Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

windows 10 would not activate [Solved]


  • This topic is locked This topic is locked

#16
Malcolm1777

Malcolm1777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts

I dont think there any residual stuff left. I use wise uninstaller.  And glarysoft also cleans up junkmstuff. Dont worry, registry cleaner is inactive. But i will do another scan with FRST and post again tonight or tomorrow


  • 0

Advertisements


#17
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,403 posts
It's not my place to tell you what to use or not use on your system, though I feel it is my duty to provide/share an educated warning from experience. Bottom line is, it is still a system optimizer. To optimize the system you have to tweak registry settings. Last I knew Glary included a Windows Boot Time monitor that compares your system with other users systems. Makes you wonder, how can a program compare your system with someone else's without invading your privacy....

Don't forget to check into creating that recovery media. Next time the registry may be so damaged we won't be able to fix the corruption and you will end up with a very expensive door stop.
  • 1

#18
Malcolm1777

Malcolm1777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts

i hear what you are saying...does the pc's cleanup tool destroys tracers? that is my concern. anyways heres rescan of FRST i did few minutes ago...i didnt insert that text file you wanted me to do...i dont know where to insert

 

__________________________________________________________

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by artim (administrator) on SHITPOSTINGMALC (13-11-2017 08:41:00)
Running from C:\Users\artim\Downloads
Loaded Profiles: artim (Available Profiles: defaultuser0 & artim)
Platform: Windows 10 Home Version 1709 16299.19 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\AsusWSWinService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(WinAbility® Software Corporation) C:\Program Files\IconShepherd\ISEXE64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2110584 2017-07-11] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-385131773-806036791-354636761-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44016 2017-09-27] (Glarysoft Ltd)
HKU\S-1-5-21-385131773-806036791-354636761-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IconShepherd.lnk [2017-10-13]
ShortcutTarget: IconShepherd.lnk -> C:\Program Files\IconShepherd\ISEXE64.exe (WinAbility® Software Corporation)
BootExecute: autocheck autochk *  
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{dba05b24-64cb-44ce-9090-81d76215f92e}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-385131773-806036791-354636761-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-385131773-806036791-354636761-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-385131773-806036791-354636761-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-385131773-806036791-354636761-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-385131773-806036791-354636761-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1122&geo=US&ver=22.10.1.10&locale=en_US&guid=6BE3AE02-6904-4780-92B6-42C844884509&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File
Toolbar: HKU\S-1-5-21-385131773-806036791-354636761-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
 
Edge: 
======
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.3.0.0_neutral__c1wakc4j0nefm [2017-10-03]
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.45.0_neutral__qq0fmhteeht3j [2017-08-01]
Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.16.0_neutral__8wekyb3d8bbwe [2017-08-01]
 
FireFox:
========
FF DefaultProfile: ey5z1vw9.default
FF ProfilePath: C:\Users\artim\AppData\Roaming\Mozilla\Firefox\Profiles\ey5z1vw9.default [2017-11-13]
FF Homepage: Mozilla\Firefox\Profiles\ey5z1vw9.default -> hxxp://www.msn.com/
FF Extension: (AdBlocker Ultimate) - C:\Users\artim\AppData\Roaming\Mozilla\Firefox\Profiles\ey5z1vw9.default\Extensions\[email protected] [2017-10-04]
FF Extension: (Privacy Badger) - C:\Users\artim\AppData\Roaming\Mozilla\Firefox\Profiles\ey5z1vw9.default\Extensions\[email protected] [2017-11-12]
FF Extension: (LastPass: Free Password Manager) - C:\Users\artim\AppData\Roaming\Mozilla\Firefox\Profiles\ey5z1vw9.default\Extensions\[email protected] [2017-11-12]
FF Extension: (Referer Control) - C:\Users\artim\AppData\Roaming\Mozilla\Firefox\Profiles\ey5z1vw9.default\Extensions\{cde47992-8aa7-4206-9e98-680a2d20f798}.xpi [2017-10-04]
FF Extension: (TuneYou Radio App) - C:\Users\artim\AppData\Roaming\Mozilla\Firefox\Profiles\ey5z1vw9.default\Extensions\{fcce0b11-092d-4c58-a143-0348bbaebebd}.xpi [2017-10-06]
FF Plugin HKU\S-1-5-21-385131773-806036791-354636761-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\artim\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2017-08-10] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-385131773-806036791-354636761-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\artim\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2017-08-10] (Epic Privacy Browser)
 
Chrome: 
=======
CHR HKU\S-1-5-21-385131773-806036791-354636761-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - <no Path/update_url>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\AsusWSWinService.exe [75264 2015-10-21] (ASUS Cloud Corporation) [File not signed]
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122728 2017-09-04] (AOMEI Tech Co., Ltd.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-31] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-31] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1394360 2015-08-12] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [363432 2015-10-23] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-17] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-21] ()
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [171952 2016-12-21] ()
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [38320 2017-09-01] ()
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-12] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-12] (Intel Corporation)
R1 GUBootStartup; C:\Windows\System32\Drivers\GUBootStartup.sys [20160 2017-08-29] (Glarysoft Ltd)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [5915048 2015-10-23] (Intel Corporation)
R1 MpKsl37db3727; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{006A7A99-AA70-40D1-8DB3-194A4DDA2B20}\MpKsl37db3727.sys [58120 2017-11-12] (Microsoft Corporation)
R1 MpKsl7e19b693; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3DC1D4D8-8A54-410D-B4D2-62E46C4AA9BC}\MpKsl7e19b693.sys [58120 2017-11-12] (Microsoft Corporation)
R1 MpKsla42740c5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D59B4809-B89A-44EA-9FFC-216143B7A4F5}\MpKsla42740c5.sys [58120 2017-11-13] (Microsoft Corporation)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation)
R1 UimBus; C:\WINDOWS\System32\drivers\uimbus.sys [108856 2017-04-11] (Paragon Software GmbH)
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uimdevim.sys [44848 2017-04-11] (Paragon Software GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-13 08:40 - 2017-11-13 08:40 - 000000000 ____D C:\Users\artim\Downloads\FRST-OlderVersion
2017-11-12 20:34 - 2017-11-12 20:34 - 000000792 _____ C:\Users\artim\Desktop\See which processes start up automatically when you start Windows - Shortcut.lnk
2017-11-12 20:33 - 2017-11-12 20:33 - 000000872 _____ C:\Users\artim\Desktop\Show which operating system your computer is running - Shortcut.lnk
2017-11-12 20:33 - 2017-11-12 20:33 - 000000812 _____ C:\Users\artim\Desktop\Task Manager - Shortcut.lnk
2017-11-12 18:49 - 2017-11-12 18:49 - 000001149 _____ C:\Users\Public\Desktop\KeyFinder.lnk
2017-11-12 18:49 - 2017-11-12 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
2017-11-12 18:49 - 2017-11-12 18:49 - 000000000 ____D C:\Program Files (x86)\Magical Jelly Bean
2017-11-12 16:07 - 2017-11-13 08:23 - 000000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2017-11-12 16:07 - 2017-11-12 16:08 - 000000000 ____D C:\ProgramData\AomeiBR
2017-11-12 16:07 - 2017-11-12 16:07 - 000001024 ____H C:\SYSTAG.BIN
2017-11-12 16:06 - 2017-11-12 16:07 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2017-11-12 16:06 - 2017-11-12 16:06 - 000001128 _____ C:\Users\Public\Desktop\AOMEI Backupper Standard.lnk
2017-11-12 16:06 - 2017-11-12 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2017-11-12 16:06 - 2017-09-01 18:12 - 000038320 _____ C:\WINDOWS\system32\amwrtdrv.sys
2017-11-12 16:06 - 2016-12-21 22:54 - 000051120 _____ C:\WINDOWS\system32\ambakdrv.sys
2017-11-12 16:06 - 2016-12-21 22:52 - 000171952 _____ C:\WINDOWS\system32\ammntdrv.sys
2017-11-12 16:02 - 2017-11-12 16:03 - 091004200 _____ (AOMEI Technology Co., Ltd. ) C:\Users\artim\Downloads\BackupperFull.exe
2017-11-12 15:33 - 2017-11-12 15:33 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-11-12 15:31 - 2017-11-12 15:31 - 000000000 ___HD C:\Users\artim\MicrosoftEdgeBackups
2017-11-12 15:30 - 2017-11-12 15:30 - 000000000 ___RD C:\Users\artim\3D Objects
2017-11-12 15:29 - 2017-11-12 15:29 - 000000020 ___SH C:\Users\artim\ntuser.ini
2017-11-12 15:25 - 2017-11-12 15:26 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2017-11-12 15:25 - 2017-11-12 15:26 - 000011433 _____ C:\WINDOWS\diagerr.xml
2017-11-12 15:23 - 2017-11-13 08:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-12 15:23 - 2017-11-12 15:24 - 000002796 _____ C:\WINDOWS\System32\Tasks\GlaryUpdate 5
2017-11-12 15:23 - 2017-11-12 15:23 - 000003758 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-12 15:23 - 2017-11-12 15:23 - 000003522 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-11-12 15:23 - 2017-11-12 15:23 - 000003446 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-12 15:23 - 2017-11-12 15:23 - 000003298 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-11-12 15:23 - 2017-11-12 15:23 - 000003206 _____ C:\WINDOWS\System32\Tasks\Wise Memory Optimizer Task.job
2017-11-12 15:23 - 2017-11-12 15:23 - 000002968 _____ C:\WINDOWS\System32\Tasks\Update Checker
2017-11-12 15:23 - 2017-11-12 15:23 - 000002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2017-11-12 15:23 - 2017-11-12 15:23 - 000002862 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2017-11-12 15:23 - 2017-11-12 15:23 - 000002848 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-385131773-806036791-354636761-1003
2017-11-12 15:23 - 2017-11-12 15:23 - 000002512 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2017-11-12 15:23 - 2017-11-12 15:23 - 000002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2017-11-12 15:23 - 2017-11-12 15:23 - 000002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2017-11-12 15:23 - 2017-11-12 15:23 - 000002326 _____ C:\WINDOWS\System32\Tasks\{3B30CD4F-7BA9-434B-BD7E-121346DCFDB4}
2017-11-12 15:23 - 2017-11-12 15:23 - 000002322 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2017-11-12 15:23 - 2017-11-12 15:23 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2017-11-12 15:23 - 2017-11-12 15:23 - 000002220 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2017-11-12 15:23 - 2017-11-12 15:23 - 000002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2017-11-12 15:23 - 2017-11-12 15:23 - 000002214 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2017-11-12 15:23 - 2017-11-12 15:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-385131773-806036791-354636761-1001
2017-11-12 15:23 - 2017-11-12 15:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-11-12 15:23 - 2017-11-12 15:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-11-12 15:23 - 2017-10-18 21:16 - 000004000 _____ C:\WINDOWS\System32\Tasks\SaferUpdateTaskMachineUA
2017-11-12 15:23 - 2017-10-18 21:16 - 000003768 _____ C:\WINDOWS\System32\Tasks\SaferUpdateTaskMachineCore
2017-11-12 15:21 - 2017-11-13 08:28 - 000928294 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-12 15:03 - 2017-11-12 15:03 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-11-12 15:03 - 2017-11-12 15:03 - 000000000 ____D C:\ProgramData\USOShared
2017-11-12 15:01 - 2017-11-12 15:01 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2017-11-12 14:59 - 2017-11-12 22:21 - 000000000 ____D C:\Users\artim\AppData\Local\Packages
2017-11-12 14:58 - 2017-11-12 20:28 - 000000000 ____D C:\Users\artim
2017-11-12 14:58 - 2017-11-12 15:22 - 000000000 ____D C:\Users\defaultuser0
2017-11-12 14:56 - 2017-09-29 05:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-11-12 14:56 - 2015-10-23 13:35 - 000095224 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-11-12 14:56 - 2015-10-23 13:35 - 000091128 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-11-12 14:52 - 2017-11-13 08:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-12 14:52 - 2017-11-12 15:14 - 000222000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-12 14:46 - 2017-11-12 15:28 - 000000000 ____D C:\Windows.old
