Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Blue Page with very unhappy smiley face

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Blue Page with very unhappy smiley face

Unread postby CrisYouSasyMedic1 » July 14th, 2017, 4:39 pm

Please help me!! while I was online a blue screen interrupted and said "error your computer has to restart" and was accompanied by a sad smiley face. It has done this several times over the past few months but this time after it restarted I signed back onto the internet using Mozilla Firefox and my profile was gone along with all my saved book marks. Thought it was a hacker so I deleted Mozilla Firefox and reinstalled it. My friend is good with computers so she directed me to you. Ugh!! hope I did this right. Thank you helping.
You do not have the required permissions to view the files attached to this post.
CrisYouSasyMedic1
Regular Member
 
Posts: 19
Joined: July 14th, 2017, 1:31 pm
Advertisement
Register to Remove

Re: Blue Page with very unhappy smiley face

Unread postby mAL_rEm018 » July 15th, 2017, 6:26 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello CrisYouSasyMedic1,

Welcome to Malware Removal! My name is mAL_rEm018, but feel free to call me mAL. I will be helping you with your malware related problems :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing your logs and will return as soon as possible, with additional instructions. In the meantime I would like you to read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2312
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Page with very unhappy smiley face

Unread postby CrisYouSasyMedic1 » July 15th, 2017, 4:58 pm

Okay, thanks so much mAL, I'll wait for your instructions. However, I do not know how to back up my computer. I have flash drive and CD's. can those be used? thanks Chris
CrisYouSasyMedic1
Regular Member
 
Posts: 19
Joined: July 14th, 2017, 1:31 pm

Re: Blue Page with very unhappy smiley face

Unread postby mAL_rEm018 » July 15th, 2017, 5:33 pm

Hi Chris,

I replied to your private message.

CrisYouSasyMedic1 wrote:However, I do not know how to back up my computer. I have flash drive and CD's. can those be used?


Ideally you would use an external drive to perform the backup, but you can also use the flash drive or the CD's. As far as performing the backup goes, have you looked at the link I included in my last post?: https://www.malwareremoval.com/forum/vi ... 64#p557964. Additionally, you can use one of the two programs listed below: (just click on the program name for more information)



Please let me know once the backup is completed and I will give you more instructions.
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2312
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Page with very unhappy smiley face

Unread postby CrisYouSasyMedic1 » July 16th, 2017, 4:58 pm

Hi mAL, I used the Cobian back up, hopefully I did it all correct. If not, and something does happen then I'll just take the computer into the shop and they will reinstall windows 8 and I'll have to start all over. Thanks again. Chris
CrisYouSasyMedic1
Regular Member
 
Posts: 19
Joined: July 14th, 2017, 1:31 pm

Re: Blue Page with very unhappy smiley face

Unread postby mAL_rEm018 » July 17th, 2017, 6:38 pm

Hi Chris,


I can see some signs of infection in your logs, but at this point I can't say if this is what is causing the blue screens. For now please do the following..


Running from C:\Users\CrisYouSasyMedic\AppData\Local\Microsoft\Windows\INetCache\IE\0XXE745I

Please move FRST to your desktop. I advise you to save all tools on your desktop to make it easier to access them.

Please answer the following question:

  • Did you by any chance create the following setting?:
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0

Backup your registry using TCRB
  • Please download TCRB to your Desktop.
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

Adwcleaner
  • Please download AdwCleaner to your Desktop.
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Logfile.
  • A notepad window will open. Please copy/paste the contents in your next reply.
    Note: do not select Clean at this point

If you have any trouble following my instructions please let me know.

-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any issue while following my instructions?
  • Answer to my question
  • Did you successfully create a registry backup?
  • Adwcleaner report
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2312
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Page with very unhappy smiley face

Unread postby CrisYouSasyMedic1 » July 17th, 2017, 11:39 pm

Hi mAL, the answer to your question you asked me if I "created the following settings HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\InternetSettings:[ProxySettingsPerUser] 0" My answer is "Heck if I know" I don't recall seeing that. and wouldn't even know where to find that. question 2) I do not think I encountered any issues in following your instructions. question 3) It appears that I created a registry back up. there was a bunch of things checked. I'll now copy and paste from the box you requested that says Malwarebytes adwcleaner. However, the scanner has a lot of boxes checked. so here goes. It appears there are three things to select and highlight but it won't let me select them all so I'll select one at a time and copy and paste it hopefully you won't get all three multiple times.# AdwCleaner 7.0.0.0 - Logfile created on Tue Jul 18 03:15:19 2017
# Updated on 2017/17/07 by Malwarebytes
# Database: 07-18-2017.1
# Running on Windows 8.1 (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.Legacy, RGMUpdater
PUP.Optional.Legacy, Application Hosting
PUP.Optional.Legacy, AdvancedSystemCareService10
PUP.Optional.RGMUpdater, RGMUpdater
PUP.Optional.Linkury.ACMB1, Application Hosting


***** [ Folders ] *****

Adware.Elex, C:\Windows\System32\config\systemprofile\AppData\Local\SearchProtect
PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\ProgramData\Application Data\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\All Users\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\CrisYouSasyMedic\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\CrisYouSasyMedic\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy, C:\Program Files (x86)\ProductUI
PUP.Optional.Legacy, C:\ProgramData\Pepe
PUP.Optional.Legacy, C:\ProgramData\Application Data\Pepe
PUP.Optional.Legacy, C:\Users\All Users\Pepe
PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader
PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader
PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
PUP.Optional.RGMUpdater.A, C:\Users\CrisYouSasyMedic\AppData\Local\RGMService
PUP.Optional.RGMUpdater, C:\Users\CrisYouSasyMedic\AppData\Local\RGMService
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Application Hosting
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Application Data\Application Hosting
PUP.Optional.Linkury.ACMB1, C:\Users\All Users\Application Hosting
PUP.Optional.SmartBar, C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar


***** [ Files ] *****

PUP.Optional.Legacy, C:\Windows\SysNative\drivers\SPPD.sys
PUP.Optional.Legacy, C:\Users\All Users\Desktop\Advanced SystemCare 10.lnk
PUP.Optional.Legacy, C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\apppatch\apppatch64\vcldr64.dll
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\AppPatch\nbin\VC32Loader.dll


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy, PepeRun
PUP.Adware.Heuristic, ASC10_SkipUac_CrisYouSasyMedic


***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hdapp1008-a.akamaihd.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\land.pckeeper.software
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.software
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {821D49BA-FD30-4292-9BFF-A48D19E5BF66}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4E12FD55-3970-4528-A65B-375CB8E6D474}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SPPDCOM
PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\Microsoft\KanarCore
PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\Microsoft\KanarCore
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Windows\CurrentVersion\Run | Advanced SystemCare 10
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | Advanced SystemCare 10
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run | Advanced SystemCare 10
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | smrt
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | smrt
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe | {8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe | {8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Application Hosting.exe
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\chrome.exe | {8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\firefox.exe | {8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe | {8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe | {8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe | {8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
PUP.Optional.Conduit, [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SVCHOST | ORBTR
PUP.Optional.RGMUpdater, [Key] - HKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\RGMService
PUP.Optional.RGMUpdater, [Key] - HKCU\Software\RGMService
PUP.Optional.Trovi, [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx | {8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB
PUP.Optional.Linkury.ACMB1, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Linkury.ACMB1, [Key] - HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
PUP.Optional.SearchProtect, [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledsDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}
PUP.Optional.SearchProtect, [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledsDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

SearchProvider found: AOL - aol.com
SearchProvider found: Ask - ask.com

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [8283 B] - [2015/1/1 19:8:32]
C:/AdwCleaner/AdwCleaner[S1].txt - [936 B] - [2015/1/1 19:29:41]


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ########### AdwCleaner v4.106 - Report created 01/01/2015 at 11:29:41
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : CrisYouSasyMedic - PHOEBE
# Running from : C:\Users\CrisYouSasyMedic\Downloads\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


