDOWS\system32\DRIVERS\akshasp.sys [87864 2017-02-10] (SafeNet, Inc.)
S3 akshhl; C:\WINDOWS\system32\DRIVERS\akshhl.sys [86328 2017-02-10] (SafeNet, Inc.)
S3 aksusb; C:\WINDOWS\system32\DRIVERS\aksusb.sys [332088 2017-02-10] (SafeNet, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [30808 2015-08-02] (ELAN Microelectronic Corp.)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [1287496 2017-02-10] (SafeNet, Inc.)
R3 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [275352 2017-06-21] (SurfRight B.V.)
R3 hmpnet; C:\WINDOWS\system32\drivers\hmpnet.sys [93800 2017-06-21] (SurfRight B.V.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_12cbd645391cbdcb\igdkmd64.sys [11070416 2017-04-28] (Intel Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197336 2017-04-12] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [509728 2017-03-15] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1018592 2017-04-12] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-01-13] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-05-27] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-06-15] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [251656 2017-05-27] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [112912 2017-05-27] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173144 2017-05-27] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-03-15] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-03-15] (AO Kaspersky Lab)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-21] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2016-07-24] (CACE Technologies, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-28] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 klids; \??\C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-21 19:58 - 2017-06-21 19:58 - 00023366 _____ C:\Users\Tommie\Desktop\FRST.txt
2017-06-21 19:57 - 2017-06-21 19:58 - 00000000 ____D C:\FRST
2017-06-21 19:55 - 2017-06-21 19:56 - 02439680 _____ (Farbar) C:\Users\Tommie\Desktop\FRST64.exe
2017-06-21 19:53 - 2017-06-21 19:53 - 02439680 _____ (Farbar) C:\Users\Tommie\Downloads\FRST64.exe
2017-06-21 18:47 - 2017-06-21 18:47 - 00915080 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll
2017-06-21 18:47 - 2017-06-21 18:47 - 00839304 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll
2017-06-21 18:47 - 2017-06-21 18:47 - 00275352 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys
2017-06-21 18:47 - 2017-06-21 18:47 - 00093800 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpnet.sys
2017-06-21 18:47 - 2017-06-21 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2017-06-21 18:47 - 2017-06-21 18:47 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2017-06-21 18:42 - 2017-06-21 18:42 - 00000000 ____D C:\WINDOWS\LastGood
2017-06-20 05:54 - 2017-06-20 06:01 - 00000000 ____D C:\Users\Tommie\Downloads\SAS
2017-06-20 05:51 - 2017-06-20 05:51 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-06-20 05:51 - 2016-11-22 19:23 - 00271648 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-06-20 05:51 - 2016-11-22 19:23 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-06-20 05:51 - 2016-11-22 19:22 - 00265504 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-06-20 05:51 - 2016-11-22 19:22 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-06-20 05:49 - 2017-06-20 05:51 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-06-19 23:04 - 2017-06-19 23:05 - 00000000 ____D C:\Users\Tommie\Downloads\MalwareBytes
2017-06-19 22:40 - 2017-06-21 18:47 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2017-06-19 22:37 - 2017-06-20 05:34 - 00000000 ____D C:\Users\Tommie\Downloads\HitManProAlert
2017-06-19 21:33 - 2017-04-21 16:53 - 00029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-06-19 21:33 - 2017-04-21 16:53 - 00018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-06-19 21:33 - 2017-04-21 16:50 - 00030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-06-19 21:33 - 2017-04-21 16:50 - 00018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-06-19 21:33 - 2017-04-11 13:27 - 00993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-06-19 21:33 - 2017-04-11 13:27 - 00690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-06-19 21:33 - 2017-03-15 13:15 - 00987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-06-19 21:33 - 2017-03-15 13:15 - 00485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-06-19 21:16 - 2017-06-19 22:40 - 00000000 ____D C:\ProgramData\HitmanPro
2017-06-19 20:42 - 2017-06-21 18:42 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-19 20:42 - 2017-06-19 20:42 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-19 20:42 - 2017-06-19 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-19 20:42 - 2017-06-19 20:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-19 20:42 - 2017-06-19 20:42 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-19 20:42 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-19 20:14 - 2017-06-19 20:14 - 00000000 ____D C:\Users\Tommie\Documents\Repair 170619
2017-06-18 19:04 - 2017-06-19 20:41 - 00000000 ____D C:\AdwCleaner
2017-06-18 19:00 - 2017-06-18 19:00 - 00041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-06-18 18:45 - 2017-06-18 18:45 - 00000000 ____D C:\Users\Tommie\Downloads\SysinternalsSuite
2017-06-18 18:44 - 2017-06-18 18:44 - 22336364 _____ C:\Users\Tommie\Downloads\SysinternalsSuite.zip
2017-06-18 10:26 - 2017-06-18 10:26 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-06-18 10:25 - 2017-06-18 10:26 - 44060880 _____ (Microsoft Corporation) C:\Users\Tommie\Downloads\Windows-KB890830-x64-V5.49.exe
2017-06-18 10:18 - 2017-06-18 10:25 - 02622304 _____ (Kaspersky Lab) C:\Users\Tommie\Downloads\kss16.0.0.1344en_9702.exe
2017-06-18 09:57 - 2017-06-18 10:31 - 00716448 _____ (Sysinternals - www.sysinternals.com) C:\Users\Tommie\Downloads\autoruns.exe
2017-06-18 08:21 - 2017-06-18 09:09 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-17 22:15 - 2017-06-21 18:58 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-06-17 19:37 - 2017-06-18 19:07 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-06-17 19:34 - 2017-06-19 21:07 - 00000000 ____D C:\ProgramData\CHelper
2017-06-17 19:33 - 2017-06-17 21:52 - 00000000 ____D C:\Users\Tommie\AppData\Roaming\UpdaterSoft#YQYDRATE
2017-06-17 19:33 - 2017-06-17 19:33 - 00000032 _____ C:\Users\Tommie\Downloads\131874
2017-06-17 19:33 - 2017-06-17 19:33 - 00000000 ____D C:\Program Files (x86)\BathingRaccoonSetup
2017-06-17 19:30 - 2017-06-17 19:30 - 01109677 _____ (TeamExtreme) C:\Users\Tommie\Downloads\Minecraft.exe
2017-06-17 19:28 - 2017-06-17 19:28 - 02373944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
2017-06-15 20:39 - 2017-06-15 20:39 - 00021461 _____ C:\Users\Tommie\Downloads\0001168946_06_08_2017.pdf
2017-06-15 13:43 - 2017-06-15 13:43 - 00014427 _____ C:\Users\Tommie\Downloads\Pre K Reminders.pdf
2017-06-15 13:41 - 2017-06-15 13:41 - 00070144 _____ C:\Users\Tommie\Downloads\School Hours 2017-2018 %285.30.17%29.xls
2017-06-15 13:41 - 2017-06-15 13:41 - 00070144 _____ C:\Users\Tommie\Downloads\School Hours 2017-2018 %285.30.17%29 (1).xls
2017-06-15 10:24 - 2017-06-15 10:25 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-15 10:20 - 2017-06-15 10:20 - 00087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2017-06-14 22:45 - 2017-06-14 22:45 - 00000000 ____D C:\Users\IBGri\AppData\LocalLow\Lenovo
2017-06-14 10:57 - 2017-06-03 05:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 10:57 - 2017-06-03 05:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 10:57 - 2017-06-03 05:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 10:57 - 2017-06-03 05:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 10:57 - 2017-06-03 04:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 10:57 - 2017-06-03 04:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 10:57 - 2017-06-03 04:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 10:57 - 2017-06-03 04:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 10:57 - 2017-06-03 04:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 10:57 - 2017-06-03 04:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 10:57 - 2017-06-03 04:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 10:57 - 2017-06-03 04:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 10:57 - 2017-06-03 04:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 10:57 - 2017-06-03 04:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 10:57 - 2017-06-03 04:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 10:57 - 2017-06-03 04:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 10:57 - 2017-06-03 04:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 10:57 - 2017-06-03 04:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 10:57 - 2017-06-03 04:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 10:57 - 2017-06-03 04:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 10:57 - 2017-06-03 04:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 10:57 - 2017-06-03 04:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 10:57 - 2017-06-03 04:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 10:57 - 2017-06-03 04:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 10:57 - 2017-06-03 04:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 10:57 - 2017-06-03 04:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 10:57 - 2017-06-03 04:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 10:57 - 2017-06-03 04:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 10:57 - 2017-06-03 04:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 10:57 - 2017-06-03 04:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 10:57 - 2017-06-03 04:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 10:57 - 2017-06-03 04:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 10:57 - 2017-06-03 04:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 10:57 - 2017-06-03 04:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 10:57 - 2017-06-03 04:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 10:57 - 2017-06-03 04:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 10:57 - 2017-06-03 04:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-14 10:57 - 2017-06-03 04:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 10:57 - 2017-06-03 04:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 10:57 - 2017-06-03 04:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 10:57 - 2017-06-03 04:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 10:57 - 2017-06-03 04:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 10:57 - 2017-06-03 04:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 10:57 - 2017-06-03 03:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 10:57 - 2017-03-04 01:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 10:57 - 2017-03-04 01:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 10:57 - 2017-03-04 01:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 10:57 - 2016-09-06 23:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-14 10:50 - 2017-06-03 04:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-14 10:50 - 2017-06-03 04:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 10:50 - 2017-06-03 04:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 10:50 - 2017-06-03 04:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 10:50 - 2017-06-03 04:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 10:50 - 2017-06-03 03:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 10:50 - 2017-06-03 03:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 10:50 - 2017-06-03 03:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 10:50 - 2017-06-03 03:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 10:50 - 2017-06-03 03:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 10:50 - 2017-06-03 03:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 10:50 - 2017-06-03 03:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 10:50 - 2017-06-03 03:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-14 10:49 - 2017-06-03 05:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-14 10:49 - 2017-06-03 05:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 10:49 - 2017-06-03 05:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 10:49 - 2017-06-03 05:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 10:49 - 2017-06-03 04:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 10:49 - 2017-06-03 04:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 10:49 - 2017-06-03 04:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 10:49 - 2017-06-03 04:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 10:49 - 2017-06-03 04:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 10:49 - 2017-06-03 04:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-14 10:49 - 2017-06-03 04:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 10:49 - 2017-06-03 04:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-14 10:49 - 2017-06-03 04:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-14 10:49 - 2017-06-03 04:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 10:49 - 2017-06-03 04:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-14 10:49 - 2017-06-03 04:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 10:49 - 2017-06-03 04:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 10:49 - 2017-06-03 04:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 10:49 - 2017-06-03 04:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 10:49 - 2017-06-03 04:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 10:49 - 2017-06-03 04:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 10:49 - 2017-06-03 04:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-14 10:49 - 2017-06-03 04:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 10:49 - 2017-06-03 04:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-14 10:49 - 2017-06-03 04:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-14 10:49 - 2017-06-03 04:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-14 10:49 - 2017-06-03 04:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 10:49 - 2017-06-03 04:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 10:49 - 2017-06-03 04:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 10:49 - 2017-06-03 04:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-14 10:49 - 2017-06-03 04:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 10:49 - 2017-06-03 03:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 10:49 - 2017-06-03 03:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-14 10:49 - 2017-06-03 03:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 10:49 - 2017-06-03 03:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-14 10:49 - 2017-06-03 03:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-14 10:49 - 2017-06-03 03:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 10:49 - 2017-06-03 03:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 10:49 - 2017-06-03 03:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 10:49 - 2017-06-03 03:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 10:49 - 2017-06-03 03:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 10:49 - 2017-05-25 00:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-14 10:49 - 2017-03-04 01:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-14 10:48 - 2017-06-03 05:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-14 10:48 - 2017-06-03 05:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-14 10:48 - 2017-06-03 05:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-14 10:48 - 2017-06-03 05:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-14 10:48 - 2017-06-03 05:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 10:48 - 2017-06-03 05:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-14 10:48 - 2017-06-03 05:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-14 10:48 - 2017-06-03 05:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-14 10:48 - 2017-06-03 05:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-14 10:48 - 2017-06-03 05:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-14 10:48 - 2017-06-03 05:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-14 10:48 - 2017-06-03 05:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 10:48 - 2017-06-03 04:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 10:48 - 2017-06-03 04:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-14 10:48 - 2017-06-03 04:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 10:48 - 2017-06-03 04:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 10:48 - 2017-06-03 04:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 10:48 - 2017-06-03 04:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 10:48 - 2017-06-03 04:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 10:48 - 2017-06-03 04:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 10:48 - 2017-06-03 04:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 10:48 - 2017-06-03 04:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-14 10:48 - 2017-06-03 04:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 10:48 - 2017-06-03 04:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-14 10:48 - 2017-06-03 04:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 10:48 - 2017-06-03 04:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 10:48 - 2017-06-03 03:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-14 10:48 - 2017-06-03 03:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 10:48 - 2017-06-03 03:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-14 10:48 - 2017-06-03 03:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-14 10:48 - 2017-06-03 03:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 10:48 - 2017-06-03 03:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 10:48 - 2017-06-03 03:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-14 10:48 - 2017-06-03 01:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-14 10:47 - 2017-06-03 05:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 10:47 - 2017-06-03 04:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 10:47 - 2017-06-03 04:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 10:47 - 2017-06-03 04:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-12 06:36 - 2017-06-12 06:36 - 00000000 ___HD C:\OneDriveTemp
2017-06-08 11:04 - 2017-06-08 11:04 - 00042335 _____ C:\Users\Tommie\Downloads\Beginning of School Year Forms 2016-17 .xlsx
2017-06-06 15:40 - 2017-06-06 15:40 - 00580245 _____ C:\Users\Tommie\Downloads\image2017-06-01-090001.pdf
2017-06-06 15:31 - 2017-06-06 15:31 - 00063096 _____ C:\Users\Tommie\Downloads\Kronos Time Detail%2c Classified1675.pdf
2017-06-05 10:50 - 2017-06-05 10:50 - 00257864 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2017-05-30 20:31 - 2017-05-30 20:31 - 00000000 ____D C:\Users\Tommie\AppData\Local\UNP
2017-05-27 19:01 - 2017-05-27 19:02 - 00000000 ____D C:\Program Files\UNP
2017-05-27 19:01 - 2017-05-27 19:01 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-05-27 18:47 - 2017-05-27 18:47 - 00251656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2017-05-27 18:45 - 2017-05-27 18:45 - 00229288 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2017-05-27 18:45 - 2017-05-27 18:45 - 00173144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2017-05-27 18:45 - 2017-05-27 18:45 - 00112912 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-21 19:40 - 2016-08-09 21:45 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-21 19:00 - 2016-07-15 21:51 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-06-21 18:59 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-21 18:59 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-21 18:48 - 2016-11-15 21:38 - 00083873 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-06-21 18:43 - 2016-06-15 01:01 - 00000000 __SHD C:\Users\Tommie\IntelGraphicsProfiles
2017-06-21 18:42 - 2016-08-09 22:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-21 18:41 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-06-20 05:51 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-20 05:33 - 2016-12-17 13:08 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-20 05:33 - 2016-06-15 01:04 - 00002419 _____ C:\Users\Tommie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-20 05:33 - 2016-06-15 01:04 - 00000000 ___RD C:\Users\Tommie\OneDrive
2017-06-19 22:52 - 2016-11-27 10:26 - 00007606 _____ C:\Users\Tommie\AppData\Local\Resmon.ResmonCfg
2017-06-19 21:38 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-18 10:27 - 2016-06-25 15:53 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-18 09:18 - 2016-08-11 12:11 - 00000000 ____D C:\Users\Tommie\AppData\Local\ElevatedDiagnostics
2017-06-17 22:15 - 2017-01-02 14:20 - 00000000 ____D C:\Program Files\Common Files\AV
2017-06-17 22:06 - 2015-11-03 14:28 - 01488288 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-17 21:59 - 2016-08-09 21:45 - 00276440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-15 13:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-15 10:33 - 2015-11-03 14:24 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-15 10:27 - 2017-02-05 07:39 - 00000000 ____D C:\Users\IBGri
2017-06-15 10:27 - 2016-08-09 21:51 - 00000000 ____D C:\Users\Tommie
2017-06-15 10:24 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-15 10:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-15 10:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 18:53 - 2016-06-25 15:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-12 06:36 - 2017-02-05 07:44 - 00000000 ___RD C:\Users\IBGri\OneDrive
2017-06-12 06:35 - 2017-02-05 07:40 - 00000000 ____D C:\Users\IBGri\AppData\Local\Packages
2017-06-12 06:34 - 2017-02-05 07:40 - 00000000 __SHD C:\Users\IBGri\IntelGraphicsProfiles
2017-06-05 15:59 - 2016-08-10 00:44 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-05 15:43 - 2017-03-18 22:20 - 00000000 ___HD C:\$WINDOWS.~BT
2017-06-05 15:10 - 2017-05-16 20:22 - 00000000 ____D C:\Users\Tommie\AppData\Local\LenovoServiceBridge
2017-06-03 01:36 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 01:36 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-30 20:37 - 2017-05-15 20:14 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2016-11-27 10:26 - 2017-06-19 22:52 - 0007606 _____ () C:\Users\Tommie\AppData\Local\Resmon.ResmonCfg
2016-08-09 21:46 - 2016-08-09 21:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\DriveImageXL\Drive_C.dat
Some files in TEMP:
====================
2017-02-05 07:41 - 2017-02-05 07:41 - 54267784 _____ (SweetLabs,Inc.) C:\Users\IBGri\AppData\Local\Temp\oct3464.tmp.exe
2017-06-21 18:40 - 2017-06-19 21:16 - 11584088 _____ (SurfRight B.V.) C:\Users\Tommie\AppData\Local\Temp\HitmanPro.exe
2016-10-15 20:44 - 2016-10-15 20:44 - 57270728 _____ (SweetLabs,Inc.) C:\Users\Tommie\AppData\Local\Temp\oct7510.tmp.exe
2017-01-03 18:48 - 2017-01-03 18:48 - 54267784 _____ (SweetLabs,Inc.) C:\Users\Tommie\AppData\Local\Temp\octD6FD.tmp.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-21 19:40
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
Ran by Tommie (21-06-2017 19:59:36)
Running from C:\Users\Tommie\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-10 03:13:44)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-280923207-1676988664-3169647480-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-280923207-1676988664-3169647480-503 - Limited - Disabled)
Guest (S-1-5-21-280923207-1676988664-3169647480-501 - Limited - Disabled)
IBGri (S-1-5-21-280923207-1676988664-3169647480-1002 - Limited - Enabled) => C:\Users\IBGri
Tommie (S-1-5-21-280923207-1676988664-3169647480-1001 - Administrator - Enabled) => C:\Users\Tommie
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.4.55 - Conexant)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.5521 - CyberLink Corp.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Greenshot 1.2.8.14 (HKLM\...\Greenshot_is1) (Version: 1.2.8.14 - Greenshot)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.6.6.593 - SurfRight B.V.)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{BB041B6A-FACB-4853-BEE9-814FE7F93BB2}) (Version: 17.1.1530.1669 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7e5a72c7-7aac-4f80-825e-75dab3717408}) (Version: 18.12.4 - Intel Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.1.5222.01 - CyberLink Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.69.4 - ELAN Microelectronic Corp.)
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.)
Lenovo PowerDVD12 (x32 Version: 12.0.5709.60 - CyberLink Corp.) Hidden
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-280923207-1676988664-3169647480-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.5.2 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Foundation Driver (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.078.00 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.3 - Lenovo)
LenovoUtility (x32 Version: 3.0.0.3 - Lenovo) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-280923207-1676988664-3169647480-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.15.07 - NETGEAR Inc.)
Premier+ Device Drivers (HKLM-x32\...\{2A17C791-09C7-4BBF-A08F-8120321CBA75}) (Version: 11.00.0010 - VSM Software Ltd.)
Premier+ Embroidery Device Drivers (Version: 11.00.0010 - VSM Software Ltd.) Hidden
Premier+ Embroidery System Applications (HKLM-x32\...\{7B354BBA-822F-43D4-80AC-76EFA4650BDC}) (Version: 11.03.0001 - VSM Software Ltd.)
Premier+ Embroidery System Backgrounds (HKLM-x32\...\{75A5A990-C873-42F5-8E23-B62EC09794ED}) (Version: 11.02.0000 - VSM Software Ltd.)
Premier+ Embroidery System Components (HKLM-x32\...\{7F8D8491-5848-4DFC-8B12-E98BA8712336}) (Version: 11.03.0000 - VSM Software Ltd.)
Premier+ Embroidery System Documentation (HKLM-x32\...\{0B9F1E2A-668E-48B4-BC77-D05861C63976}) (Version: 11.03.0000 - VSM Software Ltd.)
Premier+ Embroidery System Explorer Plug-in (HKLM-x32\...\{93A91689-CBB3-4FD2-AC62-8960B4BFBCFB}) (Version: 11.03.0001 - VSM Software Ltd.)
Premier+ Embroidery System Explorer Plug-in (Version: 11.03.0001 - VSM Software Ltd.) Hidden
Premier+ Embroidery System Samples (HKLM-x32\...\{1CD989C4-1412-48EE-8F83-714F36BA2493}) (Version: 11.02.0000 - VSM Software Ltd.)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Sentinel Runtime (HKLM-x32\...\{5B3E102C-B52A-4780-B4F3-18CBEEB8706C}) (Version: 7.53.1.66309 - Gemalto)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.2.0.543 - Lenovo)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
User Manuals (x32 Version: 4.0.0.1 - Lenovo) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-280923207-1676988664-3169647480-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B7CB490-43A6-4556-8D39-CD4EFB4D5F3F} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {0C259177-0C37-4395-B8AE-3769E1612EC4} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {142AB8A7-0905-48EC-97D2-41BC8A25AE55} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {179A6EFD-571A-4A17-9D78-6C51FA6EE2E0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e54d690f-569c-493f-85e7-416c20858230 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {218F56BC-2B7C-46C3-A914-3B714D31D2F7} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-280923207-1676988664-3169647480-1001 => C:\Users\Tommie\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2017-05-31] (Lenovo Group Limited)
Task: {31E9FFE7-0A83-468D-9577-26551B9E30C5} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {46ADE036-FE38-4597-AB8E-D2D4900EC68C} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-09-10] (CyberLink Corp.)
Task: {4751494C-3E45-4F89-B587-93FE46AC8EA0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\02dad999-2d35-4625-9d95-9132daf2784c => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {50D793C1-41B6-4CB1-ADF1-71DEB044569C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\cf883da6-8ee8-4af3-b729-47a6a8b03496 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-06-05] (Lenovo Group Limited)
Task: {556074FE-E42E-48D2-8482-3E092576FC34} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {5BB22AB9-8262-417D-B47F-99B299B609C8} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {6456BC40-3C81-46DC-9D27-F8AACF8894AA} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2016-04-22] (CyberLink Corp.)
Task: {651F8173-6922-4AC6-B72D-52ABF13E10E5} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {6DF4059B-D969-4CE6-8B25-2D7200F944E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {7AAD83AF-64E4-405E-BAEE-E6C1FDF8E9B2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {7EFE717F-F2E3-46F0-AEA4-D9D9972EAA7C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-26] (Google Inc.)
Task: {820823B2-5429-4242-9581-DCF2723F3E59} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {9182FE5C-7D4E-4EE7-AD3A-28EA96319743} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {95DED3D3-D214-4C07-A2CD-8540C8E4C836} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {B0F9A0DE-CDA6-4C3B-8F58-38109A0503B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-26] (Google Inc.)
Task: {B5925112-84DE-401D-BF07-675E1960FD54} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {B63AF6F8-458F-4651-B368-A743BDB1D74B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {D44DF012-67F6-4CB3-A55E-E5447B068500} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-14 10:48 - 2017-06-03 05:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-19 12:09 - 2017-05-19 12:09 - 00139776 _____ () C:\Program Files (x86)\Windows NT\Accessories\WinUtilityHelper\wuhelper.exe
2015-09-28 16:09 - 2015-09-28 16:09 - 00043976 _____ () C:\Program Files\Lenovo\QuickOptimizer\LNBPrismAssistInf.dll
2017-03-08 14:16 - 2017-03-08 14:16 - 02757848 _____ () C:\Program Files (x86)\VSMSoftware\Premier+Explorer\VsmPreviewThumbnailHandler-x64.dll
2016-09-21 20:12 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 19:56 - 2017-03-04 01:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 19:57 - 2017-03-04 01:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 19:57 - 2017-03-04 01:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 19:57 - 2017-03-04 01:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-14 10:48 - 2017-06-03 03:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-14 10:48 - 2017-06-03 03:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-14 10:48 - 2017-06-03 03:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-19 18:52 - 2016-04-19 18:52 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2016-04-19 18:52 - 2016-04-19 18:52 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2017-05-15 20:07 - 2017-05-09 04:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-15 20:07 - 2017-05-09 04:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-06-21 18:56 - 2017-06-21 18:58 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 18:56 - 2017-06-21 18:58 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 18:56 - 2017-06-21 18:58 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 18:56 - 2017-06-21 18:58 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2016-06-28 01:19 - 2016-06-28 01:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2016-09-06 20:35 - 2016-04-22 03:55 - 00884504 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\Kernel\Boomerang\UNO.dll
2016-09-06 20:35 - 2016-04-22 03:49 - 00081920 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\koan\_ctypes.pyd
2017-03-08 14:30 - 2017-03-08 14:30 - 01885872 _____ () C:\Program Files (x86)\VSMSoftware\Premier+\VsmCmnRes.dll
2016-03-15 16:36 - 2016-03-15 16:36 - 00114872 _____ () C:\Program Files (x86)\VSMSoftware\Premier+\zlib-vsm-128.dll
2016-04-19 19:01 - 2014-07-03 23:35 - 00627672 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2014-07-04 14:35 - 2014-07-04 14:35 - 00016856 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2016-04-19 18:52 - 2015-02-12 18:02 - 00224696 _____ () C:\Program Files (x86)\Lenovo\CCSDK\SDKClient.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 02:24 - 2015-10-30 02:21 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-280923207-1676988664-3169647480-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tommie\AppData\Local\Temp\BGInfo.bmp
DNS Servers: 192.168.50.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run32: => "Pr.Updater"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{A8DD67E0-F30E-4B88-9F12-80F1FE145A19}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{9F56F7B1-D51C-4F5F-BEB7-F1F8DA265675}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{ED147B17-120F-4E3D-89DA-876B6684C7A2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{4A8DDAFD-3571-4B50-84DE-4CB56F585C86}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
FirewallRules: [{41DF524C-E4EA-49D7-8980-26DF7441BD16}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{84AE87B9-E6CC-49E5-9C15-6BF7212AF261}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{31F43C97-6F6F-4483-97C1-6D487F0D334B}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Phone\Itibiti.exe
FirewallRules: [{A6547E2E-E11D-47E6-9010-FFA723772DEF}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Phone\Itibiti.exe
==================== Restore Points =========================
05-06-2017 15:59:26 Windows Update
09-06-2017 14:32:13 Windows Update
14-06-2017 11:06:03 Windows Update
14-06-2017 11:08:01 Windows Update
19-06-2017 20:18:06 170619 pre-fix
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/21/2017 06:30:52 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location \\Grizzly-Cloud\Tommie\Lenovo\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
Error: (06/21/2017 06:28:31 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (06/21/2017 06:28:31 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (06/21/2017 06:28:31 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (06/20/2017 07:20:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 58.0.3029.110 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1760
Start Time: 01d2ea1ba51b017f
Termination Time: 12
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Report Id: 63563cd0-5617-11e7-af3a-00dbdfadb299
Faulting package full name:
Faulting package-relative application ID:
Error: (06/20/2017 06:04:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-6Q1DPAHG)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/20/2017 06:04:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-6Q1DPAHG)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/20/2017 06:04:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.14393.953, time stamp: 0x58ba5a2f
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.14393.1198, time stamp: 0x5902836c
Exception code: 0xc000027b
Fault offset: 0x00000000006d5eab
Faulting process id: 0x520
Faulting application start time: 0x01d2e9b04061088b
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 1e42d66f-917d-4ce1-aaa8-0e7d501c16df
Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (06/20/2017 05:47:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GDCAgent.exe, version: 1.0.1.6, time stamp: 0x55b8998c
Faulting module name: GDCAgent.exe, version: 1.0.1.6, time stamp: 0x55b8998c
Exception code: 0xc0000005
Fault offset: 0x00020fb8
Faulting process id: 0x20f0
Faulting application start time: 0x01d2e9b09501d90f
Faulting application path: C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
Faulting module path: C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
Report Id: c4386c42-2d89-4660-ae5a-5929c27964e0
Faulting package full name:
Faulting package-relative application ID:
Error: (06/19/2017 11:18:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GDCAgent.exe, version: 1.0.1.6, time stamp: 0x55b8998c
Faulting module name: GDCAgent.exe, version: 1.0.1.6, time stamp: 0x55b8998c
Exception code: 0xc0000005
Fault offset: 0x00020fb8
Faulting process id: 0x1e84
Faulting application start time: 0x01d2e973dea79128
Faulting application path: C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
Faulting module path: C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
Report Id: 105ee13f-058b-43d9-a821-66b7480e1af9
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (06/21/2017 06:50:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/21/2017 06:50:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/21/2017 06:50:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/21/2017 06:50:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/21/2017 06:47:41 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-6Q1DPAHG)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user LAPTOP-6Q1DPAHG\Tommie SID (S-1-5-21-280923207-1676988664-3169647480-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
Error: (06/21/2017 06:43:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/21/2017 06:40:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/21/2017 06:28:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/21/2017 06:28:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/21/2017 06:28:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2017-06-21 19:40:36.030
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-06-19 21:32:11.824
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-06-17 22:55:48.750
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.14393.1066_none_e9e062456c587ff9\MusNotificationUx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-17 22:55:48.747
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.14393.1066_none_e9e062456c587ff9\MusNotificationUx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-17 22:33:05.061
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.14393.1066_none_e9e062456c587ff9\MusNotificationUx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-17 22:33:04.922
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.14393.1066_none_e9e062456c587ff9\MusNotificationUx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-15 10:48:16.099
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-05-21 20:25:02.354
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core™ i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 67%
Total physical RAM: 3955.91 MB
Available physical RAM: 1268.91 MB
Total Virtual: 7027.91 MB
Available Virtual: 3375.31 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:421.04 GB) (Free:271.88 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:7.4 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9D4F4B99)
Partition: GPT.
==================== End of Addition.txt ============================
Sign In
Create Account