2017-11-12 14:18 - 2017-11-12 14:46 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-11-12 14:14 - 2017-11-12 14:18 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-11-12 14:09 - 2017-11-12 14:09 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 023664128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 021752832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 019343360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 018913792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 017080832 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 008592280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-12 14:09 - 2017-11-12 14:09 - 008097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 006032896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 005906264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 004744192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 003681280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 003672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 003312432 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 002869248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 002474080 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 002106880 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 001641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 001633744 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 001528912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 001436432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 001200024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-12 14:09 - 2017-11-12 14:09 - 001165824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-12 14:09 - 2017-11-12 14:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-11-12 14:09 - 2017-11-12 14:09 - 000769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-11-12 14:09 - 2017-11-12 14:09 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000464416 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000232344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 000045976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-11-12 14:09 - 2017-11-12 14:09 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-11-12 14:09 - 2017-11-12 14:09 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-11-12 14:01 - 2017-11-12 14:01 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-11-12 14:01 - 2017-11-12 14:01 - 000000000 ____D C:\Program Files\MSBuild
2017-11-12 14:01 - 2017-11-12 14:01 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-11-12 14:01 - 2017-11-12 14:01 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-11-12 13:59 - 2017-11-12 13:59 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-11-12 13:59 - 2017-11-12 13:59 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-11-12 13:59 - 2017-11-12 13:59 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-11-12 13:59 - 2017-11-12 13:59 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-11-12 13:59 - 2017-11-12 13:59 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-11-12 13:59 - 2017-11-12 13:59 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-11-12 13:42 - 2017-11-12 13:42 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-11-12 12:26 - 2017-11-12 18:03 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-11 22:03 - 2017-11-11 22:03 - 000000255 _____ C:\Users\artim\Downloads\freedom.html
2017-11-11 21:51 - 2017-11-11 21:51 - 000928232 _____ (Magical Jelly Bean ) C:\Users\artim\Downloads\KeyFinderInstaller.exe
2017-11-11 21:44 - 2017-11-11 21:44 - 000001769 _____ C:\Users\artim\Downloads\add this to frst program folder.txt
2017-11-11 20:47 - 2017-11-11 20:47 - 002903398 _____ C:\Users\artim\Downloads\last_pass_10_27_2014.crx
2017-11-11 20:33 - 2017-11-11 20:33 - 000058102 _____ C:\Users\artim\Documents\FRST.txt
2017-11-11 20:21 - 2017-11-11 20:34 - 000038342 _____ C:\Users\artim\Downloads\Addition.txt
2017-11-11 20:18 - 2017-11-13 08:41 - 000012025 _____ C:\Users\artim\Downloads\FRST.txt
2017-11-11 20:12 - 2017-11-13 08:41 - 000000000 ____D C:\FRST
2017-11-11 20:09 - 2017-11-13 08:40 - 002392576 _____ (Farbar) C:\Users\artim\Downloads\FRST64.exe
2017-11-10 16:09 - 2017-11-10 16:12 - 000000000 ____D C:\Program Files\KeyFinderInstaller
2017-10-19 20:57 - 2017-11-12 20:24 - 000000000 ____D C:\found.000
2017-10-18 23:35 - 2017-11-12 14:46 - 000000000 ____D C:\WINDOWS\system32\configfix
2017-10-18 23:35 - 2017-11-12 14:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RollBack Rx Home
2017-10-18 23:35 - 2017-10-18 23:35 - 000117072 _____ (Horizon DataSys Inc) C:\WINDOWS\system32\Drivers\shield.sys
2017-10-18 23:35 - 2017-10-18 23:35 - 000108368 _____ (Horizon DataSys Inc) C:\WINDOWS\system32\Drivers\Shdump.sys
2017-10-18 23:35 - 2017-10-18 23:35 - 000036176 _____ (Horizon DataSys Inc) C:\WINDOWS\system32\Drivers\shieldm.sys
2017-10-18 23:35 - 2017-10-18 23:35 - 000035664 _____ (Horizon DataSys Inc) C:\WINDOWS\system32\Drivers\shieldf.sys
2017-10-18 23:35 - 2017-10-18 23:35 - 000031680 _____ (Horizon DataSys Inc) C:\WINDOWS\system32\shdsync.exe
2017-10-18 23:35 - 2017-10-18 23:35 - 000030544 _____ (Horizon DataSys Inc) C:\WINDOWS\system32\Drivers\shdbus.sys
2017-10-18 23:35 - 2017-10-18 23:35 - 000005915 _____ C:\WINDOWS\system32\Drivers\shieldmamd64.cat
2017-10-18 23:35 - 2017-10-18 23:35 - 000000000 ____D C:\WINDOWS\system32\Trace
2017-10-18 23:35 - 2017-10-18 23:35 - 000000000 ____D C:\Program Files\Shield
2017-10-18 21:17 - 2017-10-18 21:23 - 000000000 ____D C:\Users\artim\AppData\Local\Safer Technologies
2017-10-18 21:16 - 2017-10-18 21:17 - 000000000 ____D C:\Program Files (x86)\Safer Technologies
2017-10-18 21:16 - 2017-10-18 21:16 - 000000944 _____ C:\WINDOWS\Tasks\SaferUpdateTaskMachineUA.job
2017-10-18 21:16 - 2017-10-18 21:16 - 000000940 _____ C:\WINDOWS\Tasks\SaferUpdateTaskMachineCore.job
2017-10-18 00:12 - 2017-10-18 00:12 - 005766144 _____ (Tweaking.com) C:\Users\artim\Downloads\tweaking.com_registry_backup_setup.exe
2017-10-17 22:45 - 2017-10-17 22:45 - 000368688 _____ C:\Users\artim\Downloads\wnetwatcher_setup.exe
2017-10-17 22:36 - 2017-10-17 22:36 - 000000000 ____D C:\Users\artim\Downloads\regbak
2017-10-15 22:08 - 2017-10-15 22:08 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-13 08:32 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\appcompat
2017-11-13 08:32 - 2017-09-29 05:44 - 000000000 ____D C:\WINDOWS\INF
2017-11-13 08:29 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-11-13 08:26 - 2017-07-31 23:05 - 000000184 _____ C:\Users\artim\AppData\Roaming\sp_data.sys
2017-11-13 08:25 - 2017-07-31 23:00 - 000000000 __SHD C:\Users\artim\IntelGraphicsProfiles
2017-11-13 08:25 - 2017-07-31 22:55 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-11-13 08:24 - 2017-09-04 12:23 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-11-12 22:26 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-12 22:21 - 2017-09-29 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-12 22:20 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-12 22:14 - 2017-09-02 09:01 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-11-12 16:17 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-11-12 15:30 - 2017-07-31 23:00 - 000000000 ____D C:\Users\artim\AppData\Local\TileDataLayer
2017-11-12 15:30 - 2016-04-07 04:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-12 15:27 - 2017-09-29 00:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-12 15:24 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\Registration
2017-11-12 15:24 - 2016-04-07 04:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2017-11-12 15:23 - 2017-07-31 22:47 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-11-12 15:12 - 2017-09-29 00:45 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2017-11-12 15:12 - 2017-08-10 09:49 - 000000000 ____D C:\Users\artim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epic Privacy Browser
2017-11-12 15:12 - 2017-07-31 23:44 - 000000000 ____D C:\Users\artim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2017-11-12 15:03 - 2017-09-29 05:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-12 15:03 - 2017-09-29 05:46 - 000000000 ____D C:\ProgramData\USOPrivate
2017-11-12 14:56 - 2017-09-29 00:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-11-12 14:56 - 2017-09-04 12:23 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-11-12 14:55 - 2017-09-04 12:22 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-11-12 14:54 - 2017-09-04 12:21 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-11-12 14:51 - 2017-09-29 05:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-11-12 14:46 - 2017-10-13 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICONSHEPARD
2017-11-12 14:46 - 2017-10-11 08:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Program Uninstaller
2017-11-12 14:46 - 2017-10-07 07:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Marker
2017-11-12 14:46 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-11-12 14:46 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-11-12 14:46 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-11-12 14:46 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-12 14:46 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-11-12 14:46 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-11-12 14:46 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\spool
2017-11-12 14:46 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-12 14:46 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-12 14:46 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-12 14:46 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\IME
2017-11-12 14:46 - 2017-09-29 05:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-11-12 14:46 - 2017-09-12 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast VD
2017-11-12 14:46 - 2017-09-08 00:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FocusOn Image Viewer
2017-11-12 14:46 - 2017-09-04 12:23 - 000000000 ____D C:\Program Files\Intel
2017-11-12 14:46 - 2017-09-04 12:21 - 000000000 ____D C:\Program Files (x86)\Intel
2017-11-12 14:46 - 2017-08-29 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2017-11-12 14:46 - 2017-08-08 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Slideshow Maker
2017-11-12 14:46 - 2017-08-02 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-11-12 14:46 - 2017-08-01 05:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip Additional Formats plugin
2017-11-12 14:46 - 2017-08-01 05:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
2017-11-12 14:46 - 2017-08-01 01:17 - 000000000 ____D C:\Program Files\UNP
2017-11-12 14:46 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-11-12 14:46 - 2015-11-24 01:16 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-11-12 14:46 - 2015-11-24 01:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-11-12 14:46 - 2015-10-29 23:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-11-12 14:35 - 2017-09-29 05:49 - 000000000 ____D C:\WINDOWS\Setup
2017-11-12 14:22 - 2017-09-29 05:46 - 000000000 __RHD C:\Users\Public\Libraries
2017-11-12 14:19 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-11-12 14:19 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-11-12 14:19 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-11-12 14:19 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\winrm
2017-11-12 14:19 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-11-12 14:19 - 2017-09-29 06:41 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-11-12 14:19 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-12 14:19 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-12 14:19 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\system32\dsc
2017-11-12 14:19 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-11-12 14:19 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-11-12 14:19 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-11-12 14:19 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-12 14:19 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-11-12 14:19 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-11-12 14:19 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\MUI
2017-11-12 14:19 - 2017-09-29 00:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-12 14:19 - 2015-11-24 00:43 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-11-12 14:18 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-11-12 14:18 - 2017-09-29 05:46 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-12 14:18 - 2017-09-29 05:46 - 000000000 ____D C:\Program Files\Common Files\system
2017-11-12 14:18 - 2017-09-29 05:46 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-12 14:18 - 2017-09-04 12:21 - 000000000 ____D C:\Program Files\Realtek
2017-11-12 14:18 - 2017-09-01 09:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2017-11-12 14:18 - 2017-08-08 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2017-11-12 14:18 - 2016-04-07 05:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-11-12 14:11 - 2017-09-29 06:42 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-11-12 14:11 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-12 12:59 - 2017-08-04 07:06 - 000000000 ____D C:\Users\artim\AppData\LocalLow\Mozilla
2017-11-12 12:07 - 2017-10-11 08:55 - 000000000 ____D C:\Users\artim\AppData\Roaming\Wise Uninstaller
2017-11-12 11:56 - 2017-10-04 00:16 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-12 11:56 - 2017-10-04 00:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-12 11:56 - 2017-10-04 00:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-12 11:36 - 2017-09-30 23:07 - 000000000 ____D C:\Program Files (x86)\Kryptel
2017-11-12 00:32 - 2017-10-02 07:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2017-11-11 20:59 - 2017-09-16 07:23 - 000000000 ____D C:\ProgramData\Norton
2017-11-11 20:56 - 2017-09-16 07:24 - 000000000 ____D C:\ProgramData\NortonInstaller
2017-11-11 20:10 - 2017-09-09 08:57 - 000000000 ____D C:\Users\artim\AppData\Local\ElevatedDiagnostics
2017-10-15 22:53 - 2017-09-16 08:18 - 000000000 ____D C:\Program Files\Common Files\AV
2017-10-15 22:12 - 2017-08-03 19:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-15 22:08 - 2017-08-03 19:36 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2017-07-31 23:05 - 2017-11-13 08:26 - 000000184 _____ () C:\Users\artim\AppData\Roaming\sp_data.sys
2017-08-05 14:41 - 2017-10-08 19:21 - 000015872 _____ () C:\Users\artim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-14 18:59 - 2017-09-14 18:59 - 000000063 _____ () C:\Users\artim\AppData\Local\emaildefaults
2017-09-14 19:05 - 2017-09-14 19:05 - 000000039 _____ () C:\Users\artim\AppData\Local\kritadisplayrc
2017-09-14 18:58 - 2017-09-14 19:05 - 000016125 _____ () C:\Users\artim\AppData\Local\kritarc
2017-08-17 18:05 - 2017-08-17 18:05 - 000002990 _____ () C:\Users\artim\AppData\Local\recently-used.xbel
2017-09-04 12:22 - 2017-09-04 12:22 - 000000000 _____ () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-12 14:52
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by artim (13-11-2017 08:43:44)
Running from C:\Users\artim\Downloads
Windows 10 Home Version 1709 16299.19 (X64) (2017-11-12 23:28:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-385131773-806036791-354636761-500 - Administrator - Disabled)
artim (S-1-5-21-385131773-806036791-354636761-1001 - Administrator - Enabled) => C:\Users\artim
DefaultAccount (S-1-5-21-385131773-806036791-354636761-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-385131773-806036791-354636761-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-385131773-806036791-354636761-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-385131773-806036791-354636761-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.9 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.14.0006 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.103 - ICEpower a/s)
cbColors Folder Icons Full (HKLM-x32\...\cbColors Folder Icons Full_is1) (Version: 1.0 - ArcticLine Software)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Epic Privacy Browser (HKU\S-1-5-21-385131773-806036791-354636761-1001\...\Epic) (Version: 60.0.3112.113 - Epic)
Fast VD 3.0.0.11 (HKLM-x32\...\9ED08AFF-E977-47db-8923-2499D74C97C5_Fast VD_is1) (Version: 3.0.0.11 - FastPcTools)
Folder Marker Free (HKLM\...\Folder Marker Free_is1) (Version: 4.3 - ArcticLine Software)
Glary Utilities PRO 5.85 (HKLM-x32\...\Glary Utilities 5) (Version: 5.85.0.106 - Glarysoft Ltd)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Gtk# for .Net 2.12.22 (HKLM-x32\...\{06AF6533-F201-47C0-8675-AAAE5CB81B41}) (Version: 2.12.22 - Xamarin, Inc.)
Icon Shepherd (HKLM\...\Icon Shepherd_is1) (Version: 1.1.0 - WinAbility Software Corp.)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4300 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
KB4023057 (HKLM\...\{27C6D60B-CAD4-4C70-A1F2-299C731EA8F7}) (Version: 2.0.0.0 - Microsoft Corporation)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.13 - Magical Jelly Bean)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0a1 - Mozilla)
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141667}) (Version: 4.0.19 - dotPDN LLC)
Paragon UIM (HKLM\...\{56EECD69-F428-41C4-ADF6-6CDEE14DDF3F}) (Version: 20.0.0.4 - Paragon Software) Hidden
PeaZip 6.4.1 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.4.1 - Giorgio Tani)
PeaZip Additional Formats plugin 2 (HKLM-x32\...\{2367BFCD-A95F-4F06-8876-E85B04E2860F}_is1) (Version:  - Giorgio Tani)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43835 - TeamViewer)
Unknown File Handler (HKLM-x32\...\UFH_is1) (Version: 2015.12.29.0 - File.org)
WebM Project Directshow Filters (HKU\S-1-5-21-385131773-806036791-354636761-1001\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.5.541 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (AsusSGDrv) Mouse  (10/21/2015 8.1.0.19) (HKLM\...\E3BC758B9DD4554D7662F1578C31C2ED59C717EE) (Version: 10/21/2015 8.1.0.19 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
Wise Program Uninstaller 2.1.3 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 2.1.3 - WiseCleaner.com, Inc.)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.5.541\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.5.541\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.5.541\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File
ContextMenuHandlers1: [Kryptel Menu] -> {11056249-C369-49CA-B0E8-326B5C32AD3C} => C:\Program Files (x86)\Kryptel\Shx64.dll -> No File
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} =>  -> No File
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [Kryptel Menu] -> {11056249-C369-49CA-B0E8-326B5C32AD3C} => C:\Program Files (x86)\Kryptel\Shx64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-10-23] (Intel Corporation)
ContextMenuHandlers6: [FMMenuExt] -> {47C91696-894C-46A1-B196-2C7CA1952F45} => C:\Program Files (x86)\Folder Marker\ShellExt64.dll [2017-04-26] (ArcticLine Software)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09373D09-6134-4F81-A439-395543F69154} - System32\Tasks\S-1-5-21-385131773-806036791-354636761-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {12878414-A615-4DFB-BF09-86CDFCDE4E1C} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2017-09-27] (Glarysoft Ltd)
Task: {15CB9785-405D-4658-A10B-68777C828264} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {214B29EE-F352-4E54-B43D-487307E03D62} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {2B797AE6-1D46-4FEF-BAC1-C8491DD21E8C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-31] (Dropbox, Inc.)
Task: {32A6FC84-D362-43EE-8E04-5B9070C316BF} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2017-09-27] (Glarysoft Ltd)
Task: {47EA9017-BC6F-4C4B-A25C-704FCA9E34BA} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-385131773-806036791-354636761-1003 => C:\Users\artim\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {4BB182A0-27AC-4D2E-A81B-DF6237FB26D9} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {5537A3C0-A088-4B17-8A07-12BF90A44542} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-12-11] (Realtek Semiconductor)
Task: {669CDFBD-72E2-4EE0-8317-F81616ABABB4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-11] (Adobe Systems Incorporated)
Task: {7714E598-13D9-4229-ACFA-BD0A86228BE7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-11-11] (Adobe Systems Incorporated)
Task: {834B2090-2BCF-43E9-8F6A-349E549CA517} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-18] (AsusTek)
Task: {93F3BBA0-F0B8-469B-A606-D8FE1AA82B9E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-12-11] (Realtek Semiconductor)
Task: {975E6773-B510-4CDE-9E56-321FE4EA4636} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-12-02] (ASUS)
Task: {C4FE36F0-5424-432D-BFF9-3D166F276576} - System32\Tasks\{3B30CD4F-7BA9-434B-BD7E-121346DCFDB4} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeYTVDownloader
Task: {C66C18C4-0790-48DE-A7B3-40459B346FC3} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {CD7F7555-BBA4-458F-B5D3-CF6CD3DD3FEF} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {DA387BF9-7F67-4227-B184-E0AB25CFEC56} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.)
Task: {DE1C2C95-0F00-4C40-A68E-41A57537FA7D} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
Task: {F126F0F5-4AD7-4989-BD40-2503D002AC3A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-31] (Dropbox, Inc.)
Task: {F47A2296-8C8F-418B-A970-D4AECB00B9B0} - System32\Tasks\Wise Memory Optimizer Task.job => C:\Program Files (x86)\Wise\Wise Memory Optimizer\WiseMemoryOptimzer.exe
Task: {F62E5EA8-3325-49EE-9D13-CB6FECEA6B7E} - System32\Tasks\GlaryUpdate 5 => C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe [2017-09-27] (Glarysoft Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\SaferUpdateTaskMachineCore.job => C:\Program Files (x86)\Safer Technologies\Update\SaferUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SaferUpdateTaskMachineUA.job => C:\Program Files (x86)\Safer Technologies\Update\SaferUpdate.exe <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 05:41 - 2017-09-29 05:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-04-25 13:22 - 2017-04-25 13:22 - 002250896 _____ () C:\Windows\System32\vimsdk.dll
2017-04-25 13:22 - 2017-04-25 13:22 - 000143504 _____ () C:\Windows\System32\vimbase.dll
2015-05-19 08:11 - 2015-05-19 08:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2017-09-29 05:42 - 2017-09-29 06:43 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 05:42 - 2017-09-29 06:43 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-23 13:35 - 2015-10-23 13:35 - 000404904 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-11-12 16:06 - 2017-09-04 10:11 - 000966512 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000339816 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000266096 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000139112 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000360304 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000040808 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000495464 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000081776 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000114544 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2017-11-12 16:06 - 2017-09-01 16:35 - 002411968 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000348008 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2017-11-12 16:06 - 2017-09-04 10:10 - 000126832 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000175984 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000724848 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000089960 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000073584 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000298864 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000978792 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000114544 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000266088 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2017-11-12 16:06 - 2017-09-04 10:11 - 000188264 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2015-12-02 17:01 - 2015-12-02 17:01 - 000027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-12-02 17:01 - 2015-12-02 17:01 - 000124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-12-02 17:01 - 2015-12-02 17:01 - 000029184 _____ () C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2017-09-27 19:31 - 2017-09-27 19:31 - 000087024 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-29 23:24 - 2015-10-29 23:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-385131773-806036791-354636761-1001\Control Panel\Desktop\\Wallpaper -> H:\A GOODFON wallpaper 1\colorful-geometry-shapes-22.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: bthserv => 2
HKLM\...\StartupApproved\Run: => "LogiOptions"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "MalTray"
HKU\S-1-5-21-385131773-806036791-354636761-1001\...\StartupApproved\Run: => "Epic Privacy Browser Installer"
HKU\S-1-5-21-385131773-806036791-354636761-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-385131773-806036791-354636761-1001\...\StartupApproved\Run: => "OneDriveSetup"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3F11A49B-8336-4397-8FF6-A838B4683E21}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0466E036-D8CE-45D6-B7AE-AB1D977E2F56}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E1E80B8A-98BC-4ACC-8760-B167364770D7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{94D9E82D-7821-4A8E-9D58-0DCE0A7B24D7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7402862F-943A-40F2-889B-6B5E5C4A1D4F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EC7399FA-4288-4C6B-AEEB-06C2BD8423F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FEE45EDF-411A-4379-AC0A-2768C1ADCE03}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE
 
==================== Restore Points =========================
 
12-11-2017 22:18:59 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/13/2017 08:32:33 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\artim\Downloads\regbak\regbak.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_cc92fab02215da61.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.19_none_1440318736920367.manifest.
 
Error: (11/12/2017 03:23:54 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
 
Error: (11/12/2017 03:18:28 PM) (Source: ESENT) (EventID: 455) (User: )
Description: mighost (3380,R,0) TILEREPOSITORYS-1-0-0: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\Default\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (11/12/2017 03:17:37 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
 
Error: (11/12/2017 03:17:37 PM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
 
Error: (11/12/2017 03:17:33 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
 
 
System errors:
=============
Error: (11/13/2017 08:39:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/13/2017 08:34:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/13/2017 08:33:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/13/2017 08:32:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/13/2017 08:24:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/13/2017 08:24:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
 
Error: (11/13/2017 08:24:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/13/2017 08:24:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/13/2017 08:23:12 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:53:19 AM on ‎11/‎13/‎2017 was unexpected.
 
Error: (11/13/2017 08:22:31 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU N3700 @ 1.60GHz
Percentage of memory in use: 38%
Total physical RAM: 3996.95 MB
Available physical RAM: 2455.5 MB
Total Virtual: 7996.95 MB
Available Virtual: 6496.29 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:464.22 GB) (Free:410.95 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 52A0CEF5)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


Edited by Malcolm1777, 13 November 2017 - 11:50 AM.

  • 0

#19
Malcolm1777

Malcolm1777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts

i also have problem with my new flash drive. 

 

http://www.geekstogo...e/#entry2610928

 

iam attempting to use AOMEI and backup system on it.. "lexar 64GB"


  • 0

#20
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,403 posts
I checked out the topic you started concerning your lexar. Let's get you finished up here so that Phillpower2 can help you there. He may even be able to answer your questions concerning tracers. Personally, I do not place myself in a position where I have to worry about them so I know very little. One thing that I never do is to allow ANYONE access to my PC. The way I see it, PC stands for Personal Computer and I would like to keep it that way. :)

I see you have a couple programs installed to create backups, such as regbak, AOMEI Backupper, and I thought I saw reference to another one. Creating multiple backups is a good idea, though you really do need to create that recovery USB/disc. Anytime you get a new computer, creating that recovery media is the very first thing that should be done.
 

i didnt insert that text file you wanted me to do...i dont know where to insert

You don't need to insert the text file into anything. All you need to do is to download the fixlist.txt file to the same location that you have FRST64.exe, which is as follows:

Running from C:\Users\artim\Downloads

Here are the instructions that I would like for you to read thoroughly and follow, please:
  • Download the attached fixlist.txt to your Downloads folder.
    Please note: fixlist.txt must be saved to the same location as FRST\FRST64.exe
Attached File  fixlist.txt   3.38KB   3 downloads

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Click to open frst64.exe from your Downloads folder and press the Fix button just once and wait. That's all you have to do. FRST64.exe will search and find fixlist and execute it.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

  • 0

#21
Malcolm1777

Malcolm1777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts

Np. Its late where iam, i will do the fix and post back sometime tomorrow :prop:


  • 0

#22
Malcolm1777

Malcolm1777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
ive completed a request to scan c drive and fix any bad sectors (check disk).. results as follows
 
Log Name:      Application
Source:        Chkdsk
Date:          11/14/2017 9:22:33 AM
Event ID:      26226
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      ShitPostingMalcolm
Description:
Chkdsk was executed in scan mode on a volume snapshot.  

Checking file system on C:
Volume label is OS.

Stage 1: Examining basic file system structure ...
                                                                                       
  547328 file records processed.                                                        

File verification completed.
                                                                                       
  17626 large file records processed.                                   

                                                                                       
  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
                                                                                       
  480 reparse records processed.                                      

    Found an unneeded link ($FILE_NAME: "SETTIN~1.BAK") in index "$I30" of directory "\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\NUM <0x18,0x91ac>"
        ... repaired online.
                                                                                       
  692618 index entries processed.                                                       

Index verification completed.
                                                                                       

    Found lost file "\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\NUM\SETTIN~1.BAK <0x5d,0x1074>"; requesting reconnection to index "$I30" of directory "\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\NUM <0x18,0x91ac>"
        ... repaired online.
                                                                                       

                                                                                       
  480 reparse records processed.                                      


Stage 3: Examining security descriptors ...
Security descriptor verification completed.
                                                                                       
  72646 data files processed.                                           

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has found problems and they were all fixed online.
No further action is required.

 486768033 KB total disk space.
  55543780 KB in 256689 files.
    194600 KB in 72647 indexes.
    638921 KB in use by the system.
     65536 KB occupied by the log file.
 430390732 KB available on disk.

      4096 bytes in each allocation unit.
 121692008 total allocation units on disk.
 107597683 allocation units available on disk.

----------------------------------------------------------------------


Stage 1: Examining basic file system structure ...

Stage 2: Examining file name linkage ...
Unable to locate the file name attribute of index entry SETTIN~1.BAK
of index $I30 with parent 0x91ac in file 0x1074.
Deleting index entry SETTIN~1.BAK in index $I30 of file 91AC.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file SETTIN~1.BAK (1074) into directory file 91AC.
Recovering orphaned file SETTIN~1.BAK (1074) into directory file 91AC.
  1 unindexed files recovered to original directory.

Stage 3: Examining security descriptors ...

Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
  <System>
    <Provider Name="Chkdsk" />
    <EventID Qualifiers="0">26226</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-11-14T17:22:33.586114900Z" />
    <EventRecordID>436</EventRecordID>
    <Channel>Application</Channel>
    <Computer>ShitPostingMalcolm</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
Volume label is OS.

Stage 1: Examining basic file system structure ...
                                                                                       
  547328 file records processed.                                                        

File verification completed.
                                                                                       
  17626 large file records processed.                                   

                                                                                       
  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
                                                                                       
  480 reparse records processed.                                      

    Found an unneeded link ($FILE_NAME: "SETTIN~1.BAK") in index "$I30" of directory "\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\NUM &lt;0x18,0x91ac&gt;"
        ... repaired online.
                                                                                       
  692618 index entries processed.                                                       

Index verification completed.
                                                                                       

    Found lost file "\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\NUM\SETTIN~1.BAK &lt;0x5d,0x1074&gt;"; requesting reconnection to index "$I30" of directory "\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\NUM &lt;0x18,0x91ac&gt;"
        ... repaired online.
                                                                                       

                                                                                       
  480 reparse records processed.                                      


Stage 3: Examining security descriptors ...
Security descriptor verification completed.
                                                                                       
  72646 data files processed.                                           

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has found problems and they were all fixed online.
No further action is required.

 486768033 KB total disk space.
  55543780 KB in 256689 files.
    194600 KB in 72647 indexes.
    638921 KB in use by the system.
     65536 KB occupied by the log file.
 430390732 KB available on disk.

      4096 bytes in each allocation unit.
 121692008 total allocation units on disk.
 107597683 allocation units available on disk.

----------------------------------------------------------------------


Stage 1: Examining basic file system structure ...

Stage 2: Examining file name linkage ...
Unable to locate the file name attribute of index entry SETTIN~1.BAK
of index $I30 with parent 0x91ac in file 0x1074.
Deleting index entry SETTIN~1.BAK in index $I30 of file 91AC.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file SETTIN~1.BAK (1074) into directory file 91AC.
Recovering orphaned file SETTIN~1.BAK (1074) into directory file 91AC.
  1 unindexed files recovered to original directory.

Stage 3: Examining security descriptors ...
</Data>
    <Binary>005A08005806050018FE0900000000004F010000910000000000000000000000</Binary>
  </EventData>
</Event>
 
i also executed running FIX on FRST program. there was no confirmation on scan results after restarted..assuming everything is ok with pc

Attached Thumbnails

  • fixlisty.JPG

  • 0

#23
Malcolm1777

Malcolm1777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
i just got another update for AMD among the most recent updates...if i reset the pc and start over fresh, would these programs be re-added? 
 
updateies.JPG
  • 0

#24
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,403 posts

i also executed running FIX on FRST program. there was no confirmation on scan results after restarted..assuming everything is ok with pc

After the reboot, fixlist.txt should have been deleted and a text file named fixlog.txt should have replaced it. Is it in your downloads folder? If not, the fix was not executed properly and you will need to follow my instructions to the "T" and do it again.
  • 0

#25
Malcolm1777

Malcolm1777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts

yes it was in downloads. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by artim (14-11-2017 10:16:19) Run:1
Running from C:\Users\artim\Downloads\FRST64
Loaded Profiles: artim (Available Profiles: defaultuser0 & artim)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-385131773-806036791-354636761-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-385131773-806036791-354636761-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-385131773-806036791-354636761-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1122&geo=US&ver=22.10.1.10&locale=en_US&guid=6BE3AE02-6904-4780-92B6-42C844884509&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File
Toolbar: HKU\S-1-5-21-385131773-806036791-354636761-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR HKLM-x32\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - <no Path/update_url>
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File
ContextMenuHandlers1: [Kryptel Menu] -> {11056249-C369-49CA-B0E8-326B5C32AD3C} => C:\Program Files (x86)\Kryptel\Shx64.dll -> No File
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} =>  -> No File
ContextMenuHandlers4: [Kryptel Menu] -> {11056249-C369-49CA-B0E8-326B5C32AD3C} => C:\Program Files (x86)\Kryptel\Shx64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} =>  -> No File
Task: {214B29EE-F352-4E54-B43D-487307E03D62} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\SaferUpdateTaskMachineCore.job => C:\Program Files (x86)\Safer Technologies\Update\SaferUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SaferUpdateTaskMachineUA.job => C:\Program Files (x86)\Safer Technologies\Update\SaferUpdate.exe <==== ATTENTION
EmptyTemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-385131773-806036791-354636761-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-385131773-806036791-354636761-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-385131773-806036791-354636761-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key removed successfully
HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key removed successfully
HKLM\Software\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found. 
HKU\S-1-5-21-385131773-806036791-354636761-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhancbnhabhandieicagelcddkdfgoif => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => key removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => key not found. 
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObitUnstaler => key removed successfully
HKLM\Software\Classes\CLSID\{B19ED566-D419-470b-B111-3C89040BC027} => key not found. 
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Kryptel Menu => key removed successfully
HKLM\Software\Classes\CLSID\{11056249-C369-49CA-B0E8-326B5C32AD3C} => key removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UnLockerMenu => key removed successfully
HKLM\Software\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3} => key not found. 
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Kryptel Menu => key removed successfully
HKLM\Software\Classes\CLSID\{11056249-C369-49CA-B0E8-326B5C32AD3C} => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IObitUnstaler => key removed successfully
HKLM\Software\Classes\CLSID\{B19ED566-D419-470b-B111-3C89040BC027} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UnLockerMenu => key removed successfully
HKLM\Software\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{214B29EE-F352-4E54-B43D-487307E03D62} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{214B29EE-F352-4E54-B43D-487307E03D62} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found. 
C:\WINDOWS\Tasks\SaferUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\SaferUpdateTaskMachineUA.job => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9796489 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 513528 B
Edge => 377455 B
Chrome => 0 B
Firefox => 17967955 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 10604 B
NetworkService => 4136 B
defaultuser0 => 7168 B
artim => 3309463 B
 
RecycleBin => 368810 B
EmptyTemp: => 36.6 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:20:57 ====
 
as soon as iam given the all clear, then by wednesday, i will go into reset pc.

Edited by Malcolm1777, 14 November 2017 - 08:51 PM.

  • 0

Advertisements


#26
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,403 posts
Well. You're all clear, though you did not have to wait for an all clear if you did plan on a restore to factory. The reason you would want to restore is as a last resort due to file corruption. To be honest, all the time I spent helping to make sure all is good with the scans and fix scripts will be a waste of all the time I used to make sure your system is healthy. Same goes for all the help and time that dmccoy and phillpower2 gave in their free time.

If you are going to reset the PC, then do it now. There is nothing more that needs to be done here except for you to right click and delete FRST.exe and the fixlog.txt in your downloads folder. I'll leave this thread open for a bit to give you time to reply.
  • 1

#27
Malcolm1777

Malcolm1777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts

 i was thinking maybe i'd better hold off for the forseeable future seeing all the latest updates i got -that and resetting would be sort of a selfish act -all the advice i got would essentally be discarded.... mind you, iam very grateful for all the valuable advice i received.if i wasnt so paranoid doing online transactions, i'd donate 10.000 dollars. accept my gratitude as payment. asus couldnt help me, comcast couldnt help me..as well as 3 other tech help forums. my pc is running fine for now. unlike the other tech forums, usually people would become frusterated and close thread abruptly...its that one small feeling of rejection makes one dissalusioned. 

 

at this present time, iam going to abort reset unless i run into a problem that would warrent a reset. thx again for all the help. iam going to recommend this forum to friends! you may close thread. blow-kiss-smiley-emoticon.gif


  • 0

#28
Malcolm1777

Malcolm1777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts

​one more question before close... when I ran magical jelly bean, it showed (product ID) and (CD key) which one is the key you activate windows with


  • 0

#29
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,403 posts
The CD key (25 character alpha-numeric number) is what you will need to activate Windows. You can read about the differences here. :)
  • 0

#30
Malcolm1777

Malcolm1777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts

Very good! Sincere thx!


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP