WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93097 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

spyware, possibly a virus, programs i cant delete, internet slowing do

Started by Tractorboy44 , May 26 2021 07:39 PM

spyware virus

This topic is locked

9 replies to this topic

#1 Tractorboy44

New Member

New Member
4 posts

Posted 26 May 2021 - 07:39 PM

First of all thanks to anyone whos reading this!

Man this all started cause i noticed alot of memory being used up, so i started watching my task manager and noticed some potential problems. Chalked some of it up to the 14 svchosts.exes running all at once...is it normal for 22 brave.exe to be running at once too?

Anyways I ran the Farbar (hail satan) and found some concerning things. all of the attention points included. Ive uninstalled avast and garmin software but theyre still turning up in the dang scan. Frustration!!! Also I suspect the "Symantec protection" has been replaced with a turd. Whenever it pops up, the icon is blurry and pixelated. In fact the only time it has popped up was when I was scanning my comp with kaspersky and the symantec came up and said i had an infection which kaspersky hadnt indicated? not sure if thats significant but i wanna throw this program away yet i cannot uninstall it. I was also getting the ole adobe flash player update popup almost everytime i logged onto my comp for awhile (whoops, clicked update everytime)....and i just learned that was probly another turd. kaspersky may have helped with that, i hope its gone.

Help smart people!

Heres my scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2021

Ran by SYSTEM on MININT-NRISL01 (26-05-2021 20:14:57)

Running from F:\

Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) -> English (United States)

Boot Mode: Recovery

Default: ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelMyWiFiDashboard] => C:\Program Files\Intel\WiFi\bin\CCDashServer.exe [4965376 2012-03-01] (Intel® Corporation)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1841496 2016-10-13] (Logitech -> Logitech, Inc.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [25632 2016-01-14] (LENOVO -> )

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation -> Intel Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation -> Intel Corporation)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [81373696 2021-01-24] (Western Digital Technologies, Inc. -> Western Digital Corporation)

HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [24720 2019-11-25] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)

HKU\PC\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [2209224 2021-05-19] (Brave Software, Inc. -> Brave Software, Inc.)

HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [55872 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc)

HKLM\...\Print\Monitors\EPSON WF-3620 Series 64MonitorBE: C:\Windows\system32\E_YLMBKEE.DLL [179712 2013-10-21] (SEIKO EPSON CORPORATION)

HKLM\...\Print\Monitors\EpsonNet Print Port: C:\Windows\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION)

GroupPolicy: Restriction ? <==== ATTENTION

Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16E09F87-0D62-4560-B7F3-68F02D3D63DD} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2020-06-09] ()

Task: {205E0852-2238-4A5C-A05D-7026DC938CF3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Task: {3B2A3201-FA22-4648-9538-A2A4E53895F1} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758224 2021-02-22] (Lenovo -> )

Task: {532A8570-E67D-4F98-A193-C7897E777214} - System32\Tasks\{905F40BC-48A8-4B1C-AFB8-72D7E8E1267B} => C:\Users\PC\Desktop\ePSXe205\ePSXe.exe

Task: {5694D22B-23B5-4B4A-9D83-55899E2EFE2D} - System32\Tasks\WD Device Agent Task pc => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe [717824 2021-01-24] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)

Task: {5F2B0047-7FD8-44FF-A4FA-9D076C229D53} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Task: {634BF4E2-F1EA-4406-8F7C-9B09D9E33AE5} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2021-05-14] (Kaspersky Lab JSC -> AO Kaspersky Lab)

Task: {64B73483-B7E0-43C9-A5C7-F1118347EDF9} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10175808 2017-02-14] (Lenovo -> Lenovo)

Task: {86C4B63C-EF34-48F2-8439-1E831E51FA2D} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [264000 2017-02-14] (Lenovo -> )

Task: {8C241388-D50D-453C-9744-D7306A807CB5} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [305184 2016-01-14] (LENOVO -> Lenovo Group Limited)

Task: {90E4D8B6-4CFE-4D99-84DD-5910276072CE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10175808 2017-02-14] (Lenovo -> Lenovo)

Task: {9112D2FA-D5D3-4E77-98FB-1F47A2A8C5BC} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\WiFi\bin\CCDashServer.exe [4965376 2012-03-01] (Intel® Corporation)

Task: {9D972BC7-3A53-4C00-816E-E5A79402F3D5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)

Task: {A489F366-F055-4848-B74C-90A2CD0CDA7C} - System32\Tasks\WD Discovery Service Task pc => C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe [72704 2021-01-24] (Western Digital Technologies, Inc. -> )

Task: {AFB727A7-A66F-419B-A968-D4EE6F4A3431} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-13] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {B538D073-2E13-463C-8E7C-92551FDECE84} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic path OfficeSoftwareProtectionProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate

Task: {B7DE8E1D-914F-4DAD-B686-D0E9665C1C0F} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Processor => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\SymErr.exe [92288 2017-05-23] (Symantec Corporation -> Symantec Corporation)

Task: {C9BBADDF-36FB-4530-88E9-BBD32CCB88E8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Task: {DC78F08F-2C9B-4521-80FE-376B62E11036} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe

Task: {DD0B9E70-A926-4689-AA98-50A0BF8DC10D} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2476979448-331363794-1974480014-1000 => C:\Users\PC\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87384 2021-05-17] (Lenovo (Beijing) Limited -> Lenovo Group Limited)

Task: {E082A7FA-560C-4F6F-874E-94BD6B021EA2} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Analyzer => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\SymErr.exe [92288 2017-05-23] (Symantec Corporation -> Symantec Corporation)

Task: {EDE278FA-DB11-4D0B-9E26-A3BAFE7CB281} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758224 2021-02-22] (Lenovo -> )

Task: {FEB43AB4-BAD2-4850-9534-6DD705A862D1} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe

Task: {FF3D97F3-CE13-4B11-8969-79F8C22D89F0} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-13] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {FFB30C51-5F4B-44B6-87C0-E0F3F3C6F01C} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321280 2017-02-14] (Lenovo -> Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)

S2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe [384280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-13] (Brave Software, Inc. -> BraveSoftware Inc.)

S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-13] (Brave Software, Inc. -> BraveSoftware Inc.)

S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2020-11-16] (EasyAntiCheat Oy -> Epic Games, Inc)

S2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

S2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [678328 2018-06-11] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (SEIKO EPSON Corporation -> Seiko Epson Corporation)

S3 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [172152 2016-09-17] (Intel Corporation - pGFX -> Intel Corporation)

S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [646520 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273216 2017-02-14] (Lenovo -> Lenovo)

S3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [60448 2016-01-14] (LENOVO -> Lenovo)

S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [102648 2021-01-29] (Proton Technologies AG -> )

S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [62712 2021-01-29] (Proton Technologies AG -> )

S2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\ccSvcHst.exe [157976 2017-05-23] (Symantec Corporation -> Symantec Corporation)

S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin64\snac64.exe [378088 2017-05-24] (Symantec Corporation -> Symantec Corporation)

S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [7168 2009-07-13] (Microsoft Corporation)

S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [7168 2009-07-13] (Microsoft Corporation)

S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [367232 2019-06-25] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]

S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation)

S1 AFD; C:\Windows\system32\drivers\afd.sys [496128 2017-04-04] (Microsoft Corporation)

S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2020-01-02] (Microsoft Corporation)

S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2020-01-02] (Microsoft Corporation)

S3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [195584 2012-01-09] (Windows ® Win 7 DDK provider)

S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [195584 2012-01-09] (Windows ® Win 7 DDK provider)

S3 AppID; C:\Windows\system32\drivers\appid.sys [62464 2020-01-02] (Microsoft Corporation)

S1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation)

S1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Data\Definitions\BASHDefs\20210517.011\BHDrvx64.sys [1995864 2021-04-26] (Symantec Corporation -> Broadcom)

S3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90112 2018-07-18] (Microsoft Corporation)

S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)

S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)

S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.)

