WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93122 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Regular 100% disk usage, blocking my day to day PC access

Started by Mozimax , Mar 14 2019 08:32 AM

100% disk use pc access blocked PC takeover Cannot bypass Task manager useless to stop No fixes found Dont know the problem Malware

This topic is locked

38 replies to this topic

#1 Mozimax

Authentic Member

Authentic Member
21 posts

Posted 14 March 2019 - 08:32 AM

This 100% disk usage is stealing my life away. I need my PC back to normal again. Can anyone help?

Run date: 2019-03-14 14:59:14

-----------------------------

14:59:14.150 OS Version: Windows x64 6.2.9200

14:59:14.150 Number of processors: 4 586 0x3D04

14:59:14.151 ComputerName: REDENJIN UserName: Moz

14:59:16.683 Initialize success

14:59:16.891 VM: initialized successfully

14:59:16.891 VM: Intel CPU supported

14:59:21.862 VM: not used

15:13:42.534 AVAST engine defs: 17030301

15:17:44.665 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000034

15:17:44.667 Disk 0 Vendor: TOSHIBA_MQ01ABD100 AX1P4M Size: 953869MB BusType: 11

15:17:44.795 Disk 0 MBR read successfully

15:17:44.801 Disk 0 MBR scan

15:17:44.812 Disk 0 unknown MBR code

15:17:44.819 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1

15:17:44.960 Disk 0 scanning C:\Windows\system32\drivers

15:17:58.405 Service scanning

15:18:43.653 Modules scanning

15:18:43.669 Disk 0 trace - called modules:

15:18:43.742 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys

15:18:43.754 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001be601060]

15:18:43.764 3 CLASSPNP.SYS[fffff80028929170] -> nt!IofCallDriver -> [0xffffe001bbb3b9b0]

15:18:43.775 5 ACPI.sys[fffff80027403c21] -> nt!IofCallDriver -> \Device\00000034[0xffffe001bbfe47c0]

15:18:45.043 AVAST engine scan C:\Windows

15:18:47.511 AVAST engine scan C:\Windows\system32

15:23:06.691 AVAST engine scan C:\Windows\system32\drivers

15:23:23.599 AVAST engine scan C:\Users\Moz

15:30:07.779 Disk 0 MBR has been saved successfully to "C:\Users\Moz\Desktop\MBR.dat"

15:30:07.780 The log file has been saved successfully to "C:\Users\Moz\Desktop\aswMBR.txt"

Advertisements

Register to Remove

#2 Mozimax

Authentic Member

Authentic Member
21 posts

Posted 14 March 2019 - 08:55 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.03.2019 01

Ran by Moz (administrator) on REDENJIN (14-03-2019 16:44:07)

Running from E:\Downloads

Loaded Profiles: Moz & Acronis Agent User (Available Profiles: Moz & Acronis Agent User)

Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe

(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe

(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe

(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Mega System Technologies, Inc.) [File not signed] C:\Program Files (x86)\Belkin\Belkin Power Management Software\RupsMon.exe

(Macrovision) [File not signed] C:\Program Files (x86)\Belkin Automatic Power Management Software\monitor.exe

(Mega Corp.) [File not signed] C:\Program Files (x86)\Belkin\Belkin Power Management Software\usbmate.exe

(Sun Microsystems, Inc. -> Sun Microsystems, Inc.) C:\Program Files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Intel® Wireless Display -> Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe

(Macrovision) [File not signed] C:\Program Files (x86)\Belkin Automatic Power Management Software\wpRMI.exe

(Sun Microsystems, Inc. -> Sun Microsystems, Inc.) C:\Program Files (x86)\Belkin Automatic Power Management Software\jre\bin\javaw.exe

(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe

(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe

() [File not signed] C:\Users\Moz\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Toshiba Client Solutions Co.,Ltd. -> Toshiba Client Solutions Co., Ltd.) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(Toshiba Client Solutions Co.,Ltd. -> Toshiba Client Solutions Co., Ltd.) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(Toshiba Client Solutions Co.,Ltd. -> Toshiba Client Solutions Co., Ltd.) C:\Program Files\TOSHIBA\TPHM\TosWififind.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(Acronis International GmbH -> ) C:\Program Files\BackupClient\BackupAndRecovery\mms.exe

(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(The Document Foundation -> The Document Foundation) C:\Program Files\LibreOffice\program\soffice.exe

(The Document Foundation -> The Document Foundation) C:\Program Files\LibreOffice\program\soffice.bin

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-17] (NVIDIA Corporation -> NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1514528 2015-01-17] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-10-13] (Conexant Systems, Inc. -> Conexant Systems, Inc.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3240632 2015-04-02] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [465496 2014-12-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)

HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-22] (TOSHIBA CORPORATION -> TOSHIBA Corporation)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [569816 2016-03-17] (Acronis International GmbH -> Acronis International GmbH)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)

HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2203888 2016-07-21] (Toshiba Client Solutions Co.,Ltd. -> Toshiba Client Solutions Co., Ltd.)

HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2015-02-24] (TOSHIBA CORPORATION -> TOSHIBA)

HKLM-x32\...\Run: [UPSMS] => C:\Program Files (x86)\Belkin Automatic Power Management Software\UPSMS.exe [114688 2015-12-12] (Macrovision) [File not signed]

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2016-12-31] (Hewlett-Packard Company -> Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2016-09-08] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2016-06-20] (Siber Systems Inc -> Siber Systems)

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\Run: [TouchFreeze] => C:\Users\Moz\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [40960 2016-09-03] () [File not signed]

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {4db5b881-6e48-11e8-829e-e4f89c932915} - "F:\HiSuiteDownLoader.exe"

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {7578a607-1f66-11e6-8272-e4f89c932915} - "F:\SetupWi-Fi.exe"

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {84f32f84-0ac1-11e9-82a3-e4f89c932915} - "F:\HiSuiteDownLoader.exe"

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {84f32fbb-0ac1-11e9-82a3-e4f89c932915} - "F:\HiSuiteDownLoader.exe"

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {aa09911d-2729-11e6-8272-e4f89c932915} - "F:\SetupWi-Fi.exe"

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {af0f3724-a9cb-11e8-829f-e4f89c932915} - "F:\HiSuiteDownLoader.exe"

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {cab5a292-128c-11e9-82a4-e4f89c932915} - "F:\HiSuiteDownLoader.exe"

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {e66eb68b-1706-11e8-829c-e4f89c932915} - "F:\HiSuiteDownLoader.exe"

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {e66ec919-1706-11e8-829c-e4f89c932915} - "H:\HiSuiteDownLoader.exe"

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\MountPoints2: {f0d7c993-a127-11e8-829e-e4f89c932915} - "F:\HiSuiteDownLoader.exe"

HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)

HKLM\...\Drivers32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [186368 2015-04-22] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-07] (Google LLC -> Google Inc.)

HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rupsmon Daemon.lnk [2016-06-30]

ShortcutTarget: Rupsmon Daemon.lnk -> C:\Program Files (x86)\Belkin\Belkin Power Management Software\Monw32.exe (Belkin.) [File not signed]

Startup: C:\Users\Moz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-12-04]

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{104A04C2-704E-4A75-903C-E968C3A65852}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{2E1D2D62-E2E4-4D5B-9FED-5B379D3319CD}: [DhcpNameServer] 192.168.1.254

Internet Explorer:

==================

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TEJB

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://follow.toshiba.ca/toshiba/id-ss

URLSearchHook: [S-1-5-21-1975610405-2585747867-3397885706-1003] ATTENTION => Default URLSearchHook is missing

BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-06-20] (Siber Systems Inc -> Siber Systems Inc.)

BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)

BHO-x32: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File

BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-06-20] (Siber Systems Inc -> Siber Systems Inc.)

BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)

Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-06-20] (Siber Systems Inc -> Siber Systems Inc.)

Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)

Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-06-20] (Siber Systems Inc -> Siber Systems Inc.)

Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)

Toolbar: HKU\S-1-5-21-1975610405-2585747867-3397885706-1001 -> Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)

Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

FireFox:

========

FF HKLM\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi

FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-02-08]

FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com => not found

FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [No File]

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel® Identity Protection Technology Software -> Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel® Identity Protection Technology Software -> Intel Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [No File]

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [No File]

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com/ncr

CHR StartupUrls: Default -> "hxxps://www.google.com/"

CHR DefaultSearchURL: Default -> hxxps://www.google.com/search?q={searchTerms}&pws=0&gl=us&gws_rd=cr

CHR DefaultSearchKeyword: Default -> “google ncr_”

CHR Session Restore: Default -> is enabled.

CHR Profile: C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default [2019-03-14]

CHR Extension: (Slides) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]

CHR Extension: (Kaspersky Protection) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2019-02-08]

CHR Extension: (Docs) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]

CHR Extension: (Google Drive) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]

CHR Extension: (Hootsuite Hootlet) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2017-12-16]

CHR Extension: (DuckDuckGo) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2019-03-13]

CHR Extension: (Skype Calling) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-09-18]

CHR Extension: (YouTube) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-26]

CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2015-11-26]

CHR Extension: (Alexa Traffic Rank) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2018-06-13]

CHR Extension: (Google Search) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-26]

CHR Extension: (Adobe Acrobat) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-02]

CHR Extension: (TwitShot for Chrome) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\efndcbfgochdmkgjpinknmeakjfkgjlk [2018-10-23]

CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-01-30]

CHR Extension: (Sheets) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]

CHR Extension: (Search bookmarks) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcmlfaljegegmoneabmbdbiliiiplno [2018-09-04]

CHR Extension: (Google Docs Offline) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]

CHR Extension: (Avast Online Security) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-02-20]

CHR Extension: (Kindle Cloud Reader) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-11-26]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-08-18]

CHR Extension: (FromDocToPDF) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2019-02-14]

CHR Extension: (HUMAN 3.0) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\meefjekipolcgabfgaclcpdkbghhmoah [2016-05-14]

CHR Extension: (Email Tracking for Gmail - Mailtrack) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2019-03-14]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]

CHR Extension: (Microformats) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\oalbifknmclbnmjlljdemhjjlkmppjjl [2016-04-16]

CHR Extension: (Google Publisher Toolbar) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2018-07-26]

CHR Extension: (MailTracker: Free email tracking for Gmail) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdljpkijehgoacbjpolaomhkoffhnl [2019-03-14]

CHR Extension: (Slinky Brushed) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\piiokbhpgldooopjdacdondngonfljoc [2015-11-26]

CHR Extension: (Gmail) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-26]

CHR Extension: (Chrome Media Router) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-17]

CHR Extension: (MeasureIt) - C:\Users\Moz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokhcahijjfkdccinalifdifljglhclm [2017-08-15]

CHR Profile: C:\Users\Moz\AppData\Local\Google\Chrome\User Data\System Profile [2019-01-07]

CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

CHR HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2863088 2016-01-14] (Acronis International GmbH -> Acronis)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)

R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)

R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-02-18] (DTS, Inc. -> )

R2 ETDService; C:\Program Files\Elantech\ETDService.exe [138936 2015-04-02] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-17] (NVIDIA Corporation -> NVIDIA Corporation)

R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-12-12] (Huawei Technologies Co., Ltd. -> ) [File not signed]

R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373768 2016-09-26] (Intel® pGFX -> Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Trusted Connect Service -> Intel® Corporation)

R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [395744 2015-01-14] (Intel® Wireless Display -> Intel)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)

S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe [414352 2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)

R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)

R2 MMS; C:\Program Files\BackupClient\BackupAndRecovery\mms.exe [15026344 2016-11-08] (Acronis International GmbH -> )

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-04-10] (Intel Corporation-Wireless Connectivity Solutions -> )

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-17] (NVIDIA Corporation -> NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-17] (NVIDIA Corporation -> NVIDIA Corporation)

R2 Rupsmon; C:\Program Files (x86)\Belkin\Belkin Power Management Software\RupsMon.exe [147456 2016-06-30] (Mega System Technologies, Inc.) [File not signed]

R2 UPSmonitor; C:\Program Files (x86)\Belkin Automatic Power Management Software\monitor.exe [114688 2015-12-12] (Macrovision) [File not signed]

R3 UPSRMI; C:\Program Files (x86)\Belkin Automatic Power Management Software\wpRMI.exe [114688 2015-12-12] (Macrovision) [File not signed]

R2 USBMate; C:\Program Files (x86)\Belkin\Belkin Power Management Software\usbmate.exe [146944 2016-06-30] (Mega Corp.) [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-04-10] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)

R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [23816 2014-10-03] (ELAN Microelectronics Corporation -> ELAN Microelectronic Corp.)

S3 ew_usbccgpfilter; C:\Windows\System32\drivers\ew_usbccgpfilter.sys [18944 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)

S3 huawei_enumerator; C:\Windows\System32\drivers\ew_jubusenum.sys [91648 2016-06-05] (Huawei Technologies Co., Ltd.) [File not signed]

U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)

S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [231400 2017-05-19] (Intel® Wireless Connectivity Solutions -> Intel Corporation)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (Kaspersky Lab -> AO Kaspersky Lab)

R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [73416 2018-12-12] (Kaspersky Lab -> AO Kaspersky Lab)

R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [123152 2018-12-12] (Kaspersky Lab -> AO Kaspersky Lab)

R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [89168 2018-12-12] (Kaspersky Lab -> AO Kaspersky Lab)

S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)

R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [219744 2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)

R1 KLHK; C:\Windows\System32\drivers\klhk.sys [1214752 2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1113696 2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)

R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [57032 2018-02-12] (Kaspersky Lab -> AO Kaspersky Lab)

R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (Kaspersky Lab -> AO Kaspersky Lab)

R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (Kaspersky Lab -> AO Kaspersky Lab)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (Kaspersky Lab -> AO Kaspersky Lab)

S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [45768 2018-12-12] (Kaspersky Lab -> AO Kaspersky Lab)

R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [48080 2018-02-12] (AnchorFree Inc -> The OpenVPN Project)

S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (Kaspersky Lab -> AO Kaspersky Lab)

R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [176976 2018-12-12] (Kaspersky Lab -> AO Kaspersky Lab)

R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [203968 2018-02-24] (Kaspersky Lab -> AO Kaspersky Lab)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)

R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3517696 2017-04-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-17] (NVIDIA Corporation -> NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-23] (NVIDIA Corporation -> NVIDIA Corporation)

R3 QIOMem; C:\Windows\System32\drivers\QIOMem.sys [14000 2013-08-07] (WDKTestCert 1,130202426583431586 -> TOSHIBA)

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-01-22] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)

S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] (Intel® Code Signing External -> )

S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [36128 2015-11-30] (Comodo Security Solutions, Inc. -> The OpenVPN Project)

R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [36712 2014-12-03] (TOSHIBA CORPORATION -> Toshiba Corporation)

R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1267552 2017-04-08] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)

R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [213336 2017-04-08] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)

R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [212056 2015-01-14] (Intel® Wireless Display -> Windows ® Win 7 DDK provider)

R0 volume_tracker; C:\Windows\System32\DRIVERS\volume_tracker.sys [233312 2017-04-08] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)

S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [267264 2017-12-10] (Microsoft Windows -> Microsoft Corporation)

S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]

U3 aswMBR; \??\C:\Users\Moz\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION

U3 aswVmm; \??\C:\Users\Moz\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three months (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-14 15:30 - 2019-03-14 15:30 - 000001799 _____ C:\Users\Moz\Desktop\aswMBR.txt

2019-03-14 15:30 - 2019-03-14 15:30 - 000000512 _____ C:\Users\Moz\Desktop\MBR.dat

2019-03-14 14:40 - 2019-03-14 14:41 - 000349928 _____ C:\Windows\Minidump\031419-38281-01.dmp

2019-03-14 14:40 - 2019-03-14 14:40 - 769522222 _____ C:\Windows\MEMORY.DMP

2019-03-14 12:49 - 2019-03-14 16:44 - 000000000 ____D C:\FRST

2019-03-14 12:48 - 2019-03-14 12:48 - 000000000 ____D C:\Farbar

2019-03-08 16:25 - 2019-03-08 16:25 - 000000000 ____D C:\Program Files (x86)\Lame For Audacity

2019-03-07 11:58 - 2019-03-07 11:58 - 000000000 ____D C:\Users\Moz\AppData\Local\Kaspersky Lab

2019-03-05 14:26 - 2019-03-05 14:26 - 000000000 ____D C:\Program Files\Bonjour

2019-03-05 14:26 - 2019-03-05 14:26 - 000000000 ____D C:\Program Files (x86)\Bonjour

2019-03-01 14:41 - 2019-03-01 14:41 - 000000000 ____D C:\Users\Moz\Documents\Audacity

2019-03-01 12:36 - 2019-03-01 12:36 - 000000000 ____D C:\Windows\LastGood.Tmp

2019-02-17 18:32 - 2019-03-13 18:17 - 000000000 ____D C:\Users\Moz\AppData\Roaming\audacity

2019-02-17 18:32 - 2019-02-17 18:32 - 000000000 ____D C:\Users\Moz\AppData\Local\Audacity

2019-02-17 18:31 - 2019-03-08 15:42 - 000000000 ____D C:\Program Files (x86)\Audacity

2019-02-17 18:31 - 2019-03-08 15:41 - 000001003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

2019-02-17 18:31 - 2019-03-08 15:41 - 000000991 _____ C:\Users\Public\Desktop\Audacity.lnk

2019-02-16 13:22 - 2019-02-16 13:22 - 000001374 _____ C:\Users\Moz\Desktop\LibreOffice Writer.lnk

2019-02-16 13:20 - 2019-02-16 13:20 - 000001374 _____ C:\Users\Moz\Desktop\LibreOffice Base.lnk

2019-02-16 13:16 - 2019-02-16 13:16 - 000001246 _____ C:\Users\Moz\Desktop\LibreOffice Math.lnk

2019-02-16 13:15 - 2019-02-16 13:15 - 000001240 _____ C:\Users\Moz\Desktop\LibreOffice Draw.lnk

2019-02-16 13:13 - 2019-02-16 13:13 - 000001348 _____ C:\Users\Moz\Desktop\LibreOffice Impress.lnk

2019-02-16 13:09 - 2019-02-16 13:09 - 000001344 _____ C:\Users\Moz\Desktop\LibreOffice Calc.lnk

2019-02-15 14:59 - 2019-02-15 14:59 - 002971915 _____ C:\Users\Moz\Downloads\How_The_Zebra_Got_His_Stripes_Proof.pdf

2019-02-12 12:51 - 2019-02-12 12:51 - 000001045 _____ C:\Users\Moz\Desktop\Farbar Recovery Scan Tool 64.lnk

2019-02-11 13:56 - 2019-02-11 14:11 - 000000148 _____ C:\Users\Moz\Desktop\Toshiba Service Solutions.url

2019-02-11 13:54 - 2019-02-11 13:54 - 000004576 _____ C:\Users\Moz\Desktop\TOSHIBA System Settings.lnk

2019-02-11 12:08 - 2019-02-11 12:08 - 000003372 _____ C:\Users\Moz\Documents\cc_20190211_120832.reg

2019-02-10 19:12 - 2019-02-10 19:12 - 000036934 _____ C:\Users\Moz\Documents\cc_20190210_191204.reg

2019-02-08 15:08 - 2019-02-08 15:08 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}

2019-02-08 15:08 - 2019-02-08 15:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection

2019-02-08 15:08 - 2019-02-08 15:08 - 000000000 ____D C:\Program Files\Common Files\AV

2019-02-08 15:07 - 2019-02-08 15:07 - 000002019 _____ C:\Users\Public\Desktop\Kaspersky Free.lnk

2019-02-08 15:07 - 2019-02-08 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Free

2019-02-08 15:07 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll

2019-02-08 15:06 - 2019-03-14 16:23 - 000000000 ____D C:\ProgramData\Kaspersky Lab

2019-02-08 15:06 - 2019-03-07 13:38 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab

2019-02-08 15:06 - 2019-02-08 15:06 - 001214752 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys

2019-02-08 15:06 - 2019-02-08 15:06 - 001113696 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys

2019-02-08 15:06 - 2019-02-08 15:06 - 000219744 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys

2019-02-08 15:06 - 2019-02-08 15:06 - 000152960 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll

2019-02-08 13:02 - 2019-02-08 13:05 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files

2019-02-07 12:27 - 2019-01-02 21:05 - 000835480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2019-02-07 12:27 - 2019-01-02 21:05 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2019-01-29 13:26 - 2019-01-29 13:26 - 000001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk

2019-01-10 13:40 - 2018-12-28 02:01 - 025738240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2019-01-10 13:40 - 2018-12-28 01:38 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2019-01-10 13:40 - 2018-12-28 01:25 - 020279808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2019-01-10 13:40 - 2018-12-28 00:48 - 015284224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2019-01-10 13:40 - 2018-12-28 00:47 - 001441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2019-01-10 13:40 - 2018-12-28 00:29 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2019-01-10 13:40 - 2018-12-28 00:11 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2019-01-10 13:40 - 2018-12-08 22:22 - 007371720 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2019-01-10 13:40 - 2018-12-08 10:13 - 002534664 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2019-01-10 13:40 - 2018-12-08 08:25 - 002173040 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll

2019-01-10 13:40 - 2018-12-08 07:56 - 001901896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2019-01-10 13:40 - 2018-12-08 07:32 - 001563376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll

2019-01-10 13:39 - 2018-12-28 04:12 - 000444368 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2019-01-10 13:39 - 2018-12-28 04:12 - 000178128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2019-01-10 13:39 - 2018-12-28 02:24 - 000333768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2019-01-10 13:39 - 2018-12-28 01:36 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2019-01-10 13:39 - 2018-12-28 01:31 - 005778944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2019-01-10 13:39 - 2018-12-28 01:25 - 000790016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2019-01-10 13:39 - 2018-12-28 01:17 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2019-01-10 13:39 - 2018-12-28 01:05 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2019-01-10 13:39 - 2018-12-28 01:02 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2019-01-10 13:39 - 2018-12-28 00:56 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2019-01-10 13:39 - 2018-12-28 00:55 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2019-01-10 13:39 - 2018-12-28 00:50 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2019-01-10 13:39 - 2018-12-28 00:49 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2019-01-10 13:39 - 2018-12-28 00:48 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2019-01-10 13:39 - 2018-12-28 00:48 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2019-01-10 13:39 - 2018-12-28 00:48 - 000381440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2019-01-10 13:39 - 2018-12-28 00:45 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2019-01-10 13:39 - 2018-12-28 00:41 - 000963072 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2019-01-10 13:39 - 2018-12-28 00:34 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2019-01-10 13:39 - 2018-12-28 00:33 - 004860416 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2019-01-10 13:39 - 2018-12-28 00:33 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2019-01-10 13:39 - 2018-12-28 00:31 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2019-01-10 13:39 - 2018-12-28 00:29 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2019-01-10 13:39 - 2018-12-28 00:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2019-01-10 13:39 - 2018-12-28 00:29 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2019-01-10 13:39 - 2018-12-28 00:24 - 000780800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2019-01-10 13:39 - 2018-12-28 00:22 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2019-01-10 13:39 - 2018-12-28 00:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2019-01-10 13:39 - 2018-12-28 00:11 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll

2019-01-10 13:39 - 2018-12-28 00:07 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2019-01-10 13:39 - 2018-12-28 00:06 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2019-01-10 13:39 - 2018-12-28 00:05 - 000566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll

2019-01-10 13:39 - 2018-12-08 22:22 - 002014152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2019-01-10 13:39 - 2018-12-08 21:00 - 000080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys

2019-01-10 13:39 - 2018-12-08 13:23 - 000121272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys

2019-01-10 13:39 - 2018-12-08 05:49 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll

2019-01-10 13:39 - 2018-12-07 16:24 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll

2019-01-10 13:39 - 2018-11-28 10:34 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll

2019-01-10 13:39 - 2018-11-28 10:17 - 000200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll

2019-01-09 13:23 - 2019-01-09 13:23 - 000000000 ____D C:\Users\Moz\AppData\Local\mbamtray

2019-01-09 13:23 - 2019-01-09 13:23 - 000000000 ____D C:\Users\Moz\AppData\Local\mbam

2019-01-09 12:43 - 2019-02-07 12:20 - 000000000 ____D C:\Users\Moz\AppData\Local\AVAST Software

2019-01-09 12:32 - 2019-01-14 13:18 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software

2019-01-09 12:31 - 2019-01-09 12:31 - 000000000 ____D C:\Program Files\Common Files\AVAST Software

2019-01-09 12:20 - 2019-02-07 12:20 - 000000000 ____D C:\ProgramData\AVAST Software

2019-01-08 13:16 - 2018-12-11 00:04 - 000592616 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2019-01-07 18:00 - 2019-01-07 18:00 - 000015022 _____ C:\Users\Moz\Documents\cc_20190107_180041.reg

2019-01-07 12:58 - 2018-03-13 19:17 - 000440512 _____ (COMODO) C:\ProgramData\cmdres.dll

2019-01-07 12:34 - 2019-01-07 12:34 - 000000975 _____ C:\Users\Public\Desktop\HiSuite.lnk

2019-01-07 12:34 - 2019-01-07 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite

2019-01-07 12:33 - 2019-01-07 12:34 - 000000000 ____D C:\Program Files (x86)\HiSuite

2018-12-22 09:31 - 2018-11-28 11:39 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2018-12-22 09:31 - 2018-11-28 10:08 - 015441408 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2018-12-22 09:31 - 2018-11-28 10:04 - 013322240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2018-12-22 09:31 - 2018-11-10 21:42 - 001368584 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2018-12-22 09:31 - 2018-11-10 20:54 - 001308456 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2018-12-22 09:31 - 2018-11-10 20:53 - 000356088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys

2018-12-22 09:31 - 2018-11-10 18:34 - 001754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll

2018-12-22 09:31 - 2018-11-10 18:25 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2018-12-22 09:31 - 2018-11-10 18:22 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2018-12-22 09:31 - 2018-11-10 18:15 - 001491968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll

2018-12-22 09:31 - 2018-11-03 17:25 - 002348032 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2018-12-22 09:31 - 2018-11-03 17:11 - 001556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2018-12-22 09:31 - 2018-10-25 02:54 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2018-12-22 09:31 - 2018-10-25 02:51 - 000121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx

2018-12-22 09:31 - 2018-10-25 02:46 - 000205824 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2018-12-22 09:31 - 2018-10-25 02:45 - 000168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll

2018-12-22 09:31 - 2018-10-16 05:39 - 001662504 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll

2018-12-22 09:31 - 2018-10-16 05:39 - 001063368 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll

2018-12-22 09:31 - 2018-10-16 05:18 - 001137472 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2018-12-22 09:31 - 2018-10-16 05:02 - 001214920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll

2018-12-22 09:31 - 2018-10-12 22:35 - 000862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2018-12-22 09:31 - 2018-10-12 22:25 - 000189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll

2018-12-22 09:31 - 2018-10-12 22:16 - 000148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe

2018-12-22 09:31 - 2018-10-12 22:16 - 000131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

2018-12-22 09:31 - 2018-10-12 21:51 - 000267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll

2018-12-22 09:31 - 2018-10-12 04:16 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll

2018-12-22 09:31 - 2018-10-12 04:10 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll

2018-12-22 09:31 - 2018-10-12 03:58 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2018-12-22 09:31 - 2018-10-12 03:58 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2018-12-22 09:31 - 2018-10-06 20:14 - 001547192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2018-12-22 09:31 - 2018-10-06 20:14 - 000388536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys

2018-12-22 09:31 - 2018-10-06 18:43 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll

2018-12-22 09:31 - 2018-10-06 18:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll

2018-12-22 09:31 - 2018-10-06 17:41 - 002465792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2018-12-22 09:31 - 2018-10-06 17:34 - 002175488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2018-12-22 09:31 - 2018-10-05 19:06 - 001200640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll

2018-12-22 09:31 - 2018-10-05 18:20 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll

2018-12-22 09:31 - 2018-10-05 17:18 - 000513376 _____ C:\Windows\SysWOW64\locale.nls

2018-12-22 09:31 - 2018-10-05 17:18 - 000513376 _____ C:\Windows\system32\locale.nls

2018-12-22 09:31 - 2018-09-28 15:38 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll

2018-12-22 09:31 - 2018-09-28 15:34 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll

2018-12-22 09:31 - 2018-09-23 18:47 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe

2018-12-22 09:31 - 2018-09-23 18:45 - 000468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll

2018-12-22 09:31 - 2018-09-23 18:45 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll

2018-12-22 09:31 - 2018-09-23 18:37 - 000774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll

2018-12-22 09:31 - 2018-09-23 18:24 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll

2018-12-22 09:31 - 2018-09-23 18:23 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll

2018-12-22 09:31 - 2018-09-23 18:23 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe

2018-12-22 09:31 - 2018-09-23 18:20 - 002750464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll

2018-12-22 09:31 - 2018-09-23 18:17 - 000699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll

2018-12-22 09:31 - 2018-09-23 18:00 - 000200192 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe

2018-12-22 09:31 - 2018-09-23 18:00 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll

2018-12-22 09:31 - 2018-09-23 17:58 - 000904192 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe

2018-12-22 09:31 - 2018-09-23 17:56 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll

2018-12-22 09:31 - 2018-09-23 17:53 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe

2018-12-22 09:31 - 2018-09-23 17:51 - 001920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll

2018-12-22 09:31 - 2018-09-23 17:50 - 000709632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe

2018-12-22 09:31 - 2018-09-12 20:30 - 000137008 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2018-12-22 09:31 - 2018-09-11 17:30 - 003718144 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2018-12-22 09:31 - 2018-09-08 20:22 - 001737696 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2018-12-22 09:31 - 2018-09-08 20:22 - 001676152 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2018-12-22 09:31 - 2018-09-08 20:22 - 001536216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2018-12-22 09:31 - 2018-09-08 20:22 - 001500528 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2018-12-22 09:31 - 2018-09-08 20:22 - 001371448 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2018-12-22 09:31 - 2018-09-07 19:39 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll

2018-12-22 09:31 - 2018-09-07 18:51 - 002849280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll

2018-12-22 09:31 - 2018-09-01 18:43 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2018-12-22 09:31 - 2018-08-29 15:51 - 002451800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2018-12-22 09:31 - 2018-08-26 06:07 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2018-12-22 09:31 - 2018-08-26 06:07 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2018-12-22 09:31 - 2018-08-21 15:39 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2018-12-22 09:31 - 2018-08-21 15:35 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2018-12-22 09:31 - 2018-08-14 21:04 - 004171264 _____ (Gracenote, Inc.) C:\Windows\SysWOW64\gnsdk_fp.dll

2018-12-22 09:31 - 2018-08-12 22:25 - 000149632 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2018-12-22 09:31 - 2018-08-12 19:07 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll

2018-12-22 09:31 - 2018-08-12 18:32 - 000151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll

2018-12-22 09:31 - 2018-08-12 16:21 - 001633008 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

2018-12-22 09:31 - 2018-08-09 15:16 - 004876800 _____ (Gracenote, Inc.) C:\Windows\system32\gnsdk_fp.dll

2018-12-22 09:26 - 2018-10-12 21:47 - 001049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll

2018-12-22 09:26 - 2018-10-12 04:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2018-12-22 09:26 - 2018-10-12 03:12 - 002882048 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll

==================== Three months (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-14 14:42 - 2015-11-26 23:46 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2019-03-14 14:42 - 2015-11-26 23:46 - 000000000 __SHD C:\Users\Moz\IntelGraphicsProfiles

2019-03-14 14:41 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2019-03-14 14:40 - 2015-11-29 20:12 - 000000000 ____D C:\Windows\Minidump

2019-03-14 14:19 - 2017-04-08 10:41 - 000000000 ____D C:\Users\Acronis Agent User

2019-03-14 12:06 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\ELAM

2019-03-14 11:42 - 2015-11-26 23:45 - 000000000 ____D C:\Users\Moz

2019-03-13 18:17 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf

2019-03-13 10:26 - 2015-11-30 13:52 - 000000000 ____D C:\Program Files\CCleaner

2019-03-13 10:25 - 2018-04-04 11:01 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update

2019-03-12 16:05 - 2018-07-15 11:14 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2019-03-12 16:05 - 2018-05-16 10:41 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier

2019-03-12 16:05 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed

2019-03-12 16:05 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\Macromed

2019-03-12 15:19 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI

2019-03-08 16:32 - 2015-11-26 23:52 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1975610405-2585747867-3397885706-1001

2019-03-08 15:40 - 2017-05-27 09:26 - 000000000 ____D C:\Users\Moz\AppData\Local\CrashDumps

2019-03-07 12:00 - 2015-11-26 20:41 - 000002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2019-03-07 11:26 - 2018-06-11 17:14 - 000634136 _____ C:\Windows\system32\FNTCACHE.DAT

2019-03-05 18:17 - 2017-11-29 18:12 - 000000000 ____D C:\Users\Moz\Documents\My Kindle Content

2019-03-05 14:38 - 2017-11-09 13:51 - 000000000 ____D C:\ProgramData\Apple

2019-03-04 11:28 - 2014-03-18 11:53 - 001159708 _____ C:\Windows\system32\PerfStringBackup.INI

2019-02-24 13:32 - 2017-03-24 12:16 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2019-02-16 13:02 - 2015-12-02 12:22 - 000000000 ____D C:\Users\Public\Documents\{fda2b1f686bf8e78c4ff109ca12b054e}

2019-02-14 13:00 - 2016-01-30 20:42 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2017-04-08 08:45 - 2017-04-07 10:21 - 004797120 _____ (COMODO) C:\ProgramData\cisF14A.exe

2019-01-07 12:58 - 2018-03-13 19:17 - 000440512 _____ (COMODO) C:\ProgramData\cmdres.dll

2015-11-28 20:49 - 2012-10-24 21:44 - 000656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall2998960.exe

2015-05-08 20:49 - 2015-05-08 20:49 - 008322328 _____ (Piriform Ltd) C:\Program Files\CCleaner64.exe

2017-08-14 18:41 - 2017-08-14 18:41 - 000000063 _____ () C:\Users\Moz\AppData\Local\emaildefaults

2017-10-20 16:15 - 2017-10-20 16:15 - 000000039 _____ () C:\Users\Moz\AppData\Local\kritadisplayrc

2017-08-13 13:43 - 2017-10-20 16:15 - 000018189 _____ () C:\Users\Moz\AppData\Local\kritarc

2018-09-30 10:03 - 2018-09-30 10:03 - 000000000 _____ () C:\Users\Moz\AppData\Local\oobelibMkey.log

2018-10-31 17:44 - 2018-10-31 17:44 - 000002763 _____ () C:\Users\Moz\AppData\Local\recently-used.xbel

2016-02-13 20:42 - 2019-02-11 17:30 - 000007616 _____ () C:\Users\Moz\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\dllhost.exe => File is digitally signed

C:\Windows\SysWOW64\dllhost.exe => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-03-11 16:53

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01

Ran by Moz (14-03-2019 16:45:32)

Running from E:\Downloads

Windows 8.1 Single Language (Update) (X64) (2015-11-26 21:45:40)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Acronis Agent User (S-1-5-21-1975610405-2585747867-3397885706-1003 - Administrator - Enabled) => C:\Users\Acronis Agent User

Administrator (S-1-5-21-1975610405-2585747867-3397885706-500 - Administrator - Disabled)

Guest (S-1-5-21-1975610405-2585747867-3397885706-501 - Limited - Disabled)

Moz (S-1-5-21-1975610405-2585747867-3397885706-1001 - Administrator - Enabled) => C:\Users\Moz

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Kaspersky Free (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}

AS: Kaspersky Free (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov)

Acronis Backup Agent (HKLM\...\{5D1B8504-7D60-438E-9B52-041B9141F07D}) (Version: 12.0.3894 - Acronis) Hidden

Acronis Backup Agent (HKLM\...\9EBDE6F5-EAE6-4326-A3A1-DEAA29F32D1D_BackupAndRecovery) (Version: 12.0.3894 - Acronis)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.156 - Adobe Systems Incorporated)

Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)

Amazon Kindle (HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\Amazon Kindle) (Version: 1.23.1.50133 - Amazon)

ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)

Belkin Automatic Power Management Software (HKLM-x32\...\Belkin Automatic Power Management Software) (Version: 2.6.0.2 - )

Belkin Power Management Software for Windows (HKLM-x32\...\{5FFF381C-0FFD-499E-AFD4-CDF423C169D0}) (Version: - )

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

calibre 64bit (HKLM\...\{F12B37DA-4B58-48B7-9557-F51E9D62C898}) (Version: 3.6.0 - Kovid Goyal)

CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.2.0 - Conexant)

DTS Sound (HKLM-x32\...\{4E91898E-4DED-4B17-94F0-FA61AACCDEB0}) (Version: 1.02.2700 - DTS, Inc.)

Easy Banner Creator (Free Edition) 1.0 (HKLM-x32\...\Easy Banner Creator (Free Edition) 1.0) (Version: - )

ELAN Touchpad 11.8.39.3_X64_WHQL (HKLM\...\Elantech) (Version: 11.8.39.3 - ELAN Microelectronic Corp.)

Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden

ePub Reader for Windows version 5.3 (HKLM-x32\...\{BFBA7F3A-1F10-4754-ADEC-A8CFBB4F925B}_is1) (Version: 5.3 - HANSoft, Inc.)

Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)

Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)

Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)

GIMP-2.9.5-std (HKLM\...\GIMP-2.9.5-std) (Version: 2.9.5-std - Partha Bagchi)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden

HiSuite (HKLM-x32\...\Hi Suite) (Version: 9.0.3.300 - Huawei Technologies Co.,Ltd)

HP DeskJet 3830 series Basic Device Software (HKLM\...\{586524CE-A9E3-415A-87FA-654AAE0CDC42}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)

HP DeskJet 3830 series Help (HKLM-x32\...\{71454577-027B-4866-A57A-F1D96AD8617E}) (Version: 35.0.0 - Hewlett Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4112 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.6.0.1002 - Intel Corporation)

Intel® WiDi (HKLM\...\{41A83EC5-A725-4795-A02C-306C989D82A2}) (Version: 5.1.29.0 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{227fd89d-2205-499a-8b73-9ec775789c4d}) (Version: 19.70.0 - Intel Corporation)

Kaspersky Free (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden

Kaspersky Free (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)

Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden

Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)

Kindle Previewer 3 (HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\Kindle Previewer 3) (Version: 3.22.0 - Amazon)

Krita (x64) 3.1.4.0 (HKLM\...\Krita_x64) (Version: 3.1.4.0 - Krita Foundation)

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )

LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.25.20150529 - LG Electronics)

LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)

LibreOffice 6.0.6.2 (HKLM\...\{982E3D14-3F50-412B-A1C2-BC9262E8810F}) (Version: 6.0.6.2 - The Document Foundation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.9 - Notepad++ Team)

NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)

NVIDIA Graphics Driver 354.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 354.35 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

Product Improvement Study for HP DeskJet 3830 series (HKLM\...\{76560318-47C5-4E6B-B348-B8D02C7DAFA7}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29086 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek)

RoboForm 7-9-1-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-1-1 - Siber Systems)

SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.0.1000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 17.12.8 - NVIDIA Corporation) Hidden

TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 3.0.0.5 - Toshiba Corporation)

TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.07.6402 - Toshiba Corporation)

TOSHIBA Display Utility (HKLM\...\{60E16CB5-B8C4-4AC1-93C0-E6E1D6246E17}) (Version: 1.2.12.0 - Toshiba Corporation)

TOSHIBA Function Key (HKLM\...\{ABB33FFD-6D6C-4670-9EF4-6181BB4D0DF2}) (Version: 1.1.11.6400 - Toshiba Corporation)

TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.20 - TOSHIBA)

TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 7.0.2.0 - Toshiba Corporation)

TOSHIBA PC Health Monitor (HKLM\...\{B507386D-1F61-4E55-B05B-F56ACB0086B3}) (Version: 5.02.02.6400 - Toshiba Client Solutions Co., Ltd.)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.03.7001 - Toshiba Corporation)

TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0049 - Toshiba Corporation)

TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.9.32001 - Toshiba Corporation)

TouchFreeze (HKLM-x32\...\{9C9744E5-2BB7-4042-BD1C-8A339480A08C}) (Version: 1.1.0 - Ivan Zhakov)

UFRaw 0.19.2 (HKLM-x32\...\UFRaw_is1) (Version: - Udi Fuchs)

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-10-14] (Notepad++ -> )

ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)

ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2015-12-25] () [File not signed]

ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)

ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]

ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-10-15] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]

ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1FDE7E32-2856-48C2-B34B-BD88E206ADE1} - System32\Tasks\{43138FB2-F573-49A7-8555-A75CF97ED4A0} => C:\Windows\system32\pcalua.exe -a E:\Downloads\ps902.exe -d E:\Downloads

Task: {29C741A2-C5D5-4836-B1E5-D4D4BD1B209C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Task: {2E2AF9FC-8877-4A11-953E-18B27A9BB201} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems Inc -> Siber Systems)

Task: {3B201B20-1ABA-4464-B41E-37212E644E1E} - System32\Tasks\{BAA1691B-417C-43AA-B0AC-20EF7DB6F034} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" -c /uninstall SINGLEIMAGE /dll OSETUP.DLL

Task: {402389C2-E876-4E95-87C0-FFA206B2DD95} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

Task: {5C64F7A9-9BBF-4FA2-B1DE-29247C7C8351} - System32\Tasks\AdobeGCInvoker-1.0-RedEnjin-Moz => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)

Task: {6003F8F9-FF1C-4A7A-9183-D3C72433D28D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)

Task: {648CDCA5-5C90-4176-9F6D-DE939893BA51} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe (TOSHIBA CORPORATION -> TOSHIBA Corporation)

Task: {6E806F02-082E-4FAF-B996-D4E26D16EB8A} - System32\Tasks\HPCustParticipation HP DeskJet 3830 series => C:\Program Files\HP\HP DeskJet 3830 series\Bin\HPCustPartic.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)

Task: {860B58EC-9ACB-4FBA-AD5C-4A11C7FB3678} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)

Task: {87725D70-24BA-454E-AECC-FCF9FEC5DAF6} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe (Garmin International, Inc. -> )

Task: {8891DB58-A7ED-4056-BD1D-168B7CA8C5AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

Task: {A06A46AD-5D9D-41E7-BFF1-60F9D469DE13} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe (Kaspersky Lab -> AO Kaspersky Lab)

Task: {C458F123-BD5B-46D1-A7F7-D28C7E6AB2AA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)

Task: {D4E81E2D-B015-448A-98F5-BC36D1E490E9} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMOMIMOMPMLJNMNJKMCNNJJMMMOMCNLMGMGMKJCNGMOMJJPMCNKJKJIMLJGMLJMMKMHMGMMMMJJNJICMIMCNGMCNOMFMGMCNOMOMCNGMJMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMLMFMMJBJKJLIMJFMPMJNHICMMJBJKJLIMJJNBJCMCLAJFIJNKJCMJNNICMJNDJCMKJBJ"

Task: {DB523C32-EF14-4568-9A6C-F0348AC9B2CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

Task: {DCE98709-C88A-460E-AD8A-E7033D7FEFF4} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

Task: {EA9C53AC-DCF0-4C62-A0FE-6E204702A04A} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe (DTS, Inc. -> )

Task: {F084521C-010F-43C1-8EBC-805D69969A46} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-11-05 16:07 - 2016-11-05 16:07 - 000385024 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMLMAD.DLL

2015-08-06 20:08 - 2015-01-17 00:40 - 000930888 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll

2018-12-12 12:32 - 2018-12-12 12:32 - 000190784 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe

2016-06-30 18:27 - 2016-06-30 18:27 - 000147456 _____ (Mega System Technologies, Inc.) [File not signed] C:\Program Files (x86)\Belkin\Belkin Power Management Software\RupsMon.exe

2015-12-12 13:59 - 2015-12-12 13:59 - 000114688 _____ (Macrovision) [File not signed] C:\Program Files (x86)\Belkin Automatic Power Management Software\monitor.exe

2016-06-30 18:27 - 2016-06-30 18:27 - 000146944 _____ (Mega Corp.) [File not signed] C:\Program Files (x86)\Belkin\Belkin Power Management Software\usbmate.exe

2015-12-25 17:19 - 2015-12-25 17:19 - 000721263 _____ () [File not signed] C:\Windows\SysWOW64\WSCM64.dll

2015-12-12 13:59 - 2015-12-12 13:59 - 000114688 _____ (Macrovision) [File not signed] C:\Program Files (x86)\Belkin Automatic Power Management Software\wpRMI.exe

2012-07-24 19:26 - 2016-09-03 18:11 - 000040960 _____ () [File not signed] C:\Users\Moz\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe

2018-07-28 08:52 - 2018-07-28 08:52 - 000443392 _____ (The Document Foundation) [File not signed] C:\Program Files\LibreOffice\program\pyuno.pyd

2018-07-28 08:29 - 2018-07-28 08:29 - 000066048 _____ (Python Software Foundation) [File not signed] C:\Program Files\LibreOffice\program\python-core-3.5.5\lib\_socket.pyd

2018-07-28 08:29 - 2018-07-28 08:29 - 000019968 _____ (Python Software Foundation) [File not signed] C:\Program Files\LibreOffice\program\python-core-3.5.5\lib\select.pyd

2016-06-30 18:27 - 2016-06-30 18:27 - 000401462 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Belkin\Belkin Power Management Software\MSVCP60.dll

2015-12-12 13:59 - 2015-12-12 13:59 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Belkin Automatic Power Management Software\jre\bin\msvcr71.dll

2015-12-12 13:59 - 2015-12-12 13:59 - 000045056 _____ () [File not signed] C:\Program Files (x86)\Belkin Automatic Power Management Software\jspWin.dll

2012-07-24 19:26 - 2012-07-24 19:26 - 000034304 _____ () [File not signed] C:\Users\Moz\AppData\Local\Programs\TouchFreeze\TouchFreeze.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\AppXDeploymentExtensions.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\AuthHost.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\calc.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\cfgbkend.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\CNHI10A.DLL:$CmdTcID [130]

AlternateDataStreams: C:\Windows\system32\CNHL5100.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\CNHMCA6.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\CNHMCAN.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\dhcpsapi.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\fhcpl.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\LockScreenContentServer.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\mfnetcore.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\mfnetsrc.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\nvdispco6435435.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\nvdispgenco6435435.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\nvEncodeAPI64.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\NvIFROpenGL.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\nvinitx.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\PCPKsp.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [130]

AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\schtasks.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\SettingsHandlers.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\SettingSync.dll:$CmdTcID [130]

AlternateDataStreams: C:\Windows\system32\SettingSyncHost.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\SRH.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\StorageContextHandler.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\storewuauth.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\SystemSettingsDatabase.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\wdfcoinstaller01007.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [130]

AlternateDataStreams: C:\Windows\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeui.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\winshfhc.dll:$CmdTcID [130]

AlternateDataStreams: C:\Windows\system32\WinSync.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\WMASF.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\WorkfoldersControl.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\WsmAgent.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [130]

AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\AGaugeM.ocx:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\AniGIF.ocx:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\atlthunk.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\calc.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\cfgbkend.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\CNHMCA.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\dbgeng.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\dbghelp.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\dhcpsapi.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\dsparse.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\eapp3hst.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\eappcfg.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\eappgnui.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\eapphost.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\GeofenceMonitorService.dll:$CmdTcID [130]

AlternateDataStreams: C:\Windows\SysWOW64\hgcpl.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\mfc42.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\mfc42u.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\mfnetcore.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\mfnetsrc.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\MrmCoreR.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\netcfgx.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID [130]

AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\nvEncodeAPI.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\NvIFROpenGL.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\nvinit.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\PCPKsp.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\Percent.ocx:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\photowiz.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [130]

AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\rgb9rast.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\rsaenh.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\schtasks.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\SettingMonitor.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\SettingSync.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\shacct.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\SHCore.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\SRH.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\stobject.dll:$CmdTcID [130]

AlternateDataStreams: C:\Windows\SysWOW64\StorageContextHandler.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\Strip.ocx:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\taskeng.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\themecpl.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\usercpl.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [130]

AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\winshfhc.dll:$CmdTcID [130]

AlternateDataStreams: C:\Windows\SysWOW64\WinSync.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\WMASF.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\wscapi.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\WSCM64.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\WsmAgent.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [130]

AlternateDataStreams: C:\Windows\SysWOW64\WSShared.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\ahcache.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\bthhfenum.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\bthport.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\dumpsd.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\ew_jubusenum.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\hidbth.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\rasl2tp.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\rfcomm.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\rndismpx.sys:$CmdTcID [130]

AlternateDataStreams: C:\Windows\system32\Drivers\sdbus.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\tap0901.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\tpm.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\tunnel.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\usb8023x.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\USBHUB3.SYS:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\volmgr.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\vpci.sys:$CmdTcID [64]

AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [64]

AlternateDataStreams: C:\ProgramData\cisF14A.exe:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\BackupClient\PyShell\bin\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files\Calibre2\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\Control Panel\Desktop\\Wallpaper -> E:\My Pictures\Crest\Desktop Crest.jpg

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

mpsdrv => Firewall Service is not running.

MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"

HKLM\...\StartupApproved\StartupFolder: => "Rupsmon Daemon.lnk"

HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"

HKLM\...\StartupApproved\Run: => "ETDCtrl"

HKLM\...\StartupApproved\Run: => "ShadowPlay"

HKLM\...\StartupApproved\Run: => "SmartAudio"

HKLM\...\StartupApproved\Run: => "COMODO PC TuneUp"

HKLM\...\StartupApproved\Run: => "CanonMyPrinter"

HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"

HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"

HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"

HKLM\...\StartupApproved\Run32: => "TSVU"

HKLM\...\StartupApproved\Run32: => "UPSMS"

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"

HKLM\...\StartupApproved\Run32: => "CanonSolutionMenuEx"

HKLM\...\StartupApproved\Run32: => "SmartAudio"

HKLM\...\StartupApproved\Run32: => "HP Software Update"

HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"

HKLM\...\StartupApproved\Run32: => "vdcss"

HKLM\...\StartupApproved\Run32: => "Dropbox"

HKLM\...\StartupApproved\Run32: => "ETDCtrl"

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\StartupApproved\StartupFolder: => "Adobe Gamma.lnk"

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\StartupApproved\Run: => "RoboForm"

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\StartupApproved\Run: => "GoogleDriveSync"

HKU\S-1-5-21-1975610405-2585747867-3397885706-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CABAC49C-A930-4CB7-A996-5FB337534684}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{5C97545B-8C40-4172-8819-F265FD2806DC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{A25C09C1-B0B8-408C-B0F2-7CAD660C5EB4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{97395B86-747B-4BD3-AAC5-3EDBE70197FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{DFB54D93-BBF7-4C2C-AC32-FAFF622AD53A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{82924C58-BAAE-4735-884A-BD25FDAE4F94}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{962ACBE2-57B5-47AA-BA74-0EAEE1B93F2F}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe (Intel® Wireless Display -> Intel Corporation)

FirewallRules: [{AC76E0A0-FA1A-4571-872F-C2AA5BDE5CDF}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe (Intel® Wireless Display -> Intel)

FirewallRules: [TCP Query User{DFCAC0DC-0A41-4821-93AD-4355D2B841B9}C:\program files (x86)\belkin automatic power management software\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\belkin automatic power management software\jre\bin\javaw.exe

FirewallRules: [UDP Query User{C80E0C81-0D95-40ED-B99B-823EE8096719}C:\program files (x86)\belkin automatic power management software\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\belkin automatic power management software\jre\bin\javaw.exe

FirewallRules: [TCP Query User{13D17AB0-650B-4A36-8E69-FA5F1A16D71F}C:\program files (x86)\belkin automatic power management software\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\belkin automatic power management software\jre\bin\javaw.exe

FirewallRules: [UDP Query User{F178D0C9-54B0-45CD-8017-2B78E6BF50A6}C:\program files (x86)\belkin automatic power management software\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\belkin automatic power management software\jre\bin\javaw.exe

FirewallRules: [{F85FA590-4775-41F2-8EF4-1506EACBEE46}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)

FirewallRules: [{24B524D4-45D1-45D2-8D4E-8FFE4BA7E876}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)

FirewallRules: [{2F9F59FF-4B12-4C51-B10D-3C3C7A55AC29}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)

FirewallRules: [{71F600D3-9300-4566-B627-C514992869E7}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\bin\FaxPrinterUtility.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)

FirewallRules: [{715FCA34-9F64-4850-B6AD-580B3BC1597E}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)

FirewallRules: [{AEE066D5-BC98-439F-9991-726D20E41F7C}] => (Allow) LPort=5357

FirewallRules: [{1604B09E-0190-49AF-9E10-37922D34EB7E}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)

FirewallRules: [{F177D432-09EB-493E-90B7-7C9C29805AA0}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe (Acronis International GmbH -> Acronis)

FirewallRules: [{192B16BE-04B8-46EE-B679-69E7F34C86F7}] => (Allow) C:\Program Files\BackupClient\BackupAndRecovery\mms.exe (Acronis International GmbH -> )

FirewallRules: [{C233A939-199F-4BC1-BCFC-522D6422ED15}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )

FirewallRules: [{A78F083A-646A-4091-AB05-B2336F444CD2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

FirewallRules: [{07F82F6F-3075-4362-848A-F0C36E4730F2}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

FirewallRules: [{676F6AEC-9445-48BE-AADF-42950ADA0671}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

==================== Restore Points =========================

28-02-2019 11:34:20 Scheduled Checkpoint

05-03-2019 14:26:55 Installed iTunes

07-03-2019 13:36:27 Removed Kaspersky Password Manager

14-03-2019 12:32:17 Run Farbar Recovery

14-03-2019 12:37:34 My Msave Recovery 14/03/19

==================== Faulty Device Manager Devices =============

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:

==================

Error: (03/14/2019 02:33:44 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program wmplayer.exe version 12.0.9600.19145 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12bc

Start Time: 01d4da4a5ca36fa0

Termination Time: 4294967295

Application Path: C:\Program Files\Windows Media Player\wmplayer.exe

Report Id: 668ac4d9-4655-11e9-82b3-e4f89c932915

Faulting package full name:

Faulting package-relative application ID:

Error: (03/14/2019 12:37:27 PM) (Source: SPP) (EventID: 16389) (User: )

Description: Writer WMI Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (03/14/2019 12:37:27 PM) (Source: SPP) (EventID: 16389) (User: )

Description: Writer MSSearch Service Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (03/14/2019 12:37:27 PM) (Source: SPP) (EventID: 16389) (User: )

Description: Writer Registry Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (03/14/2019 12:37:27 PM) (Source: SPP) (EventID: 16389) (User: )

Description: Writer COM+ REGDB Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (03/14/2019 12:37:27 PM) (Source: SPP) (EventID: 16389) (User: )

Description: Writer Shadow Copy Optimization Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (03/14/2019 12:37:27 PM) (Source: SPP) (EventID: 16389) (User: )

Description: Writer System Writer experienced retryable error during shadow copy creation. Retrying...

More info: .

Error: (03/14/2019 11:46:22 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: TPCHSrv.exe, version: 2.1.0.1, time stamp: 0x58fd5833

Faulting module name: ntdll.dll, version: 6.3.9600.19153, time stamp: 0x5b93ffa7

Exception code: 0xc0000374

Fault offset: 0x00000000000f1cd0

Faulting process id: 0x1e20

Faulting application start time: 0x01d4da4ac39a99d9

Faulting application path: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: 05c6dff8-463e-11e9-82b3-e4f89c932915

Faulting package full name:

Faulting package-relative application ID:

System errors:

=============

Error: (03/14/2019 03:11:40 PM) (Source: DCOM) (EventID: 10010) (User: RedEnjin)

Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (03/14/2019 03:11:10 PM) (Source: DCOM) (EventID: 10010) (User: RedEnjin)

Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (03/14/2019 02:58:48 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/14/2019 02:58:44 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/14/2019 02:58:39 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/14/2019 02:58:35 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/14/2019 02:58:31 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/14/2019 02:58:27 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

Windows Defender:

===================================

Date: 2019-02-05 16:27:41.857

Description:

Windows Defender scan has been stopped before completion.

Scan ID: {4CBA43F8-4338-4FD4-B0DD-DDB2B0F9936B}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-02-04 19:13:06.421

Description:

Windows Defender scan has been stopped before completion.

Scan ID: {950E8CB3-C43C-45E0-BF88-C46BCF98AB09}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-02-04 14:40:42.474

Description:

Windows Defender scan has been stopped before completion.

Scan ID: {C6A92651-55C5-4F72-91CD-A8C86BE652DE}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-02-04 12:00:23.756

Description:

Windows Defender scan has been stopped before completion.

Scan ID: {F243B9F8-A4AE-49F3-9043-E191E5EA3742}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-02-03 15:58:51.822

Description:

Windows Defender scan has been stopped before completion.

Scan ID: {37C54EBD-2B78-494D-94B8-E169EA862B2A}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-02-07 12:23:05.515

Description:

Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: Backup

Error Code: 0x80004004

Error description: Operation aborted

Signature version: 1.285.348.0;1.285.348.0

Engine version: 1.1.15600.4

Date: 2019-02-07 12:23:01.203

Description:

Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: Current

Error Code: 0x80004004

Error description: Operation aborted

Signature version: 1.285.845.0;1.285.845.0

Engine version: 1.1.15600.4

Date: 2019-02-04 15:59:42.415

Description:

Windows Defender has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.285.348.0

Update Source: Microsoft Update Server

Signature Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.15600.4

Error code: 0x80072efe

Error description: The connection with the server was terminated abnormally

Date: 2019-01-08 13:00:33.690

Description:

Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: Current

Error Code: 0x80073aba

Error description: The resource is too old to be compatible.

Signature version: 1.191.2881.0;1.191.2881.0

Engine version: 1.1.11302.0

CodeIntegrity:

===================================

Date: 2019-01-17 16:36:39.636

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-01-17 16:36:39.301

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-01-09 11:44:58.158

Description:

Date: 2019-01-09 11:44:57.780

Description:

Date: 2019-01-07 12:58:29.002

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-01-06 19:10:06.647

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-01-06 19:10:06.373

Description:

Date: 2019-01-06 19:10:06.061

Description:

==================== Memory info ===========================

Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz

Percentage of memory in use: 50%

Total physical RAM: 8106.14 MB

Available physical RAM: 4013.31 MB

Total Virtual: 20394.14 MB

Available Virtual: 15908.91 MB

==================== Drives ================================

Drive c: (RedEnjin) (Fixed) (Total:721.33 GB) (Free:659.35 GB) NTFS

Drive e: (Msave) (Fixed) (Total:195.31 GB) (Free:118.58 GB) NTFS

\\?\Volume{3e86be61-6794-48eb-b4df-7cc76b6acae6}\ (WinRE) (Fixed) (Total:1 GB) (Free:0.63 GB) NTFS

\\?\Volume{1660ef13-1b1c-41ac-bf3c-af1a34afb868}\ (Recovery) (Fixed) (Total:13.65 GB) (Free:0.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

#3 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 15 March 2019 - 04:25 AM

Before we try to run any tools to check for malware,

The device, \Device\Harddisk0\DR0, has a bad block.

I think you should
https://support.micr...orrupted-system

please scroll down to Windows 8 /8.1

Mozimax likes this

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#4 Mozimax

Authentic Member

Authentic Member
21 posts

Posted 15 March 2019 - 07:33 AM

Here are the results and thanks for your fast and useful help.

>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<

Microsoft Windows [Version 6.3.9600]

C:\Windows\system32>DISM.exe /Online /Cleanup-image /Restorehealth

Deployment Image Servicing and Management tool

Version: 6.3.9600.17031

Image Version: 6.3.9600.17031

[==========================100.0%==========================]

Error: 0x800f0906

The source files could not be downloaded.

Use the "source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see

http://go.microsoft..../?LinkId=243077.

The DISM log file can be found at C:\Windows\Logs\DISM\dism.log

>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<

There is a YouTube vlog for this repair @

If not, please advise. Thanks

#5 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 15 March 2019 - 12:02 PM

No, we wont continue with that.

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

Start::
CloseProcesses:
CreateRestorePoint:
URLSearchHook: [S-1-5-21-1975610405-2585747867-3397885706-1003] ATTENTION => Default URLSearchHook is missing
BHO-x32: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com => not found
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [No File]
S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]
U3 aswMBR; \??\C:\Users\Moz\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION
U3 aswVmm; \??\C:\Users\Moz\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {C458F123-BD5B-46D1-A7F7-D28C7E6AB2AA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppXDeploymentExtensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AuthHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\calc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cfgbkend.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNHI10A.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\CNHL5100.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNHMCA6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNHMCAN.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LockScreenContentServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6435435.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6435435.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvEncodeAPI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NvIFROpenGL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvinitx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PCPKsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schtasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingSync.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StorageContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\storewuauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemSettingsDatabase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdfcoinstaller01007.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winshfhc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WinSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMASF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AGaugeM.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AniGIF.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atlthunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\calc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cfgbkend.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CNHMCA.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dbghelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dhcpsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dsparse.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\GeofenceMonitorService.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netcfgx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvEncodeAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NvIFROpenGL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvinit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PCPKsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Percent.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\photowiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rgb9rast.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rsaenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schtasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SettingMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\stobject.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\StorageContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Strip.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\taskeng.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winshfhc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\WinSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMASF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSCM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\WSShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthhfenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ew_jubusenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidbth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rasl2tp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rfcomm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rndismpx.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tap0901.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tunnel.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023x.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBHUB3.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\volmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\cisF14A.exe:$CmdTcID [64]
C:\Windows\Temp\*.*
Emptytemp:
End::

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner - Fix Mode

Download AdwCleaner and move it to your Desktop
Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

~~~~~~`

RogueKiller

Download the right version of RogueKiller for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply

please post these 3 logs when finished.

Mozimax likes this

#6 Mozimax

Authentic Member

Authentic Member
21 posts

Posted 16 March 2019 - 08:28 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
Ran by Moz (16-03-2019 15:36:33) Run:2
Running from E:\Downloads\FRST-OlderVersion
Loaded Profiles: Moz (Available Profiles: Moz & Acronis Agent User)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
URLSearchHook: [S-1-5-21-1975610405-2585747867-3397885706-1003] ATTENTION => Default URLSearchHook is missing
BHO-x32: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com => not found
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [No File]
S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]
U3 aswMBR; \??\C:\Users\Moz\AppData\Local\Temp\aswMBR.sys [X] <==== ATTENTION
U3 aswVmm; \??\C:\Users\Moz\AppData\Local\Temp\aswVmm.sys [X] <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {C458F123-BD5B-46D1-A7F7-D28C7E6AB2AA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppXDeploymentExtensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AuthHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\calc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cfgbkend.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNHI10A.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\CNHL5100.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNHMCA6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNHMCAN.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LockScreenContentServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6435435.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6435435.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvEncodeAPI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NvIFROpenGL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvinitx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PCPKsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schtasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingSync.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StorageContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\storewuauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemSettingsDatabase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdfcoinstaller01007.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winshfhc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WinSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMASF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AGaugeM.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AniGIF.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atlthunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\calc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cfgbkend.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CNHMCA.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dbghelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dhcpsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dsparse.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\GeofenceMonitorService.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netcfgx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvEncodeAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NvIFROpenGL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvinit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PCPKsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Percent.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\photowiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rgb9rast.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rsaenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schtasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SettingMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\stobject.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\StorageContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Strip.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\taskeng.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winshfhc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\WinSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMASF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSCM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\WSShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthhfenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ew_jubusenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidbth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rasl2tp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rfcomm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rndismpx.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tap0901.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tunnel.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023x.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBHUB3.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\volmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\cisF14A.exe:$CmdTcID [64]
C:\Windows\Temp\*.*
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{451C804F-C205-4F03-B48E-537EC94937BF} => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{451C804F-C205-4F03-B48E-537EC94937BF} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\WSWSVCUchrome => not found
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\WSVCU@Wondershare.com" => not found
HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0 => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0 => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0 => not found
mfesapsn => service not found.
aswMBR => service not found.
aswVmm => service not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C458F123-BD5B-46D1-A7F7-D28C7E6AB2AA}" => not found
"C:\Windows\System32\Tasks\Avast Software\Overseer" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => not found
"C:\Windows\notepad.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\AppXDeploymentExtensions.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\AuthHost.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\basesrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\calc.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cfgbkend.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\clfsw32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\CNHI10A.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\CNHL5100.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\CNHMCA6.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\CNHMCAN.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\COLORCNV.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\comctl32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\CPFilters.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\d3dx9_32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dbgeng.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dhcpsapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\eapp3hst.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\eappgnui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\eapphost.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\EncDec.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\fhcpl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\FWPUCLNT.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\InkEd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ksproxy.ax" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\LockScreenContentServer.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfc42.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfc42u.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfds.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfnetcore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfnetsrc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfvdsp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MFWMAAEC.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MP3DMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MP43DECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MP4SDECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MPG4DECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mtxoci.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\notepad.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ntvdm64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvcuda.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvcuvid.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvd3dumx.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvdispco6435435.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvdispgenco6435435.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvEncodeAPI64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\NvFBC64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\NvIFR64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\NvIFROpenGL.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvinitx.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvoglv64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvopencl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvwgf2umx.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\PCPKsp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\photowiz.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\pku2u.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RESAMPLEDMO.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\schtasks.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sdbinst.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sechost.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\services.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SettingsHandlers.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SettingSync.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SettingSyncHost.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SRH.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\StorageContextHandler.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\storewuauth.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SysFxUI.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SystemSettingsAdminFlows.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SystemSettingsAdminFlowUI.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SystemSettingsDatabase.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\tdh.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\themecpl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\tracerpt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TsWpfWrp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\usercpl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\UtcResources.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\VIDRESZR.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\VSSVC.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wdfcoinstaller01007.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Windows.UI.Input.Inking.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WindowsAnytimeUpgradeui.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WinSetupUI.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\winshfhc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WinSync.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMADMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMADMOE.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMALFXGFXDSP.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMASF.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMPhoto.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMSPDMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMSPDMOE.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMVDECOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMVENCOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMVSDECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMVSENCD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMVXENCD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WorkfoldersControl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wpdshext.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WsmAgent.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WsmAuto.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\XAPOFX1_5.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\XAudio2_7.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\AGaugeM.ocx" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\AniGIF.ocx" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\atlthunk.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\calc.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\cfgbkend.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\clfsw32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\CNHMCA.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\COLORCNV.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\comctl32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\CPFilters.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\d2d1.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\D3DCompiler_43.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\d3dx10_42.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\d3dx9_32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\davclnt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dbgeng.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dbghelp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\devenum.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dhcpsapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dsparse.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\eapp3hst.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\eappcfg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\eappgnui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\eapphost.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\EncDec.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\FWPUCLNT.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\GeofenceMonitorService.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\hgcpl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\InkEd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\IPHLPAPI.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ksproxy.ax" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mfc42.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mfc42u.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mfds.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mfnetcore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mfnetsrc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mfps.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mfvdsp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MFWMAAEC.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MP3DMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MP43DECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MP4SDECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MPG4DECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MrmCoreR.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msorcl32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mtxoci.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\netcfgx.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\notepad.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nvapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nvcompiler.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nvcuda.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nvcuvid.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nvd3dum.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nvEncodeAPI.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\NvFBC.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\NvIFR.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\NvIFROpenGL.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nvinit.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nvoglv32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nvopencl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nvwgf2um.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\PCPKsp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\Percent.ocx" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\PhotoMetadataHandler.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\photowiz.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\pku2u.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\qedit.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\RESAMPLEDMO.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\rgb9rast.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\rsaenh.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\schtasks.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\sdbinst.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\sechost.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\SettingMonitor.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\SettingSync.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\SettingSyncCore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\SettingSyncHost.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\shacct.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\SHCore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\SRH.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\stobject.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\StorageContextHandler.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\Strip.ocx" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\taskeng.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\tdh.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\themecpl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\tracerpt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\TsWpfWrp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\UIAutomationCore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\usercpl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\VIDRESZR.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\Windows.UI.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\Windows.UI.Immersive.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\winshfhc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WinSync.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMADMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMADMOE.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMASF.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMPhoto.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMSPDMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMSPDMOE.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMVDECOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMVENCOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMVSDECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMVSENCD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMVXENCD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wpdshext.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wscapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WSCM64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WsmAgent.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WsmAuto.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WSShared.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wups.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\XAPOFX1_5.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\XAudio2_7.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\ahcache.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\bthhfenum.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\bthport.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\dumpsd.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\ew_jubusenum.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\hidbth.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\IPMIDrv.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\nvlddmkm.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\rasl2tp.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\rfcomm.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\rmcast.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\rndismpx.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\sdbus.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\tap0901.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\tpm.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\tunnel.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\udfs.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usb8023.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usb8023x.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usbd.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usbehci.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\USBHUB3.SYS" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usbohci.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usbscan.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\USBSTOR.SYS" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usbuhci.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\volmgr.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\volsnap.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\vpci.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\winusb.sys" => ":$CmdTcID" ADS not found.
"C:\ProgramData\cisF14A.exe" => ":$CmdTcID" ADS not found.

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\adobegc.log => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9644785 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 5686 B
Edge => 0 B
Chrome => 64109373 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1654 B
NetworkService => 0 B
Moz => 10057311 B
Acronis Agent User => 678 B

RecycleBin => 0 B
EmptyTemp: => 79.9 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:38:44 ====

>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-03-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-16-2019
# Duration: 00:00:05
# OS: Windows 8.1 Single Language
# Cleaned: 12
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\END
Deleted C:\Users\Acronis Agent User\Desktop\eBay.lnk
Deleted C:\Users\Acronis Agent User\Favorites\eBay.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Deleted HKLM\Software\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp

***** [ Chromium (and derivatives) ] *****

Deleted Microformats
Deleted Alexa Traffic Rank
Deleted FromDocToPDF

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2160 octets] - [16/03/2019 14:12:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-03-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-16-2019
# Duration: 00:00:15
# OS: Windows 8.1 Single Language
# Scanned: 31892
# Detected: 12

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

PUP.Optional.Legacy C:\END
PUP.Optional.Legacy C:\Users\Acronis Agent User\Desktop\eBay.lnk
PUP.Optional.Legacy C:\Users\Acronis Agent User\Favorites\eBay.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy Microformats
PUP.Optional.Legacy Alexa Traffic Rank
PUP.Optional.MindSpark FromDocToPDF

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<

#7 Mozimax

Authentic Member

Authentic Member
21 posts

Posted 16 March 2019 - 12:03 PM

Hi Juliet,

I ran Rogue Killer but all hell broke loose - as it has for the past 14 hours. I can't get to work anymore, it keeps insisting on installing the program and won't fix anything. First time I ran it, it ran beautifully and then blocked when I tried to download the fixes. I switched off the PC manually then nothing worked until now to give you this message. I'm still being blocked 100% disk usage.

Can you help with the data you have? As you can understand, none of my critical work is being done at all. My clients have no clue where I am.

Thanks,

Cari

#8 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 16 March 2019 - 01:12 PM

First thing that comes to mind is your security software

Let's see if you can temporarily disable to run the tools
https://support.kaspersky.com/us/12161

If that doesn't work let's try booting into safe mode to run the tool from there
https://support.micr...ne-click-series

Mozimax likes this

#9 Mozimax

Authentic Member

Authentic Member
21 posts

Posted 18 March 2019 - 05:02 AM

OK Juliet,

It liked that. Has been keeping it's cool, but it can never pass my cool :wall:

What's next?

Cari

#10 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 18 March 2019 - 06:31 AM

Were you able to run RogueKiller, I'd like to see the log from that tool.

Also, if you disabled your antivirus, make sure to turn it back on after using the tools.

Mozimax likes this

Advertisements

Register to Remove

#11 Mozimax

Authentic Member

Authentic Member
21 posts

Posted 18 March 2019 - 11:12 AM

As I said before, Rogue Killer insisted on installing the program after the log was lost.

Now it won't run a fix, because I think it remembers having done it already. I have tried three times and then I uninstalled it.

Yes, Kaspersky is now running, thanks.

#12 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 18 March 2019 - 06:15 PM

Again, you might need to temporarily disable Kaspersky to run these tools

Let's check for remnants

Please download the Malwarebytes Anti-Malware setup file to your Desktop.

OR from this location Here

Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
After the installation IS complete let it update if it asks.
Under SETTINGS.....APPLICATIONS leave everything at default
Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
Then go to the Dashboard and click on SCAN NOW
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the Reports tab.
Double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
Then click on POST
Exit Malwarebytes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Emsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

Please post these 2 logs when finished.

Also, tell me how the computer is now.

Mozimax likes this

#13 Mozimax

Authentic Member

Authentic Member
21 posts

Posted 19 March 2019 - 06:36 AM

In Malwarebytes, ‘Auto Quarantine’ only comes with premium.

>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<

Emsisoft Anti-Malware - Version 2019.2
Last update: 3/19/2019 1:47:07 PM
Initiated by: RedEnjin\Moz
Computer name: REDENJIN
OS version: Windows 8.1x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start:    3/19/2019 2:05:35 PM

Scanned    76284
Found    0

Scan end:    3/19/2019 2:08:34 PM
Scan time:    0:02:59

#14 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 19 March 2019 - 03:12 PM

Tell me what the computer is doing now.

#15 Mozimax

Authentic Member

Authentic Member
21 posts

Posted 20 March 2019 - 03:25 AM

As long as Kaspersky is off, all goes well, but every time I switch it on, the 100% disk returns. So if I can run without internet security. All goes well, I suppose, unless I get infected. If you are signing off, I must thank you very much for the most fantastic job. I have struggled with this 100% disk story for four months, with it getting progressively worse until now. My faith took quite a knock in that time, while I choked every day on stolen time.

Also tagged with one or more of these keywords: 100% disk use, pc access blocked, PC takeover, Cannot bypass, Task manager useless to stop, No fixes found, Dont know the problem, Malware

Malware Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Weird behavior on my pc Started by ba_jets , 29 Jan 2024 Malware, Virus	0 replies 210,427 views	ba_jets 29 Jan 2024
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Gaming computer keeps running extremely slow and keep getting repeated Started by ShaneA94 , 08 Nov 2023 Hacked, spyware, malware	0 replies 164,625 views	ShaneA94 08 Nov 2023
Virus Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → How do i delete this Virus? (dllhost.exe) Started by Noalch , 11 Dec 2022 Virus, Dllhost.exe, Dllhost and 4 more...	0 replies 143,289 views	Noalch 11 Dec 2022
Virus Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → How do i delete this Virus? (dllhost.exe) Started by Noalch , 11 Dec 2022 Virus, Dllhost.exe, Dllhost and 4 more...	0 replies 135,717 views	Noalch 11 Dec 2022
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Pop ups keep stealing my browser and shutting my computer down. Started by Patrick's Mom , 21 Apr 2021 malware	2 replies 69,599 views	Juliet 01 May 2021

3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users

Body Background

skin color theme

Regular 100% disk usage, blocking my day to day PC access

#1 Mozimax

Advertisements

Register to Remove

#2 Mozimax

#3 Juliet

#4 Mozimax

#5 Juliet

#6 Mozimax

#7 Mozimax

#8 Juliet

#9 Mozimax

#10 Juliet

Advertisements

Register to Remove

#11 Mozimax

#12 Juliet

#13 Mozimax

#14 Juliet

#15 Mozimax

Related Topics

Also tagged with one or more of these keywords: 100% disk use, pc access blocked, PC takeover, Cannot bypass, Task manager useless to stop, No fixes found, Dont know the problem, Malware

Weird behavior on my pc

Gaming computer keeps running extremely slow and keep getting repeated

How do i delete this Virus? (dllhost.exe)

How do i delete this Virus? (dllhost.exe)

Pop ups keep stealing my browser and shutting my computer down.

3 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Regular 100% disk usage, blocking my day to day PC access

#1 Mozimax

Advertisements Register to Remove

#2 Mozimax

#3 Juliet

#4 Mozimax

#5 Juliet

#6 Mozimax

#7 Mozimax

#8 Juliet

#9 Mozimax

#10 Juliet

Advertisements Register to Remove

#11 Mozimax

#12 Juliet

#13 Mozimax

#14 Juliet

#15 Mozimax

Related Topics

Also tagged with one or more of these keywords: 100% disk use, pc access blocked, PC takeover, Cannot bypass, Task manager useless to stop, No fixes found, Dont know the problem, Malware

Weird behavior on my pc

Gaming computer keeps running extremely slow and keep getting repeated

How do i delete this Virus? (dllhost.exe)

How do i delete this Virus? (dllhost.exe)

Pop ups keep stealing my browser and shutting my computer down.

3 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove