[SOLVED] Win7 64 bit Home Sfc/scannow fail Dell Studio 540

[escorial]

See attached

 

[PeterJ]

Step 1:
WARNING! The following fix is specific to the user's system in this thread only. No one else should follow these instructions, as it could damage your system.

• Download the attachment SFCFix.zip and save it on your desktop.
• Save any work you have open, and close all programs.
• Drag the SFCFix.zip file over the SFCFix.exe executable and release it.
  
  
• SFCFix will launch, let it complete.
• Once done, a file will appear on your desktop, called SFCFix.txt.
• Open the file, then copy and paste its content in your next reply.

Step 2:
Start the System Update Readiness Tool (SURT) again.
On completion, attach the logfile C:\Windows\Logs\CBS\CheckSUR.log to your next reply.

 

[escorial]

SFCFix version 3.0.2.1 by niemiro.
Start time: 2020-06-09 15:29:39.104
Microsoft Windows 7 Service Pack 1 - amd64
Using .zip script file at C:\Users\JJ\Desktop\SFCFix.zip [0]




PowerCopy::
Successfully took permissions for file or folder C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24516_none_0bf222553ea8b5a3\wbemprox.dll
Successfully took permissions for file or folder C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\smiengine.dll
Successfully took permissions for file or folder C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24516_none_6810bdd8f70626d9\cmiv2.dll
Successfully took permissions for file or folder C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wbemcomn.dll
Successfully took permissions for file or folder C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\wcp.dll

WARNING: File C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24516_none_0bf222553ea8b5a3\wbemprox.dll was not backed up as that would replace the current backup.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24516_none_0bf222553ea8b5a3\wbemprox.dll to C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24516_none_0bf222553ea8b5a3\wbemprox.dll.
WARNING: File C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\smiengine.dll was not backed up as that would replace the current backup.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\smiengine.dll to C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\smiengine.dll.
WARNING: File C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24516_none_6810bdd8f70626d9\cmiv2.dll was not backed up as that would replace the current backup.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24516_none_6810bdd8f70626d9\cmiv2.dll to C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24516_none_6810bdd8f70626d9\cmiv2.dll.
WARNING: File C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wbemcomn.dll was not backed up as that would replace the current backup.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wbemcomn.dll to C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wbemcomn.dll.
WARNING: File C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\wbemcomn.dll was not backed up as that would replace the current backup.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\wbemcomn.dll to C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\wbemcomn.dll.
WARNING: File C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\wcp.dll was not backed up as that would replace the current backup.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\wcp.dll to C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\wcp.dll.

Successfully restored ownership for C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24516_none_0bf222553ea8b5a3\wbemprox.dll
Successfully restored permissions on C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24516_none_0bf222553ea8b5a3\wbemprox.dll
Successfully restored ownership for C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\smiengine.dll
Successfully restored permissions on C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\smiengine.dll
Successfully restored ownership for C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24516_none_6810bdd8f70626d9\cmiv2.dll
Successfully restored permissions on C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24516_none_6810bdd8f70626d9\cmiv2.dll
Successfully restored ownership for C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wbemcomn.dll
Successfully restored permissions on C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wbemcomn.dll
Successfully restored ownership for C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\wcp.dll
Successfully restored permissions on C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\wcp.dll
PowerCopy:: directive completed successfully.




Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 2616 datablocks.
Finish time: 2020-06-09 15:29:41.117
Script hash: 5cvUs7xQuL5zxKcqoZOcCY4BaQ0m3mj7kQK8j0Y14qg=
----------------------EOF-----------------------

 

[escorial]

See attached, this looks like its unending.. Bad Malware? Shall we still continue??

 

[PeterJ]

Curious indeed.
FRST Scan:

1. Download the Farbar Recovery Scan Tool and save it to your Desktop:
   64-bit: Downloading Farbar Recovery Scan Tool
2. Right-click to run the tool as administrator. When the tool opens click Yes to disclaimer.
3. Note: Ensure that the Addition.txt check box is checked at the bottom of the form within the Optional Scan area.
4. Press the Scan button.
5. Please wait for the tool to finish. It will produce two logfiles called FRST.txt and Addition.txt in the same directory the tool is run from (which should be the desktop)
6. Post the logfiles FRST.txt and Addition.txt as attachment in your next reply.

 

[escorial]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020
Ran by JJ (10-06-2020 08:21:29)
Running from C:\Users\JJ\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2019-11-01 23:45:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-228125917-2300426623-2791785727-500 - Administrator - Disabled)
Guest (S-1-5-21-228125917-2300426623-2791785727-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-228125917-2300426623-2791785727-1002 - Limited - Enabled)
JJ (S-1-5-21-228125917-2300426623-2791785727-1001 - Administrator - Enabled) => C:\Users\JJ

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ZoneAlarm Extreme Security Antivirus (Enabled - Up to date) {B558F217-D667-9806-B388-2B026DB849E4}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Extreme Security Anti-Spyware (Enabled - Up to date) {0E3913F3-F05D-9788-8938-1070163F0359}
FW: ZoneAlarm Extreme Security Firewall (Enabled) {8D637332-9C08-995E-98D7-8237936B0E9F}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.4 - )
Acronis True Image (HKLM-x32\...\{831FFE5C-11F4-4E48-A3A5-8535FC93B75A}) (Version: 24.6.25700 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{831FFE5C-11F4-4E48-A3A5-8535FC93B75A}Visible) (Version: 24.6.25700 - Acronis)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20047 - Adobe Systems Incorporated)
Any Video Converter Ultimate 6.3.4 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
ArcSoft Software Suite (HKLM-x32\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.67 - Piriform)
EPSON Perfection V600 Photo Scanner Driver Update version 3.0.2.0 (HKLM-x32\...\ScannerDriverUpdateEPSON Perfection V600 Photo_is1) (Version: 3.0.2.0 - Epson America Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.97 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
High-Definition Video Playback 10 (HKLM-x32\...\{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.0.11400.29.0 - Nero AG) Hidden
iDealshare VideoGo 5.2.9.5283 (HKLM-x32\...\{CC4C06C4-7C78-4aab-B5AF-33FB11CCD829}_is1) (Version: - iDealshare Corporation)
K-Lite Mega Codec Pack 7.8.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.8.0 - )
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Revo Uninstaller Pro 2.5.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.5 - VS Revo Group, Ltd.)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
ZoneAlarm Antivirus (HKLM-x32\...\{F3790C3A-1015-410D-8BE1-EA48C2637BFF}) (Version: 15.6.121.18102 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Extreme Security (HKLM-x32\...\ZoneAlarm Extreme Security) (Version: 15.6.121.18102 - Check Point)
ZoneAlarm Firewall (HKLM-x32\...\{18FE6943-D33D-42F5-99D5-0ED22F633E32}) (Version: 15.6.121.18102 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (HKLM-x32\...\{881E7A8C-9C4B-4D14-B390-EAFBA278CF45}) (Version: 15.6.121.18102 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_6_25700.dll [2020-03-31] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_6_25700.dll [2020-03-31] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_6_25700.dll [2020-03-31] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_24_6_25700.dll [2020-03-31] (Acronis International GmbH -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]
ContextMenuHandlers1: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2010-08-12] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]
ContextMenuHandlers6: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-13] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [msacm.l3fhg] => C:\Windows\SysWOW64\mp3fhg.acm [232448 2006-10-18] (Fraunhofer Institut Integrierte Schaltungen IIS) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [243200 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.YV12] => C:\Windows\SysWOW64\xvidvfw.dll [243200 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [151552 2011-07-16] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [74752 2011-10-04] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-11-04 19:36 - 2010-03-15 12:28 - 000166400 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2020-06-08 16:47 - 2020-06-01 20:07 - 132003824 _____ (Google LLC -> Google LLC) [File not signed] C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.97\chrome.dll
2009-06-17 13:21 - 2009-06-17 13:21 - 000033792 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
2009-06-17 13:21 - 2009-06-17 13:21 - 000110592 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
2020-06-09 08:37 - 2020-06-09 08:37 - 003605872 _____ (Kaspersky Lab -> AO Kaspersky Lab) [File not signed] C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\sdk8\Cache\klavasyswatch.dll.2cb58a2d1171978a9b95f1dd7e4843ac_0
2019-07-25 10:52 - 2019-07-25 10:52 - 000986112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CheckPoint\ZoneAlarm\dbghelp.dll
2019-11-01 19:29 - 2010-11-20 08:27 - 001225216 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\wbem\wbemcore.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-228125917-2300426623-2791785727-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1B30232E-3FDE-4646-8758-63DEBE885B32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C6B7CCF9-87F0-4182-9C75-909DDBA05E5D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B161E193-1CDE-4C42-BF14-549DA52AA55B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8EACA475-81D7-41F8-A1C4-1220CD0B6987}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1EDB8E37-E00E-4BB2-A817-5CA1029948FE}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{2AC515CB-3A1E-4E21-96F4-21D0042189ED}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{81D47F09-56AF-447B-9A9E-A964499EAF9B}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{C9BBB630-2818-4A05-849D-27D678C5F6C3}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{A5163084-330B-4F92-B033-5582BDE60837}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1811CF00-3619-44F8-A3D2-D2ED5B034533}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F450E064-78C3-4519-824B-3A7329EB1621}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{23AA5A48-5292-44FD-8739-81784870C98A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{757088E3-39F6-41DC-8A08-853E73113DBF}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{27B68C1D-9725-42D2-A5C6-152EC53883EE}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{BE8A1C2D-9799-4857-AFE3-0E3C4D1C8C16}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
FirewallRules: [{FBC32606-B684-41D3-9395-F828561B8D06}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{44C1258C-2405-41AD-B4B9-8A9503B363CA}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
FirewallRules: [{37906499-C5C0-408F-9E26-1CF5EA81FD18}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
FirewallRules: [{92A5A3F8-9BAB-4391-91CE-C2DBF97145D0}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> )
FirewallRules: [{50BCC928-ADF9-4647-80DD-568CAE38E645}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> )
FirewallRules: [{1D33676C-7AA0-4A1A-A078-1B3E033FCCCD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> )
FirewallRules: [{F5A848DD-373C-420A-A388-77BE9356B01E}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> )
FirewallRules: [{5386870A-CFE6-41F1-B4FC-29930FA49B23}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe (Acronis International GmbH -> )
FirewallRules: [{C597FC4A-C898-4D3D-B36D-2BE8E1411016}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{8363A103-F3D7-41B4-824F-7B9E0E741EE2}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis International GmbH -> )
FirewallRules: [{65D8F010-C6CE-4E3A-B0BB-261261C0E766}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH -> )
FirewallRules: [{B372240E-5CAD-4A43-9204-31D91682B941}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\LicenseActivator.exe (Acronis International GmbH -> )
FirewallRules: [{4F2F384B-FB37-4842-8247-4F84246491CF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Home\report_sender.exe (Acronis International GmbH -> )
FirewallRules: [{C540CD3E-9F4C-441A-83B2-09DD00EC0978}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe (Acronis International GmbH -> )
FirewallRules: [{A03BBA08-6E91-47DD-B70C-B228BC398FCB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

24-05-2020 13:45:48 Windows Update
24-05-2020 14:42:46 Windows Update
24-05-2020 17:10:00 Windows Update
24-05-2020 19:08:21 Windows Update
25-05-2020 12:14:27 Windows Update
25-05-2020 12:29:15 Windows Update
25-05-2020 15:04:53 Windows Update
25-05-2020 15:37:22 Windows Update
26-05-2020 08:03:12 Windows Update
26-05-2020 15:55:29 Windows Update
26-05-2020 20:26:31 Windows Update
27-05-2020 12:26:36 Windows Update
27-05-2020 14:24:40 Windows Update
27-05-2020 14:30:43 Windows Update
27-05-2020 17:50:48 Windows Update
27-05-2020 17:55:36 Windows Update
27-05-2020 18:44:26 Windows Update
27-05-2020 18:49:41 Windows Update
28-05-2020 14:19:09 Windows Update
28-05-2020 14:24:42 Windows Update
29-05-2020 17:27:25 Windows Update
30-05-2020 08:53:31 Windows Update
31-05-2020 08:27:12 Windows Update
01-06-2020 08:36:51 Windows Update
01-06-2020 08:48:43 Windows Update
01-06-2020 16:29:17 Windows Update
01-06-2020 16:35:13 Windows Update
01-06-2020 18:24:06 Windows Update
02-06-2020 13:26:17 Windows Update
02-06-2020 15:39:20 Windows Update
02-06-2020 15:44:08 Windows Update
02-06-2020 17:45:08 Windows Update
03-06-2020 12:07:47 Windows Update
03-06-2020 14:08:39 Windows Update
03-06-2020 14:14:04 Windows Update
03-06-2020 14:15:09 Windows Update
03-06-2020 14:20:15 Windows Update
03-06-2020 14:37:27 Windows Update
03-06-2020 14:43:24 Windows Update
04-06-2020 09:36:49 Windows Update
04-06-2020 14:08:43 Windows Update
04-06-2020 14:20:41 Windows Update
04-06-2020 17:09:16 Windows Update
05-06-2020 12:25:49 Windows Update
05-06-2020 12:30:51 Windows Update
06-06-2020 09:21:32 Windows Update
07-06-2020 11:18:18 Windows Update
07-06-2020 11:22:56 Windows Update
07-06-2020 15:07:18 Windows Update
07-06-2020 16:20:55 Windows Update
07-06-2020 16:25:23 Windows Update
07-06-2020 17:54:16 Windows Update
07-06-2020 17:59:05 Windows Update
08-06-2020 10:56:22 Windows Update
08-06-2020 11:01:19 Windows Update
08-06-2020 15:08:39 Windows Update
08-06-2020 15:12:50 Windows Update
08-06-2020 16:45:47 Windows Update
08-06-2020 17:16:08 Windows Update
09-06-2020 08:55:46 Windows Update
09-06-2020 12:07:32 Windows Update
09-06-2020 12:11:55 Windows Update
09-06-2020 16:13:36 Windows Update

==================== Faulty Device Manager Devices ============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (06/10/2020 08:16:42 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/10/2020 08:08:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mms_mini.exe, version: 12.0.1.3036, time stamp: 0x5977057b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24524, time stamp: 0x5d8045ba
Exception code: 0xc0000005
Fault offset: 0x0000d34a
Faulting process id: 0xb70
Faulting application start time: 0x01d63f2801397896
Faulting application path: C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 70c9c3d2-ab1b-11ea-9400-e984a39f9960

Error: (06/09/2020 11:46:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mms_mini.exe, version: 12.0.1.3036, time stamp: 0x5977057b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24524, time stamp: 0x5d8045ba
Exception code: 0xc0000005
Fault offset: 0x0000d34a
Faulting process id: 0x944
Faulting application start time: 0x01d63e7d40899512
Faulting application path: C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: b60e7b4f-aa70-11ea-bca8-a49bcc51cd64

Error: (06/09/2020 08:54:56 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/09/2020 08:46:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mms_mini.exe, version: 12.0.1.3036, time stamp: 0x5977057b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24524, time stamp: 0x5d8045ba
Exception code: 0xc0000005
Fault offset: 0x0000d34a
Faulting process id: 0xa6c
Faulting application start time: 0x01d63e6431476ed2
Faulting application path: C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 931ce3b7-aa57-11ea-bef9-f647d2626f37

Error: (06/09/2020 08:34:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mms_mini.exe, version: 12.0.1.3036, time stamp: 0x5977057b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24524, time stamp: 0x5d8045ba
Exception code: 0xc0000005
Fault offset: 0x0000d34a
Faulting process id: 0x978
Faulting application start time: 0x01d63e62752a4147
Faulting application path: C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: f86bc5e4-aa55-11ea-845d-97c27a121160

Error: (06/08/2020 04:37:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mms_mini.exe, version: 12.0.1.3036, time stamp: 0x5977057b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24524, time stamp: 0x5d8045ba
Exception code: 0xc0000005
Fault offset: 0x0000d34a
Faulting process id: 0x9ec
Faulting application start time: 0x01d63ddca7ec60b9
Faulting application path: C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 2f8a7ff5-a9d0-11ea-98a0-9861d9789c49

Error: (06/08/2020 02:59:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mms_mini.exe, version: 12.0.1.3036, time stamp: 0x5977057b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24524, time stamp: 0x5d8045ba
Exception code: 0xc0000005
Fault offset: 0x0000d34a
Faulting process id: 0x8c8
Faulting application start time: 0x01d63dceffcba194
Faulting application path: C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 8f668cf1-a9c2-11ea-bd71-c8f392894746


System errors:
=============
Error: (06/10/2020 08:08:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Acronis Managed Machine Service Mini service terminated unexpectedly. It has done this 1 time(s).

Error: (06/10/2020 08:07:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcronisActiveProtectionService service.

Error: (06/09/2020 04:43:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.

Error: (06/09/2020 01:13:55 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{875f9bb1-fd11-11e9-b8e1-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E6BD1CC0-199E-4D1E-B137-79D5FFBA659D}

Error: (06/09/2020 12:11:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Hotfix for Windows (KB947821).

Error: (06/09/2020 12:11:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Hotfix for Windows (KB947821).

Error: (06/09/2020 12:11:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Hotfix for Windows (KB947821).

Error: (06/09/2020 12:11:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Hotfix for Windows (KB947821).


Windows Defender:
===================================
Date: 2020-01-15 16:36:12.067
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{A993458D-70B1-4131-8E71-9019B7AB6FEB}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2019-11-04 06:18:02.908
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{4AE04367-C350-4316-9B8E-76E5EAD9AC8B}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2020-06-08 15:01:17.067
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Backup
Error Code:0x8050a005
Error description:The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Signature version:1.307.2344.0
Engine version:1.1.16900.4

Date: 2020-06-08 15:01:07.502
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80096010
Error description:The digital signature of the object did not verify.
Signature version:1.307.2344.0
Engine version:1.1.16900.4

Date: 2020-06-07 17:49:33.500
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80096010
Error description:The digital signature of the object did not verify.
Signature version:1.313.2798.0
Engine version:1.1.16900.4

Date: 2020-05-06 15:04:20.989
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x8050a005
Error description:The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Signature version:1.307.2344.0
Engine version:1.1.16600.7

Date: 2020-02-08 11:12:19.486
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80096010
Error description:The digital signature of the object did not verify.
Signature version:1.307.2344.0
Engine version:1.1.16600.7

CodeIntegrity:
===================================

Date: 2020-06-01 08:30:58.982
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\mklif\fre_wlh_x86\klifsdk.sys because the set of per-page image hashes could not be found on the system.

Date: 2020-05-06 15:15:05.651
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\mklif\fre_wlh_x86\klfltsdk.sys because the set of per-page image hashes could not be found on the system.

Date: 2019-11-15 16:51:55.965
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\rspndr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-11-15 16:51:55.887
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\rspndr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-11-15 06:20:23.871
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mpsdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-11-15 06:20:23.793
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mpsdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-11-08 06:24:58.532
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\mklif\fre_wlh_x86\klifsdk.sys because the set of per-page image hashes could not be found on the system.

Date: 2019-11-06 07:13:17.443
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Dell Inc. 1.1.3 08/25/2009
Motherboard: Dell Inc. 0M017G
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 46%
Total physical RAM: 8191.18 MB
Available physical RAM: 4378.64 MB
Total Virtual: 16380.5 MB
Available Virtual: 12269.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:581.94 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Local Disc ) (Fixed) (Total:1863.01 GB) (Free:947.27 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C796C701)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 4DD16BE3)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

 

[escorial]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
Ran by JJ (administrator) on JJ-PC (Dell Inc. Studio 540) (10-06-2020 08:13:13)
Running from C:\Users\JJ\Desktop
Loaded Profiles: JJ
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ArcSoft, Inc. -> ArcSoft) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [824240 2020-03-31] (Acronis International GmbH -> Acronis International GmbH)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [326448 2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [441448 2020-03-31] (Acronis International GmbH -> Acronis International GmbH)
HKU\S-1-5-21-228125917-2300426623-2791785727-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [29072568 2020-05-22] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-228125917-2300426623-2791785727-1001\...\MountPoints2: {c5afac90-021e-11ea-90e0-ef72c9633743} - L:\windows\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2019-11-01] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\hpzpp4v2: C:\Windows\System32\spool\prtprocs\x64\hpzpp4v2.dll [224768 2007-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PCL hpz3l4v2: C:\Windows\system32\hpz3l4v2.dll [130048 2007-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.97\Installer\chrmstp.exe [2020-06-08] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{10880D85-AAD9-4558-ABDC-2AB1552D831F}] -> C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe [2009-06-17] (Hewlett-Packard Company -> Hewlett-Packard Company)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10FE0004-DD81-4DDD-AB2D-F1AD5BD7343A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {21CC611B-5A9F-48DC-9F1A-CCECDB5DC3DE} - System32\Tasks\{BBE2A7CA-E029-497B-B7A3-D3A25E2F19F1} => C:\Program Files (x86)\Ratz_Postal2MP_FastStart_v11-2016\System\Postal2MP.exe
Task: {3DB77BD9-E361-4BEC-81F4-14EF1E299A9B} - System32\Tasks\{6DE28E3B-3410-4F89-B34B-5066F46E34D3} => C:\Program Files (x86)\Ratz_Postal2MP_FastStart_v11-2016\System\Postal2MP.exe
Task: {43F19DE6-FEEA-46E3-8217-0682297DF56B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-05] (Google Inc -> Google LLC)
Task: {5201B34A-601B-4E93-A52C-21F6882A3F5D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-05-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {77E9482A-D0F8-4B76-AC0B-CA2069FE524A} - System32\Tasks\{41A2F35A-9E88-4AAF-8432-77679D090308} => C:\Ratz_Postal2MP_FastStart_v11-2016\System\Postal2MP.exe
Task: {AE49737C-C781-44AB-8535-B1B314A771D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {B655899B-4F0A-4636-B3B0-1619DA441CDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-05] (Google Inc -> Google LLC)
Task: {CC434444-A194-4DD5-B4AC-F4D6A89B605C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24690360 2020-05-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FAC2D804-6FFB-492C-BF50-6CD3D6A98B31} - \AutoKMS -> No File <==== ATTENTION
Task: {FBB92DB9-8935-401D-B38D-CAC7F972BBA4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{078C1B59-EBF5-4678-B3F5-19C4CE910CB0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F2247B1C-F5DD-4315-9D31-9186B1E61F02}: [DhcpNameServer] 9.9.9.9 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-11] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default [2020-06-10]
CHR Notifications: Default -> hxxps://ocsnext.ebay.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://accounts.google.com/ServiceLogin/signinchooser?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2Fca%2F&ss=1&scc=1&ltmpl=default&ltmplcache=2&hl=en&emr=1&elo=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin","hxxps://www.google.com/?gws_rd=ssl"
CHR DefaultSearchURL: Default -> hxxps://www.google.com/favicon.ico
CHR Extension: (Slides) - C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-11-05]
CHR Extension: (Docs) - C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-11-05]
CHR Extension: (Google Drive) - C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-26]
CHR Extension: (Gmail) - C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaajjpppeafhlejnkodpcjeihfefaaol [2019-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [51712 2007-10-11] (ArcSoft, Inc. -> ArcSoft)
R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [10341560 2020-03-31] (Acronis International GmbH -> )
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203776 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-06] (Malwarebytes Inc -> Malwarebytes)
S2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2020-03-31] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2020-03-31] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1918976 2020-03-31] (Acronis International GmbH -> )
S3 Tib Mounter Service; C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe [7095824 2020-03-31] (Acronis International GmbH -> Acronis International GmbH)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4501544 2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [40304 2019-02-06] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9319936 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [306176 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Co., Ltd. -> AnvSoft Inc.)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1542656 2009-10-24] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104976 2016-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9319936 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2019-05-21] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2019-05-21] (Techporch Incorporated -> Dell Computer Corporation)
R2 file_protector; C:\Windows\System32\DRIVERS\file_protector.sys [687768 2020-05-07] (Acronis International GmbH -> Acronis International GmbH)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [390592 2020-05-07] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [531280 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klfltsdk; C:\Windows\System32\DRIVERS\klfltsdk.sys [252544 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [521336 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [1107064 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klifsdk; C:\Windows\System32\DRIVERS\klifsdk.sys [1105536 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [212304 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-05-26] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-06-08] (Malwarebytes Inc -> Malwarebytes)
S3 tib; C:\Windows\System32\DRIVERS\tib.sys [883256 2020-05-07] (Acronis International GmbH -> Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [171968 2020-05-07] (Acronis International GmbH -> Acronis International GmbH)
S3 tnd; C:\Windows\System32\DRIVERS\tnd.sys [693768 2020-05-07] (Acronis International GmbH -> Acronis International GmbH)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [330176 2020-05-07] (Acronis International GmbH -> Acronis International GmbH)
R0 volume_tracker; C:\Windows\System32\DRIVERS\volume_tracker.sys [243472 2020-05-07] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-10 08:13 - 2020-06-10 08:15 - 000018887 _____ C:\Users\JJ\Desktop\FRST.txt
2020-06-10 08:12 - 2020-06-10 08:12 - 000000000 ____D C:\Users\JJ\Desktop\FRST-OlderVersion
2020-06-09 08:38 - 2020-06-09 08:38 - 002130882 _____ C:\Users\JJ\Downloads\16ddbeb6-7752-482b-a883-b318baf87345.tmp
2020-06-08 16:41 - 2020-06-08 16:41 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-05-28 14:03 - 2020-05-28 14:03 - 000515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2020-05-23 11:02 - 2020-06-10 08:12 - 002289152 _____ (Farbar) C:\Users\JJ\Desktop\FRST64.exe
2020-05-19 17:55 - 2020-05-09 12:04 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys
2020-05-18 15:30 - 2020-06-10 08:14 - 000000000 ____D C:\FRST
2020-05-18 15:21 - 2009-07-13 19:00 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4usb.sys
2020-05-18 10:12 - 2019-09-16 20:51 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2020-05-18 10:12 - 2010-11-20 05:44 - 000229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys
2020-05-14 13:27 - 2010-11-20 05:34 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2020-05-14 12:05 - 2020-05-14 12:04 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2020-05-13 08:28 - 2020-05-18 11:08 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2020-05-11 19:26 - 2020-05-11 19:26 - 000000000 _____ C:\Windows\cpepmon.mlf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-10 08:06 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-06-09 15:29 - 2020-05-06 15:54 - 000000000 ____D C:\SFCFix
2020-06-09 15:29 - 2020-05-06 15:48 - 000000000 ____D C:\Users\JJ\AppData\Local\niemiro
2020-06-09 11:53 - 2009-07-13 23:45 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-06-09 11:53 - 2009-07-13 23:45 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-06-08 16:47 - 2019-11-05 10:09 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-03 16:23 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2020-06-03 16:20 - 2019-11-05 10:12 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-06-03 16:20 - 2019-11-05 10:12 - 000000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-06-03 16:20 - 2019-11-05 10:12 - 000000824 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-05-29 12:53 - 2009-07-14 00:08 - 000032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-05-28 14:03 - 2019-11-02 09:46 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2020-05-28 14:03 - 2019-11-01 21:14 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2020-05-28 14:03 - 2019-11-01 20:45 - 002543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2020-05-28 14:03 - 2009-07-13 19:07 - 000173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSyncMetastore.dll
2020-05-28 14:03 - 2009-07-13 18:53 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\VaultCmd.exe
2020-05-28 14:03 - 2009-07-13 17:25 - 000146944 _____ (Intel Corporation) C:\Windows\SysWOW64\ivfsrc.ax
2020-05-27 18:31 - 2020-05-07 12:26 - 000000000 ____D C:\ProgramData\Acronis
2020-05-26 10:59 - 2020-05-06 19:25 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-05-24 14:37 - 2009-07-13 18:26 - 000055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys
2020-05-24 08:37 - 2009-07-13 23:45 - 000435808 _____ C:\Windows\system32\FNTCACHE.DAT
2020-05-21 15:09 - 2019-11-02 16:21 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2020-05-20 15:33 - 2019-11-02 16:24 - 001319496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2020-05-20 15:33 - 2019-11-02 09:46 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2020-05-19 17:55 - 2009-07-13 19:10 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\modemui.dll
2020-05-19 17:55 - 2009-07-13 18:42 - 020268032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imageres.dll
2020-05-19 16:10 - 2019-11-01 19:30 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2020-05-19 16:10 - 2019-11-01 19:29 - 001164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2020-05-18 15:21 - 2019-11-02 16:24 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2020-05-18 15:03 - 2009-07-13 18:38 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\framebuf.dll
2020-05-18 14:36 - 2019-11-01 20:47 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2020-05-18 14:36 - 2009-07-13 18:47 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2020-05-18 13:34 - 2019-11-05 10:12 - 000000000 ____D C:\Program Files\CCleaner
2020-05-15 16:22 - 2019-11-14 13:46 - 000000000 ____D C:\Users\JJ\Desktop\Neil Young & Crazy Horse - Colorado (2019)
2020-05-15 15:31 - 2019-11-03 15:36 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-05-15 15:31 - 2019-11-03 15:29 - 000000000 ____D C:\Program Files (x86)\epson
2020-05-15 15:28 - 2020-01-23 11:13 - 000000000 ____D C:\Program Files (x86)\Dell
2020-05-15 15:28 - 2019-11-02 09:20 - 000000000 ____D C:\Users\JJ\AppData\Local\Dell Inc
2020-05-15 15:28 - 2019-11-01 21:54 - 000000000 ____D C:\ProgramData\PCDr
2020-05-15 15:28 - 2019-11-01 21:50 - 000000000 ____D C:\Program Files\Dell
2020-05-15 14:53 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\Registration
2020-05-15 13:56 - 2019-11-01 19:29 - 002983424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2020-05-15 11:05 - 2019-11-02 16:23 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-05-15 11:05 - 2019-11-01 20:45 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2020-05-15 08:26 - 2019-11-02 16:24 - 003966688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2020-05-15 08:26 - 2019-11-02 09:45 - 000628480 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2020-05-15 08:26 - 2019-11-01 19:29 - 000633344 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2020-05-14 14:31 - 2009-07-13 18:54 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\ntdsapi.dll
2020-05-14 14:06 - 2019-11-02 16:23 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2020-05-14 14:06 - 2019-11-02 09:47 - 000208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2020-05-14 14:06 - 2019-11-02 09:46 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2020-05-14 14:06 - 2019-11-02 07:13 - 000193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2020-05-14 14:06 - 2019-11-01 20:45 - 001131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2020-05-14 14:06 - 2009-07-13 19:19 - 000143872 _____ (Microsoft Corporation) C:\Windows\system32\joy.cpl
2020-05-14 13:55 - 2019-11-02 09:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2020-05-14 13:15 - 2019-11-01 19:29 - 002217856 _____ (Microsoft Corporation) C:\Windows\system32\bootres.dll
2020-05-14 12:14 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2020-05-14 12:04 - 2019-11-04 00:59 - 003187712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2020-05-14 12:04 - 2019-11-04 00:59 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2020-05-14 12:04 - 2019-11-04 00:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2020-05-14 12:04 - 2019-11-03 15:23 - 000019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2020-05-14 12:04 - 2019-11-02 16:16 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2020-05-14 12:04 - 2019-11-02 09:47 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2020-05-14 12:04 - 2019-11-02 09:47 - 000091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2020-05-14 12:04 - 2019-11-02 09:47 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2020-05-14 12:04 - 2019-11-02 09:47 - 000009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2020-05-14 12:04 - 2019-11-02 09:47 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2020-05-14 12:04 - 2019-11-02 09:47 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2020-05-14 12:04 - 2019-11-02 09:46 - 002565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2020-05-14 12:04 - 2019-11-02 09:46 - 001389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2020-05-14 12:04 - 2019-11-02 09:46 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2020-05-14 12:04 - 2019-11-02 09:46 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2020-05-14 12:04 - 2019-11-02 09:46 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2020-05-14 12:04 - 2019-11-02 09:46 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2020-05-14 12:04 - 2019-11-02 09:46 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2020-05-14 12:04 - 2019-11-02 09:46 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2020-05-14 12:04 - 2019-11-02 09:46 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2020-05-14 12:04 - 2019-11-02 09:46 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2020-05-14 12:04 - 2019-11-02 09:45 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2020-05-14 12:04 - 2019-11-02 09:45 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2020-05-14 12:04 - 2019-11-02 09:45 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2020-05-14 12:04 - 2019-11-02 09:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2020-05-14 12:04 - 2019-11-02 09:45 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2020-05-14 12:04 - 2019-11-02 09:45 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2020-05-14 12:04 - 2009-07-13 18:38 - 000159232 _____ (Microsoft Corporation) C:\Windows\system32\dispdiag.exe
2020-05-14 12:04 - 2009-07-13 18:37 - 006281216 _____ (Microsoft Corporation) C:\Windows\system32\DDORes.dll
2020-05-14 12:04 - 2009-06-10 15:59 - 000001820 _____ C:\Windows\system32\rasctrnm.h
2020-05-14 12:03 - 2019-11-02 09:47 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2020-05-14 12:03 - 2019-11-02 09:46 - 000914584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2020-05-14 12:03 - 2019-11-02 09:46 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2020-05-14 12:03 - 2019-11-02 09:46 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2020-05-14 12:03 - 2019-11-01 19:30 - 000049488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2020-05-14 11:12 - 2019-11-02 09:47 - 000043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2020-05-14 10:49 - 2009-07-13 18:41 - 000976896 _____ (Microsoft Corporation) C:\Windows\system32\dui70.dll
2020-05-14 10:25 - 2019-11-02 09:45 - 000947904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2020-05-14 09:38 - 2019-11-02 09:47 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2020-05-14 09:38 - 2019-11-02 09:47 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2020-05-14 09:38 - 2019-11-02 09:45 - 000802304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2020-05-14 09:38 - 2009-07-13 18:36 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\dmvdsitf.dll
2020-05-14 09:38 - 2009-07-13 18:36 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\defragproxy.dll
2020-05-14 09:18 - 2019-11-02 16:23 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-05-13 15:16 - 2019-11-01 19:29 - 000194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2020-05-13 10:43 - 2019-11-02 16:23 - 020290048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-05-13 10:43 - 2019-11-01 21:14 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2020-05-13 10:43 - 2019-11-01 20:26 - 000642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2020-05-13 10:43 - 2019-11-01 20:14 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2020-05-13 10:43 - 2019-11-01 19:29 - 000679424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2020-05-13 10:43 - 2019-11-01 19:29 - 000199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\onex.dll
2020-05-13 09:33 - 2009-07-13 18:41 - 000569344 _____ (Microsoft Corporation) C:\Windows\system32\ddraw.dll
2020-05-13 09:21 - 2019-11-02 09:46 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2020-05-13 09:21 - 2009-07-13 18:25 - 000146944 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2020-05-13 09:05 - 2019-11-02 16:16 - 003928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2020-05-13 08:28 - 2019-11-02 09:47 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2020-05-13 08:28 - 2019-11-02 09:47 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2020-05-13 08:28 - 2019-11-02 09:46 - 002023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2020-05-13 08:28 - 2019-11-02 09:46 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2020-05-13 08:28 - 2019-11-02 09:45 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2020-05-13 08:28 - 2019-11-01 21:08 - 000249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2020-05-13 08:28 - 2019-11-01 20:45 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2020-05-13 08:28 - 2019-11-01 19:29 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\biocpl.dll
2020-05-13 08:28 - 2019-11-01 19:29 - 000434688 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
2020-05-13 08:28 - 2019-11-01 19:29 - 000328192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsvcs.dll
2020-05-13 08:28 - 2019-11-01 19:29 - 000314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2020-05-13 08:28 - 2019-11-01 19:29 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\dsauth.dll
2020-05-13 08:28 - 2009-07-13 19:12 - 001739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apds.dll
2020-05-13 08:28 - 2009-07-13 18:57 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\dssec.dll
2020-05-13 08:28 - 2009-07-13 18:38 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\colorcpl.exe
2020-05-13 08:28 - 2009-07-13 16:36 - 000017935 _____ C:\Windows\system32\EventViewer_EventDetails.xsl
2020-05-12 17:33 - 2019-11-02 09:47 - 000246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2020-05-12 17:33 - 2019-11-02 09:47 - 000057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdll.dll
2020-05-12 17:33 - 2019-11-01 20:48 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2020-05-12 17:33 - 2019-11-01 20:42 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2020-05-12 17:33 - 2009-07-13 19:04 - 009053696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmres.dll
2020-05-12 17:33 - 2009-07-13 19:03 - 000038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmloader.dll
2020-05-12 17:33 - 2009-07-13 18:20 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psr.exe
2020-05-12 17:18 - 2019-11-02 16:24 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2020-05-12 17:18 - 2019-11-02 09:47 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2020-05-12 17:18 - 2019-11-02 09:46 - 000357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2020-05-12 17:18 - 2019-11-02 09:45 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2020-05-12 14:40 - 2019-11-01 20:45 - 000040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2020-05-12 14:40 - 2009-07-13 19:07 - 000323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncInfrastructure.dll
2020-05-12 12:51 - 2019-11-02 09:47 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2020-05-12 12:51 - 2019-11-02 09:46 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2020-05-12 11:59 - 2019-11-03 15:35 - 001068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2020-05-12 11:59 - 2019-11-02 09:47 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2020-05-12 11:59 - 2019-11-01 19:29 - 000176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2020-05-12 11:59 - 2009-07-13 18:40 - 000076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DpiScaling.exe
2020-05-12 11:59 - 2009-07-13 18:32 - 000097280 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.dll
2020-05-12 09:59 - 2019-11-04 00:59 - 007082496 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-05-12 09:59 - 2019-11-02 09:47 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2020-05-12 09:59 - 2019-11-02 09:47 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2020-05-12 09:59 - 2019-11-02 09:47 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2020-05-12 09:59 - 2019-11-01 19:29 - 005066752 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll
2020-05-11 19:28 - 2019-11-01 18:51 - 000000000 ____D C:\ProgramData\CheckPoint
2020-05-11 19:11 - 2019-11-02 09:46 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2020-05-11 19:11 - 2009-07-13 19:03 - 000016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\midimap.dll
2020-05-11 19:11 - 2009-07-13 18:56 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\deskperf.dll
2020-05-11 19:11 - 2009-07-13 18:55 - 000068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsockhc.dll
2020-05-11 17:34 - 2019-11-02 16:24 - 000834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-05-11 17:34 - 2019-11-02 09:46 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2020-05-11 17:34 - 2019-11-02 09:45 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2020-05-11 17:34 - 2009-07-13 19:14 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl.dll
2020-05-11 17:08 - 2019-11-02 09:46 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2020-05-11 17:08 - 2019-11-01 21:14 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2020-05-11 17:08 - 2009-07-13 18:32 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psbase.dll
2020-05-11 17:08 - 2009-07-13 18:25 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\comp.exe
2020-05-11 16:43 - 2019-11-01 20:25 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2020-05-11 15:40 - 2019-11-01 19:30 - 000312168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCEWMDRMNDBootstrap.dll
2020-05-11 15:28 - 2019-11-02 09:46 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2020-05-11 15:28 - 2019-11-02 09:45 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2020-05-11 14:22 - 2019-11-02 16:24 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2020-05-11 12:43 - 2019-11-02 16:24 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2020-05-11 12:17 - 2019-11-02 16:23 - 013808640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-05-11 12:17 - 2019-11-02 09:46 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2020-05-11 12:17 - 2019-11-01 19:29 - 000861184 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll
2020-05-11 12:17 - 2009-07-13 18:28 - 001036800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8.dll
2020-05-11 11:17 - 2019-11-01 19:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-06-06 10:18
==================== End of FRST.txt ========================

 

[PeterJ]

Please read the instructions carefully:
6. Post the logfiles FRST.txt and Addition.txt as attachment in your next reply.

 

[escorial]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
Ran by JJ (administrator) on JJ-PC (Dell Inc. Studio 540) (10-06-2020 08:13:13)
Running from C:\Users\JJ\Desktop
Loaded Profiles: JJ
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ArcSoft, Inc. -> ArcSoft) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [824240 2020-03-31] (Acronis International GmbH -> Acronis International GmbH)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [326448 2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [441448 2020-03-31] (Acronis International GmbH -> Acronis International GmbH)
HKU\S-1-5-21-228125917-2300426623-2791785727-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [29072568 2020-05-22] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-228125917-2300426623-2791785727-1001\...\MountPoints2: {c5afac90-021e-11ea-90e0-ef72c9633743} - L:\windows\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2019-11-01] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\hpzpp4v2: C:\Windows\System32\spool\prtprocs\x64\hpzpp4v2.dll [224768 2007-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PCL hpz3l4v2: C:\Windows\system32\hpz3l4v2.dll [130048 2007-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.97\Installer\chrmstp.exe [2020-06-08] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{10880D85-AAD9-4558-ABDC-2AB1552D831F}] -> C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe [2009-06-17] (Hewlett-Packard Company -> Hewlett-Packard Company)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10FE0004-DD81-4DDD-AB2D-F1AD5BD7343A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {21CC611B-5A9F-48DC-9F1A-CCECDB5DC3DE} - System32\Tasks\{BBE2A7CA-E029-497B-B7A3-D3A25E2F19F1} => C:\Program Files (x86)\Ratz_Postal2MP_FastStart_v11-2016\System\Postal2MP.exe
Task: {3DB77BD9-E361-4BEC-81F4-14EF1E299A9B} - System32\Tasks\{6DE28E3B-3410-4F89-B34B-5066F46E34D3} => C:\Program Files (x86)\Ratz_Postal2MP_FastStart_v11-2016\System\Postal2MP.exe
Task: {43F19DE6-FEEA-46E3-8217-0682297DF56B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-05] (Google Inc -> Google LLC)
Task: {5201B34A-601B-4E93-A52C-21F6882A3F5D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-05-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {77E9482A-D0F8-4B76-AC0B-CA2069FE524A} - System32\Tasks\{41A2F35A-9E88-4AAF-8432-77679D090308} => C:\Ratz_Postal2MP_FastStart_v11-2016\System\Postal2MP.exe
Task: {AE49737C-C781-44AB-8535-B1B314A771D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {B655899B-4F0A-4636-B3B0-1619DA441CDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-05] (Google Inc -> Google LLC)
Task: {CC434444-A194-4DD5-B4AC-F4D6A89B605C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24690360 2020-05-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FAC2D804-6FFB-492C-BF50-6CD3D6A98B31} - \AutoKMS -> No File <==== ATTENTION
Task: {FBB92DB9-8935-401D-B38D-CAC7F972BBA4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{078C1B59-EBF5-4678-B3F5-19C4CE910CB0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F2247B1C-F5DD-4315-9D31-9186B1E61F02}: [DhcpNameServer] 9.9.9.9 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-11] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default [2020-06-10]
CHR Notifications: Default -> hxxps://ocsnext.ebay.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://accounts.google.com/ServiceLogin/signinchooser?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2Fca%2F&ss=1&scc=1&ltmpl=default&ltmplcache=2&hl=en&emr=1&elo=1&flowName=GlifWebSignIn&flowEntry=ServiceLogin","hxxps://www.google.com/?gws_rd=ssl"
CHR DefaultSearchURL: Default -> hxxps://www.google.com/favicon.ico
CHR Extension: (Slides) - C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-11-05]
CHR Extension: (Docs) - C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-11-05]
CHR Extension: (Google Drive) - C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-26]
CHR Extension: (Gmail) - C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaajjpppeafhlejnkodpcjeihfefaaol [2019-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [51712 2007-10-11] (ArcSoft, Inc. -> ArcSoft)
R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [10341560 2020-03-31] (Acronis International GmbH -> )
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203776 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-06] (Malwarebytes Inc -> Malwarebytes)
S2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2020-03-31] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2020-03-31] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1918976 2020-03-31] (Acronis International GmbH -> )
S3 Tib Mounter Service; C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe [7095824 2020-03-31] (Acronis International GmbH -> Acronis International GmbH)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4501544 2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [40304 2019-02-06] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9319936 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [306176 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Co., Ltd. -> AnvSoft Inc.)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1542656 2009-10-24] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104976 2016-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9319936 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2019-05-21] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2019-05-21] (Techporch Incorporated -> Dell Computer Corporation)
R2 file_protector; C:\Windows\System32\DRIVERS\file_protector.sys [687768 2020-05-07] (Acronis International GmbH -> Acronis International GmbH)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [390592 2020-05-07] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [531280 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klfltsdk; C:\Windows\System32\DRIVERS\klfltsdk.sys [252544 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [521336 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [1107064 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klifsdk; C:\Windows\System32\DRIVERS\klifsdk.sys [1105536 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [212304 2019-07-25] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-05-26] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-06-08] (Malwarebytes Inc -> Malwarebytes)
S3 tib; C:\Windows\System32\DRIVERS\tib.sys [883256 2020-05-07] (Acronis International GmbH -> Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [171968 2020-05-07] (Acronis International GmbH -> Acronis International GmbH)
S3 tnd; C:\Windows\System32\DRIVERS\tnd.sys [693768 2020-05-07] (Acronis International GmbH -> Acronis International GmbH)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [330176 2020-05-07] (Acronis International GmbH -> Acronis International GmbH)
R0 volume_tracker; C:\Windows\System32\DRIVERS\volume_tracker.sys [243472 2020-05-07] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-10 08:13 - 2020-06-10 08:15 - 000018887 _____ C:\Users\JJ\Desktop\FRST.txt
2020-06-10 08:12 - 2020-06-10 08:12 - 000000000 ____D C:\Users\JJ\Desktop\FRST-OlderVersion
2020-06-09 08:38 - 2020-06-09 08:38 - 002130882 _____ C:\Users\JJ\Downloads\16ddbeb6-7752-482b-a883-b318baf87345.tmp
2020-06-08 16:41 - 2020-06-08 16:41 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-05-28 14:03 - 2020-05-28 14:03 - 000515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2020-05-23 11:02 - 2020-06-10 08:12 - 002289152 _____ (Farbar) C:\Users\JJ\Desktop\FRST64.exe
2020-05-19 17:55 - 2020-05-09 12:04 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys
2020-05-18 15:30 - 2020-06-10 08:14 - 000000000 ____D C:\FRST
2020-05-18 15:21 - 2009-07-13 19:00 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4usb.sys
2020-05-18 10:12 - 2019-09-16 20:51 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2020-05-18 10:12 - 2010-11-20 05:44 - 000229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys
2020-05-14 13:27 - 2010-11-20 05:34 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2020-05-14 12:05 - 2020-05-14 12:04 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2020-05-13 08:28 - 2020-05-18 11:08 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2020-05-11 19:26 - 2020-05-11 19:26 - 000000000 _____ C:\Windows\cpepmon.mlf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-10 08:06 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-06-09 15:29 - 2020-05-06 15:54 - 000000000 ____D C:\SFCFix
2020-06-09 15:29 - 2020-05-06 15:48 - 000000000 ____D C:\Users\JJ\AppData\Local\niemiro
2020-06-09 11:53 - 2009-07-13 23:45 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-06-09 11:53 - 2009-07-13 23:45 - 000014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-06-08 16:47 - 2019-11-05 10:09 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-03 16:23 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2020-06-03 16:20 - 2019-11-05 10:12 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-06-03 16:20 - 2019-11-05 10:12 - 000000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-06-03 16:20 - 2019-11-05 10:12 - 000000824 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-05-29 12:53 - 2009-07-14 00:08 - 000032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-05-28 14:03 - 2019-11-02 09:46 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2020-05-28 14:03 - 2019-11-01 21:14 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2020-05-28 14:03 - 2019-11-01 20:45 - 002543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2020-05-28 14:03 - 2009-07-13 19:07 - 000173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSyncMetastore.dll
2020-05-28 14:03 - 2009-07-13 18:53 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\VaultCmd.exe
2020-05-28 14:03 - 2009-07-13 17:25 - 000146944 _____ (Intel Corporation) C:\Windows\SysWOW64\ivfsrc.ax
2020-05-27 18:31 - 2020-05-07 12:26 - 000000000 ____D C:\ProgramData\Acronis
2020-05-26 10:59 - 2020-05-06 19:25 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-05-24 14:37 - 2009-07-13 18:26 - 000055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys
2020-05-24 08:37 - 2009-07-13 23:45 - 000435808 _____ C:\Windows\system32\FNTCACHE.DAT
2020-05-21 15:09 - 2019-11-02 16:21 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2020-05-20 15:33 - 2019-11-02 16:24 - 001319496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2020-05-20 15:33 - 2019-11-02 09:46 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2020-05-19 17:55 - 2009-07-13 19:10 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\modemui.dll
2020-05-19 17:55 - 2009-07-13 18:42 - 020268032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imageres.dll
2020-05-19 16:10 - 2019-11-01 19:30 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2020-05-19 16:10 - 2019-11-01 19:29 - 001164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2020-05-18 15:21 - 2019-11-02 16:24 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2020-05-18 15:03 - 2009-07-13 18:38 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\framebuf.dll
2020-05-18 14:36 - 2019-11-01 20:47 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2020-05-18 14:36 - 2009-07-13 18:47 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2020-05-18 13:34 - 2019-11-05 10:12 - 000000000 ____D C:\Program Files\CCleaner
2020-05-15 16:22 - 2019-11-14 13:46 - 000000000 ____D C:\Users\JJ\Desktop\Neil Young & Crazy Horse - Colorado (2019)
2020-05-15 15:31 - 2019-11-03 15:36 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-05-15 15:31 - 2019-11-03 15:29 - 000000000 ____D C:\Program Files (x86)\epson
2020-05-15 15:28 - 2020-01-23 11:13 - 000000000 ____D C:\Program Files (x86)\Dell
2020-05-15 15:28 - 2019-11-02 09:20 - 000000000 ____D C:\Users\JJ\AppData\Local\Dell Inc
2020-05-15 15:28 - 2019-11-01 21:54 - 000000000 ____D C:\ProgramData\PCDr
2020-05-15 15:28 - 2019-11-01 21:50 - 000000000 ____D C:\Program Files\Dell
2020-05-15 14:53 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\Registration
2020-05-15 13:56 - 2019-11-01 19:29 - 002983424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2020-05-15 11:05 - 2019-11-02 16:23 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-05-15 11:05 - 2019-11-01 20:45 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2020-05-15 08:26 - 2019-11-02 16:24 - 003966688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2020-05-15 08:26 - 2019-11-02 09:45 - 000628480 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2020-05-15 08:26 - 2019-11-01 19:29 - 000633344 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2020-05-14 14:31 - 2009-07-13 18:54 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\ntdsapi.dll
2020-05-14 14:06 - 2019-11-02 16:23 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2020-05-14 14:06 - 2019-11-02 09:47 - 000208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2020-05-14 14:06 - 2019-11-02 09:46 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2020-05-14 14:06 - 2019-11-02 07:13 - 000193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2020-05-14 14:06 - 2019-11-01 20:45 - 001131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2020-05-14 14:06 - 2009-07-13 19:19 - 000143872 _____ (Microsoft Corporation) C:\Windows\system32\joy.cpl
2020-05-14 13:55 - 2019-11-02 09:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2020-05-14 13:15 - 2019-11-01 19:29 - 002217856 _____ (Microsoft Corporation) C:\Windows\system32\bootres.dll
2020-05-14 12:14 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2020-05-14 12:04 - 2019-11-04 00:59 - 003187712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2020-05-14 12:04 - 2019-11-04 00:59 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2020-05-14 12:04 - 2019-11-04 00:59 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2020-05-14 12:04 - 2019-11-03 15:23 - 000019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2020-05-14 12:04 - 2019-11-02 16:16 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2020-05-14 12:04 - 2019-11-02 09:47 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2020-05-14 12:04 - 2019-11-02 09:47 - 000091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2020-05-14 12:04 - 2019-11-02 09:47 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2020-05-14 12:04 - 2019-11-02 09:47 - 000009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2020-05-14 12:04 - 2019-11-02 09:47 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2020-05-14 12:04 - 2019-11-02 09:47 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2020-05-14 12:04 - 2019-11-02 09:46 - 002565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2020-05-14 12:04 - 2019-11-02 09:46 - 001389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2020-05-14 12:04 - 2019-11-02 09:46 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2020-05-14 12:04 - 2019-11-02 09:46 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2020-05-14 12:04 - 2019-11-02 09:46 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2020-05-14 12:04 - 2019-11-02 09:46 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2020-05-14 12:04 - 2019-11-02 09:46 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2020-05-14 12:04 - 2019-11-02 09:46 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2020-05-14 12:04 - 2019-11-02 09:46 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2020-05-14 12:04 - 2019-11-02 09:46 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2020-05-14 12:04 - 2019-11-02 09:45 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2020-05-14 12:04 - 2019-11-02 09:45 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2020-05-14 12:04 - 2019-11-02 09:45 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2020-05-14 12:04 - 2019-11-02 09:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2020-05-14 12:04 - 2019-11-02 09:45 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2020-05-14 12:04 - 2019-11-02 09:45 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2020-05-14 12:04 - 2009-07-13 18:38 - 000159232 _____ (Microsoft Corporation) C:\Windows\system32\dispdiag.exe
2020-05-14 12:04 - 2009-07-13 18:37 - 006281216 _____ (Microsoft Corporation) C:\Windows\system32\DDORes.dll
2020-05-14 12:04 - 2009-06-10 15:59 - 000001820 _____ C:\Windows\system32\rasctrnm.h
2020-05-14 12:03 - 2019-11-02 09:47 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2020-05-14 12:03 - 2019-11-02 09:46 - 000914584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2020-05-14 12:03 - 2019-11-02 09:46 - 000525824 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2020-05-14 12:03 - 2019-11-02 09:46 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2020-05-14 12:03 - 2019-11-01 19:30 - 000049488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2020-05-14 11:12 - 2019-11-02 09:47 - 000043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2020-05-14 10:49 - 2009-07-13 18:41 - 000976896 _____ (Microsoft Corporation) C:\Windows\system32\dui70.dll
2020-05-14 10:25 - 2019-11-02 09:45 - 000947904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2020-05-14 09:38 - 2019-11-02 09:47 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2020-05-14 09:38 - 2019-11-02 09:47 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2020-05-14 09:38 - 2019-11-02 09:45 - 000802304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2020-05-14 09:38 - 2009-07-13 18:36 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\dmvdsitf.dll
2020-05-14 09:38 - 2009-07-13 18:36 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\defragproxy.dll
2020-05-14 09:18 - 2019-11-02 16:23 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-05-13 15:16 - 2019-11-01 19:29 - 000194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2020-05-13 10:43 - 2019-11-02 16:23 - 020290048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-05-13 10:43 - 2019-11-01 21:14 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2020-05-13 10:43 - 2019-11-01 20:26 - 000642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2020-05-13 10:43 - 2019-11-01 20:14 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2020-05-13 10:43 - 2019-11-01 19:29 - 000679424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2020-05-13 10:43 - 2019-11-01 19:29 - 000199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\onex.dll
2020-05-13 09:33 - 2009-07-13 18:41 - 000569344 _____ (Microsoft Corporation) C:\Windows\system32\ddraw.dll
2020-05-13 09:21 - 2019-11-02 09:46 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2020-05-13 09:21 - 2009-07-13 18:25 - 000146944 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2020-05-13 09:05 - 2019-11-02 16:16 - 003928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2020-05-13 08:28 - 2019-11-02 09:47 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2020-05-13 08:28 - 2019-11-02 09:47 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2020-05-13 08:28 - 2019-11-02 09:46 - 002023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2020-05-13 08:28 - 2019-11-02 09:46 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2020-05-13 08:28 - 2019-11-02 09:45 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2020-05-13 08:28 - 2019-11-01 21:08 - 000249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2020-05-13 08:28 - 2019-11-01 20:45 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2020-05-13 08:28 - 2019-11-01 19:29 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\biocpl.dll
2020-05-13 08:28 - 2019-11-01 19:29 - 000434688 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
2020-05-13 08:28 - 2019-11-01 19:29 - 000328192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsvcs.dll
2020-05-13 08:28 - 2019-11-01 19:29 - 000314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2020-05-13 08:28 - 2019-11-01 19:29 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\dsauth.dll
2020-05-13 08:28 - 2009-07-13 19:12 - 001739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apds.dll
2020-05-13 08:28 - 2009-07-13 18:57 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\dssec.dll
2020-05-13 08:28 - 2009-07-13 18:38 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\colorcpl.exe
2020-05-13 08:28 - 2009-07-13 16:36 - 000017935 _____ C:\Windows\system32\EventViewer_EventDetails.xsl
2020-05-12 17:33 - 2019-11-02 09:47 - 000246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2020-05-12 17:33 - 2019-11-02 09:47 - 000057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdll.dll
2020-05-12 17:33 - 2019-11-01 20:48 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2020-05-12 17:33 - 2019-11-01 20:42 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2020-05-12 17:33 - 2009-07-13 19:04 - 009053696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmres.dll
2020-05-12 17:33 - 2009-07-13 19:03 - 000038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmloader.dll
2020-05-12 17:33 - 2009-07-13 18:20 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psr.exe
2020-05-12 17:18 - 2019-11-02 16:24 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2020-05-12 17:18 - 2019-11-02 09:47 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2020-05-12 17:18 - 2019-11-02 09:46 - 000357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2020-05-12 17:18 - 2019-11-02 09:45 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2020-05-12 14:40 - 2019-11-01 20:45 - 000040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2020-05-12 14:40 - 2009-07-13 19:07 - 000323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncInfrastructure.dll
2020-05-12 12:51 - 2019-11-02 09:47 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2020-05-12 12:51 - 2019-11-02 09:46 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2020-05-12 11:59 - 2019-11-03 15:35 - 001068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2020-05-12 11:59 - 2019-11-02 09:47 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2020-05-12 11:59 - 2019-11-01 19:29 - 000176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2020-05-12 11:59 - 2009-07-13 18:40 - 000076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DpiScaling.exe
2020-05-12 11:59 - 2009-07-13 18:32 - 000097280 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.dll
2020-05-12 09:59 - 2019-11-04 00:59 - 007082496 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-05-12 09:59 - 2019-11-02 09:47 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2020-05-12 09:59 - 2019-11-02 09:47 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2020-05-12 09:59 - 2019-11-02 09:47 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2020-05-12 09:59 - 2019-11-01 19:29 - 005066752 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll
2020-05-11 19:28 - 2019-11-01 18:51 - 000000000 ____D C:\ProgramData\CheckPoint
2020-05-11 19:11 - 2019-11-02 09:46 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2020-05-11 19:11 - 2009-07-13 19:03 - 000016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\midimap.dll
2020-05-11 19:11 - 2009-07-13 18:56 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\deskperf.dll
2020-05-11 19:11 - 2009-07-13 18:55 - 000068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsockhc.dll
2020-05-11 17:34 - 2019-11-02 16:24 - 000834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-05-11 17:34 - 2019-11-02 09:46 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2020-05-11 17:34 - 2019-11-02 09:45 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2020-05-11 17:34 - 2009-07-13 19:14 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl.dll
2020-05-11 17:08 - 2019-11-02 09:46 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2020-05-11 17:08 - 2019-11-01 21:14 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2020-05-11 17:08 - 2009-07-13 18:32 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psbase.dll
2020-05-11 17:08 - 2009-07-13 18:25 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\comp.exe
2020-05-11 16:43 - 2019-11-01 20:25 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2020-05-11 15:40 - 2019-11-01 19:30 - 000312168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCEWMDRMNDBootstrap.dll
2020-05-11 15:28 - 2019-11-02 09:46 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2020-05-11 15:28 - 2019-11-02 09:45 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2020-05-11 14:22 - 2019-11-02 16:24 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2020-05-11 12:43 - 2019-11-02 16:24 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2020-05-11 12:17 - 2019-11-02 16:23 - 013808640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-05-11 12:17 - 2019-11-02 09:46 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2020-05-11 12:17 - 2019-11-01 19:29 - 000861184 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll
2020-05-11 12:17 - 2009-07-13 18:28 - 001036800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8.dll
2020-05-11 11:17 - 2019-11-01 19:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-06-06 10:18
==================== End of FRST.txt ========================

 

[PeterJ]

There is a hacktool present or remnants of it to use Windows and / or Office not legitimately.
It is against the rules to help people with an illegal operating system or other illegally used programs.
Hacktools can make your system slower and also less secure.
Do you agree that we continue to do a repair attempt for this computer that will also remove the hacktool ?

 

[escorial]

Yes by all means, I see 2013 office but not activated , Iam uninstalling it right now

 

[PeterJ]

There are some remnants active from Kaspersky, an antivirus program. Is that uninstalled ?
Is "Ratz_Postal2MP_FastStart_v11-2016" uninstalled ?

 

[escorial]

There are some remnants active from Kaspersky, an antivirus program. Is that uninstalled ?
Is "Ratz_Postal2MP_FastStart_v11-2016" uninstalled ?

Kapersky? Never ever used, I only use Zone Alarm? How would I find it?

Postal 2 is a free game Ratz House of Games

I also have the OEM dvd for that I can uninstall if necessary

 

[escorial]

About Kaspersky, I believe its part of Zonealarm and sorry I really think it would be a bad idea to be doing this w/o and Antivirus?? Your thoughts?

Cloud Scannin Policy


ZoneAlarm is cooperating with Kaspersky Lab ZAO to improve antivirus protection using cloud-based real-time detection.

Back to Postal its not on my PC I looked in C: programs and Programs 86 and NADA. Also just tried to search and nothing

I did have the game installed on this pc at one time but that had to be prior to late 2018.

Where would I look for the remnants?

Should I reinstall Postal and uninstall? Its a large file and takes some time

 

[PeterJ]

About Kaspersky, I believe its part of Zonealarm

Yes, that can be right.
The following fix will remove the remnants of the hacktool and the Postal game.

Warning: This script was written specifically for this user, for use on that particular machine. Do not run this script on another machine.

1. Download the attachment fixlist.txt and save it to your desktop.
2. Right-click on FRST64.exe and select "Run as administrator".
3. Press the Fix button.
4. The tool will now process fixlist.txt.
5. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
6. When finished, a log called Fixlog.txt will appear in the same directory the tool is run from.
7. Post the logfile Fixlog.txt as attachment in your next reply.

 

[escorial]

See attached

 

[PeterJ]

Well done. Make sure your antivirus program is uptodate then perform a full system scan and report the result.

 

[escorial]

Zone Alarm is set to auto update every hour and basic scan is done every day, today I did the full in depth scan ( 3 hours) which came back clean.

Hopefully this is what you wanted or did you want me to run the Scannow?

 

[PeterJ]

Hopefully this is what you wanted

Indeed.

Step 1:
WARNING! The following fix is specific to the user's system in this thread only. No one else should follow these instructions, as it could damage your system.

• Download the attachment SFCFix.zip and save it on your desktop.
• Save any work you have open, and close all programs.
• Drag the SFCFix.zip file over the SFCFix.exe executable and release it.
  
  
• SFCFix will launch, let it complete.
• Once done, a file will appear on your desktop, called SFCFix.txt.
• Open the file, then copy and paste its content in your next reply.

Step 2:
Restart the computer.
Open an elevated command prompt.
copy and paste the following commands into it, press enter after each.

sfc /scannow

Wait for this to finish before you continue

copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"

This will create a file, cbs.txt on your Desktop. Zip this file and attach the zipped cbs.txt to your next post.

 

[escorial]

SFCFix version 3.0.2.1 by niemiro.
Start time: 2020-06-11 12:49:44.827
Microsoft Windows 7 Service Pack 1 - amd64
Using .zip script file at C:\Users\JJ\Desktop\SFCFix.zip [0]




PowerCopy::
Successfully took permissions for file or folder C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24383_none_0ba36e373ee432e7\mspatcha.dll
Successfully took permissions for file or folder C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\CbsCore.dll
Successfully took permissions for file or folder C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\PkgMgr.exe
Successfully took permissions for file or folder C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_11.2.9600.19507_none_4230e9544f8e5d5b.manifest
Successfully took permissions for file or folder C:\Windows\winsxs\Manifests\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.23893_none_ca8123aa41fb0b8b.manifest
Successfully took permissions for file or folder C:\Windows\winsxs\Manifests\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18717_none_a508c338c9dbe85e.manifest
Successfully took permissions for file or folder C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_7.1.7601.24542_none_7feb6fa680667a38.manifest
Successfully took permissions for file or folder C:\Windows\winsxs\Manifests\amd64_microsoft-windows-wpd-legacywmdmcesp_31bf3856ad364e35_6.1.7601.18872_none_1a80fa6617c73a30.manifest
Successfully took permissions for file or folder C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\PkgMgr.exe
Successfully took permissions for file or folder C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\cmiv2.dll
Successfully took permissions for file or folder C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\wbemcore.dll
Successfully took permissions for file or folder C:\Windows\servicing\packages\Package_1235_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat
Successfully took permissions for file or folder C:\Windows\servicing\packages\Package_1235_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.mum
Successfully took permissions for file or folder C:\Windows\servicing\packages\Package_1257_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.cat
Successfully took permissions for file or folder C:\Windows\servicing\packages\Package_1257_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.mum
Successfully took permissions for file or folder C:\Windows\servicing\packages\Package_1392_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.cat
Successfully took permissions for file or folder C:\Windows\servicing\packages\Package_1392_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.mum
Successfully took permissions for file or folder C:\Windows\servicing\packages\package_152_for_kb4025341~31bf3856ad364e35~amd64~~6.1.1.6.cat
Successfully took permissions for file or folder C:\Windows\servicing\packages\package_152_for_kb4025341~31bf3856ad364e35~amd64~~6.1.1.6.mum
Successfully took permissions for file or folder C:\Windows\servicing\packages\Package_175_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat
Successfully took permissions for file or folder C:\Windows\servicing\packages\Package_175_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.mum
Successfully took permissions for file or folder C:\Windows\servicing\packages\Package_202_for_KB4530734~31bf3856ad364e35~amd64~~6.1.1.10.cat
Successfully took permissions for file or folder C:\Windows\servicing\packages\Package_202_for_KB4530734~31bf3856ad364e35~amd64~~6.1.1.10.mum

Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24383_none_0ba36e373ee432e7\mspatcha.dll to C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24383_none_0ba36e373ee432e7\mspatcha.dll.
WARNING: File C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\CbsCore.dll was not backed up as that would replace the current backup.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\CbsCore.dll to C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\CbsCore.dll.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\PkgMgr.exe to C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\PkgMgr.exe.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\winsxs\Manifests\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_11.2.9600.19507_none_4230e9544f8e5d5b.manifest to C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_11.2.9600.19507_none_4230e9544f8e5d5b.manifest.
WARNING: File C:\Windows\winsxs\Manifests\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.23893_none_ca8123aa41fb0b8b.manifest was not backed up as that would replace the current backup.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\winsxs\Manifests\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.23893_none_ca8123aa41fb0b8b.manifest to C:\Windows\winsxs\Manifests\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.23893_none_ca8123aa41fb0b8b.manifest.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\winsxs\Manifests\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18717_none_a508c338c9dbe85e.manifest to C:\Windows\winsxs\Manifests\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18717_none_a508c338c9dbe85e.manifest.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\winsxs\Manifests\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_7.1.7601.24542_none_7feb6fa680667a38.manifest to C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_7.1.7601.24542_none_7feb6fa680667a38.manifest.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\winsxs\Manifests\amd64_microsoft-windows-wpd-legacywmdmcesp_31bf3856ad364e35_6.1.7601.18872_none_1a80fa6617c73a30.manifest to C:\Windows\winsxs\Manifests\amd64_microsoft-windows-wpd-legacywmdmcesp_31bf3856ad364e35_6.1.7601.18872_none_1a80fa6617c73a30.manifest.
WARNING: File C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\PkgMgr.exe was not backed up as that would replace the current backup.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\PkgMgr.exe to C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\PkgMgr.exe.
WARNING: File C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\cmiv2.dll was not backed up as that would replace the current backup.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\cmiv2.dll to C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\cmiv2.dll.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\wbemcore.dll to C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\wbemcore.dll.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\servicing\packages\Package_1235_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat to C:\Windows\servicing\packages\Package_1235_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\servicing\packages\Package_1235_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.mum to C:\Windows\servicing\packages\Package_1235_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.mum.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\servicing\packages\Package_1257_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.cat to C:\Windows\servicing\packages\Package_1257_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.cat.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\servicing\packages\Package_1257_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.mum to C:\Windows\servicing\packages\Package_1257_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.mum.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\servicing\packages\Package_1392_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.cat to C:\Windows\servicing\packages\Package_1392_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.cat.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\servicing\packages\Package_1392_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.mum to C:\Windows\servicing\packages\Package_1392_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.mum.
WARNING: File C:\Windows\servicing\packages\package_152_for_kb4025341~31bf3856ad364e35~amd64~~6.1.1.6.cat was not backed up as that would replace the current backup.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\servicing\packages\package_152_for_kb4025341~31bf3856ad364e35~amd64~~6.1.1.6.cat to C:\Windows\servicing\packages\package_152_for_kb4025341~31bf3856ad364e35~amd64~~6.1.1.6.cat.
WARNING: File C:\Windows\servicing\packages\package_152_for_kb4025341~31bf3856ad364e35~amd64~~6.1.1.6.mum was not backed up as that would replace the current backup.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\servicing\packages\package_152_for_kb4025341~31bf3856ad364e35~amd64~~6.1.1.6.mum to C:\Windows\servicing\packages\package_152_for_kb4025341~31bf3856ad364e35~amd64~~6.1.1.6.mum.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\servicing\packages\Package_175_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat to C:\Windows\servicing\packages\Package_175_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\servicing\packages\Package_175_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.mum to C:\Windows\servicing\packages\Package_175_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.mum.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\servicing\packages\Package_202_for_KB4530734~31bf3856ad364e35~amd64~~6.1.1.10.cat to C:\Windows\servicing\packages\Package_202_for_KB4530734~31bf3856ad364e35~amd64~~6.1.1.10.cat.
Successfully copied file C:\Users\JJ\AppData\Local\niemiro\Archive\servicing\packages\Package_202_for_KB4530734~31bf3856ad364e35~amd64~~6.1.1.10.mum to C:\Windows\servicing\packages\Package_202_for_KB4530734~31bf3856ad364e35~amd64~~6.1.1.10.mum.

Successfully restored ownership for C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24383_none_0ba36e373ee432e7\mspatcha.dll
Successfully restored permissions on C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.24383_none_0ba36e373ee432e7\mspatcha.dll
Successfully restored ownership for C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\CbsCore.dll
Successfully restored permissions on C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\CbsCore.dll
Successfully restored ownership for C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\PkgMgr.exe
Successfully restored permissions on C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\PkgMgr.exe
Successfully restored ownership for C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_11.2.9600.19507_none_4230e9544f8e5d5b.manifest
Successfully restored permissions on C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_11.2.9600.19507_none_4230e9544f8e5d5b.manifest
Successfully restored ownership for C:\Windows\winsxs\Manifests\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.23893_none_ca8123aa41fb0b8b.manifest
Successfully restored permissions on C:\Windows\winsxs\Manifests\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.23893_none_ca8123aa41fb0b8b.manifest
Successfully restored ownership for C:\Windows\winsxs\Manifests\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18717_none_a508c338c9dbe85e.manifest
Successfully restored permissions on C:\Windows\winsxs\Manifests\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18717_none_a508c338c9dbe85e.manifest
Successfully restored ownership for C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_7.1.7601.24542_none_7feb6fa680667a38.manifest
Successfully restored permissions on C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_7.1.7601.24542_none_7feb6fa680667a38.manifest
Successfully restored ownership for C:\Windows\winsxs\Manifests\amd64_microsoft-windows-wpd-legacywmdmcesp_31bf3856ad364e35_6.1.7601.18872_none_1a80fa6617c73a30.manifest
Successfully restored permissions on C:\Windows\winsxs\Manifests\amd64_microsoft-windows-wpd-legacywmdmcesp_31bf3856ad364e35_6.1.7601.18872_none_1a80fa6617c73a30.manifest
Successfully restored ownership for C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\PkgMgr.exe
Successfully restored permissions on C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\PkgMgr.exe
Successfully restored ownership for C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\cmiv2.dll
Successfully restored permissions on C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\cmiv2.dll
Successfully restored ownership for C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\wbemcore.dll
Successfully restored permissions on C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\wbemcore.dll
Successfully restored ownership for C:\Windows\servicing\packages\Package_1235_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat
Successfully restored permissions on C:\Windows\servicing\packages\Package_1235_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat
Successfully restored ownership for C:\Windows\servicing\packages\Package_1235_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.mum
Successfully restored permissions on C:\Windows\servicing\packages\Package_1235_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.mum
Successfully restored ownership for C:\Windows\servicing\packages\Package_1257_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.cat
Successfully restored permissions on C:\Windows\servicing\packages\Package_1257_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.cat
Successfully restored ownership for C:\Windows\servicing\packages\Package_1257_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.mum
Successfully restored permissions on C:\Windows\servicing\packages\Package_1257_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.mum
Successfully restored ownership for C:\Windows\servicing\packages\Package_1392_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.cat
Successfully restored permissions on C:\Windows\servicing\packages\Package_1392_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.cat
Successfully restored ownership for C:\Windows\servicing\packages\Package_1392_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.mum
Successfully restored permissions on C:\Windows\servicing\packages\Package_1392_for_KB4525235~31bf3856ad364e35~amd64~~6.1.1.11.mum
Successfully restored ownership for C:\Windows\servicing\packages\package_152_for_kb4025341~31bf3856ad364e35~amd64~~6.1.1.6.cat
Successfully restored permissions on C:\Windows\servicing\packages\package_152_for_kb4025341~31bf3856ad364e35~amd64~~6.1.1.6.cat
Successfully restored ownership for C:\Windows\servicing\packages\package_152_for_kb4025341~31bf3856ad364e35~amd64~~6.1.1.6.mum
Successfully restored permissions on C:\Windows\servicing\packages\package_152_for_kb4025341~31bf3856ad364e35~amd64~~6.1.1.6.mum
Successfully restored ownership for C:\Windows\servicing\packages\Package_175_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat
Successfully restored permissions on C:\Windows\servicing\packages\Package_175_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat
Successfully restored ownership for C:\Windows\servicing\packages\Package_175_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.mum
Successfully restored permissions on C:\Windows\servicing\packages\Package_175_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.mum
Successfully restored ownership for C:\Windows\servicing\packages\Package_202_for_KB4530734~31bf3856ad364e35~amd64~~6.1.1.10.cat
Successfully restored permissions on C:\Windows\servicing\packages\Package_202_for_KB4530734~31bf3856ad364e35~amd64~~6.1.1.10.cat
Successfully restored ownership for C:\Windows\servicing\packages\Package_202_for_KB4530734~31bf3856ad364e35~amd64~~6.1.1.10.mum
Successfully restored permissions on C:\Windows\servicing\packages\Package_202_for_KB4530734~31bf3856ad364e35~amd64~~6.1.1.10.mum
PowerCopy:: directive completed successfully.




Successfully processed all directives.
SFCFix version 3.0.2.1 by niemiro has completed.
Currently storing 2634 datablocks.
Finish time: 2020-06-11 12:49:57.042
Script hash: XBf6Y4JyUw6IlCYGJTaFnTsDF3T2/HrP/WAI8OWM4MQ=
----------------------EOF-----------------------