S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)

S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)

S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)

S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation)

S1 ccSettings_{1275C540-B92D-406A-B595-68C2B266A9A8}; C:\Windows\System32\Drivers\SEP\0E00096F\00C8.105\x64\ccSetx64.sys [174328 2017-05-23] (Symantec Corporation -> Symantec Corporation)

S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92672 2019-02-10] (Microsoft Corporation)

S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-13] (Microsoft Corporation)

S0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation)

S1 CSC; C:\Windows\System32\drivers\csc.sys [516096 2018-06-29] (Microsoft Corporation)

S1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [115200 2018-04-25] (Microsoft Corporation)

S1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation)

S3 dmvsc; C:\Windows\system32\drivers\dmvsc.sys [71168 2010-11-20] (Microsoft Corporation)

S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2015-12-08] (Microsoft Corporation)

S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-02-09] (Symantec Corporation -> Broadcom)

S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-05-26] (Symantec Corporation -> Broadcom)

S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2018-02-10] (Microsoft Corporation)

S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195584 2019-02-10] (Microsoft Corporation)

S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [205312 2019-02-10] (Microsoft Corporation)

S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)

S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [350208 2019-08-26] (Microsoft Corporation)

S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-13] (Microsoft Corporation)

S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-13] (Microsoft Corporation)

S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2019-03-04] (Microsoft Corporation)

S3 HTTP; C:\Windows\System32\drivers\HTTP.sys [754176 2019-12-09] (Microsoft Corporation)

S1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Data\Definitions\IPSDefs\20210525.061\IDSvia64.sys [1441800 2020-09-04] (Symantec Corporation -> Symantec Corporation)

S3 intelppm; C:\Windows\system32\drivers\intelppm.sys [62464 2020-01-02] (Microsoft Corporation)

S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation)

S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation)

S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation)

S1 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S1 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S1 klflt; C:\Windows\System32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [657176 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [1400584 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S1 klim6; C:\Windows\System32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)

S0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [245752 2021-05-14] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [283144 2021-05-14] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [108576 2021-05-14] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [216576 2021-05-14] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S1 klwfp; C:\Windows\System32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)

S2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation)

S2 luafv; C:\Windows\system32\drivers\luafv.sys [114688 2019-03-28] (Microsoft Corporation)

S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation)

S3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2019-09-09] (Microsoft Corporation)

S3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2018-08-10] (Microsoft Corporation)

S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [142336 2016-09-08] (Microsoft Corporation)

S3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [161280 2020-01-02] (Microsoft Corporation)

S3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [291328 2020-01-02] (Microsoft Corporation)

S3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [129536 2020-01-02] (Microsoft Corporation)

S1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2019-02-03] (Microsoft Corporation)

S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation)

S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [324608 2017-09-13] (Microsoft Corporation)

S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation)

S3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2018-12-07] (Microsoft Corporation)

S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation)

S3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [58368 2018-12-07] (Microsoft Corporation)

S1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [45056 2017-12-31] (Microsoft Corporation)

S1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [262656 2019-02-21] (Microsoft Corporation)

S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11471872 2012-02-20] (Intel Corporation)

S1 npcap; C:\Windows\System32\DRIVERS\npcap.sys [71440 2020-06-12] (Insecure.Com LLC -> Insecure.Com LLC.)

S1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44544 2020-01-02] (Microsoft Corporation)

S1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [26112 2017-08-10] (Microsoft Corporation)

S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663552 2019-06-12] (Microsoft Corporation)

S3 Processor; C:\Windows\system32\drivers\processr.sys [60928 2020-01-02] (Microsoft Corporation)

S3 ProtonVPNCallout; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.CalloutDriver.sys [25824 2021-01-27] (Proton Technologies AG -> Proton Technologies AG)

S1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2017-12-31] (Microsoft Corporation)

S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation)

S1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [317440 2019-09-09] (Microsoft Corporation)

S3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation)

S1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation)

S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165888 2010-11-20] (Microsoft Corporation)

S1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation)

S1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation)

S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation)

S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [212480 2014-07-16] (Microsoft Corporation)

S2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation)

S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [6656 2010-11-20] (Microsoft Corporation)

S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation)

S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation)

S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation)

S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation)

S1 SRTSP; C:\Windows\System32\Drivers\SEP\0E00096F\00C8.105\x64\SRTSP64.SYS [801920 2017-05-23] (Symantec Corporation -> Symantec Corporation)

S1 SRTSPX; C:\Windows\System32\Drivers\SEP\0E00096F\00C8.105\x64\SRTSPX64.SYS [49280 2017-05-23] (Symantec Corporation -> Symantec Corporation)

S3 srv; C:\Windows\System32\DRIVERS\srv.sys [464384 2020-01-02] (Microsoft Corporation)

S3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [406016 2020-01-02] (Microsoft Corporation)

S3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [169984 2020-01-02] (Microsoft Corporation)

S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin64\SyDvCtrl64.sys [44528 2017-05-23] (Symantec Corporation -> Symantec Corporation)

S0 SymEFASI; C:\Windows\System32\drivers\symefasi\0603000.00F\symefasi.sys [1717912 2019-06-30] (Symantec Corporation -> Symantec Corporation)

S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2021-05-14] (Symantec Corporation -> Symantec Corporation)

S1 SymIRON; C:\Windows\System32\Drivers\SEP\0E00096F\00C8.105\x64\Ironx64.SYS [308896 2017-05-23] (Symantec Corporation -> Symantec Corporation)

S1 SYMNETS; C:\Windows\System32\Drivers\SEP\0E00096F\00C8.105\x64\SYMNETS.SYS [567448 2017-05-23] (Symantec Corporation -> Symantec Corporation)

S1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [195896 2019-06-30] (Symantec Corporation -> Symantec Corporation)

S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39696 2020-12-30] (Proton Technologies AG -> The OpenVPN Project)

S2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [46080 2016-07-07] (Microsoft Corporation)

S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation)

S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-16] (Microsoft Corporation)

S1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [117248 2017-07-29] (Microsoft Corporation)

S1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [124928 2017-05-23] (Symantec Corporation -> Symantec Corporation)

S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [40448 2017-08-13] (Microsoft Corporation)

S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56832 2013-10-01] (Microsoft Corporation)

S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23] (Microsoft Corporation)

S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation)

S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2019-02-10] (Microsoft Corporation)

S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109824 2013-07-12] (Microsoft Corporation)

S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2018-05-02] (Microsoft Corporation)

S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation)

S3 usbehci; C:\Windows\system32\drivers\usbehci.sys [56320 2018-05-02] (Microsoft Corporation)

S3 usbhub; C:\Windows\system32\drivers\usbhub.sys [344064 2018-05-02] (Microsoft Corporation)

S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] (Microsoft Corporation)

S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2019-12-10] (Microsoft Corporation)

S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2016-02-03] (Microsoft Corporation)

S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)

S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation)

S3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation)

S1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation)

S3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-13] (Microsoft Corporation)

S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2018-12-07] (Microsoft Corporation)

S1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2018-12-07] (Microsoft Corporation)

S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2018-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)

S1 wdfsconnect2017; C:\Windows\system32\drivers\wdfsconnect2017.sys [468096 2017-11-21] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)

S3 wdvpnpbus; C:\Windows\System32\DRIVERS\wdvpnpbus.sys [20608 2017-11-21] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)

S1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation)

S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] (Microsoft Corporation)

S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2018-02-10] (Microsoft Corporation)

S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [22016 2019-08-19] (Microsoft Corporation)

S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation)

S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)

S3 aswbdisk; no ImagePath

S3 esihdrv; \??\C:\Users\PC\AppData\Local\Temp\esihdrv.sys [X] <==== ATTENTION

S3 NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Data\Definitions\SDSDefs\20190630.003\ENG64.SYS [X]

S3 NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Data\Definitions\SDSDefs\20190630.003\EX64.SYS [X]

S4 npcap_wifi; no ImagePath

UpperFilters: [{4D36E96B-E325-11CE-BFC1-08002BE10318}] -> [klkbdflt kbdclass]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three months (created) (All) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-26 00:17 - 2021-05-26 00:17 - 000000000 ____H C:\Users\PC\Documents\Default.rdp

2021-05-25 22:27 - 2021-05-25 22:33 - 000000440 __RSH C:\ProgramData\ntuser.pol

2021-05-20 20:07 - 2021-05-20 20:07 - 000000000 ____D C:\Windows\pss

2021-05-20 17:47 - 2021-05-20 18:50 - 000000000 ____D C:\FRST

2021-05-20 16:41 - 2021-05-25 22:47 - 000007649 _____ C:\Users\PC\AppData\Local\resmon.resmoncfg

2021-05-17 12:14 - 2021-05-17 23:00 - 000000000 ____D C:\Users\PC\AppData\Local\AVAST Software

2021-05-17 12:11 - 2021-05-17 12:12 - 000003372 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA

2021-05-17 12:11 - 2021-05-17 12:12 - 000003244 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore

2021-05-17 12:11 - 2021-05-17 12:11 - 000000000 ____D C:\Program Files (x86)\AVAST Software

2021-05-14 22:22 - 2021-05-14 22:22 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared

2021-05-14 21:30 - 2021-05-14 21:30 - 000283144 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klupd_klif_klark.sys

2021-05-14 21:20 - 2021-05-14 21:20 - 000245752 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klupd_klif_arkmon.sys

2021-05-14 21:20 - 2021-05-14 21:20 - 000216576 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klupd_klif_mark.sys

2021-05-14 21:20 - 2021-05-14 21:20 - 000108576 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klupd_klif_klbg.sys

2021-05-14 21:20 - 2021-05-14 21:20 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}

2021-05-14 21:20 - 2021-05-14 21:20 - 000001082 _____ C:\Users\Public\Desktop\Kaspersky VPN.lnk

2021-05-14 21:20 - 2021-05-14 21:20 - 000000000 ____D C:\Program Files\Common Files\AV

2021-05-14 21:19 - 2021-05-14 21:20 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab

2021-05-14 21:19 - 2021-05-14 21:19 - 000002097 _____ C:\Users\Public\Desktop\Kaspersky Security Cloud.lnk

2021-05-14 21:19 - 2021-02-19 17:09 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\System32\klfphc.dll

2021-05-14 21:19 - 2021-02-19 17:08 - 001042712 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys

2021-05-14 21:19 - 2021-02-19 17:08 - 000514840 _____ (AO Kaspersky Lab) C:\Windows\System32\Drivers\klflt.sys

2021-05-14 17:28 - 2021-05-14 21:20 - 000000000 ____D C:\ProgramData\Kaspersky Lab

2021-05-14 17:18 - 2021-05-19 16:06 - 000000000 ____D C:\ProgramData\Avast Software

2021-05-14 14:11 - 2021-05-14 14:11 - 000290536 _____ C:\Windows\Minidump\051421-33275-01.dmp

2021-05-13 12:25 - 2020-10-08 00:21 - 167044188 _____ C:\Users\PC\Desktop\06. The Tower of the Swallow_abbyy.xml

2021-05-13 12:14 - 2021-05-13 12:14 - 000000000 ____D C:\Users\PC\AppData\Roaming\WinRAR

2021-05-13 12:14 - 2021-05-13 12:14 - 000000000 ____D C:\Program Files\WinRAR

2021-05-11 18:36 - 2021-05-11 18:37 - 000000000 ____D C:\Users\PC\Documents\Vuze Downloads

2021-03-31 21:42 - 2021-03-31 21:43 - 000290064 _____ C:\Windows\Minidump\040121-20607-01.dmp

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-26 15:45 - 2019-08-16 18:37 - 000000000 ____D C:\Users\PC\.wdc

2021-05-26 15:45 - 2009-07-13 20:45 - 000034848 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2021-05-26 15:45 - 2009-07-13 20:45 - 000034848 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2021-05-26 15:39 - 2019-08-16 18:40 - 000000000 ____D C:\Users\PC\AppData\Roaming\WD Discovery

2021-05-26 15:39 - 2019-07-01 19:25 - 000000000 __SHD C:\Users\PC\IntelGraphicsProfiles

2021-05-26 15:37 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2021-05-25 22:20 - 2009-07-13 19:20 - 000000000 ___HD C:\Windows\System32\GroupPolicy

2021-05-25 21:56 - 2019-06-30 20:37 - 000003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0D3A92AB-94DE-4EAF-AB73-EB2E7A8EFE5E}

2021-05-25 21:43 - 2019-07-13 21:01 - 000002300 _____ C:\Users\Public\Desktop\Brave.lnk

2021-05-20 19:39 - 2020-10-30 21:52 - 000000000 ____D C:\Program Files (x86)\Steam

2021-05-20 18:18 - 2021-02-09 16:31 - 000000000 ____D C:\ProgramData\Garmin

2021-05-20 18:18 - 2019-07-20 17:40 - 000000000 ____D C:\ProgramData\Package Cache

2021-05-20 18:17 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf

2021-05-20 17:33 - 2019-06-30 20:19 - 000000000 ____D C:\Program Files (x86)\Google

2021-05-20 16:42 - 2009-07-13 19:20 - 000000000 ____D C:\PerfLogs

2021-05-17 09:41 - 2019-09-13 03:56 - 000000000 ____D C:\Users\PC\AppData\Local\LenovoServiceBridge

2021-05-14 22:22 - 2019-06-30 21:15 - 000102608 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS

2021-05-14 22:22 - 2019-06-30 21:15 - 000008298 _____ C:\Windows\System32\Drivers\SYMEVENT64x86.CAT

2021-05-14 22:13 - 2019-07-06 15:03 - 000000000 ____D C:\Windows\System32\appmgmt

2021-05-14 18:22 - 2019-07-20 16:17 - 000000000 ____D C:\Users\PC\AppData\Local\CrashDumps

2021-05-14 14:11 - 2019-08-31 23:27 - 000000000 ____D C:\Windows\Minidump

2021-05-14 14:11 - 2019-08-31 23:26 - 522524731 _____ C:\Windows\MEMORY.DMP

2021-05-11 23:23 - 2019-08-10 18:04 - 000000000 ____D C:\Users\PC\AppData\Roaming\Azureus

2021-05-11 23:11 - 2019-07-01 08:05 - 000000000 ____D C:\Windows\System32\MRT

2021-05-11 23:02 - 2019-07-01 08:05 - 132732536 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe

2021-05-06 00:00 - 2020-10-11 18:27 - 000000000 ____D C:\Users\PC\AppData\Roaming\vlc

2021-05-05 17:23 - 2020-09-06 20:33 - 000182272 ___SH C:\Users\PC\Thumbs.db

==================== KnownDLLs (Whitelisted) =========================

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll

[2020-03-19 13:42] - [2020-01-29 18:23] - 001010688 _____ (Microsoft Corporation) 8638404CAC7EAC3F44824EAFBF91A715

C:\Windows\SysWOW64\User32.dll

[2020-03-19 13:42] - [2020-01-29 18:30] - 000834560 _____ (Microsoft Corporation) 8A4B88FFFCC661A3824860467CEB1D78

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\dnsapi.dll => MD5 is legit

C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit

C:\Windows\System32\dllhost.exe => MD5 is legit

C:\Windows\SysWOW64\dllhost.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============

==================== Restore Points =========================

Restore point date: 2021-05-11 23:01

Restore point date: 2021-05-14 22:10

Restore point date: 2021-05-14 22:15

Restore point date: 2021-05-14 22:21

Restore point date: 2021-05-15 18:50

Restore point date: 2021-05-20 17:48

Restore point date: 2021-05-20 17:49

Restore point date: 2021-05-20 18:17

Restore point date: 2021-05-20 18:23

Restore point date: 2021-05-20 18:26

Restore point date: 2021-05-26 13:31

==================== BCD ================================

Windows Boot Manager

--------------------

identifier {bootmgr}

device partition=Y:

description Windows Boot Manager

locale en-US

inherit {globalsettings}

default {default}

resumeobject {d7c0c218-9bd4-11e9-a893-fa73a5e1908f}

displayorder {default}

toolsdisplayorder {memdiag}

timeout 30

Windows Boot Loader

-------------------

identifier {default}

device partition=C:

path \Windows\system32\winload.exe

description Windows 7

locale en-US

inherit {bootloadersettings}

recoverysequence {current}

recoveryenabled Yes

osdevice partition=C:

systemroot \Windows

resumeobject {d7c0c218-9bd4-11e9-a893-fa73a5e1908f}

nx OptIn

Windows Boot Loader

-------------------

identifier {current}

device ramdisk=[C:]\Recovery\d7c0c21a-9bd4-11e9-a893-fa73a5e1908f\Winre.wim,{d7c0c21b-9bd4-11e9-a893-fa73a5e1908f}

path \windows\system32\winload.exe

description Windows Recovery Environment

inherit {bootloadersettings}

osdevice ramdisk=[C:]\Recovery\d7c0c21a-9bd4-11e9-a893-fa73a5e1908f\Winre.wim,{d7c0c21b-9bd4-11e9-a893-fa73a5e1908f}

systemroot \windows

nx OptIn

winpe Yes

Resume from Hibernate

---------------------

identifier {d7c0c218-9bd4-11e9-a893-fa73a5e1908f}

device partition=C:

path \Windows\system32\winresume.exe

description Windows Resume Application

locale en-US

inherit {resumeloadersettings}

filedevice partition=C:

filepath \hiberfil.sys

debugoptionenabled No

Windows Memory Tester

---------------------

identifier {memdiag}

device partition=Y:

path \boot\memtest.exe

description Windows Memory Diagnostic

locale en-US

inherit {globalsettings}

badmemoryaccess Yes

EMS Settings

------------

identifier {emssettings}

bootems Yes

Debugger Settings

-----------------

identifier {dbgsettings}

debugtype Serial

debugport 1

baudrate 115200

RAM Defects

-----------

identifier {badmemory}

Global Settings

---------------

identifier {globalsettings}

inherit {dbgsettings}

{emssettings}

{badmemory}

Boot Loader Settings

--------------------

identifier {bootloadersettings}

inherit {globalsettings}

{hypervisorsettings}

Hypervisor Settings

-------------------

identifier {hypervisorsettings}

hypervisordebugtype Serial

hypervisordebugport 1

hypervisorbaudrate 115200

Resume Loader Settings

----------------------

identifier {resumeloadersettings}

inherit {globalsettings}

Device options

--------------

identifier {d7c0c21b-9bd4-11e9-a893-fa73a5e1908f}

description Ramdisk Options

ramdisksdidevice partition=C:

ramdisksdipath \Recovery\d7c0c21a-9bd4-11e9-a893-fa73a5e1908f\boot.sdi

==================== Memory info ===========================

Percentage of memory in use: 11%

Total physical RAM: 8076.98 MB

Available physical RAM: 7164.44 MB

Total Virtual: 8075.18 MB

Available Virtual: 7158.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:196.05 GB) NTFS

Drive e: (Seagate Replica) (Fixed) (Total:465.76 GB) (Free:166.67 GB) NTFS

Drive f: () (Removable) (Total:0.48 GB) (Free:0.47 GB) FAT

Drive g: (Fat rear) (Fixed) (Total:1862.98 GB) (Free:1041.75 GB) NTFS

Drive h: (CCCOMA_X64FRE_EN-US_DV9) (CDROM) (Total:4.91 GB) (Free:0 GB) UDF

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: EF76393A)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==========================================================

Disk: 1 (Size: 465.8 GB) (Disk ID: 01427FC0)

Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==========================================================

Disk: 2 (Protective MBR) (Size: 488.7 MB) (Disk ID: 00000000)

Partition: GPT.

==========================================================

Disk: 3 (Size: 1863 GB) (Disk ID: 16F2A91F)

Partition: GPT.

LastRegBack: 2021-05-26 13:11

==================== End of FRST.txt ========================

Edited by Tractorboy44, 26 May 2021 - 08:05 PM.

Advertisements

Register to Remove

#2 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 27 May 2021 - 05:49 PM

Hi Tractorboy44

I have a couple of questions:

Ive uninstalled avast and garmin software but theyre still turning up in the dang scan.

If we can get the computer to boot into normal mode we can attempt to remove those remnants

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Can this computer boot into Normal mode?

Frustration!!! Also I suspect the "Symantec protection" has been replaced with a turd. Whenever it pops up, the icon is blurry and pixelated.
In fact the only time it has popped up was when I was scanning my comp with kaspersky and the symantec came up and said i had an infection which kaspersky hadnt indicated?
but i wanna throw this program away yet i cannot uninstall it.

Typical when more then one antivirus app is on the computer they can combat each other. And since trying to uninstall some of it has caused issues loading.

Is this a business computer?

https://help.symante...re?locale=EN_US

the above link has suggestions for removing Symantec Endpoint Protection

PLUS:
This is a windows 7?, this system no longer receives support from Microsoft.

Your computer is running out of space.
Total physical RAM: 8076.98 MB
Available physical RAM: 7164.44 MB

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 Tractorboy44

New Member

New Member
4 posts

Posted 01 June 2021 - 06:38 PM

Yes it can boot in normal mode, not a business computer, it is indeed windows 7....i really like that version ....did u happen to see any viruses or spyware in my scan? It was in recovery mode when I made this scan...should I scan it again in safe mode?

Edited by Tractorboy44, 01 June 2021 - 06:40 PM.

#4 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 02 June 2021 - 06:09 AM

Scanning in Recovery mode is mostly used for special purposes, don't know if we need that.

What I was able to pick up on was an overabundance of security programs on the computer. This can cause a ton of issues.

Symantecc, Kaspersky, and Avast.
I posted on my previous reply a link to help remove Symantec if needed, if there is another application you would like to remove let me know and we can go after that too.

What I need, while the computer is in Normal mode is for you to run a new Farbar Recovery Scan Tool (FRST)scan.

Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

(Scan times will vary from one system to another. Sometimes the scan may appear to hang and you may even see a message that says, Program not responding. Most likely that will be temporary and the scan will resume on its own. It is not unusual for a complete scan to take up to10 minutes or even longer depending on what the scan is finding.)

#5 Tractorboy44

New Member

New Member
4 posts

Posted 02 June 2021 - 07:20 PM

Thanks! OK. I did it again in normal mode and did it in admin. its has occurred to me that this old version of windows has a huge security problem, cause it isnt updated anymore...and since the last post on this thread, kaspersky caught a win32.sepeh.gen virus...

Here is the FRST:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2021

Ran by PC (02-06-2021 21:03:54)

Running from F:\

Windows 7 Professional Service Pack 1 (X64) (2019-07-01 03:58:17)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2476979448-331363794-1974480014-500 - Administrator - Disabled)

Guest (S-1-5-21-2476979448-331363794-1974480014-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2476979448-331363794-1974480014-1002 - Limited - Enabled)

PC (S-1-5-21-2476979448-331363794-1974480014-1000 - Administrator - Enabled) => C:\Users\PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}

AV: Kaspersky Security Cloud (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Kaspersky Security Cloud (Enabled - Up to date) {F41710F6-65D1-4F66-2B68-CCCF63D4A09E}

AS: Symantec Endpoint Protection (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}

FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

FW: Symantec Endpoint Protection (Disabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)

Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden

Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 91.1.25.68 - Brave Software Inc)

Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.2 - Seiko Epson Corporation)

Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)

Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)

Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)

Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 3.08.00 - Seiko Epson Corporation)

Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)

Epson ReadyInk Agent (A) (HKLM-x32\...\{A9B4584F-A29E-4880-97E6-1744B4AF2AF8}) (Version: 1.0.2.0 - Seiko Epson Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

Epson Software Updater (HKLM-x32\...\{D2D9559D-359A-4C61-B93A-FE01AE2BFB75}) (Version: 4.5.4 - Seiko Epson Corporation)

EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version: - SEIKO EPSON Corporation)

Epson WF-3620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3620 User’s Guide_is1) (Version: 1.0 - )

EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)

GIMP 2.10.20 (HKLM\...\GIMP-2_is1) (Version: 2.10.20 - The GIMP Team)

Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Network Connections 16.8.46.0 (HKLM\...\PROSetDX) (Version: 16.8.46.0 - Intel)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)

Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation)

IP Camera Viewer 4 (HKLM-x32\...\IP Camera Viewer_is1) (Version: - DeskShare Inc.)

Java™ SE Development Kit 12 (64-bit) (HKLM\...\{5CC5C4CC-A19F-5B04-B55E-F3905B205D53}) (Version: 12.0.0.0 - Oracle Corporation)

Kaspersky Security Cloud (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden

Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky)

Kaspersky VPN (HKLM-x32\...\{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky) Hidden

Kaspersky VPN (HKLM-x32\...\InstallWIX_{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky)

Lenovo Service Bridge (HKU\S-1-5-21-2476979448-331363794-1974480014-1000\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.3 - Lenovo)

Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0124 - Lenovo)

Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)

Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)

Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)

Npcap (HKLM-x32\...\NpcapInst) (Version: 0.9994 - Nmap Project)

Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - )

Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 4.00.0009 - Lenovo Group Limited)

ProtonVPN (HKLM-x32\...\{FFAFEA09-E7DA-4710-A278-7F0506C96829}) (Version: 1.18.5 - Proton Technologies AG) Hidden

ProtonVPN (HKLM-x32\...\ProtonVPN 1.18.5) (Version: 1.18.5 - Proton Technologies AG)

ProtonVPNTap (HKLM-x32\...\{5DA710E2-1B81-4675-BFC5-76BAF63AE1F6}) (Version: 1.1.3 - Proton Technologies AG)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)

Security Task Manager 2.4 (HKLM-x32\...\Security Task Manager) (Version: 2.4 - Neuber Software)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Symantec Endpoint Protection (HKLM\...\{3DCB7A99-79F6-4FC5-93F4-55DB5D275F12}) (Version: 14.0.2415.0200 - Symantec Corporation)

TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )

Twin USB Gamepad (HKLM-x32\...\{0AD1F05D-15F6-476D-A3BE-E3D5E3E0E023}) (Version: 1.00.0000 - yanglx)

USB GAMEPAD (HKLM-x32\...\{FEC7CD2E-2BB5-40C3-9592-078F64677E6C}) (Version: 1.00.0000 - GASIA)

VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)

Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)

WD Backup (HKLM-x32\...\{48af7dc3-edf5-448d-a533-e3f050b404b5}) (Version: 1.9.7268.41119 - Western Digital Technologies, Inc.)

WD Backup (HKLM-x32\...\{4EB2034E-AC6F-4A03-9448-C97E634A6E34}) (Version: 1.9.7268.41119 - Western Digital Technologies, Inc) Hidden

WD Desktop App 2.1.0.313 (HKLM-x32\...\{756e70ec-1fb0-41c8-896b-df0302d17bff}) (Version: 2.1.0.313 - Western Digital Corporation) Hidden

WD Desktop App 2.1.0.313 (x64) (HKLM\...\{CA7F7232-526E-41BD-971A-47BE28C18516}) (Version: 2.1.0.313 - Western Digital Corporation) Hidden

WD Discovery (HKLM-x32\...\WDDiscovery) (Version: 4.2.288 - Western Digital Technologies, Inc.)

WD Drive Utilities (HKLM-x32\...\{02CCBAB5-A2E6-448D-9489-7C888758EF2E}) (Version: 2.0.0.70 - Western Digital Technologies, Inc.) Hidden

WD Drive Utilities (HKLM-x32\...\{9d47e5b5-5394-4d59-8165-413d55dfa78d}) (Version: 2.0.0.70 - Western Digital Technologies, Inc.)

WD Security (HKLM-x32\...\{3add5d6a-ee06-4eba-aea0-cbd8eb1486d4}) (Version: 2.0.0.70 - Western Digital Technologies, Inc.)

WD Security (HKLM-x32\...\{5E3EE4AF-4D3A-4A65-9E04-8F50E9A3AC76}) (Version: 2.0.0.70 - Western Digital Technologies, Inc.) Hidden

WD SES Driver Setup (HKLM-x32\...\{924A274D-38B6-4930-8859-F3F51CFA8DDD}) (Version: 1.1.0.25 - Western Digital) Hidden

WinRAR 5.90 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.2 - win.rar GmbH)

Wireshark 3.2.6 64-bit (HKLM-x32\...\Wireshark) (Version: 3.2.6 - The Wireshark developer community, hxxps://www.wireshark.org)

Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.5) (Version: 1.3.5 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2476979448-331363794-1974480014-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)

SSODL: WDFSMountNotificator-wdfsconnect2017 - {F447EFB6-3BFF-4B76-9CB2-7CA43BBD55E0} - C:\Windows\system32\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]

SSODL-x32: WDFSMountNotificator-wdfsconnect2017 - {F447EFB6-3BFF-4B76-9CB2-7CA43BBD55E0} - C:\Windows\SysWOW64\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]

ShellServiceObjects: Virtual Storage Mount Notification -> {F447EFB6-3BFF-4B76-9CB2-7CA43BBD55E0} => C:\Windows\system32\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]

ShellServiceObjects-x32: Virtual Storage Mount Notification -> {F447EFB6-3BFF-4B76-9CB2-7CA43BBD55E0} => C:\Windows\SysWOW64\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]

ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay01] -> {4F8A325E-9DAF-44B8-A825-1A14DFA0FA78} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-21] (Western Digital Technologies, Inc. -> Western Digital Corporation)

ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay02] -> {0176BDDE-B59A-4A1E-808B-CAD461415CCA} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-21] (Western Digital Technologies, Inc. -> Western Digital Corporation)

ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay03] -> {B65909D1-57AF-41F5-AB94-BEB733F62B35} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-21] (Western Digital Technologies, Inc. -> Western Digital Corporation)

ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay04] -> {C6C2397D-8238-4332-8935-86C39C7C165F} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-21] (Western Digital Technologies, Inc. -> Western Digital Corporation)

ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay05] -> {E7B3BCF9-0386-4B5F-AE6A-91B9F1423973} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-21] (Western Digital Technologies, Inc. -> Western Digital Corporation)

ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay06] -> {564EA121-D9DA-485D-82C2-C2ED7BFCCEAD} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-21] (Western Digital Technologies, Inc. -> Western Digital Corporation)

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-05-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)

ContextMenuHandlers1: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin64\vpshell2.dll [2017-05-24] (Symantec Corporation -> Symantec Corporation)

ContextMenuHandlers1: [WDDesktopContextMenu] -> {fa00ba41-b6f6-3cfa-a300-f25ce175fe7e} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-21] (Western Digital Technologies, Inc. -> Western Digital Corporation)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-02-22] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-02-22] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-05-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)

ContextMenuHandlers2: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin64\vpshell2.dll [2017-05-24] (Symantec Corporation -> Symantec Corporation)

ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-05-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)

ContextMenuHandlers4: [WDDesktopContextMenu] -> {fa00ba41-b6f6-3cfa-a300-f25ce175fe7e} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-21] (Western Digital Technologies, Inc. -> Western Digital Corporation)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-05-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)

ContextMenuHandlers6: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin64\vpshell2.dll [2017-05-24] (Symantec Corporation -> Symantec Corporation)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-02-22] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-02-22] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [176416 2012-01-18] (Logitech, Inc. -> Logitech Inc.)

HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [251392 2017-12-08] () [File not signed]

HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [307488 2012-01-18] (Logitech, Inc. -> Logitech Inc.)

HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-13] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)

HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2017-12-08] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::

WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]

WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2019-07-02 00:12 - 2012-02-01 16:25 - 000059904 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2021-01-24 17:45 - 2021-01-24 17:45 - 001987072 _____ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\ffmpeg.dll

2021-01-24 17:45 - 2021-01-24 17:45 - 000117248 _____ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\swiftshader\libegl.dll

2021-01-24 17:45 - 2021-01-24 17:45 - 002250240 _____ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\swiftshader\libglesv2.dll

2020-07-21 00:28 - 2020-07-21 00:28 - 002637985 _____ () [File not signed] C:\Program Files\WD Desktop App\libfusewdfs.dll

2019-07-02 00:12 - 2019-07-02 00:12 - 000172032 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\023b2e749844720d94fa9a591cebbd78\IsdiInterop.ni.dll

2019-07-02 00:12 - 2019-07-02 00:12 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6dfb43a93bf06432c5ba0b7a8973197c\IAStorCommon.ni.dll

2019-07-02 00:12 - 2012-02-01 16:25 - 000176128 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUIHelper.dll

2019-07-02 00:12 - 2012-02-01 16:25 - 001319424 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll

2019-07-02 00:12 - 2012-02-01 16:17 - 000278016 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\ISDI.dll

2019-07-02 00:13 - 2012-03-27 01:12 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll

2012-01-17 16:10 - 2012-01-17 16:10 - 000333312 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\BluetoothHS\BTHSSupplicant.dll

2012-01-09 12:30 - 2012-01-09 12:30 - 000105472 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\BluetoothHS\UsR3IoPort.dll

2011-11-23 18:25 - 2011-11-23 18:25 - 000498176 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\P2PSupplicant.dll

2020-01-21 04:11 - 2020-01-21 04:11 - 000228864 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\b2b11b728d752a8c5c21c2300838d086\IAStorDataMgr.ni.dll

2020-01-21 04:11 - 2020-01-21 04:11 - 000488960 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8b3f3f639e88a124e40d747c8f4b31b7\IAStorUtil.ni.dll

2012-02-26 04:19 - 2012-02-26 04:19 - 000168448 _____ (Intel® Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll

2012-02-26 04:20 - 2012-02-26 04:20 - 000284160 _____ (Intel® Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll

2012-02-26 04:20 - 2012-02-26 04:20 - 003280896 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll

2012-02-26 04:18 - 2012-02-26 04:18 - 000102400 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\DbEngine.dll

2012-02-26 04:22 - 2012-02-26 04:22 - 000104448 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IntStngs.dll

2012-02-26 04:21 - 2012-02-26 04:21 - 000054272 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL

2012-02-26 04:26 - 2012-02-26 04:26 - 000545792 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\MurocApi.dll

2012-02-26 04:32 - 2012-02-26 04:32 - 000116224 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\PanApi.dll

2012-02-26 04:30 - 2012-02-26 04:30 - 000325120 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\panihvint.dll

2012-02-26 04:24 - 2012-02-26 04:24 - 001051136 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll

2012-02-26 04:30 - 2012-02-26 04:30 - 000178176 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\Ps7ZCfgS.dll

2012-02-26 04:18 - 2012-02-26 04:18 - 000020992 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll

2012-02-26 04:26 - 2012-02-26 04:26 - 002462720 _____ (Intel® Corporation) [File not signed] C:\Windows\System32\IWMSSvc.dll

2012-03-02 03:19 - 2012-03-02 03:19 - 004185600 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\en\CCDServerResources.dll

2012-03-02 03:18 - 2012-03-02 03:18 - 000673280 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\MDNSSvcAD_Api.dll

2015-12-17 11:11 - 2015-12-17 11:11 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll

2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll

2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll

2012-02-26 03:38 - 2012-02-26 03:38 - 001830912 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll

2019-08-16 22:52 - 2017-11-10 12:51 - 000180224 _____ (Western Digital Technologies, Inc.) [File not signed] C:\Windows\system32\wdfsconnectMntNtf2017.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{1275C540-B92D-406A-B595-68C2B266A9A8}.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

BHO: No Name -> {F447EFB6-3BFF-4B76-9CB2-7CA43BBD55E0}' -> No File

BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll => No File

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: No Name -> {F447EFB6-3BFF-4B76-9CB2-7CA43BBD55E0}' -> No File

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll No File

Toolbar: HKU\S-1-5-21-2476979448-331363794-1974480014-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

DPF: HKLM-x32 {9E065E4A-BD9D-4547-8F90-985DC62A5591} hxxp://192.168.1.5/PlayerPT.cab

Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2476979448-331363794-1974480014-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: Bluetooth Device Monitor => 2

MSCONFIG\Services: Bluetooth Media Service => 2

MSCONFIG\Services: Bluetooth OBEX Service => 2

MSCONFIG\Services: bthserv => 3

MSCONFIG\Services: Fax => 3

MSCONFIG\Services: iBtSiva => 2

MSCONFIG\startupfolder: C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup

MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

MSCONFIG\startupreg: DriveUtilitiesHelper => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe

MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"

MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)

FirewallRules: [{617B1C75-6582-45DE-A72A-7CA88A7D363E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Mobile Wireless Group -> )

FirewallRules: [{BDE170B9-AC33-4D00-9919-8453837193DB}] => (Allow) C:\Program Files\Intel\WiFi\bin\CCDashServer.exe (Intel® Corporation) [File not signed]

FirewallRules: [{477281F5-AC4C-4C7F-8370-06A1013F5443}] => (Allow) C:\Program Files\Intel\WiFi\bin\CCDashServer.exe (Intel® Corporation) [File not signed]

FirewallRules: [{D977F954-3715-49DA-86B8-82572EB2C025}] => (Allow) C:\Program Files\Intel\WiFi\bin\CCDash.exe (Intel® Corporation) [File not signed]

FirewallRules: [{5630F149-D296-4B1D-B809-06D2401D3300}] => (Allow) C:\Program Files\Intel\WiFi\bin\CCDash.exe (Intel® Corporation) [File not signed]

FirewallRules: [{A7BC320E-C576-43AE-BE40-015178C2BFA2}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

FirewallRules: [{4098BCC7-A3E9-4243-85F3-DD64F52351F1}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

FirewallRules: [TCP Query User{0FED5DD3-E442-412E-BF96-A2BC26D8128F}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe => No File

FirewallRules: [UDP Query User{8A8FFE75-BADE-466C-93CC-0FAE853FFCD9}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe => No File

FirewallRules: [{968F125A-0E50-45E5-9764-BB5F4CBCC46C}] => (Allow) C:\Program Files (x86)\GeniusVision\GvActiveX.exe => No File

FirewallRules: [{487587F2-790A-4E5D-84A6-69E6E5745FEC}] => (Allow) C:\Program Files (x86)\GeniusVision\GvActiveX.exe => No File

FirewallRules: [{F32BA20A-753A-422A-AEBD-EDD82FFFC3E9}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)

FirewallRules: [{50ACF053-1AF0-45F5-B6B4-1F94A4C626D7}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)

FirewallRules: [TCP Query User{B251EAF2-E672-41BC-81BE-19964219CB44}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

FirewallRules: [UDP Query User{26AEE8DD-73BF-4BA3-AD7B-B756570CE7B8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

FirewallRules: [{70986C49-5883-4044-933C-EE2705D29A5D}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 4\IP Camera Viewer.exe (DeskShare, Inc. -> Deskshare.com)

FirewallRules: [{E3FA22EC-58AC-421C-94AB-FDF6FD9708A4}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 4\IP Camera Viewer.exe (DeskShare, Inc. -> Deskshare.com)

FirewallRules: [{B2D54E2D-FCA1-4414-9EF8-003C1B5CC1CC}] => (Allow) C:\Users\PC\AppData\Local\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe => No File

FirewallRules: [{6B4B49BD-0E78-46B0-9DC4-F3727AF1604E}] => (Allow) C:\Users\PC\AppData\Local\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe => No File

FirewallRules: [{CD0A54B0-B15F-4302-AE23-4067D18A2124}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]

FirewallRules: [{81B0981D-528D-4E5D-8287-236AAF1C81A0}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]

FirewallRules: [{A997856E-A039-4756-9C50-5C7997886CA7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)

FirewallRules: [{01A10619-F778-47C7-9508-41F93551F867}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)

FirewallRules: [{B0016033-0BC1-4525-8236-CCEC0BFBBC1F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{D347293B-0AFF-458D-852F-67A6D85A6014}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{BD7DA7AC-5377-44D9-8163-86145C2C52B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oddworld Abes Exoddus\Exoddus.exe (Oddworld Inhabitants, Inc.) [File not signed]

FirewallRules: [{0351C2A9-0E8D-41C1-A50A-2E451871B66A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oddworld Abes Exoddus\Exoddus.exe (Oddworld Inhabitants, Inc.) [File not signed]

FirewallRules: [{F7DC30C7-1D04-42F2-AFE3-27173337A602}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe (Double Fine Productions) [File not signed]

FirewallRules: [{C1BB2810-4D6C-4609-A485-DFDFE8773055}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonauts.exe (Double Fine Productions) [File not signed]

FirewallRules: [{BCA6C637-9A91-499B-9958-EF2E86E154FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HYPERCHARGE Unboxed\Unboxed.exe (Digital Cybercherries) [File not signed]

FirewallRules: [{BFF6F937-4FC7-48CA-A6F2-6218711F1C72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HYPERCHARGE Unboxed\Unboxed.exe (Digital Cybercherries) [File not signed]

FirewallRules: [{E5E6199A-2E85-4775-A11C-941D904B240A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{2A84C94B-4016-4B22-978D-FFA3F6C49797}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{3C0FC030-CE21-4654-BE48-65A1AF58CE3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hackmud\hackmud_win.exe () [File not signed]

FirewallRules: [{8CD658C9-2E24-4D6C-B9E1-18B90C6BD010}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hackmud\hackmud_win.exe () [File not signed]

FirewallRules: [{B39F3EF4-B5C8-49AB-B42B-9471BACCDE17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)

FirewallRules: [{1F04EEFB-5F64-42BF-A477-9F3F042F3A17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)

FirewallRules: [{BA9930B7-84A3-47DE-93FC-9515BC61DAB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]

FirewallRules: [{0EAD444F-F2AD-4324-9EB8-D7FF53F9A7FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe (Smartly Dressed Games Ltd. -> ) [File not signed]

FirewallRules: [{BEC55C14-5B7E-48BE-8EAC-5C0F6E243FD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SectorsEdge\sectorsedgelauncher.exe (EasyAntiCheat Oy -> Epic Games, Inc)

FirewallRules: [{B85F8F2D-A515-434C-A563-0B156F915262}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SectorsEdge\sectorsedgelauncher.exe (EasyAntiCheat Oy -> Epic Games, Inc)

FirewallRules: [{B5187A3C-4E4F-4621-87B6-81004941602D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rivals of Aether\RivalsofAether.exe (Dan Fornace) [File not signed]

FirewallRules: [{493AC0A9-3491-4EC9-8966-5046AE4DFA7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rivals of Aether\RivalsofAether.exe (Dan Fornace) [File not signed]

FirewallRules: [{E986D0C8-F155-4FCB-9F72-B2ECE11AF74F}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

FirewallRules: [{5D3454FC-EAFF-4071-A8B3-3011906F51DE}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )

FirewallRules: [{6DD815AE-9CED-48F2-8075-74F34206B608}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )

==================== Restore Points =========================

09-05-2021 22:06:47 Windows Update

12-05-2021 03:00:17 Windows Update

15-05-2021 02:10:23 Removed Symantec Endpoint Protection.

15-05-2021 02:15:18 Removed Symantec Endpoint Protection.

15-05-2021 02:20:51 Removed Symantec Endpoint Protection.

15-05-2021 22:50:38 Windows Update

20-05-2021 22:16:54 Garmin Express

01-06-2021 22:08:03 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:

==================

Error: (06/02/2021 07:34:28 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/02/2021 07:30:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )

Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:

Could not query the status of the EventSystem service.

System Error:

A system shutdown is in progress.

Error: (06/02/2021 07:13:11 PM) (Source: Symantec AntiVirus) (EventID: 73) (User: )

Description: SONAR has generated an error: code 1: description: Heuristic Scan or Load Failure

Error: (06/02/2021 07:05:31 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (06/02/2021 06:59:05 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (06/02/2021 06:54:49 PM) (Source: Symantec AntiVirus) (EventID: 80) (User: )

Description: Symantec Endpoint Protection has failed to load the latest virus definitions.

Error: (06/02/2021 06:43:48 PM) (Source: Symantec AntiVirus) (EventID: 73) (User: )

Description: SONAR has generated an error: code 1: description: Heuristic Scan or Load Failure

Error: (06/02/2021 06:36:02 PM) (Source: WinMgmt) (EventID: 10) (User: )

System errors:

=============

Error: (06/02/2021 07:37:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The System Update service terminated unexpectedly. It has done this 1 time(s).

Error: (06/02/2021 07:37:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Avast Browser Update Service (avast) service failed to start due to the following error:

The system cannot find the file specified.

Error: (06/02/2021 07:27:27 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: DCOM got error "1084" attempting to start the service Bluetooth Device Monitor with arguments "" in order to run the server:

{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (06/02/2021 07:26:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Error: (06/02/2021 07:26:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Error: (06/02/2021 07:26:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Error: (06/02/2021 07:26:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Error: (06/02/2021 07:26:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

The dependency service or group failed to start.

Windows Defender:

================

Date: 2020-01-22 03:03:11.602

Description:

Windows Defender scan has been stopped before completion.

Scan Type:AntiSpyware

Scan Parameters:Quick Scan

Date: 2019-08-28 01:09:22.993

Description:

Windows Defender scan has been stopped before completion.

Scan Type:AntiSpyware

Scan Parameters:Quick Scan

Date: 2021-04-30 20:13:58.982

Description:

Windows Defender has encountered an error trying to update signatures.

New Signature Version:1.337.240.0

Previous Signature Version:1.335.1040.0

Update Source:User

Signature Type:AntiSpyware

Update Type:Delta

Current Engine Version:1.1.18100.5

Previous Engine Version:1.1.18000.5

Error code:0x80070666

Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-04-30 20:13:58.982

Description:

Windows Defender has encountered an error trying to update the engine.

New Engine Version:1.1.18100.5

Previous Engine Version:1.1.18000.5

Update Source:User

Error Code:0x80070666

Date: 2020-03-19 18:04:13.112

Description:

Windows Defender has encountered an error trying to update the engine.

New Engine Version:1.1.16800.2

Previous Engine Version:1.1.6402.0

Update Source:User

Error Code:0x8050800c

Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2020-03-19 17:43:01.880

Description:

Windows Defender has encountered an error trying to update the engine.

New Engine Version:1.1.16800.2

Previous Engine Version:1.1.6402.0

Update Source:User

Error Code:0x8050800c

Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2020-03-19 17:36:15.573

Description:

Windows Defender has encountered an error trying to update the engine.

New Engine Version:1.1.16800.2

Previous Engine Version:1.1.6402.0

Update Source:User

Error Code:0x8050800c

Error description:An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

==================== Memory info ===========================

BIOS: LENOVO 9SKT9CAUS 12/11/2018

Motherboard: LENOVO MAHOBAY

Processor: Intel® Core™ i5-3470T CPU @ 2.90GHz

Percentage of memory in use: 59%

Total physical RAM: 8076.98 MB

Available physical RAM: 3276.99 MB

Total Virtual: 16152.11 MB

Available Virtual: 10511.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:193.11 GB) NTFS

Drive d: (CCCOMA_X64FRE_EN-US_DV9) (CDROM) (Total:4.91 GB) (Free:0 GB) UDF

Drive e: (Seagate Replica) (Fixed) (Total:465.76 GB) (Free:166.67 GB) NTFS

Drive f: () (Removable) (Total:0.48 GB) (Free:0.46 GB) FAT

Drive g: (Fat rear) (Fixed) (Total:1862.98 GB) (Free:1041.75 GB) NTFS

\\?\Volume{b8eca16b-9bcc-11e9-80b7-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: EF76393A)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==========================================================

Disk: 1 (Size: 465.8 GB) (Disk ID: 01427FC0)

Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==========================================================

Disk: 2 (Protective MBR) (Size: 488.7 MB) (Disk ID: 00000000)

Partition: GPT.

==========================================================

Disk: 3 (Size: 1863 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==================== End of Addition.txt =======================

.......................................................................................................................................................................................................................................

And here is the addition....dang alot of errors: