Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93122 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Regular 100% disk usage, blocking my day to day PC access

Started by Mozimax , Mar 14 2019 08:32 AM
100% disk use pc access blocked PC takeover Cannot bypass Task manager useless to stop No fixes found Dont know the problem Malware

  • This topic is locked This topic is locked
38 replies to this topic

#31 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 26 March 2019 - 03:06 PM

We can do a search for anything Kaspersky, and probably delete those out.

xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Scan
(If already deleted))
  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe when the panel opens, select Search Files
    you can type or copy and paste Kaspersky into the Search box

    a message pops up indicating that the search is completed. A Search.txt log is saved, please post this log.

  • Mozimax likes this
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

    Advertisements

Register to Remove

#32 Mozimax

Mozimax

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 27 March 2019 - 06:32 AM

This is all that was recorded.
 
Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Moz (27-03-2019 12:35:55)
Running from E:\Downloads
Boot Mode: Normal
 
================== Search Files: "Kaspersky" =============
 
 
====== End of Search ======

#33 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 27 March 2019 - 03:04 PM

Tell ya what, let's just run a full scan of your system and see if it truly is gone.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.


  • Mozimax likes this
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#34 Mozimax

Mozimax

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 28 March 2019 - 03:26 AM

As requested. I see Comodo is still there.

 

          >>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Moz (administrator) on REDENJIN (28-03-2019 11:18:34)
Running from E:\Downloads
Loaded Profiles: Moz (Available Profiles: Moz)
Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Wireless Display -> Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The Document Foundation -> The Document Foundation) C:\Program Files\LibreOffice\program\soffice.exe
(The Document Foundation -> The Document Foundation) C:\Program Files\LibreOffice\program\soffice.bin
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1514528 2015-01-17] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-10-13] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3240632 2015-04-02] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [465496 2014-12-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-22] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2015-02-24] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2016-12-31] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2016-06-20] (Siber Systems Inc -> Siber Systems)
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {4db5b881-6e48-11e8-829e-e4f89c932915} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {7578a607-1f66-11e6-8272-e4f89c932915} - "F:\SetupWi-Fi.exe" 
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {84f32f84-0ac1-11e9-82a3-e4f89c932915} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {84f32fbb-0ac1-11e9-82a3-e4f89c932915} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {aa09911d-2729-11e6-8272-e4f89c932915} - "F:\SetupWi-Fi.exe" 
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {af0f3724-a9cb-11e8-829f-e4f89c932915} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {cab5a292-128c-11e9-82a4-e4f89c932915} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {e66eb68b-1706-11e8-829c-e4f89c932915} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {e66ec919-1706-11e8-829c-e4f89c932915} - "H:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {f0d7c993-a127-11e8-829e-e4f89c932915} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [186368 2015-04-22] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\Installer\chrmstp.exe [2019-03-23] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\Moz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-12-04]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2E1D2D62-E2E4-4D5B-9FED-5B379D3319CD}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8016CA49-EB21-4598-B28D-CD87C3BB30B3}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://follow.toshiba.ca/toshiba/id-ss
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-06-20] (Siber Systems Inc -> Siber Systems Inc.)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-03-26] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-06-20] (Siber Systems Inc -> Siber Systems Inc.)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2019-03-26] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-06-20] (Siber Systems Inc -> Siber Systems Inc.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-03-26] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-06-20] (Siber Systems Inc -> Siber Systems Inc.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2019-03-26] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1975610405-2585747867-3397885706-1001 -> Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-03-26] (Kaspersky Lab -> AO Kaspersky Lab)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-03-26]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ncr
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://www.google.com/search?q={searchTerms}&pws=0&gl=us&gws_rd=cr
CHR DefaultSearchKeyword: Default -> “google ncr_”
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default [2019-03-28]
CHR Extension: (Slides) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (Hootsuite Hootlet) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2017-12-16]
CHR Extension: (DuckDuckGo) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2019-03-23]
CHR Extension: (Skype Calling) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-09-18]
CHR Extension: (YouTube) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-26]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2015-11-26]
CHR Extension: (Alexa Traffic Rank) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2019-03-18]
CHR Extension: (Google Search) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-26]
CHR Extension: (TwitShot for Chrome) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\efndcbfgochdmkgjpinknmeakjfkgjlk [2018-10-23]
CHR Extension: (Sheets) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Search bookmarks) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcmlfaljegegmoneabmbdbiliiiplno [2018-09-04]
CHR Extension: (Google Docs Offline) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (Avast Online Security) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-02-20]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-11-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-08-18]
CHR Extension: (HUMAN 3.0) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\meefjekipolcgabfgaclcpdkbghhmoah [2016-05-14]
CHR Extension: (Email Tracking for Gmail - Mailtrack) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2019-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Google Publisher Toolbar) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2018-07-26]
CHR Extension: (MailTracker: Free email tracking for Gmail) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdljpkijehgoacbjpolaomhkoffhnl [2019-03-14]
CHR Extension: (Slinky Brushed) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\piiokbhpgldooopjdacdondngonfljoc [2015-11-26]
CHR Extension: (Gmail) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-25]
CHR Extension: (MeasureIt) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokhcahijjfkdccinalifdifljglhclm [2017-08-15]
CHR Profile: C:\Users\Moz\AppData\Local\Google\Chrome\User Data\System Profile [2019-03-16]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-02-18] (DTS, Inc. -> )
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [138936 2015-04-02] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-12-12] (Huawei Technologies Co., Ltd. -> ) [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373768 2016-09-26] (Intel® pGFX -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Trusted Connect Service -> Intel® Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [395744 2015-01-14] (Intel® Wireless Display -> Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe [414352 2019-03-26] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-04-10] (Intel Corporation-Wireless Connectivity Solutions -> )
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-04-10] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [23816 2014-10-03] (ELAN Microelectronics Corporation -> ELAN Microelectronic Corp.)
S3 ew_usbccgpfilter; C:\Windows\System32\drivers\ew_usbccgpfilter.sys [18944 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 huawei_enumerator; C:\Windows\System32\drivers\ew_jubusenum.sys [91648 2016-06-05] (Huawei Technologies Co., Ltd.) [File not signed]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [231400 2017-05-19] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [73416 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [123152 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [89168 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [219744 2019-03-26] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLHK; C:\Windows\System32\drivers\klhk.sys [1214752 2019-03-26] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1113696 2019-03-26] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [57032 2018-02-12] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [45768 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [48080 2018-02-12] (AnchorFree Inc -> The OpenVPN Project)
S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [176976 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [203968 2018-02-24] (Kaspersky Lab -> AO Kaspersky Lab)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-03-27] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3517696 2017-04-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 QIOMem; C:\Windows\System32\drivers\QIOMem.sys [14000 2013-08-07] (WDKTestCert 1,130202426583431586 -> TOSHIBA)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-01-22] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] (Intel® Code Signing External -> )
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [36128 2015-11-30] (Comodo Security Solutions, Inc. -> The OpenVPN Project)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [36712 2014-12-03] (TOSHIBA CORPORATION -> Toshiba Corporation)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-03-16] (Adlice -> )
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [212056 2015-01-14] (Intel® Wireless Display -> Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [267264 2017-12-10] (Microsoft Windows -> Microsoft Corporation)
S1 epp; \??\C:\Program Files\Emsisoft Anti-Malware\epp.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-03-27 12:33 - 2019-03-28 11:17 - 000000000 ____D C:\FRST
2019-03-27 12:32 - 2019-03-27 12:32 - 000000869 _____ C:\Users\Moz\Desktop\FRST64 - Shortcut.lnk
2019-03-27 11:17 - 2019-03-27 11:18 - 000354464 _____ C:\Windows\Minidump\032719-43906-01.dmp
2019-03-26 13:34 - 2019-03-26 13:34 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2019-03-26 13:34 - 2019-03-26 13:34 - 000002019 _____ C:\Users\Public\Desktop\Kaspersky Free.lnk
2019-03-26 13:34 - 2019-03-26 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2019-03-26 13:34 - 2019-03-26 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Free
2019-03-26 13:33 - 2019-03-28 10:10 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-03-26 13:33 - 2019-03-26 13:34 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2019-03-26 13:33 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2019-03-26 13:32 - 2019-03-26 13:32 - 001214752 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2019-03-26 13:32 - 2019-03-26 13:32 - 001113696 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2019-03-26 13:32 - 2019-03-26 13:32 - 000219744 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2019-03-26 13:32 - 2019-03-26 13:32 - 000152960 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll
2019-03-26 13:18 - 2019-03-27 11:20 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-03-26 13:01 - 2019-03-26 13:01 - 000049740 _____ C:\Users\Moz\Documents\cc_20190326_130116.reg
2019-03-21 12:32 - 2019-03-25 14:08 - 000000279 _____ C:\DelFix.txt
2019-03-19 13:13 - 2019-03-26 13:11 - 000000000 ____D C:\ProgramData\Emsisoft
2019-03-19 13:10 - 2019-03-19 13:45 - 000000000 ____D C:\EEK
2019-03-19 12:16 - 2019-03-25 16:06 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-03-19 12:16 - 2019-03-19 12:16 - 000001891 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-19 12:16 - 2019-03-19 12:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-19 12:16 - 2019-03-19 12:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-19 12:16 - 2019-03-19 12:16 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-18 14:30 - 2019-03-18 14:30 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-03-18 14:29 - 2019-03-18 14:29 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-03-18 14:29 - 2019-03-18 14:29 - 000002035 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2019-03-16 17:41 - 2019-03-16 17:41 - 000017620 _____ C:\Users\Moz\Documents\cc_20190316_174108.reg
2019-03-16 16:43 - 2019-03-16 16:43 - 000028272 _____ C:\Windows\system32\Drivers\truesight.sys
2019-03-15 17:24 - 2019-03-15 17:24 - 001264100 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-03-15 17:22 - 2019-03-15 17:22 - 000000000 ____D C:\Windows\SysWOW64\BestPractices
2019-03-15 17:22 - 2019-03-15 17:22 - 000000000 ____D C:\Windows\system32\BestPractices
2019-03-15 17:22 - 2019-03-15 17:22 - 000000000 ____D C:\inetpub
2019-03-15 17:11 - 2019-03-15 16:07 - 092713450 _____ C:\sxs.rar
2019-03-15 16:59 - 2019-03-15 16:07 - 092713450 _____ C:\Users\Moz\Downloads\sxs.rar
2019-03-14 14:40 - 2019-03-27 11:17 - 731445806 _____ C:\Windows\MEMORY.DMP
2019-03-14 14:40 - 2019-03-14 14:41 - 000349928 _____ C:\Windows\Minidump\031419-38281-01.dmp
2019-03-14 12:48 - 2019-03-14 12:48 - 000000000 ____D C:\Farbar
2019-03-08 16:25 - 2019-03-08 16:25 - 000000000 ____D C:\Program Files (x86)\Lame For Audacity
2019-03-07 11:58 - 2019-03-07 11:58 - 000000000 ____D C:\Users\Moz\AppData\Local\Kaspersky Lab
2019-03-01 14:41 - 2019-03-01 14:41 - 000000000 ____D C:\Users\Moz\Documents\Audacity
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-03-28 10:00 - 2015-11-26 23:52 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1975610405-2585747867-3397885706-1001
2019-03-28 09:59 - 2015-11-26 20:39 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-28 09:59 - 2015-11-26 20:39 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-28 09:55 - 2015-11-26 23:46 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-03-28 09:55 - 2015-11-26 23:46 - 000000000 __SHD C:\Users\Moz\IntelGraphicsProfiles
2019-03-27 11:18 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-27 11:17 - 2015-11-29 20:12 - 000000000 ____D C:\Windows\Minidump
2019-03-26 13:34 - 2019-02-08 15:08 - 000000000 ____D C:\Program Files\Common Files\AV
2019-03-26 13:34 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2019-03-26 13:33 - 2013-08-22 17:36 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-03-26 13:33 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2019-03-26 13:07 - 2019-02-08 13:02 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2019-03-25 13:58 - 2015-12-01 18:59 - 000000000 ____D C:\Program Files (x86)\PhSp_CS2_UE_Ret
2019-03-24 12:08 - 2018-04-04 11:01 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-03-23 10:40 - 2015-11-26 20:41 - 000002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-22 11:58 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-03-21 20:14 - 2015-11-26 23:45 - 000000000 ____D C:\Users\Moz
2019-03-18 14:37 - 2015-11-27 17:54 - 000000000 ____D C:\Users\Moz\AppData\Local\Adobe
2019-03-18 14:28 - 2015-08-06 19:51 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-03-17 13:26 - 2014-03-18 11:53 - 001288640 _____ C:\Windows\system32\PerfStringBackup.INI
2019-03-17 10:55 - 2018-11-30 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Banner Creator (Free Edition) 1.0
2019-03-17 10:54 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\Macromed
2019-03-17 10:53 - 2017-04-08 10:40 - 000000000 ____D C:\ProgramData\Acronis
2019-03-17 10:53 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-03-17 10:52 - 2017-04-08 10:40 - 000000000 ____D C:\Program Files\BackupClient
2019-03-17 10:50 - 2015-08-06 19:58 - 000000000 ____D C:\Program Files (x86)\TOSHIBA
2019-03-17 10:50 - 2015-05-12 10:18 - 000000000 ____D C:\Program Files\TOSHIBA
2019-03-17 10:48 - 2016-01-12 20:00 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2019-03-17 10:47 - 2016-01-12 21:12 - 000000000 ____D C:\Users\Moz\AppData\Roaming\LG Electronics
2019-03-17 10:47 - 2016-01-12 20:49 - 000000000 ____D C:\Users\Moz\AppData\Local\LG Electronics
2019-03-16 16:13 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\rescache
2019-03-16 12:47 - 2015-12-08 15:10 - 000000000 ____D C:\Users\Moz\AppData\LocalLow\Temp
2019-03-16 12:45 - 2019-01-09 12:32 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-03-15 17:25 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
2019-03-15 17:22 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\inetsrv
2019-03-15 17:22 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\inetsrv
2019-03-15 17:21 - 2015-04-22 18:28 - 000202240 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2019-03-15 17:21 - 2015-04-22 18:28 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2019-03-15 17:21 - 2015-04-22 18:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2019-03-15 17:21 - 2015-04-22 18:28 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2019-03-15 17:21 - 2015-04-22 18:28 - 000051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2019-03-15 17:21 - 2015-04-22 18:28 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2019-03-15 17:21 - 2015-04-22 18:28 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2019-03-15 17:21 - 2015-04-22 18:28 - 000015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2019-03-15 17:21 - 2015-04-22 18:28 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2019-03-15 17:21 - 2015-04-22 18:28 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2019-03-15 17:21 - 2015-04-22 18:28 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2019-03-15 17:21 - 2015-04-22 18:28 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2019-03-13 18:17 - 2019-02-17 18:32 - 000000000 ____D C:\Users\Moz\AppData\Roaming\audacity
2019-03-13 10:26 - 2015-11-30 13:52 - 000000000 ____D C:\Program Files\CCleaner
2019-03-08 15:42 - 2019-02-17 18:31 - 000000000 ____D C:\Program Files (x86)\Audacity
2019-03-08 15:41 - 2019-02-17 18:31 - 000001003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2019-03-08 15:41 - 2019-02-17 18:31 - 000000991 _____ C:\Users\Public\Desktop\Audacity.lnk
2019-03-08 15:40 - 2017-05-27 09:26 - 000000000 ____D C:\Users\Moz\AppData\Local\CrashDumps
2019-03-07 11:26 - 2018-06-11 17:14 - 000634136 _____ C:\Windows\system32\FNTCACHE.DAT
2019-03-05 18:17 - 2017-11-29 18:12 - 000000000 ____D C:\Users\Moz\Documents\My Kindle Content
2019-03-05 14:38 - 2017-11-09 13:51 - 000000000 ____D C:\ProgramData\Apple
 
==================== Files in the root of some directories =======
 
2015-11-28 20:49 - 2012-10-24 21:44 - 000656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall2998960.exe
2015-05-08 20:49 - 2015-05-08 20:49 - 008322328 _____ (Piriform Ltd) C:\Program Files\CCleaner64.exe
2017-08-14 18:41 - 2017-08-14 18:41 - 000000063 _____ () C:\Users\Moz\AppData\Local\emaildefaults
2017-10-20 16:15 - 2017-10-20 16:15 - 000000039 _____ () C:\Users\Moz\AppData\Local\kritadisplayrc
2017-08-13 13:43 - 2017-10-20 16:15 - 000018189 _____ () C:\Users\Moz\AppData\Local\kritarc
2018-09-30 10:03 - 2018-09-30 10:03 - 000000000 _____ () C:\Users\Moz\AppData\Local\oobelibMkey.log
2018-10-31 17:44 - 2018-10-31 17:44 - 000002763 _____ () C:\Users\Moz\AppData\Local\recently-used.xbel
2016-02-13 20:42 - 2019-02-11 17:30 - 000007616 _____ () C:\Users\Moz\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2019-03-22 09:27
 
==================== End of FRST.txt ============================
 
          >>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Moz (28-03-2019 11:19:03)
Running from E:\Downloads
Windows 8.1 Single Language (Update) (X64) (2015-11-26 21:45:40)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1975610405-2585747867-3397885706-500 - Administrator - Disabled)
Guest (S-1-5-21-1975610405-2585747867-3397885706-501 - Limited - Disabled)
Moz (S-1-5-21-1975610405-2585747867-3397885706-1001 - Administrator - Enabled) => C:\Users\Moz
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Free (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Free (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Malwarebytes (Disabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\Amazon Kindle) (Version: 1.23.1.50133 - Amazon)
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
calibre 64bit (HKLM\...\{F12B37DA-4B58-48B7-9557-F51E9D62C898}) (Version: 3.6.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.2.0 - Conexant)
DTS Sound (HKLM-x32\...\{4E91898E-4DED-4B17-94F0-FA61AACCDEB0}) (Version: 1.02.2700 - DTS, Inc.)
ELAN Touchpad 11.8.39.3_X64_WHQL (HKLM\...\Elantech) (Version: 11.8.39.3 - ELAN Microelectronic Corp.)
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
ePub Reader for Windows version 5.3 (HKLM-x32\...\{BFBA7F3A-1F10-4754-ADEC-A8CFBB4F925B}_is1) (Version: 5.3 - HANSoft, Inc.)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GIMP-2.9.5-std (HKLM\...\GIMP-2.9.5-std) (Version: 2.9.5-std - Partha Bagchi)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 9.0.3.300 - Huawei Technologies Co.,Ltd)
HP DeskJet 3830 series Basic Device Software (HKLM\...\{586524CE-A9E3-415A-87FA-654AAE0CDC42}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP DeskJet 3830 series Help (HKLM-x32\...\{71454577-027B-4866-A57A-F1D96AD8617E}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4112 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.6.0.1002 - Intel Corporation)
Intel® WiDi (HKLM\...\{41A83EC5-A725-4795-A02C-306C989D82A2}) (Version: 5.1.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{227fd89d-2205-499a-8b73-9ec775789c4d}) (Version: 19.70.0 - Intel Corporation)
Kaspersky Free (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kindle Previewer 3 (HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\Kindle Previewer 3) (Version: 3.22.0 - Amazon)
Krita (x64) 3.1.4.0 (HKLM\...\Krita_x64) (Version: 3.1.4.0 - Krita Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LibreOffice 6.0.6.2 (HKLM\...\{982E3D14-3F50-412B-A1C2-BC9262E8810F}) (Version: 6.0.6.2 - The Document Foundation)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.9 - Notepad++ Team)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 354.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 354.35 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Product Improvement Study for HP DeskJet 3830 series (HKLM\...\{76560318-47C5-4E6B-B348-B8D02C7DAFA7}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29086 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek)
RoboForm 7-9-1-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-1-1 - Siber Systems)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 17.12.8 - NVIDIA Corporation) Hidden
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 3.0.0.5 - Toshiba Corporation)
TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.07.6402 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{60E16CB5-B8C4-4AC1-93C0-E6E1D6246E17}) (Version: 1.2.12.0 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{ABB33FFD-6D6C-4670-9EF4-6181BB4D0DF2}) (Version: 1.1.11.6400 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.20 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 7.0.2.0 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.03.7001 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0049 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.9.32001 - Toshiba Corporation)
UFRaw 0.19.2 (HKLM-x32\...\UFRaw_is1) (Version:  - Udi Fuchs)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-10-14] (Notepad++ -> )
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-03-26] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2015-12-25] () [File not signed]
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-03-26] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-03-26] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-10-15] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-03-26] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1FDE7E32-2856-48C2-B34B-BD88E206ADE1} - System32\Tasks\{43138FB2-F573-49A7-8555-A75CF97ED4A0} => C:\Windows\system32\pcalua.exe -a E:\Downloads\ps902.exe -d E:\Downloads
Task: {2E2AF9FC-8877-4A11-953E-18B27A9BB201} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems Inc -> Siber Systems)
Task: {3B201B20-1ABA-4464-B41E-37212E644E1E} - System32\Tasks\{BAA1691B-417C-43AA-B0AC-20EF7DB6F034} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" -c /uninstall SINGLEIMAGE /dll OSETUP.DLL
Task: {402389C2-E876-4E95-87C0-FFA206B2DD95} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5C64F7A9-9BBF-4FA2-B1DE-29247C7C8351} - System32\Tasks\AdobeGCInvoker-1.0-RedEnjin-Moz => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {648CDCA5-5C90-4176-9F6D-DE939893BA51} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {6E806F02-082E-4FAF-B996-D4E26D16EB8A} - System32\Tasks\HPCustParticipation HP DeskJet 3830 series => C:\Program Files\HP\HP DeskJet 3830 series\Bin\HPCustPartic.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {860B58EC-9ACB-4FBA-AD5C-4A11C7FB3678} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {87725D70-24BA-454E-AECC-FCF9FEC5DAF6} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe (Garmin International, Inc. -> )
Task: {8891DB58-A7ED-4056-BD1D-168B7CA8C5AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {D4E81E2D-B015-448A-98F5-BC36D1E490E9} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMOMIMOMPMLJNMNJKMCNNJJMMMOMCNLMGMGMKJCNGMOMJJPMCNKJKJIMLJGMLJMMKMHMGMMMMJJNJICMIMCNGMCNOMFMGMCNOMOMCNGMJMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMLMFMMJBJKJLIMJFMPMJNHICMMJBJKJLIMJJNBJCMCLAJFIJNKJCMJNNICMJNDJCMKJBJ"
Task: {DB523C32-EF14-4568-9A6C-F0348AC9B2CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {E097EED7-A53C-4AC4-A6B8-590B25CC2FDF} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe (Kaspersky Lab -> AO Kaspersky Lab)
Task: {EA9C53AC-DCF0-4C62-A0FE-6E204702A04A} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe (DTS, Inc. -> )
Task: {F39C9E83-81AF-4846-B4AB-B72CC42DA6A4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-05 16:07 - 2016-11-05 16:07 - 000385024 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMLMAD.DLL
2015-08-06 20:08 - 2015-01-17 00:40 - 000930888 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2018-12-12 12:32 - 2018-12-12 12:32 - 000190784 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2015-12-25 17:19 - 2015-12-25 17:19 - 000721263 _____ () [File not signed] C:\Windows\SysWOW64\WSCM64.dll
2018-07-28 08:52 - 2018-07-28 08:52 - 000443392 _____ (The Document Foundation) [File not signed] C:\Program Files\LibreOffice\program\pyuno.pyd
2018-07-28 08:29 - 2018-07-28 08:29 - 000066048 _____ (Python Software Foundation) [File not signed] C:\Program Files\LibreOffice\program\python-core-3.5.5\lib\_socket.pyd
2018-07-28 08:29 - 2018-07-28 08:29 - 000019968 _____ (Python Software Foundation) [File not signed] C:\Program Files\LibreOffice\program\python-core-3.5.5\lib\select.pyd
2019-03-19 12:16 - 2019-03-25 16:06 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-19 12:16 - 2019-03-25 16:06 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-19 12:16 - 2019-03-25 16:06 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-19 12:16 - 2019-03-25 16:06 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-19 12:16 - 2019-03-25 16:06 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-19 12:16 - 2019-03-25 16:06 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-19 12:16 - 2019-03-25 16:06 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-19 12:16 - 2019-03-25 16:06 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-19 12:16 - 2019-03-25 16:06 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-25 16:06 - 2019-03-25 16:06 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-25 16:06 - 2019-03-25 16:06 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-19 12:16 - 2019-03-25 16:06 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-25 16:06 - 2019-03-25 16:06 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-25 16:06 - 2019-03-25 16:06 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-25 16:06 - 2019-03-25 16:06 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-25 16:06 - 2019-03-25 16:06 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-25 16:06 - 2019-03-25 16:06 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-25 16:06 - 2019-03-25 16:06 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-25 16:06 - 2019-03-25 16:06 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Calibre2\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\Control Panel\Desktop\\Wallpaper -> E:\My Pictures\Crest\Desktop Crest.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Rupsmon Daemon.lnk"
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "COMODO PC TuneUp"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "TSVU"
HKLM\...\StartupApproved\Run32: => "UPSMS"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "CanonSolutionMenuEx"
HKLM\...\StartupApproved\Run32: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "vdcss"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "ETDCtrl"
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\StartupApproved\StartupFolder: => "Adobe Gamma.lnk"
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\StartupApproved\Run: => "RoboForm"
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CABAC49C-A930-4CB7-A996-5FB337534684}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5C97545B-8C40-4172-8819-F265FD2806DC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A25C09C1-B0B8-408C-B0F2-7CAD660C5EB4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{97395B86-747B-4BD3-AAC5-3EDBE70197FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DFB54D93-BBF7-4C2C-AC32-FAFF622AD53A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{82924C58-BAAE-4735-884A-BD25FDAE4F94}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{962ACBE2-57B5-47AA-BA74-0EAEE1B93F2F}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe (Intel® Wireless Display -> Intel Corporation)
FirewallRules: [{AC76E0A0-FA1A-4571-872F-C2AA5BDE5CDF}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe (Intel® Wireless Display -> Intel)
FirewallRules: [{F85FA590-4775-41F2-8EF4-1506EACBEE46}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{24B524D4-45D1-45D2-8D4E-8FFE4BA7E876}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{2F9F59FF-4B12-4C51-B10D-3C3C7A55AC29}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{71F600D3-9300-4566-B627-C514992869E7}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\bin\FaxPrinterUtility.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{715FCA34-9F64-4850-B6AD-580B3BC1597E}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{AEE066D5-BC98-439F-9991-726D20E41F7C}] => (Allow) LPort=5357
FirewallRules: [{1604B09E-0190-49AF-9E10-37922D34EB7E}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{C233A939-199F-4BC1-BCFC-522D6422ED15}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{A78F083A-646A-4091-AB05-B2336F444CD2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{07F82F6F-3075-4362-848A-F0C36E4730F2}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{676F6AEC-9445-48BE-AADF-42950ADA0671}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
 
==================== Restore Points =========================
 
07-03-2019 13:36:27 Removed Kaspersky Password Manager
14-03-2019 12:32:17 Run Farbar Recovery
14-03-2019 12:37:34 My Msave Recovery 14/03/19
15-03-2019 17:13:29 Windows Modules Installer
16-03-2019 12:44:07 Restore Point Created by FRST
16-03-2019 14:42:15 Removed Adobe Acrobat Reader DC.
16-03-2019 15:36:43 Restore Point Created by FRST
17-03-2019 10:43:08 Removed Bonjour
17-03-2019 10:48:17 Removed LG United Mobile Drivers.
22-03-2019 11:55:55 Restore Point Created by FRST
23-03-2019 10:33:33 Removed TouchFreeze
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/26/2019 01:15:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58eb9957
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58eb9957
Exception code: 0xc0000409
Fault offset: 0x000000000022af80
Faulting process id: 0xb50
Faulting application start time: 0x01d4e2fff4560a0b
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: 71a66c0d-4fb8-11e9-82c0-e4f89c932915
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/25/2019 01:40:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58eb9957
Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58eb9957
Exception code: 0xc0000409
Fault offset: 0x000000000022af80
Faulting process id: 0xb30
Faulting application start time: 0x01d4e09612d40c6c
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Report Id: d5d4e883-4ef2-11e9-82bf-e4f89c932915
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/25/2019 01:40:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.3.9600.18460 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1e10
 
Start Time: 01d4e2fcb9936bde
 
Termination Time: 4294967295
 
Application Path: C:\Windows\explorer.exe
 
Report Id: cb099650-4ef2-11e9-82bf-e4f89c932915
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/24/2019 12:18:09 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).
 
Error: (03/22/2019 12:08:18 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (5404) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Moz\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (03/22/2019 12:08:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: DllHost (5404) WebCacheLocal: An attempt to open the file "C:\Users\Moz\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (03/22/2019 12:08:08 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (5404) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Moz\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (03/22/2019 12:08:08 PM) (Source: ESENT) (EventID: 489) (User: )
Description: DllHost (5404) WebCacheLocal: An attempt to open the file "C:\Users\Moz\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (03/27/2019 11:22:14 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (03/27/2019 11:22:14 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (03/27/2019 11:18:20 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000139 (0x0000000000000003, 0xffffd00020eb1520, 0xffffd00020eb1478, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032719-43906-01.
 
Error: (03/27/2019 11:17:53 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:18:05 PM on ‎3/‎26/‎2019 was unexpected.
 
Error: (03/27/2019 11:17:02 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212254731177424
 
Error: (03/26/2019 05:25:17 PM) (Source: DCOM) (EventID: 10010) (User: RedEnjin)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (03/26/2019 05:24:47 PM) (Source: DCOM) (EventID: 10010) (User: RedEnjin)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (03/26/2019 01:15:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Windows Defender:
===================================
Date: 2019-02-05 16:27:41.857
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {4CBA43F8-4338-4FD4-B0DD-DDB2B0F9936B}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-02-04 19:13:06.421
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {950E8CB3-C43C-45E0-BF88-C46BCF98AB09}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-02-04 14:40:42.474
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {C6A92651-55C5-4F72-91CD-A8C86BE652DE}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-02-04 12:00:23.756
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {F243B9F8-A4AE-49F3-9043-E191E5EA3742}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-02-03 15:58:51.822
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {37C54EBD-2B78-494D-94B8-E169EA862B2A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-02-07 12:23:05.515
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Backup
Error Code: 0x80004004
Error description: Operation aborted 
Signature version: 1.285.348.0;1.285.348.0
Engine version: 1.1.15600.4
 
Date: 2019-02-07 12:23:01.203
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80004004
Error description: Operation aborted 
Signature version: 1.285.845.0;1.285.845.0
Engine version: 1.1.15600.4
 
Date: 2019-02-04 15:59:42.415
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.285.348.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15600.4
Error code: 0x80072efe
Error description: The connection with the server was terminated abnormally 
 
Date: 2019-01-08 13:00:33.690
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80073aba
Error description: The resource is too old to be compatible. 
Signature version: 1.191.2881.0;1.191.2881.0
Engine version: 1.1.11302.0
 
CodeIntegrity:
===================================
 
Date: 2019-01-17 16:36:39.636
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-01-17 16:36:39.301
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-01-09 11:44:58.158
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-01-09 11:44:57.780
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-01-07 12:58:29.002
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-01-06 19:10:06.647
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-01-06 19:10:06.373
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-01-06 19:10:06.061
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 42%
Total physical RAM: 8106.14 MB
Available physical RAM: 4652.93 MB
Total Virtual: 20394.14 MB
Available Virtual: 16813.31 MB
 
==================== Drives ================================
 
Drive c: (RedEnjin) (Fixed) (Total:721.33 GB) (Free:654.25 GB) NTFS
Drive e: (Msave) (Fixed) (Total:195.31 GB) (Free:119.32 GB) NTFS
 
\\?\Volume{3e86be61-6794-48eb-b4df-7cc76b6acae6}\ (WinRE) (Fixed) (Total:1 GB) (Free:0.63 GB) NTFS
\\?\Volume{1660ef13-1b1c-41ac-bf3c-af1a34afb868}\ (Recovery) (Fixed) (Total:13.65 GB) (Free:0.64 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

#35 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 28 March 2019 - 06:28 AM

What way did you try to uninstall Kaspersky?

Let's try using the uninstall tool because it's still on your computer and active.
https://support.kaspersky.com/1464

After you use the uninstall tool we can scan again with Farbar Recovery Scan Tool and check for left overs.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#36 Mozimax

Mozimax

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 28 March 2019 - 09:22 AM

I have been running Kaspersky since you said I should not be without a anti virus program. Yesterday, Kaspersky forum helped me set up the program and clean out problems with it. It was found that Emsisoft was conflicting with Kaspersky and it removed it. The PC has been running without problems since then. What was interfering with 100% disk usage before, I don't know. This you must have fixed before Emsisoft was added and started the problem all over again. 


#37 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 28 March 2019 - 01:42 PM

I must have misunderstood, thinking you wanted all Kaspersky removed but, seeing you had their help to remove the problems is great news.

We can remove the tools I had you re-download earlier now, if you have deleted it, the download is below to install again.
  • Please download DelFix or from Here and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Click the Run button.
  • -- This will remove the specialized tools we used to disinfect your system.
    Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete    ).
********
  • Mozimax likes this
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#38 Mozimax

Mozimax

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 29 March 2019 - 07:52 AM

Great. Thanks. All done and still working well.


#39 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 29 March 2019 - 10:18 AM

Glad we could help. SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.
  • Mozimax likes this
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: 100% disk use, pc access blocked, PC takeover, Cannot bypass, Task manager useless to stop, No fixes found, Dont know the problem, Malware

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·