*************************

AdwCleaner[R0].txt - [10414 octets] - [01/01/2015 11:04:46]
AdwCleaner[R1].txt - [876 octets] - [01/01/2015 11:26:48]
AdwCleaner[S0].txt - [8283 octets] - [01/01/2015 11:08:32]
AdwCleaner[S1].txt - [798 octets] - [01/01/2015 11:29:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [857 octets] ##########
# AdwCleaner v4.106 - Report created 01/01/2015 at 11:08:32
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : CrisYouSasyMedic - PHOEBE
# Running from : C:\Users\CrisYouSasyMedic\Downloads\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc
Service Deleted : LPTSystemUpdater
Service Deleted : SPPD
Service Deleted : Orbiter
Service Deleted : {3f538614-b636-4023-9ec2-564ada4b07b3}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\pastaleads
Folder Deleted : C:\ProgramData\Alawar Entertainment
Folder Deleted : C:\ProgramData\Alawar Stargaze
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Program Files (x86)\LPT
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\ORBTR
Folder Deleted : C:\Users\CRISYO~1\AppData\Local\Temp\HulaToo
Folder Deleted : C:\Users\CRISYO~1\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\CrisYouSasyMedic\AppData\Local\LPT
Folder Deleted : C:\Users\CrisYouSasyMedic\AppData\Local\SearchProtect
Folder Deleted : C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar
Folder Deleted : C:\Users\CrisYouSasyMedic\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\CrisYouSasyMedic\AppData\Roaming\Alawar Entertainment
Folder Deleted : C:\Users\Public\Documents\AlawarWrapper
File Deleted : C:\Windows\System32\drivers\{3f538614-b636-4023-9ec2-564ada4b07b3}Gw64.sys
File Deleted : C:\Users\CrisYouSasyMedic\AppData\Roaming\Mozilla\Firefox\Profiles\ynjl7jho.default-1420002831963\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\CrisYouSasyMedic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cmd]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\3589012A0E094163A9113F69A0F569B5
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Deleted : HKCU\Software\Boost
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKLM\SOFTWARE\Boost
Key Deleted : HKLM\SOFTWARE\FrEeSoFtOdAy
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\ORBTR
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v34.0.5 (x86 en-US)


*************************

AdwCleaner[R0].txt - [10414 octets] - [01/01/2015 11:04:46]
AdwCleaner[S0].txt - [8067 octets] - [01/01/2015 11:08:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8127 octets] ##########
CrisYouSasyMedic1
Regular Member
 
Posts: 19
Joined: July 14th, 2017, 1:31 pm

Re: Blue Page with very unhappy smiley face

Unread postby mAL_rEm018 » July 18th, 2017, 7:05 pm

Hi Chris,

Please do the following..

  • Point your mouse at the top or bottom right corner of your screen.
  • A sidebar will appear. Select Settings and then click on Control Panel.
  • Depending on your current view setting ...
    • Double click on Programs and Features.
      or
    • Under Programs, click on Uninstall a program.
  • Select the following programs:
    • Advanced SystemCare 10
    • Muvic Smartbar
    • Muvic Smartbar Engine
  • Select Uninstall.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.

Adwcleaner
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select the Registry tab and unselect the following items:
    • PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
    • PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
    • PUP.Optional.Linkury.ACMB1, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
  • Click on Clean.
  • Note: All programs will be closed and your computer will be rebooted, therefore I advise you to save any unsaved work.
  • A notepad window will open. Please copy/paste the contents in your next reply.

I need to see a fresh FRST log..

  • Right-click on FRST64.exe and select Run as administrator.
  • The tool might update. Please allow it to do so.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.



-----------------------------------------
In your next reply, I would like to see..
  • Did you have any trouble following my instructions?
  • Adwcleaner report
  • FRST.txt
  • Addition.txt

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2312
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Page with very unhappy smiley face

Unread postby CrisYouSasyMedic1 » July 19th, 2017, 12:00 am

Hi mAl, when I opened the adwcleaner it said it was corrupted, and to uninstall and re-install. so I did that, and scanned as instructed, but there is no Registry tab to select, and looking at the scan some of the stuff you wanted me to unselect is no there. What did I do wrong? and the Muvic smartbar engine and muvic smartbar will not uninstall it says the uninstall feature you are trying to use is on a network that is unavailable. I've tried to uninstall that before.
CrisYouSasyMedic1
Regular Member
 
Posts: 19
Joined: July 14th, 2017, 1:31 pm

Re: Blue Page with very unhappy smiley face

Unread postby mAL_rEm018 » July 19th, 2017, 4:35 pm

Hi Chris,

CrisYouSasyMedic1 wrote:the Muvic smartbar engine and muvic smartbar will not uninstall it says the uninstall feature you are trying to use is on a network that is unavailable. I've tried to uninstall that before.

We can remove the program another way.

CrisYouSasyMedic1 wrote:when I opened the adwcleaner it said it was corrupted, and to uninstall and re-install. so I did that, and scanned as instructed, but there is no Registry tab to select, and looking at the scan some of the stuff you wanted me to unselect is no there. What did I do wrong?

You did absolutely nothing wrong and the mistake was mine.. I was unaware that Malwarebytes had released a new version of Adwcleaner a couple of days ago and therefore didn't modify my instructions to reflect the new changes. Please try the following and let me know if you encounter any issues.


Adwcleaner
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, click on the small arrow next to PUP.Optional.Legacy and PUP.Optional.Linkury.ACMB1.
    Note: do no uncheck the box.
  • A drop-down menu will appear. Uncheck the following entries:
    Under PUP.Optional.Legacy:
    • Registry [HKLM] SYSTEM\CurrentControlSet\Services\EventLog\Application
    • Registry [HKLM] SYSTEM\CurrentControlSet\Services\EventLog\Application

    Under PUP.Optional.Linkury.ACMB1:
    • Registry [HKLM] SYSTEM\CurrentControlSet\Services\EventLog\Application
  • Note: All programs will be closed and your computer will be rebooted, therefore I advise you to save any unsaved work.
  • A notepad window will open. Please copy/paste the contents in your next reply.
  • Additionally, you can find a copy of the log in the following location on your computer: C:\AdwCleaner\AdwCleaner[c*].txt "* is the number of time the program was run"

I need to see a fresh FRST log..

  • Right-click on FRST64.exe and select Run as administrator.
  • The tool might update. Please allow it to do so.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.



-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problem while following the instructions?
  • AdwCleaner log
  • FRST.txt
  • Addition.txt

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2312
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Page with very unhappy smiley face

Unread postby CrisYouSasyMedic1 » July 19th, 2017, 8:27 pm

after I uncheck those 2 things under the PuP.optional.Legacy: and the one thing under the Pup.optional.Linkury which button on the scanner do I hit to delete or clean them.? one more question I have a lot of PC Games that I installed from store bought Disks is Legacy games, and I noticed that one of the items to be deleted or cleaned is the Pup.optional.Legacy I'm just wondering if that's my Games??
CrisYouSasyMedic1
Regular Member
 
Posts: 19
Joined: July 14th, 2017, 1:31 pm

Re: Blue Page with very unhappy smiley face

Unread postby mAL_rEm018 » July 20th, 2017, 7:46 am

Hi Chris,


CrisYouSasyMedic1 wrote:which button on the scanner do I hit to delete or clean them.?

After unchecking the entries listed in my previous post, please select -> Clean. As I mentioned above, if the log doesn't appear at startup, then you can find it in the following location: C:\AdwCleaner\Adwcleaner[C*].txt (In your case the file will probably be named Adwcleaner[C0].txt)

CrisYouSasyMedic1 wrote:one more question I have a lot of PC Games that I installed from store bought Disks is Legacy games, and I noticed that one of the items to be deleted or cleaned is the Pup.optional.Legacy I'm just wondering if that's my Games??

No these are not related to your games.
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2312
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Blue Page with very unhappy smiley face

Unread postby CrisYouSasyMedic1 » July 21st, 2017, 12:18 am

Hi mAl, answer to your questions first: I did not encounter any problems in following directions. Hope I understood correct, for me to post the logs separate. I'm not sure if they are to big so I guess I'll post 3 different reply's. in this one I'll post the Adwcleaner log. # AdwCleaner 7.0.0.0 - Logfile created on Fri Jul 21 03:34:22 2017
# Updated on 2017/17/07 by Malwarebytes
# Running on Windows 8.1 (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: RGMUpdater
Deleted: Application Hosting
Deleted: RGMUpdater
Deleted: Application Hosting


***** [ Folders ] *****

Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\SearchProtect
Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\CrisYouSasyMedic\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\CrisYouSasyMedic\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\ProductUI
Deleted: C:\ProgramData\Pepe
Deleted: C:\ProgramData\Application Data\Pepe
Deleted: C:\Users\All Users\Pepe
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader
Deleted: C:\Users\CrisYouSasyMedic\AppData\Local\RGMService
Deleted: C:\Users\CrisYouSasyMedic\AppData\Local\RGMService
Deleted: C:\ProgramData\Application Hosting
Deleted: C:\ProgramData\Application Data\Application Hosting
Deleted: C:\Users\All Users\Application Hosting
Deleted: C:\Users\CrisYouSasyMedic\AppData\Local\Smartbar


***** [ Files ] *****

Deleted: C:\Windows\SysNative\drivers\SPPD.sys
Deleted: C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
Deleted: C:\Windows\apppatch\apppatch64\vcldr64.dll
Deleted: C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: PepeRun


***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hdapp1008-a.akamaihd.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\land.pckeeper.software
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.software
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{821D49BA-FD30-4292-9BFF-A48D19E5BF66}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4E12FD55-3970-4528-A65B-375CB8E6D474}
Deleted: [Key] - HKLM\SOFTWARE\SPPDCOM
Deleted: [Key] - HKU\.DEFAULT\Software\Microsoft\KanarCore
Deleted: [Key] - HKU\S-1-5-18\Software\Microsoft\KanarCore
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Deleted: [Value] - HKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 10
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|smrt
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|smrt
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Application Hosting.exe
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SVCHOST|ORBTR
Deleted: [Key] - HKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\RGMService
Deleted: [Key] - HKCU\Software\RGMService
Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB
Deleted: [Key] - HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledsDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledsDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

SearchProvider deleted: AOL - aol.com
SearchProvider deleted: Ask - ask.com


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [8126 B] - [2017/7/19 3:48:22]
C:/AdwCleaner/AdwCleaner[S1].txt - [8193 B] - [2017/7/20 0:13:17]
C:/AdwCleaner/AdwCleaner[S2].txt - [8183 B] - [2017/7/21 3:25:32]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
CrisYouSasyMedic1
Regular Member
 
Posts: 19
Joined: July 14th, 2017, 1:31 pm

Re: Blue Page with very unhappy smiley face

Unread postby CrisYouSasyMedic1 » July 21st, 2017, 12:20 am

Hi again mAl, surly hope I'm doing this right, here is the second item you asked for. The FRST log.Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by CrisYouSasyMedic (administrator) on PHOEBE (20-07-2017 21:08:24)
Running from C:\Users\CrisYouSasyMedic\Downloads
Loaded Profiles: CrisYouSasyMedic (Available Profiles: CrisYouSasyMedic)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Farbar) C:\Users\CrisYouSasyMedic\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-04-08] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-04-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2015-07-11] (Synaptics Incorporated)
HKLM-x32\...\Run: [fst_us_143] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1728952 2015-06-22] (CyberLink Corp.)
HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\MountPoints2: {2d6c1ba1-f1ba-11e4-82d3-a01d4808520a} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-18\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1728952 2015-06-22] (CyberLink Corp.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-08]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyServer: [.DEFAULT] => 1
AutoConfigURL: [.DEFAULT] => file://C:/Users/CrisYouSasyMedic/AppDat ... Config.txt
ProxyServer: [S-1-5-21-28108215-2538129268-678420320-1002] => 1
AutoConfigURL: [S-1-5-21-28108215-2538129268-678420320-1002] => file://C:/Users/CrisYouSasyMedic/AppDat ... Config.txt
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{D0600494-FF46-4F60-9071-FD07C03BE4CF}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{E749224B-6AB3-4438-8228-838FD66382DF}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{FD97FA4C-C7F3-42D7-B1E4-95BC3C83E5B0}: [DhcpNameServer] 192.168.0.1 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXI ... m5nYHk,&q={searchTerms}
HKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.facebook.com/topic/Philip-S ... 6727169189
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXI ... m5nYHk,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-28108215-2538129268-678420320-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-28108215-2538129268-678420320-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-28108215-2538129268-678420320-1002 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)

FireFox:
========
FF DefaultProfile: nq0t1376.default-1499983540924
FF ProfilePath: C:\Users\CrisYouSasyMedic\AppData\Roaming\Mozilla\Firefox\Profiles\nq0t1376.default-1499983540924 [2017-07-20]
FF Homepage: Mozilla\Firefox\Profiles\nq0t1376.default-1499983540924 -> hxxps://www.facebook.com/
FF Extension: (Firefox Search Test) - C:\Users\CrisYouSasyMedic\AppData\Roaming\Mozilla\Firefox\Profiles\nq0t1376.default-1499983540924\Extensions\firefoxsearchtest@mozilla.com.xpi [2017-07-13]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-07-19]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-05-20] ()

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> DuckDuckGo
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default [2017-07-20]
CHR Extension: (Google Slides) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-08]
CHR Extension: (Google Docs) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-08]
CHR Extension: (Google Drive) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-08]
CHR Extension: (YouTube) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-08]
CHR Extension: (Kaspersky Protection) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-08]
CHR Extension: (Google Sheets) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-08]
CHR Extension: (Google Docs Offline) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Gmail) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-08]
CHR Extension: (Chrome Media Router) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-29]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/deta ... ijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/deta ... ijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-16] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-16] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2015-07-11] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2014-12-07] (Advanced Micro Devices, INC.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-12-07] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-08] (CyberLink)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [197312 2017-07-19] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [520152 2017-07-19] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1021624 2017-07-19] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57424 2017-01-02] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [136416 2017-07-07] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199640 2017-07-19] (AO Kaspersky Lab)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2015-07-11] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2015-09-11] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2946264 2013-10-18] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-10-01] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-10-01] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-20 21:06 - 2017-07-20 21:07 - 02382336 _____ (Farbar) C:\Users\CrisYouSasyMedic\Downloads\FRST64(1).exe
2017-07-20 20:56 - 2017-07-20 20:56 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-07-19 22:20 - 2017-07-19 22:20 - 00301344 _____ C:\Windows\Minidump\071917-32250-01.dmp
2017-07-19 17:36 - 2017-07-19 17:37 - 65033984 _____ (Malwarebytes ) C:\Users\CrisYouSasyMedic\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-19 11:11 - 2017-07-19 11:10 - 01021624 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2017-07-19 11:11 - 2017-07-19 11:10 - 00199640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys
2017-07-19 11:11 - 2017-07-19 11:10 - 00197312 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2017-07-19 11:10 - 2017-07-19 11:05 - 00520152 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2017-07-18 21:12 - 2017-07-18 21:12 - 00060866 _____ C:\Users\CrisYouSasyMedic\Desktop\FRST.txt
2017-07-18 21:12 - 2017-07-18 21:12 - 00041977 _____ C:\Users\CrisYouSasyMedic\Desktop\Addition.txt
2017-07-18 21:09 - 2017-07-18 21:10 - 00041974 _____ C:\Users\CrisYouSasyMedic\Downloads\Addition.txt
2017-07-18 21:07 - 2017-07-20 21:09 - 00020824 _____ C:\Users\CrisYouSasyMedic\Downloads\FRST.txt
2017-07-18 21:05 - 2017-07-18 21:06 - 02382336 _____ (Farbar) C:\Users\CrisYouSasyMedic\Downloads\FRST64.exe
2017-07-18 20:45 - 2017-07-20 20:25 - 00000000 ____D C:\AdwCleaner
2017-07-18 20:43 - 2017-07-18 20:44 - 08162248 _____ (Malwarebytes) C:\Users\CrisYouSasyMedic\Downloads\AdwCleaner(1).exe
2017-07-18 20:41 - 2017-07-18 20:41 - 00002274 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2017-07-18 20:40 - 2017-07-18 20:40 - 05766144 _____ (Tweaking.com) C:\Users\CrisYouSasyMedic\Downloads\tweaking.com_registry_backup_setup(1).exe
2017-07-17 20:08 - 2017-07-17 20:09 - 08162248 _____ (Malwarebytes) C:\Users\CrisYouSasyMedic\Downloads\AdwCleaner.exe
2017-07-17 20:06 - 2017-07-17 20:06 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PHOEBE-Windows-8.1-(64-bit).dat
2017-07-17 20:06 - 2017-07-17 20:06 - 00000000 ____D C:\RegBackup
2017-07-17 20:05 - 2017-07-17 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-07-17 20:05 - 2017-07-17 20:05 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-07-17 20:04 - 2017-07-18 20:41 - 00034332 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2017-07-17 20:02 - 2017-07-17 20:04 - 05766144 _____ (Tweaking.com) C:\Users\CrisYouSasyMedic\Downloads\tweaking.com_registry_backup_setup.exe
2017-07-16 13:24 - 2017-07-16 13:24 - 00000000 ____D C:\Computer Back Up C Drive
2017-07-16 12:23 - 2017-07-16 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-07-16 12:23 - 2017-07-16 12:23 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-07-16 12:18 - 2017-07-16 12:18 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\CrisYouSasyMedic\Downloads\cbSetup.exe
2017-07-15 17:30 - 2017-07-19 22:20 - 544536674 _____ C:\Windows\MEMORY.DMP
2017-07-15 17:30 - 2017-07-15 17:31 - 00313632 _____ C:\Windows\Minidump\071517-31453-01.dmp
2017-07-15 11:33 - 2017-07-19 11:33 - 00003226 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCrisYouSasyMedic
2017-07-15 11:33 - 2017-07-19 11:33 - 00000390 _____ C:\Windows\Tasks\HPCeeScheduleForCrisYouSasyMedic.job
2017-07-14 13:07 - 2017-07-20 21:08 - 00000000 ____D C:\FRST
2017-07-13 15:40 - 2017-07-13 15:40 - 00001180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-13 15:40 - 2017-07-13 15:40 - 00001168 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-13 15:40 - 2017-07-13 15:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-13 15:38 - 2017-07-13 15:38 - 45060264 _____ C:\Users\CrisYouSasyMedic\Downloads\Firefox Setup 54.0.1.exe
2017-07-13 13:45 - 2017-07-13 13:45 - 00004158 _____ C:\Users\CrisYouSasyMedic\Downloads\bookmarks-2014-10-23_26_XYtt+ma65+iy5-29Fgylzw==.jsonlz4
2017-07-13 10:25 - 2017-07-13 10:25 - 00301344 _____ C:\Windows\Minidump\071317-37953-01.dmp
2017-07-12 14:33 - 2017-07-12 14:34 - 00305440 _____ C:\Windows\Minidump\071217-36796-01.dmp
2017-07-12 14:07 - 2017-06-29 17:27 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-12 14:07 - 2017-06-29 17:27 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-11 17:00 - 2017-06-28 23:27 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-11 17:00 - 2017-06-28 23:02 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-11 17:00 - 2017-06-28 22:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-11 17:00 - 2017-06-28 22:44 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-11 17:00 - 2017-06-28 22:23 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-11 17:00 - 2017-06-28 22:23 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-11 17:00 - 2017-06-28 22:17 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-07-11 17:00 - 2017-06-28 22:13 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-11 17:00 - 2017-06-28 22:09 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-11 17:00 - 2017-06-28 21:58 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-11 17:00 - 2017-06-28 21:53 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-11 17:00 - 2017-06-28 21:52 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-11 17:00 - 2017-06-28 21:51 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-07-11 17:00 - 2017-06-28 21:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-11 17:00 - 2017-06-28 21:43 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-11 17:00 - 2017-06-28 21:41 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-11 17:00 - 2017-06-28 21:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-11 17:00 - 2017-06-28 21:28 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-11 17:00 - 2017-06-28 21:24 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-11 17:00 - 2017-06-28 21:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-11 17:00 - 2017-06-27 07:29 - 07796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-07-11 17:00 - 2017-06-27 07:29 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-07-11 17:00 - 2017-06-27 07:26 - 05274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-07-11 17:00 - 2017-06-27 07:26 - 05268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-07-11 17:00 - 2017-06-22 07:22 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-11 17:00 - 2017-06-17 09:45 - 03631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-11 17:00 - 2017-06-17 09:34 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-11 17:00 - 2017-06-17 09:11 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-11 17:00 - 2017-06-17 09:05 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-11 17:00 - 2017-06-15 15:02 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-11 17:00 - 2017-06-15 06:45 - 07440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-07-11 17:00 - 2017-06-15 06:45 - 01674520 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-07-11 17:00 - 2017-06-15 06:45 - 01534064 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-07-11 17:00 - 2017-06-15 06:45 - 01499920 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-07-11 17:00 - 2017-06-15 06:45 - 01370320 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-07-11 17:00 - 2017-06-15 06:45 - 00086360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2017-07-11 17:00 - 2017-06-11 17:06 - 00376672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-07-11 17:00 - 2017-06-11 15:21 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-11 17:00 - 2017-06-11 14:43 - 00371200 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-11 17:00 - 2017-06-11 14:25 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-11 17:00 - 2017-06-11 14:15 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-11 17:00 - 2017-06-11 14:08 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-11 17:00 - 2017-06-11 14:07 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-11 17:00 - 2017-06-11 14:00 - 00962560 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-11 17:00 - 2017-06-11 13:58 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-11 17:00 - 2017-06-11 13:40 - 01323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-11 17:00 - 2017-06-11 13:35 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-11 17:00 - 2017-06-11 13:31 - 00781312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-11 17:00 - 2017-06-11 08:15 - 02013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-11 17:00 - 2017-06-06 13:52 - 03120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-11 17:00 - 2017-06-06 13:42 - 00925696 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2017-07-11 17:00 - 2017-06-06 13:38 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\cnvfat.dll
2017-07-11 17:00 - 2017-06-06 13:36 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\uudf.dll
2017-07-11 17:00 - 2017-06-06 13:36 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\convert.exe
2017-07-11 17:00 - 2017-06-06 13:35 - 00517120 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2017-07-11 17:00 - 2017-06-06 12:13 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2017-07-11 17:00 - 2017-06-06 12:11 - 00557568 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2017-07-11 17:00 - 2017-06-06 12:11 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2017-07-11 17:00 - 2017-06-06 12:11 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\ufat.dll
2017-07-11 17:00 - 2017-06-06 12:11 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\uexfat.dll
2017-07-11 17:00 - 2017-06-06 12:08 - 02712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-11 17:00 - 2017-06-06 12:03 - 00837632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2017-07-11 17:00 - 2017-06-06 11:59 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cnvfat.dll
2017-07-11 17:00 - 2017-06-06 11:57 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uudf.dll
2017-07-11 17:00 - 2017-06-06 11:56 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2017-07-11 17:00 - 2017-06-06 11:03 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll
2017-07-11 17:00 - 2017-06-06 11:02 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2017-07-11 17:00 - 2017-06-06 11:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2017-07-11 17:00 - 2017-06-06 11:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ufat.dll
2017-07-11 17:00 - 2017-06-06 11:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uexfat.dll
2017-07-11 17:00 - 2017-06-03 09:27 - 02346496 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-07-11 17:00 - 2017-06-03 09:03 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-07-11 17:00 - 2017-05-31 14:20 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-11 17:00 - 2017-05-15 15:09 - 00057688 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2017-07-11 17:00 - 2017-05-15 13:03 - 00379744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-07-11 17:00 - 2017-05-09 07:37 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2017-07-11 17:00 - 2017-05-09 07:35 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2017-07-11 17:00 - 2017-05-09 07:29 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2017-07-11 17:00 - 2017-05-09 07:29 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\snmptrap.exe
2017-07-11 17:00 - 2017-05-09 07:28 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2017-07-11 17:00 - 2017-05-09 07:28 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2017-07-11 17:00 - 2017-05-09 07:12 - 00448576 _____ C:\Windows\system32\ApnDatabase.xml
2017-07-11 17:00 - 2017-05-06 09:45 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2017-07-11 17:00 - 2017-05-06 09:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2017-07-11 17:00 - 2017-05-02 13:09 - 00686592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-07-11 17:00 - 2017-05-02 13:08 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-07-11 17:00 - 2017-05-02 13:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-07-11 17:00 - 2017-05-02 11:41 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2017-07-11 17:00 - 2017-05-02 11:31 - 00329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-07-11 17:00 - 2017-05-02 11:31 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\smbwmiv2.dll
2017-07-11 17:00 - 2017-05-02 10:35 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2017-07-11 17:00 - 2017-04-30 09:48 - 00080078 _____ C:\Windows\system32\normidna.nls
2017-07-11 17:00 - 2017-04-27 18:13 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-07-11 17:00 - 2017-04-27 18:11 - 01060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-07-11 16:49 - 2017-05-03 16:11 - 00103600 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-11 16:49 - 2017-05-03 06:43 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-11 11:10 - 2017-07-11 11:10 - 13059576 _____ (IObit ) C:\Users\CrisYouSasyMedic\Downloads\sd5_setup.exe
2017-07-08 11:11 - 2017-07-08 11:12 - 00301344 _____ C:\Windows\Minidump\070817-41468-01.dmp
2017-07-08 10:12 - 2017-03-30 06:15 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-07-08 10:12 - 2017-03-30 06:15 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-07-08 10:12 - 2017-03-30 06:15 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-07-08 10:12 - 2017-03-30 06:15 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-07-08 10:08 - 2017-05-14 12:04 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-07-08 10:08 - 2017-05-14 12:03 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-07-08 10:08 - 2017-05-14 11:13 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-07-08 10:08 - 2017-05-12 08:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-07-08 10:08 - 2017-05-12 08:50 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-07-08 10:08 - 2017-05-12 08:48 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-07-08 10:08 - 2017-05-12 08:47 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-07-08 10:08 - 2017-05-11 19:18 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-07-08 10:08 - 2017-05-11 19:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-07-08 10:08 - 2017-05-11 19:10 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-07-08 10:08 - 2017-05-11 19:07 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-07-08 10:08 - 2017-05-11 19:06 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-07-08 10:08 - 2017-05-11 19:04 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-07-08 10:08 - 2017-05-11 19:00 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-07-08 10:08 - 2017-05-11 16:36 - 22361848 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-07-08 10:08 - 2017-05-11 16:32 - 19788672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-07-08 10:08 - 2017-05-06 09:04 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-07-08 10:08 - 2017-04-16 03:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-07-08 10:08 - 2017-04-16 03:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-07-08 10:08 - 2017-04-16 03:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-07-08 10:08 - 2017-04-16 02:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-07-08 10:08 - 2017-04-16 02:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-07-08 10:08 - 2017-04-16 02:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-07-08 10:08 - 2017-04-16 01:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-08 10:08 - 2017-04-16 01:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-08 10:08 - 2017-04-16 01:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-08 10:08 - 2017-04-16 01:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-08 10:08 - 2017-04-16 01:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-08 10:08 - 2017-04-16 00:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-08 10:08 - 2017-04-16 00:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-08 10:08 - 2017-04-16 00:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-08 10:08 - 2017-04-16 00:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-08 10:08 - 2017-04-16 00:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-08 10:08 - 2017-04-16 00:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-08 10:08 - 2017-04-16 00:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-08 10:08 - 2017-04-16 00:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-08 10:08 - 2017-04-16 00:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-08 10:08 - 2017-04-16 00:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-08 10:08 - 2017-04-16 00:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-08 10:08 - 2017-04-09 15:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-08 10:08 - 2017-04-09 15:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-08 10:08 - 2017-02-11 09:49 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2017-07-08 10:08 - 2017-02-01 12:44 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-08 10:07 - 2017-06-02 05:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-08 10:07 - 2017-06-02 05:12 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-08 10:07 - 2017-06-02 05:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-08 10:07 - 2017-06-02 05:06 - 01001984 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-07-08 10:07 - 2017-06-02 05:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-08 10:07 - 2017-06-02 04:03 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-08 10:07 - 2017-06-02 03:25 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-08 10:07 - 2017-06-02 03:24 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-08 10:07 - 2017-06-02 03:17 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-08 10:07 - 2017-06-02 02:43 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-08 10:07 - 2017-05-15 12:58 - 00121184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-07-08 10:07 - 2017-05-14 13:42 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-07-08 10:07 - 2017-05-14 13:19 - 01364040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-07-08 10:07 - 2017-05-14 11:06 - 01737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-07-08 10:07 - 2017-05-14 11:06 - 01502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-07-08 10:07 - 2017-05-12 10:05 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-07-08 10:07 - 2017-05-12 09:16 - 01084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-07-08 10:07 - 2017-05-12 09:13 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-07-08 10:07 - 2017-05-11 21:10 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-07-08 10:07 - 2017-05-11 19:58 - 01985536 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-07-08 10:07 - 2017-05-11 19:48 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-07-08 10:07 - 2017-05-10 11:19 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-07-08 10:07 - 2017-05-06 09:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-07-08 10:07 - 2017-04-16 03:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-07-08 10:07 - 2017-04-16 03:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-07-08 10:07 - 2017-04-16 02:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-07-08 10:07 - 2017-04-16 01:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-08 10:07 - 2017-04-16 01:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-07-08 10:07 - 2017-04-16 01:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-08 10:07 - 2017-04-16 01:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-07-08 10:07 - 2017-04-16 00:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-07-08 10:07 - 2017-04-16 00:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-07-08 10:07 - 2017-04-16 00:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-07-08 10:07 - 2017-04-06 10:37 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-08 10:07 - 2017-04-06 10:16 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2017-07-08 10:07 - 2017-04-06 09:50 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-08 10:07 - 2017-04-06 09:46 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-08 10:07 - 2017-04-06 09:46 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-08 10:07 - 2017-04-06 09:35 - 01362432 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-07-08 10:07 - 2017-04-06 09:15 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-08 10:07 - 2017-04-06 08:44 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-07-08 10:07 - 2017-04-02 07:49 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-07-08 10:07 - 2017-03-31 16:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-07-08 10:07 - 2017-03-31 14:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-07-08 10:07 - 2017-03-13 09:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-07-08 10:07 - 2017-03-13 09:29 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-07-08 10:07 - 2017-03-13 09:25 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-07-08 10:07 - 2017-03-13 09:13 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-07-08 10:07 - 2017-03-13 09:07 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-07-08 10:07 - 2017-03-13 09:06 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-07-08 10:07 - 2017-03-12 08:04 - 00033792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-07-08 10:07 - 2017-03-10 20:59 - 01763888 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-07-08 10:07 - 2017-03-10 20:56 - 01489608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-07-08 10:07 - 2017-03-10 16:38 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-07-08 10:07 - 2017-03-09 13:52 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2017-07-08 10:07 - 2017-03-09 12:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2017-07-08 10:07 - 2017-03-04 12:24 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-07-08 10:07 - 2017-03-04 12:06 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-07-08 10:07 - 2017-03-04 11:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-07-08 10:07 - 2017-03-04 09:37 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-07-08 10:07 - 2017-03-03 08:11 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-07-08 10:07 - 2017-03-03 08:10 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-07-08 10:07 - 2017-03-03 08:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-07-08 10:07 - 2017-03-03 08:04 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-07-08 10:07 - 2017-02-11 11:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-07-08 10:07 - 2017-02-11 09:42 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2017-07-08 10:07 - 2017-02-10 12:06 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-08 10:07 - 2017-02-10 07:37 - 00046600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2017-07-08 10:07 - 2017-02-04 10:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-07-08 10:07 - 2017-02-04 10:51 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-07-08 10:07 - 2017-02-04 10:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-07-08 10:07 - 2017-02-01 12:42 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-08 10:07 - 2017-01-18 19:18 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-07-08 10:07 - 2017-01-18 07:35 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-07-08 10:07 - 2017-01-18 07:34 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-07-08 10:07 - 2017-01-14 13:32 - 00955016 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-07-08 10:07 - 2017-01-14 12:18 - 00787688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-07-08 10:07 - 2017-01-12 09:51 - 00274776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2017-07-08 10:07 - 2017-01-12 09:51 - 00117592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2017-07-08 10:07 - 2017-01-11 12:12 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2017-07-08 10:07 - 2017-01-11 10:28 - 00422744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2017-07-08 10:07 - 2017-01-11 08:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2017-07-08 10:07 - 2017-01-10 15:37 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-07-08 10:07 - 2017-01-10 14:06 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-07-08 10:07 - 2017-01-10 13:46 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-07-08 10:07 - 2017-01-10 12:20 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-07-08 10:07 - 2017-01-10 12:09 - 01108480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-07-08 10:07 - 2017-01-06 10:25 - 02513408 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2017-07-08 10:07 - 2017-01-06 10:04 - 01495552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-07-08 10:07 - 2016-12-24 18:21 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2017-07-08 10:07 - 2016-12-24 18:14 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-07-08 10:07 - 2016-12-24 17:48 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-07-08 10:07 - 2016-12-24 17:19 - 00170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-07-08 10:07 - 2016-12-24 16:39 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-07-08 09:47 - 2017-02-04 10:32 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-07-08 09:47 - 2017-02-04 10:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-07-08 09:46 - 2017-02-09 07:59 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-07-08 09:46 - 2017-02-09 07:58 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-07-08 09:46 - 2017-02-09 07:58 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2017-07-08 09:46 - 2017-02-04 12:32 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2017-07-08 09:46 - 2017-02-04 12:30 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-07-08 09:46 - 2017-02-04 10:50 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-07-08 09:46 - 2017-02-04 10:40 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-07-08 09:46 - 2017-02-04 10:17 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-07-08 09:46 - 2017-02-04 10:10 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-07-08 09:46 - 2017-01-21 14:37 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-07-08 09:46 - 2017-01-21 12:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-08 09:46 - 2017-01-21 12:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-08 09:46 - 2017-01-21 11:40 - 00756736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-08 09:46 - 2017-01-21 11:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-08 09:46 - 2017-01-14 10:49 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2017-07-07 19:34 - 2017-07-07 19:33 - 00136416 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2017-07-07 19:08 - 2017-07-07 19:08 - 00002173 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-07-07 19:08 - 2017-07-07 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-20 20:49 - 2016-11-19 09:02 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\LocalLow\Mozilla
2017-07-20 20:49 - 2014-01-27 09:27 - 00000000 ____D C:\ProgramData\Temp
2017-07-20 20:47 - 2015-05-19 13:30 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\Roaming\vlc
2017-07-20 20:45 - 2014-05-15 18:11 - 00003592 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-28108215-2538129268-678420320-1002
2017-07-20 20:45 - 2013-08-25 23:09 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-20 20:45 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\Inf
2017-07-20 20:42 - 2014-12-23 23:18 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-07-20 20:42 - 2014-05-18 20:08 - 00000000 ___DO C:\Users\CrisYouSasyMedic\SkyDrive
2017-07-20 20:42 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\NDF
2017-07-20 20:41 - 2017-03-15 16:33 - 00000000 ____D C:\Users\CrisYouSasyMedic\Documents\Youcam
2017-07-20 20:39 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-20 20:38 - 2014-01-27 09:17 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-07-20 20:38 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-07-20 20:33 - 2017-04-02 11:00 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\LocalLow\IObit
2017-07-20 20:33 - 2017-04-02 10:59 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\Roaming\IObit
2017-07-20 20:33 - 2017-04-02 10:59 - 00000000 ____D C:\ProgramData\IObit
2017-07-20 20:33 - 2014-12-16 11:25 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\Local\RGMService
2017-07-20 13:23 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-20 13:23 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2017-07-19 22:25 - 2014-05-16 02:06 - 00000000 ____D C:\Users\CrisYouSasyMedic
2017-07-19 22:20 - 2015-01-21 17:40 - 00000000 ____D C:\Windows\Minidump
2017-07-19 11:11 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2017-07-18 20:09 - 2017-04-02 10:59 - 00000000 ____D C:\Program Files (x86)\IObit
2017-07-18 16:33 - 2017-04-02 11:00 - 00000000 ____D C:\ProgramData\ProductData
2017-07-14 14:27 - 2017-04-02 10:56 - 00000000 ____D C:\meghantools
2017-07-13 16:14 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2017-07-13 15:47 - 2017-04-02 11:16 - 00000000 ____D C:\Program Files\Recuva
2017-07-13 15:40 - 2014-05-15 20:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-13 12:35 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2017-07-12 14:46 - 2015-04-16 10:54 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-12 14:46 - 2015-03-13 12:03 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-07-12 14:44 - 2013-08-22 07:44 - 00429184 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-12 14:25 - 2014-05-18 21:37 - 00000000 ____D C:\Windows\system32\MRT
2017-07-12 14:12 - 2014-05-18 21:37 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-11 21:00 - 2014-05-15 21:41 - 00004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-11 21:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-11 21:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-08 10:46 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData
2017-07-08 10:46 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2017-07-08 10:46 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\inetsrv
2017-07-08 10:46 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-07-08 10:46 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-08 10:45 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-07-08 10:44 - 2014-01-27 10:35 - 00188674 ____N C:\Windows\Minidump\070817-49218-01.dmp
2017-07-08 10:11 - 2013-08-22 06:25 - 00000322 _____ C:\Windows\win.ini
2017-07-07 19:13 - 2014-05-16 02:06 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\Local\Packages
2017-07-07 19:11 - 2016-04-08 21:42 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-07 19:11 - 2016-04-08 21:42 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-07 18:56 - 2015-03-05 15:58 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-07 18:56 - 2015-03-05 15:58 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2017-04-02 10:29 - 2017-04-02 10:29 - 0004096 ____H () C:\Users\CrisYouSasyMedic\AppData\Local\keyfile3.drm
2014-08-09 14:55 - 2014-08-09 14:55 - 0000017 _____ () C:\Users\CrisYouSasyMedic\AppData\Local\resmon.resmoncfg
2014-07-29 17:18 - 2014-07-29 17:20 - 0000356 _____ () C:\ProgramData\aygdr_save.log

Some files in TEMP:
====================
2014-11-08 01:33 - 2014-12-20 13:33 - 0601088 _____ () C:\Users\CrisYouSasyMedic\AppData\Local\Temp\Quarantine.exe
2014-11-08 01:47 - 2014-10-17 04:39 - 0665682 _____ (SQLite Development Team) C:\Users\CrisYouSasyMedic\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-09 12:40

==================== End of FRST.txt ============================
CrisYouSasyMedic1
Regular Member
 
Posts: 19
Joined: July 14th, 2017, 1:31 pm

Re: Blue Page with very unhappy smiley face

Unread postby CrisYouSasyMedic1 » July 21st, 2017, 12:25 am

Hi mAL, this is the last log for the Addition. And, when I started the Adwcleaner, I had forgotten to turn off my Kaspersky and it told me that adwcleaner is attempting to get access to malware, and it detected, trojan.msil.tpyn.edw and it's location was c:\users\CrisYouSasy...cal\rgmsService\sp.dll I turned off Kaspersky and did not allow it to delete. Not sure what that was.Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by CrisYouSasyMedic (20-07-2017 21:11:02)
Running from C:\Users\CrisYouSasyMedic\Downloads
Windows 8.1 (Update) (X64) (2014-05-16 09:06:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-28108215-2538129268-678420320-500 - Administrator - Disabled)
CrisYouSasyMedic (S-1-5-21-28108215-2538129268-678420320-1002 - Administrator - Enabled) => C:\Users\CrisYouSasyMedic
CrisY_000 (S-1-5-21-28108215-2538129268-678420320-1003 - Limited - Enabled)
Guest (S-1-5-21-28108215-2538129268-678420320-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (HKLM-x32\...\WTA-545aa1e8-471e-4efc-9132-05ed45152c29) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Airport Mania (HKLM-x32\...\WTA-1e350cce-7b1c-4aba-800c-48716cc60bcc) (Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{DEF2600B-C52F-441E-B0C9-88B09DC2F412}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Amnesia - The Dark Descent (HKLM-x32\...\{759FC370-E77F-4FB0-A1E4-C0628A44BA44}) (Version: 1.00.0000 - Valusoft)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-31e4b974-5ded-4ae1-b46b-5ff648b1c47f) (Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-e7e48931-095a-4f37-8a4f-5cec7d34907d) (Version: 2.2.0.98 - WildTangent) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-8c19759a-cabd-43b3-bd5d-b7053214531c) (Version: 2.2.0.97 - WildTangent) Hidden
Britannica World's Best Solitaire (HKLM-x32\...\World's Best Solitaire) (Version: 2.00.07.01.23 - Selectsoft Publishing)
Build-a-lot (HKLM-x32\...\WTA-0c411bb9-99b4-41e0-87f8-cf5a0fdcaeb7) (Version: 2.2.0.98 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-a7a7a624-9c9a-4a09-b37e-5018aac5e0ca) (Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-5ce6c8ea-49a4-49ae-a2a0-63135c500875) (Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (HKLM-x32\...\WTA-1c705dda-d638-41bc-a916-f43c491cb09a) (Version: 3.0.2.32 - WildTangent) Hidden
Cursed Fates - The Headless Horseman (HKLM-x32\...\Cursed Fates - The Headless Horseman) (Version: - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.10.5422 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.5011 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Dimensions: City of Fog (HKLM-x32\...\BFG-Dark Dimensions - City of Fog) (Version: - )
Dark Mysteries - The Soul Keeper (HKLM-x32\...\Dark Mysteries - The Soul Keeper) (Version: - )
Dark Tales: Edgar Allan Poes The Premature Burial (HKLM-x32\...\BFG-Dark Tales - Edgar Allan Poes The Premature Burial) (Version: - )
Dark Tales: ™ Edgar Allan Poe's The Black Cat (HKLM-x32\...\BFG-Dark Tales - Edgar Allan Poe's The Black Cat) (Version: - )
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-d6fcbbb6-022d-4052-abfb-445d19c7578d) (Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Echoes of Sorrow (HKLM-x32\...\Echoes of Sorrow) (Version: 1.0 - Alawar Entertainment Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
F.A.C.E.S. Collector's Edition (HKLM-x32\...\BFG-F.A.C.E.S. Collector's Edition) (Version: - )
Farm Frenzy (HKLM-x32\...\WTA-c878aac2-8d29-448a-b55c-6ced49637f6d) (Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (HKLM-x32\...\WTA-22115ff0-9e95-4430-83e0-8c15907f00ed) (Version: 3.0.2.38 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-a6e76048-f70e-40a5-82eb-84d2c73ebbda) (Version: 2.2.0.110 - WildTangent) Hidden
Gravely Silent: House of Deadlock Collector's Edition (HKLM-x32\...\BFG-Gravely Silent - House of Deadlock Collector's Edition) (Version: - )
Grim Tales: The Bride (HKLM-x32\...\BFG-Grim Tales - The Bride) (Version: - )
Grim Tales: The Legacy (HKLM-x32\...\BFG-Grim Tales - The Legacy) (Version: - )
Haunted Halls: Green Hills Sanitarium (HKLM-x32\...\BFG-Haunted Halls - Green Hills Sanitarium) (Version: - )
Haunted Halls: Green Hills Sanitarium Strategy Guide (HKLM-x32\...\BFG-Haunted Halls - Green Hills Sanitarium Strategy Guide) (Version: - )
Haunted Legends: The Bronze Horseman Collectors Edition (HKLM-x32\...\BFG-Haunted Legends - The Bronze Horseman Collectors Edition) (Version: - )
Haunted Legends: The Queen of Spades (HKLM-x32\...\BFG-Haunted Legends - The Queen of Spades) (Version: - )
Haunted Manor: Lord of Mirrors (HKLM-x32\...\BFG-Haunted Manor - Lord of Mirrors) (Version: - )
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-3eb54275-1f3d-47ab-8e8c-6b37c2d659be) (Version: 2.2.0.98 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{D82B396E-A647-4C81-9DA4-C61F7BB620EC}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.4.19.3 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.7.27.15 - HP)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Utility Center (HKLM\...\{1D7EB7E7-0B5D-4A23-A383-7EF133090026}) (Version: 2.3.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.57 - Softex Inc.) Hidden
Jewel Match 3 (HKLM-x32\...\WTA-53496468-739f-4daf-9999-b9823f027c89) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-a2762c91-c502-413d-b757-56b815bdf8e7) (Version: 2.2.0.95 - WildTangent) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
King Oddball (HKLM-x32\...\WTA-907c9196-a16f-45e5-a836-05147a403026) (Version: 3.0.2.48 - WildTangent) Hidden
Lost Souls - Enchanted Paintings (HKLM-x32\...\Lost Souls - Enchanted Paintings) (Version: - )
Luxor Evolved (HKLM-x32\...\WTA-9eb69b18-6608-4ff1-8350-e995d8ababd0) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (HKLM-x32\...\WTA-23824612-adb6-4c7f-82f1-9dd8c09a2271) (Version: 2.2.0.95 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
Muvic Smartbar (HKLM-x32\...\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTION
Muvic Smartbar Engine (HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\{08998c2c-b970-4110-8c1f-7a405e284254}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTION
Mystery Case Files: Escape from Ravenhearst (HKLM-x32\...\BFG-Mystery Case Files - Escape from Ravenhearst) (Version: - )
Mystery Case Files: Return to Ravenhearst ™ (HKLM-x32\...\BFG-Mystery Case Files - Return to Ravenhearst) (Version: - )
Mystery Legends: Beauty and the Beast (HKLM-x32\...\BFG-Mystery Legends - Beauty and the Beast) (Version: - )
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-50c81989-bd06-4041-8bdb-eda6e3d4d7c6) (Version: 2.2.0.98 - WildTangent) Hidden
Mystery Stories - Mountains of Madness (HKLM-x32\...\Mystery Stories - Mountains of Madness) (Version: - )
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Peggle Nights (HKLM-x32\...\WTA-0e60c1aa-64c9-4531-9872-3a621c04d3ad) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-d3d51d38-13a3-439b-bae0-0bed6cb0d74c) (Version: 2.2.0.98 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.4.0.1 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-d59a1ddd-8827-4478-848e-257c8f7479e0) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-f8868715-8d23-4c71-af13-b5a6c2175bd3) (Version: 2.2.0.97 - WildTangent) Hidden
Punch! Home and Landscape (HKLM-x32\...\{5AB52F3C-23C7-4FB2-9285-C0C0635CABCC}) (Version: 15.0.2 - Punch! Software, LLC)
Puran File Recovery 1.2.1 (HKLM\...\Puran File Recovery_is1) (Version: - Puran Software)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29082 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.35.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.38 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Redemption Cemetery: Curse of the Raven (HKLM-x32\...\BFG-Redemption Cemetery - Curse of the Raven) (Version: - )
Redemption Cemetery: Grave Testimony (HKLM-x32\...\BFG-Redemption Cemetery - Grave Testimony) (Version: - )
Redemption Cemetery: Salvation of the Lost (HKLM-x32\...\BFG-Redemption Cemetery - Salvation of the Lost) (Version: - )
RGMUpdater Monetization Control (HKLM-x32\...\RGMUpdater Monetization Controlcc56729e-9fc2-4c79-a5a8-77edc7087390) (Version: 2.2.0322.1140 - )
Roads of Rome 3 (HKLM-x32\...\WTA-70ef15d1-43a2-4071-8a27-85587e95d13e) (Version: 2.2.0.98 - WildTangent) Hidden
Save Our Spirit (HKLM-x32\...\Save Our Spirit) (Version: - )
Shadow Wolf Mysteries: Bane of the Family (HKLM-x32\...\BFG-Shadow Wolf Mysteries - Bane of the Family) (Version: - )
Shadow Wolf Mysteries: Curse of the Full Moon (HKLM-x32\...\BFG-Shadow Wolf Mysteries - Curse of the Full Moon) (Version: - )
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
Spirits of Mystery: Amber Maiden (HKLM-x32\...\BFG-Spirits of Mystery - Amber Maiden) (Version: - )
Spirits of Mystery: Song of the Phoenix (HKLM-x32\...\BFG-Spirits of Mystery - Song of the Phoenix) (Version: - )
Spirits of Mystery: The Dark Minotaur (HKLM-x32\...\BFG-Spirits of Mystery - The Dark Minotaur) (Version: - )
Stray Souls: Dollhouse Story (HKLM-x32\...\Stray Souls: Dollhouse Story) (Version: 1.0 - Alawar Entertainment Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.20 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-872c36de-ad44-4735-9234-d2cb8c4438f9) (Version: 2.2.0.110 - WildTangent) Hidden
The Stanwick Mystery (HKLM-x32\...\The Stanwick Mystery) (Version: - )
The Treasures of Mystery Island: The Ghost Ship (HKLM-x32\...\The Treasures of Mystery Island: The Ghost Ship) (Version: 1.0 - Alawar Entertainment Inc.)
Theatre of the Absurd (HKLM-x32\...\Theatre of the Absurd) (Version: - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Twisted Lands: Shadow Town (HKLM-x32\...\Twisted Lands: Shadow Town) (Version: - Alawar Entertainment Inc.)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-042253bf-b369-4a76-8a8d-34385b3a27fe) (Version: 3.0.2.32 - WildTangent) Hidden
VIVA MEDIA GAME CENTER (HKLM-x32\...\VIVAGplayer) (Version: 1.2010.6.23 - INTENIUM GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Media Player and Options (HKLM\...\Windows_Media_Player_and_Options) (Version: 1.0 - Windows Media Player)
Youda Jewel Shop (HKLM-x32\...\WTA-6e9486f2-21c3-4e1b-9e8e-05e37eae6809) (Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\WTA-b45c4bdc-7269-49b7-9ac0-6eec63e53b26) (Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers01: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
ContextMenuHandlers01: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt_20160726_23_29_18.dll [2016-07-26] (Cyberlink)
ContextMenuHandlers01: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-07-07] (AO Kaspersky Lab)
ContextMenuHandlers02: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt_20160726_23_29_18.dll [2016-07-26] (Cyberlink)
ContextMenuHandlers02: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-07-07] (AO Kaspersky Lab)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers04: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-07-07] (AO Kaspersky Lab)
ContextMenuHandlers04: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-06-16] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-07-07] (AO Kaspersky Lab)
ContextMenuHandlers06: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A02AE2E-0E02-44B5-AFE3-9825147E5650} - System32\Tasks\HPCeeScheduleForCrisYouSasyMedic => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {25940008-B69A-46C8-A4FE-E19A35CAA1B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {49C6ADC9-64BF-4BA0-BBED-3B1D38F030C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-05] (Google Inc.)
Task: {540EC55B-DD5D-4651-8B1A-2446E37458AA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {698ABD70-AA44-4AAD-87E0-FEB0F98BFD31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {84B69169-74D2-4D2F-B612-4FBB73350FB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-05] (Google Inc.)
Task: {8B3E53B9-12C4-4EB2-994F-B00E1CAC9C2E} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2015-02-11] (CyberLink Corp.)
Task: {8DBBF1B1-72E2-4AC3-8A32-F2BC7CFC3C54} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {A9A19964-88D2-400B-B24C-38354CA2CFA6} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-11] (Synaptics Incorporated)
Task: {AC455EC3-D9E1-436B-95D0-A3408D1EE9E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {C6ACC884-109C-43C5-86BA-2D209CA88B41} - System32\Tasks\SnoopRun => C:\ProgramData\Snoop\Snoop.exe [2015-05-20] () <==== ATTENTION
Task: {E5ED775B-0352-49EC-8803-E51D4FC7BF12} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {EC3BE2BC-4F14-454A-9A88-DB88B654BB61} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {F31F0122-E83C-4FF7-81C1-05B3CF6A59CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForCrisYouSasyMedic.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\CrisYouSasyMedic\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2013-10-14 12:23 - 2013-10-14 12:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 12:24 - 2013-10-14 12:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 12:25 - 2013-10-14 12:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 12:22 - 2013-10-14 12:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 12:35 - 2013-10-14 12:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 12:35 - 2013-10-14 12:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-06-16 09:18 - 2014-06-16 09:18 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-06-16 09:17 - 2014-06-16 09:17 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-14 12:30 - 2013-10-14 12:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2016-06-28 01:19 - 2016-06-28 01:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kpcengine.2.3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:11590865 [177]
AlternateDataStreams: C:\ProgramData\Temp:1416AAA6 [330]
AlternateDataStreams: C:\ProgramData\Temp:2AD33723 [326]
AlternateDataStreams: C:\ProgramData\Temp:2AF322BF [312]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:363E775E [182]
AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08 [344]
AlternateDataStreams: C:\ProgramData\Temp:491270B8 [314]
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2 [182]
AlternateDataStreams: C:\ProgramData\Temp:6B709AD7 [346]
AlternateDataStreams: C:\ProgramData\Temp:7687A3E3 [382]
AlternateDataStreams: C:\ProgramData\Temp:98CF1A39 [189]
AlternateDataStreams: C:\ProgramData\Temp:9DBE6481 [130]
AlternateDataStreams: C:\ProgramData\Temp:A4AF8D0D [165]
AlternateDataStreams: C:\ProgramData\Temp:A6D6E537 [177]
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD [334]
AlternateDataStreams: C:\ProgramData\Temp:A88BE334 [316]
AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A [342]
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA [165]
AlternateDataStreams: C:\ProgramData\Temp:BEE39E9B [364]
AlternateDataStreams: C:\ProgramData\Temp:C22674B6 [294]
AlternateDataStreams: C:\ProgramData\Temp:C3899C0B [171]
AlternateDataStreams: C:\ProgramData\Temp:C78DADEA [178]
AlternateDataStreams: C:\ProgramData\Temp:CAC06C34 [177]
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30 [183]
AlternateDataStreams: C:\ProgramData\Temp:F5D01D7C [384]
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5 [155]
AlternateDataStreams: C:\ProgramData\Temp:F9F58B80 [180]
AlternateDataStreams: C:\ProgramData\Temp:FAB64002 [146]
AlternateDataStreams: C:\ProgramData\Temp:FBD274CF [171]
AlternateDataStreams: C:\ProgramData\Temp:FC70A22A [370]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2016-04-08 21:50 - 00000853 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-28108215-2538129268-678420320-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\CrisYouSasyMedic\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\StartupApproved\Run: => "Google+ Auto Backup"
HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\StartupApproved\Run: => "Power2GoExpress8"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{24923E29-0F7A-421E-A76A-767933901AB8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CC0F9C4B-D164-4F83-A55D-D87127AFD8BA}] => (Allow) LPort=2869
FirewallRules: [{363FA916-6FDD-4C77-ABC1-526528DEDAB9}] => (Allow) LPort=1900
FirewallRules: [{D748616C-2F0C-4249-A544-784F5E97AFEA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{12978DEF-9119-451A-83B3-B7D82A72B9E2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7493C0AD-1994-4336-9041-B01F30BF2E39}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A8574F11-9CBB-442E-B9EC-DCD8397DBCEE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F57B076A-6497-45EA-B125-62955C24C2AD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{EE6C99D9-22CF-4C29-AB3E-38DECFA38F28}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E12649A7-5D39-4027-84B7-B7F4BEDDA31E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{BA62EBB9-D39B-4E33-833F-3494D2094622}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{FAFF9AF1-B0FD-4D70-8AEE-1DA6EDFAC89C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1A204196-7661-4019-86E4-55A50EB63ED7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{E4D15090-59F4-409B-A3EF-BDD0ACB30DC4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{80AB0DE4-E7E6-404B-9A82-83EEF8667756}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{A8122D55-EF7B-424B-911B-1E084CC80487}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{DAA686F6-88E4-49A6-B734-2BE10C02B610}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8B470643-88E6-41FC-9535-0BA4EBD9447E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{32E2C987-FF2A-4894-AEC5-0BD4820C0180}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BE72A120-555C-4C9F-A54D-AD2B59379358}] => (Block) LPort=445
FirewallRules: [{064D5996-D9F7-4DDE-B27A-02F58499BAD2}] => (Block) LPort=445
FirewallRules: [TCP Query User{3EE957C0-D930-4936-955A-9E4CB0AFC458}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{96DB8D41-7430-4B68-8F22-30CFD5879128}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Restore Points =========================

18-06-2017 19:12:46 Scheduled Checkpoint
08-07-2017 09:45:17 Windows Update
12-07-2017 14:01:08 Windows Update
15-07-2017 18:57:43 Windows Backup
15-07-2017 19:04:55 Windows Backup
15-07-2017 19:09:26 Windows Backup
15-07-2017 19:15:11 Windows Backup
15-07-2017 20:02:23 Windows Backup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2017 08:49:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Faulting module name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Exception code: 0xc0000005
Fault offset: 0x002a1fe0
Faulting process id: 0x16bc
Faulting application start time: 0x01d301d424945642
Faulting application path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Faulting module path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Report Id: 90f9149f-6dc7-11e7-8371-a01d4808520a
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2017 08:49:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Faulting module name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Exception code: 0xc0000005
Fault offset: 0x002a1fe0
Faulting process id: 0x16bc
Faulting application start time: 0x01d301d424945642
Faulting application path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Faulting module path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Report Id: 9047acd2-6dc7-11e7-8371-a01d4808520a
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2017 08:48:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Faulting module name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Exception code: 0xc0000005
Fault offset: 0x002a1fe0
Faulting process id: 0x1674
Faulting application start time: 0x01d301d4276b8043
Faulting application path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Faulting module path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Report Id: 67f3fe1b-6dc7-11e7-8371-a01d4808520a
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2017 08:48:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Faulting module name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Exception code: 0xc0000005
Fault offset: 0x002a1fe0
Faulting process id: 0x1674
Faulting application start time: 0x01d301d4276b8043
Faulting application path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Faulting module path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Report Id: 67b13d03-6dc7-11e7-8371-a01d4808520a
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2017 08:48:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Faulting module name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Exception code: 0xc0000005
Fault offset: 0x002a1fe0
Faulting process id: 0x1674
Faulting application start time: 0x01d301d4276b8043
Faulting application path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Faulting module path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Report Id: 6764f0f9-6dc7-11e7-8371-a01d4808520a
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2017 08:48:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Faulting module name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Exception code: 0xc0000005
Fault offset: 0x002a1fe0
Faulting process id: 0x1674
Faulting application start time: 0x01d301d4276b8043
Faulting application path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Faulting module path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Report Id: 671fccdf-6dc7-11e7-8371-a01d4808520a
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2017 08:48:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Faulting module name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Exception code: 0xc0000005
Fault offset: 0x002a1fe0
Faulting process id: 0x1674
Faulting application start time: 0x01d301d4276b8043
Faulting application path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Faulting module path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Report Id: 66e1cfa9-6dc7-11e7-8371-a01d4808520a
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2017 08:48:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Faulting module name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Exception code: 0xc0000005
Fault offset: 0x002a1fe0
Faulting process id: 0x1674
Faulting application start time: 0x01d301d4276b8043
Faulting application path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Faulting module path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Report Id: 66a89736-6dc7-11e7-8371-a01d4808520a
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2017 08:48:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Faulting module name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Exception code: 0xc0000005
Fault offset: 0x002a1fe0
Faulting process id: 0x1674
Faulting application start time: 0x01d301d4276b8043
Faulting application path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Faulting module path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Report Id: 6659e98e-6dc7-11e7-8371-a01d4808520a
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2017 08:48:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Faulting module name: Haunted_Legends_The_Bronze_Horseman.exe, version: 0.0.0.0, time stamp: 0x4f8fb260
Exception code: 0xc0000005
Fault offset: 0x002a1fe0
Faulting process id: 0x16bc
Faulting application start time: 0x01d301d424945642
Faulting application path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Faulting module path: C:\Program Files (x86)\Haunted Legends - The Bronze Horseman Collectors Edition\Haunted_Legends_The_Bronze_Horseman.exe
Report Id: 649e7503-6dc7-11e7-8371-a01d4808520a
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (07/20/2017 08:40:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Print Spooler service terminated with the following error:
%%2147944140 = The endpoint is a duplicate.

Error: (07/20/2017 08:38:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (07/20/2017 08:38:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (07/20/2017 08:38:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (07/20/2017 08:33:56 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (07/20/2017 08:33:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Secure Connection Service 1.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/20/2017 08:33:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/20/2017 08:33:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cobian Backup 11 Volume Shadow Copy Requester service terminated unexpectedly. It has done this 1 time(s).

Error: (07/20/2017 08:33:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/20/2017 08:33:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DbxSvc service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 54%
Total physical RAM: 3537.01 MB
Available physical RAM: 1596.21 MB
Total Virtual: 7121.01 MB
Available Virtual: 4899.2 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:446.77 GB) (Free:359.15 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.22 GB) (Free:1.87 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 179F6E94)

Partition: GPT.

==================== End of Addition.txt ============================
CrisYouSasyMedic1
Regular Member
 
Posts: 19
Joined: July 14th, 2017, 1:31 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 78 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware