Hi again mAl, surly hope I'm doing this right, here is the second item you asked for. The FRST log.Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by CrisYouSasyMedic (administrator) on PHOEBE (20-07-2017 21:08:24)
Running from C:\Users\CrisYouSasyMedic\Downloads
Loaded Profiles: CrisYouSasyMedic (Available Profiles: CrisYouSasyMedic)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Farbar) C:\Users\CrisYouSasyMedic\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-04-08] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-04-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2015-07-11] (Synaptics Incorporated)
HKLM-x32\...\Run: [fst_us_143] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1728952 2015-06-22] (CyberLink Corp.)
HKU\S-1-5-21-28108215-2538129268-678420320-1002\...\MountPoints2: {2d6c1ba1-f1ba-11e4-82d3-a01d4808520a} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-18\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1728952 2015-06-22] (CyberLink Corp.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-08]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyServer: [.DEFAULT] => 1
AutoConfigURL: [.DEFAULT] =>
file://C:/Users/CrisYouSasyMedic/AppDat ... Config.txtProxyServer: [S-1-5-21-28108215-2538129268-678420320-1002] => 1
AutoConfigURL: [S-1-5-21-28108215-2538129268-678420320-1002] =>
file://C:/Users/CrisYouSasyMedic/AppDat ... Config.txtHosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{D0600494-FF46-4F60-9071-FD07C03BE4CF}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{E749224B-6AB3-4438-8228-838FD66382DF}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{FD97FA4C-C7F3-42D7-B1E4-95BC3C83E5B0}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
hxxp://g.msn.com/HPNOT14/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
hxxp://g.msn.com/HPNOT14/1HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =
hxxp://feed.helperbar.com/?p=mKO_AwFzXI ... m5nYHk,&q={searchTerms}
HKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
hxxp://g.msn.com/HPNOT14/1HKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
hxxp://www.google.com/ieHKU\S-1-5-21-28108215-2538129268-678420320-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
hxxps://www.facebook.com/topic/Philip-S ... 6727169189SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
hxxp://feed.helperbar.com/?p=mKO_AwFzXI ... m5nYHk,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-28108215-2538129268-678420320-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-28108215-2538129268-678420320-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-28108215-2538129268-678420320-1002 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-02] (AO Kaspersky Lab)
FireFox:
========
FF DefaultProfile: nq0t1376.default-1499983540924
FF ProfilePath: C:\Users\CrisYouSasyMedic\AppData\Roaming\Mozilla\Firefox\Profiles\nq0t1376.default-1499983540924 [2017-07-20]
FF Homepage: Mozilla\Firefox\Profiles\nq0t1376.default-1499983540924 ->
hxxps://www.facebook.com/FF Extension: (Firefox Search Test) - C:\Users\CrisYouSasyMedic\AppData\Roaming\Mozilla\Firefox\Profiles\nq0t1376.default-1499983540924\Extensions\firefoxsearchtest@mozilla.com.xpi [2017-07-13]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-07-19]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-05-20] ()
Chrome:
=======
CHR DefaultSearchURL: Default ->
hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> DuckDuckGo
CHR DefaultSuggestURL: Default ->
hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default [2017-07-20]
CHR Extension: (Google Slides) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-08]
CHR Extension: (Google Docs) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-08]
CHR Extension: (Google Drive) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-08]
CHR Extension: (YouTube) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-08]
CHR Extension: (Kaspersky Protection) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-08]
CHR Extension: (Google Sheets) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-08]
CHR Extension: (Google Docs Offline) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Gmail) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-08]
CHR Extension: (Chrome Media Router) - C:\Users\CrisYouSasyMedic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-29]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] -
hxxps://chrome.google.com/webstore/deta ... ijdbbplhibCHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] -
hxxps://chrome.google.com/webstore/deta ... ijdbbplhib==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-16] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-16] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2015-07-11] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2014-12-07] (Advanced Micro Devices, INC.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-12-07] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-08] (CyberLink)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [197312 2017-07-19] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [520152 2017-07-19] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1021624 2017-07-19] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [57424 2017-01-02] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [136416 2017-07-07] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [199640 2017-07-19] (AO Kaspersky Lab)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2015-07-11] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2015-09-11] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2946264 2013-10-18] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-10-01] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-10-01] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-20 21:06 - 2017-07-20 21:07 - 02382336 _____ (Farbar) C:\Users\CrisYouSasyMedic\Downloads\FRST64(1).exe
2017-07-20 20:56 - 2017-07-20 20:56 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-07-19 22:20 - 2017-07-19 22:20 - 00301344 _____ C:\Windows\Minidump\071917-32250-01.dmp
2017-07-19 17:36 - 2017-07-19 17:37 - 65033984 _____ (Malwarebytes ) C:\Users\CrisYouSasyMedic\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-19 11:11 - 2017-07-19 11:10 - 01021624 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2017-07-19 11:11 - 2017-07-19 11:10 - 00199640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys
2017-07-19 11:11 - 2017-07-19 11:10 - 00197312 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2017-07-19 11:10 - 2017-07-19 11:05 - 00520152 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2017-07-18 21:12 - 2017-07-18 21:12 - 00060866 _____ C:\Users\CrisYouSasyMedic\Desktop\FRST.txt
2017-07-18 21:12 - 2017-07-18 21:12 - 00041977 _____ C:\Users\CrisYouSasyMedic\Desktop\Addition.txt
2017-07-18 21:09 - 2017-07-18 21:10 - 00041974 _____ C:\Users\CrisYouSasyMedic\Downloads\Addition.txt
2017-07-18 21:07 - 2017-07-20 21:09 - 00020824 _____ C:\Users\CrisYouSasyMedic\Downloads\FRST.txt
2017-07-18 21:05 - 2017-07-18 21:06 - 02382336 _____ (Farbar) C:\Users\CrisYouSasyMedic\Downloads\FRST64.exe
2017-07-18 20:45 - 2017-07-20 20:25 - 00000000 ____D C:\AdwCleaner
2017-07-18 20:43 - 2017-07-18 20:44 - 08162248 _____ (Malwarebytes) C:\Users\CrisYouSasyMedic\Downloads\AdwCleaner(1).exe
2017-07-18 20:41 - 2017-07-18 20:41 - 00002274 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2017-07-18 20:40 - 2017-07-18 20:40 - 05766144 _____ (Tweaking.com) C:\Users\CrisYouSasyMedic\Downloads\tweaking.com_registry_backup_setup(1).exe
2017-07-17 20:08 - 2017-07-17 20:09 - 08162248 _____ (Malwarebytes) C:\Users\CrisYouSasyMedic\Downloads\AdwCleaner.exe
2017-07-17 20:06 - 2017-07-17 20:06 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PHOEBE-Windows-8.1-(64-bit).dat
2017-07-17 20:06 - 2017-07-17 20:06 - 00000000 ____D C:\RegBackup
2017-07-17 20:05 - 2017-07-17 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-07-17 20:05 - 2017-07-17 20:05 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-07-17 20:04 - 2017-07-18 20:41 - 00034332 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2017-07-17 20:02 - 2017-07-17 20:04 - 05766144 _____ (Tweaking.com) C:\Users\CrisYouSasyMedic\Downloads\tweaking.com_registry_backup_setup.exe
2017-07-16 13:24 - 2017-07-16 13:24 - 00000000 ____D C:\Computer Back Up C Drive
2017-07-16 12:23 - 2017-07-16 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-07-16 12:23 - 2017-07-16 12:23 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-07-16 12:18 - 2017-07-16 12:18 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\CrisYouSasyMedic\Downloads\cbSetup.exe
2017-07-15 17:30 - 2017-07-19 22:20 - 544536674 _____ C:\Windows\MEMORY.DMP
2017-07-15 17:30 - 2017-07-15 17:31 - 00313632 _____ C:\Windows\Minidump\071517-31453-01.dmp
2017-07-15 11:33 - 2017-07-19 11:33 - 00003226 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCrisYouSasyMedic
2017-07-15 11:33 - 2017-07-19 11:33 - 00000390 _____ C:\Windows\Tasks\HPCeeScheduleForCrisYouSasyMedic.job
2017-07-14 13:07 - 2017-07-20 21:08 - 00000000 ____D C:\FRST
2017-07-13 15:40 - 2017-07-13 15:40 - 00001180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-13 15:40 - 2017-07-13 15:40 - 00001168 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-13 15:40 - 2017-07-13 15:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-13 15:38 - 2017-07-13 15:38 - 45060264 _____ C:\Users\CrisYouSasyMedic\Downloads\Firefox Setup 54.0.1.exe
2017-07-13 13:45 - 2017-07-13 13:45 - 00004158 _____ C:\Users\CrisYouSasyMedic\Downloads\bookmarks-2014-10-23_26_XYtt+ma65+iy5-29Fgylzw==.jsonlz4
2017-07-13 10:25 - 2017-07-13 10:25 - 00301344 _____ C:\Windows\Minidump\071317-37953-01.dmp
2017-07-12 14:33 - 2017-07-12 14:34 - 00305440 _____ C:\Windows\Minidump\071217-36796-01.dmp
2017-07-12 14:07 - 2017-06-29 17:27 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-12 14:07 - 2017-06-29 17:27 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-11 17:00 - 2017-06-28 23:27 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-11 17:00 - 2017-06-28 23:02 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-11 17:00 - 2017-06-28 22:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-11 17:00 - 2017-06-28 22:44 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-11 17:00 - 2017-06-28 22:23 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-11 17:00 - 2017-06-28 22:23 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-11 17:00 - 2017-06-28 22:17 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-07-11 17:00 - 2017-06-28 22:13 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-11 17:00 - 2017-06-28 22:09 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-11 17:00 - 2017-06-28 21:58 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-11 17:00 - 2017-06-28 21:53 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-11 17:00 - 2017-06-28 21:52 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-11 17:00 - 2017-06-28 21:51 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-07-11 17:00 - 2017-06-28 21:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-11 17:00 - 2017-06-28 21:43 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-11 17:00 - 2017-06-28 21:41 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-11 17:00 - 2017-06-28 21:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-11 17:00 - 2017-06-28 21:28 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-11 17:00 - 2017-06-28 21:24 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-11 17:00 - 2017-06-28 21:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-11 17:00 - 2017-06-27 07:29 - 07796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-07-11 17:00 - 2017-06-27 07:29 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-07-11 17:00 - 2017-06-27 07:26 - 05274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-07-11 17:00 - 2017-06-27 07:26 - 05268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-07-11 17:00 - 2017-06-22 07:22 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-11 17:00 - 2017-06-17 09:45 - 03631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-11 17:00 - 2017-06-17 09:34 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-11 17:00 - 2017-06-17 09:11 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-11 17:00 - 2017-06-17 09:05 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-11 17:00 - 2017-06-15 15:02 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-11 17:00 - 2017-06-15 06:45 - 07440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-07-11 17:00 - 2017-06-15 06:45 - 01674520 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-07-11 17:00 - 2017-06-15 06:45 - 01534064 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-07-11 17:00 - 2017-06-15 06:45 - 01499920 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-07-11 17:00 - 2017-06-15 06:45 - 01370320 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-07-11 17:00 - 2017-06-15 06:45 - 00086360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2017-07-11 17:00 - 2017-06-11 17:06 - 00376672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-07-11 17:00 - 2017-06-11 15:21 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-11 17:00 - 2017-06-11 14:43 - 00371200 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-11 17:00 - 2017-06-11 14:25 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-11 17:00 - 2017-06-11 14:15 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-11 17:00 - 2017-06-11 14:08 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-11 17:00 - 2017-06-11 14:07 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-11 17:00 - 2017-06-11 14:00 - 00962560 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-11 17:00 - 2017-06-11 13:58 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-11 17:00 - 2017-06-11 13:40 - 01323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-11 17:00 - 2017-06-11 13:35 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-11 17:00 - 2017-06-11 13:31 - 00781312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-11 17:00 - 2017-06-11 08:15 - 02013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-11 17:00 - 2017-06-06 13:52 - 03120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-11 17:00 - 2017-06-06 13:42 - 00925696 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2017-07-11 17:00 - 2017-06-06 13:38 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\cnvfat.dll
2017-07-11 17:00 - 2017-06-06 13:36 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\uudf.dll
2017-07-11 17:00 - 2017-06-06 13:36 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\convert.exe
2017-07-11 17:00 - 2017-06-06 13:35 - 00517120 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2017-07-11 17:00 - 2017-06-06 12:13 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2017-07-11 17:00 - 2017-06-06 12:11 - 00557568 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2017-07-11 17:00 - 2017-06-06 12:11 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2017-07-11 17:00 - 2017-06-06 12:11 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\ufat.dll
2017-07-11 17:00 - 2017-06-06 12:11 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\uexfat.dll
2017-07-11 17:00 - 2017-06-06 12:08 - 02712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-11 17:00 - 2017-06-06 12:03 - 00837632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2017-07-11 17:00 - 2017-06-06 11:59 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cnvfat.dll
2017-07-11 17:00 - 2017-06-06 11:57 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uudf.dll
2017-07-11 17:00 - 2017-06-06 11:56 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2017-07-11 17:00 - 2017-06-06 11:03 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll
2017-07-11 17:00 - 2017-06-06 11:02 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2017-07-11 17:00 - 2017-06-06 11:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2017-07-11 17:00 - 2017-06-06 11:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ufat.dll
2017-07-11 17:00 - 2017-06-06 11:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uexfat.dll
2017-07-11 17:00 - 2017-06-03 09:27 - 02346496 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-07-11 17:00 - 2017-06-03 09:03 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-07-11 17:00 - 2017-05-31 14:20 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-11 17:00 - 2017-05-15 15:09 - 00057688 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2017-07-11 17:00 - 2017-05-15 13:03 - 00379744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-07-11 17:00 - 2017-05-09 07:37 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2017-07-11 17:00 - 2017-05-09 07:35 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2017-07-11 17:00 - 2017-05-09 07:29 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2017-07-11 17:00 - 2017-05-09 07:29 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\snmptrap.exe
2017-07-11 17:00 - 2017-05-09 07:28 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2017-07-11 17:00 - 2017-05-09 07:28 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2017-07-11 17:00 - 2017-05-09 07:12 - 00448576 _____ C:\Windows\system32\ApnDatabase.xml
2017-07-11 17:00 - 2017-05-06 09:45 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2017-07-11 17:00 - 2017-05-06 09:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2017-07-11 17:00 - 2017-05-02 13:09 - 00686592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-07-11 17:00 - 2017-05-02 13:08 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-07-11 17:00 - 2017-05-02 13:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-07-11 17:00 - 2017-05-02 11:41 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2017-07-11 17:00 - 2017-05-02 11:31 - 00329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-07-11 17:00 - 2017-05-02 11:31 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\smbwmiv2.dll
2017-07-11 17:00 - 2017-05-02 10:35 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2017-07-11 17:00 - 2017-04-30 09:48 - 00080078 _____ C:\Windows\system32\normidna.nls
2017-07-11 17:00 - 2017-04-27 18:13 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-07-11 17:00 - 2017-04-27 18:11 - 01060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-07-11 16:49 - 2017-05-03 16:11 - 00103600 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-11 16:49 - 2017-05-03 06:43 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-11 16:49 - 2017-05-03 06:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-11 11:10 - 2017-07-11 11:10 - 13059576 _____ (IObit ) C:\Users\CrisYouSasyMedic\Downloads\sd5_setup.exe
2017-07-08 11:11 - 2017-07-08 11:12 - 00301344 _____ C:\Windows\Minidump\070817-41468-01.dmp
2017-07-08 10:12 - 2017-03-30 06:15 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-07-08 10:12 - 2017-03-30 06:15 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-07-08 10:12 - 2017-03-30 06:15 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-07-08 10:12 - 2017-03-30 06:15 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-07-08 10:08 - 2017-05-14 12:04 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-07-08 10:08 - 2017-05-14 12:03 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-07-08 10:08 - 2017-05-14 11:13 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-07-08 10:08 - 2017-05-12 08:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-07-08 10:08 - 2017-05-12 08:50 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-07-08 10:08 - 2017-05-12 08:48 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-07-08 10:08 - 2017-05-12 08:47 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-07-08 10:08 - 2017-05-11 19:18 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-07-08 10:08 - 2017-05-11 19:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-07-08 10:08 - 2017-05-11 19:10 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-07-08 10:08 - 2017-05-11 19:07 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-07-08 10:08 - 2017-05-11 19:06 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-07-08 10:08 - 2017-05-11 19:04 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-07-08 10:08 - 2017-05-11 19:00 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-07-08 10:08 - 2017-05-11 16:36 - 22361848 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-07-08 10:08 - 2017-05-11 16:32 - 19788672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-07-08 10:08 - 2017-05-06 09:04 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-07-08 10:08 - 2017-04-16 03:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-07-08 10:08 - 2017-04-16 03:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-07-08 10:08 - 2017-04-16 03:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-07-08 10:08 - 2017-04-16 02:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-07-08 10:08 - 2017-04-16 02:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-07-08 10:08 - 2017-04-16 02:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-07-08 10:08 - 2017-04-16 01:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-08 10:08 - 2017-04-16 01:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-08 10:08 - 2017-04-16 01:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-08 10:08 - 2017-04-16 01:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-08 10:08 - 2017-04-16 01:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-08 10:08 - 2017-04-16 00:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-08 10:08 - 2017-04-16 00:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-08 10:08 - 2017-04-16 00:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-08 10:08 - 2017-04-16 00:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-08 10:08 - 2017-04-16 00:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-08 10:08 - 2017-04-16 00:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-08 10:08 - 2017-04-16 00:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-08 10:08 - 2017-04-16 00:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-08 10:08 - 2017-04-16 00:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-08 10:08 - 2017-04-16 00:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-08 10:08 - 2017-04-16 00:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-08 10:08 - 2017-04-09 15:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-08 10:08 - 2017-04-09 15:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-08 10:08 - 2017-02-11 09:49 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2017-07-08 10:08 - 2017-02-01 12:44 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-08 10:07 - 2017-06-02 05:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-08 10:07 - 2017-06-02 05:12 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-08 10:07 - 2017-06-02 05:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-08 10:07 - 2017-06-02 05:06 - 01001984 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-07-08 10:07 - 2017-06-02 05:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-08 10:07 - 2017-06-02 04:03 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-08 10:07 - 2017-06-02 03:25 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-08 10:07 - 2017-06-02 03:24 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-08 10:07 - 2017-06-02 03:17 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-08 10:07 - 2017-06-02 02:43 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-08 10:07 - 2017-05-15 12:58 - 00121184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-07-08 10:07 - 2017-05-14 13:42 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-07-08 10:07 - 2017-05-14 13:19 - 01364040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-07-08 10:07 - 2017-05-14 11:06 - 01737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-07-08 10:07 - 2017-05-14 11:06 - 01502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-07-08 10:07 - 2017-05-12 10:05 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-07-08 10:07 - 2017-05-12 09:16 - 01084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-07-08 10:07 - 2017-05-12 09:13 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-07-08 10:07 - 2017-05-11 21:10 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-07-08 10:07 - 2017-05-11 19:58 - 01985536 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-07-08 10:07 - 2017-05-11 19:48 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-07-08 10:07 - 2017-05-10 11:19 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-07-08 10:07 - 2017-05-06 09:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-07-08 10:07 - 2017-04-16 03:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-07-08 10:07 - 2017-04-16 03:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-07-08 10:07 - 2017-04-16 02:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-07-08 10:07 - 2017-04-16 01:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-08 10:07 - 2017-04-16 01:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-07-08 10:07 - 2017-04-16 01:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-08 10:07 - 2017-04-16 01:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-07-08 10:07 - 2017-04-16 00:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-07-08 10:07 - 2017-04-16 00:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-07-08 10:07 - 2017-04-16 00:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-07-08 10:07 - 2017-04-06 10:37 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-08 10:07 - 2017-04-06 10:16 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2017-07-08 10:07 - 2017-04-06 09:50 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-08 10:07 - 2017-04-06 09:46 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-08 10:07 - 2017-04-06 09:46 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-08 10:07 - 2017-04-06 09:35 - 01362432 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-07-08 10:07 - 2017-04-06 09:15 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-08 10:07 - 2017-04-06 08:44 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-07-08 10:07 - 2017-04-02 07:49 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-07-08 10:07 - 2017-03-31 16:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-07-08 10:07 - 2017-03-31 14:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-07-08 10:07 - 2017-03-13 09:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-07-08 10:07 - 2017-03-13 09:29 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-07-08 10:07 - 2017-03-13 09:25 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-07-08 10:07 - 2017-03-13 09:13 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-07-08 10:07 - 2017-03-13 09:07 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-07-08 10:07 - 2017-03-13 09:06 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-07-08 10:07 - 2017-03-12 08:04 - 00033792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-07-08 10:07 - 2017-03-10 20:59 - 01763888 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-07-08 10:07 - 2017-03-10 20:56 - 01489608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-07-08 10:07 - 2017-03-10 16:38 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-07-08 10:07 - 2017-03-09 13:52 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2017-07-08 10:07 - 2017-03-09 12:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2017-07-08 10:07 - 2017-03-04 12:24 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-07-08 10:07 - 2017-03-04 12:06 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-07-08 10:07 - 2017-03-04 11:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-07-08 10:07 - 2017-03-04 09:37 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-07-08 10:07 - 2017-03-03 08:11 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-07-08 10:07 - 2017-03-03 08:10 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-07-08 10:07 - 2017-03-03 08:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-07-08 10:07 - 2017-03-03 08:04 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-07-08 10:07 - 2017-02-11 11:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-07-08 10:07 - 2017-02-11 09:42 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2017-07-08 10:07 - 2017-02-10 12:06 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-08 10:07 - 2017-02-10 07:37 - 00046600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2017-07-08 10:07 - 2017-02-04 10:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-07-08 10:07 - 2017-02-04 10:51 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-07-08 10:07 - 2017-02-04 10:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-07-08 10:07 - 2017-02-01 12:42 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-08 10:07 - 2017-01-18 19:18 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-07-08 10:07 - 2017-01-18 07:35 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-07-08 10:07 - 2017-01-18 07:34 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-07-08 10:07 - 2017-01-14 13:32 - 00955016 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-07-08 10:07 - 2017-01-14 12:18 - 00787688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-07-08 10:07 - 2017-01-12 09:51 - 00274776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2017-07-08 10:07 - 2017-01-12 09:51 - 00117592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2017-07-08 10:07 - 2017-01-11 12:12 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2017-07-08 10:07 - 2017-01-11 10:28 - 00422744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2017-07-08 10:07 - 2017-01-11 08:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2017-07-08 10:07 - 2017-01-10 15:37 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-07-08 10:07 - 2017-01-10 14:06 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-07-08 10:07 - 2017-01-10 13:46 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-07-08 10:07 - 2017-01-10 12:20 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-07-08 10:07 - 2017-01-10 12:09 - 01108480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-07-08 10:07 - 2017-01-06 10:25 - 02513408 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2017-07-08 10:07 - 2017-01-06 10:04 - 01495552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-07-08 10:07 - 2016-12-24 18:21 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2017-07-08 10:07 - 2016-12-24 18:14 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-07-08 10:07 - 2016-12-24 17:48 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-07-08 10:07 - 2016-12-24 17:19 - 00170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-07-08 10:07 - 2016-12-24 16:39 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-07-08 09:47 - 2017-02-04 10:32 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-07-08 09:47 - 2017-02-04 10:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-07-08 09:46 - 2017-02-09 07:59 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-07-08 09:46 - 2017-02-09 07:58 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-07-08 09:46 - 2017-02-09 07:58 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2017-07-08 09:46 - 2017-02-04 12:32 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2017-07-08 09:46 - 2017-02-04 12:30 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-07-08 09:46 - 2017-02-04 10:50 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-07-08 09:46 - 2017-02-04 10:40 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-07-08 09:46 - 2017-02-04 10:17 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-07-08 09:46 - 2017-02-04 10:10 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-07-08 09:46 - 2017-01-21 14:37 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-07-08 09:46 - 2017-01-21 12:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-08 09:46 - 2017-01-21 12:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-08 09:46 - 2017-01-21 11:40 - 00756736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-08 09:46 - 2017-01-21 11:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-08 09:46 - 2017-01-14 10:49 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2017-07-07 19:34 - 2017-07-07 19:33 - 00136416 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2017-07-07 19:08 - 2017-07-07 19:08 - 00002173 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-07-07 19:08 - 2017-07-07 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-20 20:49 - 2016-11-19 09:02 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\LocalLow\Mozilla
2017-07-20 20:49 - 2014-01-27 09:27 - 00000000 ____D C:\ProgramData\Temp
2017-07-20 20:47 - 2015-05-19 13:30 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\Roaming\vlc
2017-07-20 20:45 - 2014-05-15 18:11 - 00003592 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-28108215-2538129268-678420320-1002
2017-07-20 20:45 - 2013-08-25 23:09 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-20 20:45 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\Inf
2017-07-20 20:42 - 2014-12-23 23:18 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-07-20 20:42 - 2014-05-18 20:08 - 00000000 ___DO C:\Users\CrisYouSasyMedic\SkyDrive
2017-07-20 20:42 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\NDF
2017-07-20 20:41 - 2017-03-15 16:33 - 00000000 ____D C:\Users\CrisYouSasyMedic\Documents\Youcam
2017-07-20 20:39 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-20 20:38 - 2014-01-27 09:17 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-07-20 20:38 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-07-20 20:33 - 2017-04-02 11:00 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\LocalLow\IObit
2017-07-20 20:33 - 2017-04-02 10:59 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\Roaming\IObit
2017-07-20 20:33 - 2017-04-02 10:59 - 00000000 ____D C:\ProgramData\IObit
2017-07-20 20:33 - 2014-12-16 11:25 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\Local\RGMService
2017-07-20 13:23 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-20 13:23 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2017-07-19 22:25 - 2014-05-16 02:06 - 00000000 ____D C:\Users\CrisYouSasyMedic
2017-07-19 22:20 - 2015-01-21 17:40 - 00000000 ____D C:\Windows\Minidump
2017-07-19 11:11 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2017-07-18 20:09 - 2017-04-02 10:59 - 00000000 ____D C:\Program Files (x86)\IObit
2017-07-18 16:33 - 2017-04-02 11:00 - 00000000 ____D C:\ProgramData\ProductData
2017-07-14 14:27 - 2017-04-02 10:56 - 00000000 ____D C:\meghantools
2017-07-13 16:14 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2017-07-13 15:47 - 2017-04-02 11:16 - 00000000 ____D C:\Program Files\Recuva
2017-07-13 15:40 - 2014-05-15 20:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-13 12:35 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2017-07-12 14:46 - 2015-04-16 10:54 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-12 14:46 - 2015-03-13 12:03 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-07-12 14:44 - 2013-08-22 07:44 - 00429184 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-12 14:25 - 2014-05-18 21:37 - 00000000 ____D C:\Windows\system32\MRT
2017-07-12 14:12 - 2014-05-18 21:37 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-11 21:00 - 2014-05-15 21:41 - 00004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-11 21:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-11 21:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-08 10:46 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData
2017-07-08 10:46 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2017-07-08 10:46 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\inetsrv
2017-07-08 10:46 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-07-08 10:46 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-08 10:45 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-07-08 10:44 - 2014-01-27 10:35 - 00188674 ____N C:\Windows\Minidump\070817-49218-01.dmp
2017-07-08 10:11 - 2013-08-22 06:25 - 00000322 _____ C:\Windows\win.ini
2017-07-07 19:13 - 2014-05-16 02:06 - 00000000 ____D C:\Users\CrisYouSasyMedic\AppData\Local\Packages
2017-07-07 19:11 - 2016-04-08 21:42 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-07 19:11 - 2016-04-08 21:42 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-07 18:56 - 2015-03-05 15:58 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-07 18:56 - 2015-03-05 15:58 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2017-04-02 10:29 - 2017-04-02 10:29 - 0004096 ____H () C:\Users\CrisYouSasyMedic\AppData\Local\keyfile3.drm
2014-08-09 14:55 - 2014-08-09 14:55 - 0000017 _____ () C:\Users\CrisYouSasyMedic\AppData\Local\resmon.resmoncfg
2014-07-29 17:18 - 2014-07-29 17:20 - 0000356 _____ () C:\ProgramData\aygdr_save.log
Some files in TEMP:
====================
2014-11-08 01:33 - 2014-12-20 13:33 - 0601088 _____ () C:\Users\CrisYouSasyMedic\AppData\Local\Temp\Quarantine.exe
2014-11-08 01:47 - 2014-10-17 04:39 - 0665682 _____ (SQLite Development Team) C:\Users\CrisYouSasyMedic\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-09 12:40
==================== End of FRST.txt ============================