Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer is very slow- some programs "time out" [Solved]

Slow time out Partial loading

  • This topic is locked This topic is locked

#1
jsaklas

jsaklas

    Member

  • Member
  • PipPipPip
  • 311 posts

My machine runs Windows 10.  I use Kaspersky for anti-virus. 

 

Recently the computer has been very slow, especially, but Chrome is also slower, but not to the extent that Firefox is.  I use Thunderbird to manage my Verizon-yahoo emails.   Most of the time the emails hang up while Verizon-Yahoo tells me "Checking Inbox for new messages," and then after a minute or two, I get the error message, "Connections to server incoming.verizon.yahoo.net timed out."

 

Shutting Thunderbird down and reloading usually helps, but after I get my messages, some problems remain, such a the inability to forward messages -- I get the follow error message:

 

Sending of the message failed.
The message could not be sent because the connection to Outgoing server (SMTP) outgoing.yahoo.verizon.net was lost in the middle of the transaction. Try again.

 

Here are my Farbar logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.02.2019 02
Ran by Baba (administrator) on FIRSTFLOOR (22-02-2019 13:53:19)
Running from C:\Users\Baba\Desktop
Loaded Profiles: Baba & DefaultAppPool (Available Profiles: Baba & LULI & DefaultAppPool)
Platform: Windows 10 Pro Version 1803 17134.590 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(f.lux Software LLC) C:\Users\Baba\AppData\Local\FluxSoftware\Flux\flux.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Wanari Ltd.) C:\Gyula Commander\Gyula's Navigator\WinNav.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [193112 2017-03-09] (Intel® pGFX -> Intel Corporation)
HKLM...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe [420960 2017-03-09] (Intel® pGFX -> Intel Corporation)
HKLM...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe [463960 2017-03-09] (Intel® pGFX -> Intel Corporation)
HKLM...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (Canon Inc. -> CANON INC.)
HKLM-x32...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (Canon Inc. -> CANON INC.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\Run: [f.lux] => C:\Users\Baba\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\Policies\Explorer: [New Value #1] 0000000000000000
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\MountPoints2: {c0f0c393-f040-11e3-b541-002522cc415f} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-14] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7c3d8d50-f45f-4136-b83e-632f1b96058e}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{859b3bdf-7f10-4215-8454-797533f4d8fb}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2725568288-2542343644-1725383603-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKU\S-1-5-21-2725568288-2542343644-1725383603-1000 -> {FDD2333B-BFEA-4AF5-8C5A-C0D7E995061E} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\IEExt\ie_plugin.dll [2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft)
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\IEExt\ie_plugin.dll [2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
 
FireFox:
========
FF DefaultProfile: z21laev6.default-1526912703655
FF ProfilePath: c:\programdata\kaspersky lab\safebrowser\kis\s-1-5-21-2725568288-2542343644-1725383603-1000\firefox [2018-07-03]
FF ProfilePath: C:\Users\Baba\AppData\Roaming\Mozilla\Firefox\Profiles\z21laev6.default-1526912703655 [2019-02-22]
FF Homepage: Mozilla\Firefox\Profiles\z21laev6.default-1526912703655 -> www.msn.com
FF Extension: (Honey) - C:\Users\Baba\AppData\Roaming\Mozilla\Firefox\Profiles\z21laev6.default-1526912703655\Extensions\[email protected] [2019-02-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-07-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-12] ()
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-12] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2725568288-2542343644-1725383603-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Baba\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-27] (Citrix Online)
 
Chrome: 
=======
CHR NewTab: Default ->  Active:"chrome-extension://llelondjpcjljnjihdflhpclcpbiaiba/iframe_msn.html"
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Profile: C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default [2019-02-22]
CHR Extension: (Slides) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-18]
CHR Extension: (Docs) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-18]
CHR Extension: (Google Drive) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-18]
CHR Extension: (YouTube) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-18]
CHR Extension: (Sheets) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-18]
CHR Extension: (Google Docs Offline) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30]
CHR Extension: (MSN New Tab) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\llelondjpcjljnjihdflhpclcpbiaiba [2019-02-22]
CHR Extension: (Kaspersky Protection) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2018-05-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-10]
CHR Extension: (Gmail) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-22]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2013-10-24] (ArcSoft, Inc. -> ArcSoft, Inc.)
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe [354672 2017-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe [426416 2018-05-25] (Kaspersky Lab -> AO Kaspersky Lab)
S2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [116224 2009-10-14] (WDC) [File not signed]
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-05] (Microsoft Corporation -> Microsoft Corporation)
S4 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-05] (Microsoft Corporation -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (Kaspersky Lab -> AO Kaspersky Lab)
R3 igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [5382856 2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 IntcDAud; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [317440 2010-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel® Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70880 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [119904 2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [85704 2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2018-10-25] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207560 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [1214752 2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP18.0.0\Bases\klids.sys [190784 2019-01-14] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1058616 2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-06-22] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45768 2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [244544 2019-02-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [100136 2019-02-04] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [301336 2019-02-13] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116096 2019-02-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [198464 2019-02-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93888 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [141000 2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [121344 2018-04-11] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.)
S3 nuviocir; C:\WINDOWS\system32\DRIVERS\nuviocir_x64.sys [40464 2015-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-11-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [14464 2009-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [328696 2018-11-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-05] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation -> Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-22 13:53 - 2019-02-22 13:54 - 000022801 _____ C:\Users\Baba\Desktop\FRST.txt
2019-02-22 13:51 - 2019-02-22 13:51 - 002435072 _____ (Farbar) C:\Users\Baba\Desktop\FRST64.exe
2019-02-22 13:08 - 2019-02-22 13:53 - 000000000 ____D C:\FRST
2019-02-13 10:33 - 2019-02-13 10:33 - 000301336 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2019-02-13 10:32 - 2019-02-13 10:33 - 000198464 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2019-02-13 10:32 - 2019-02-13 10:32 - 000244544 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2019-02-13 10:32 - 2019-02-13 10:32 - 000116096 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2019-02-13 10:11 - 2019-02-05 22:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-13 10:11 - 2019-02-05 22:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-13 10:10 - 2019-02-06 02:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-13 10:10 - 2019-02-06 02:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-13 10:10 - 2019-02-05 22:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-13 10:10 - 2019-02-05 22:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-13 10:10 - 2019-02-05 22:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-13 10:10 - 2019-02-05 21:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-13 10:10 - 2019-02-05 21:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-13 10:10 - 2019-02-05 21:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-13 10:10 - 2019-02-05 21:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-13 10:10 - 2019-02-05 21:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-13 10:10 - 2019-02-05 21:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-13 10:10 - 2019-02-05 21:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-13 10:10 - 2019-02-05 21:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-13 10:10 - 2019-02-05 21:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-13 10:10 - 2019-01-09 12:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-13 10:10 - 2019-01-09 12:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-13 10:10 - 2019-01-09 12:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-13 10:10 - 2019-01-09 04:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-13 10:10 - 2019-01-09 00:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-13 10:10 - 2019-01-09 00:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-13 10:10 - 2019-01-09 00:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-13 10:10 - 2019-01-09 00:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-13 10:10 - 2019-01-09 00:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-13 10:10 - 2019-01-09 00:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-13 10:10 - 2019-01-09 00:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-13 10:10 - 2019-01-09 00:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-13 10:10 - 2019-01-09 00:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-13 10:10 - 2019-01-09 00:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-13 10:10 - 2019-01-09 00:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-13 10:10 - 2019-01-09 00:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-13 10:10 - 2019-01-09 00:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-13 10:10 - 2019-01-09 00:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-13 10:09 - 2019-02-06 02:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-13 10:09 - 2019-02-06 02:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-13 10:09 - 2019-02-06 02:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-13 10:09 - 2019-02-06 02:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-13 10:09 - 2019-02-06 02:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-13 10:09 - 2019-02-06 02:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-13 10:09 - 2019-02-06 01:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-13 10:09 - 2019-02-06 01:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-13 10:09 - 2019-02-06 01:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-13 10:09 - 2019-02-06 01:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-13 10:09 - 2019-02-05 22:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-13 10:09 - 2019-02-05 22:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-13 10:09 - 2019-02-05 22:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-13 10:09 - 2019-02-05 22:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-13 10:09 - 2019-02-05 22:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-13 10:09 - 2019-02-05 22:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-13 10:09 - 2019-02-05 22:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-13 10:09 - 2019-02-05 22:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-13 10:09 - 2019-02-05 22:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-13 10:09 - 2019-02-05 22:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-13 10:09 - 2019-02-05 22:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-13 10:09 - 2019-02-05 22:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-13 10:09 - 2019-02-05 22:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-13 10:09 - 2019-02-05 22:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-13 10:09 - 2019-02-05 22:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-13 10:09 - 2019-02-05 22:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-13 10:09 - 2019-02-05 22:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-13 10:09 - 2019-02-05 22:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-13 10:09 - 2019-02-05 22:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-13 10:09 - 2019-02-05 21:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-13 10:09 - 2019-02-05 21:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-13 10:09 - 2019-02-05 21:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-13 10:09 - 2019-02-05 21:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-13 10:09 - 2019-02-05 21:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-13 10:09 - 2019-02-05 21:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-13 10:09 - 2019-02-05 21:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-13 10:09 - 2019-02-05 21:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-13 10:09 - 2019-02-05 21:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-13 10:09 - 2019-02-05 21:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-13 10:09 - 2019-02-05 21:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-13 10:09 - 2019-02-05 21:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-13 10:09 - 2019-02-05 21:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-13 10:09 - 2019-02-05 21:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-13 10:09 - 2019-02-05 21:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-13 10:09 - 2019-02-05 21:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-13 10:09 - 2019-02-05 21:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-13 10:09 - 2019-02-05 21:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-13 10:09 - 2019-02-05 21:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-13 10:09 - 2019-02-05 21:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-13 10:09 - 2019-02-05 21:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-13 10:09 - 2019-02-05 21:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-13 10:09 - 2019-02-05 21:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-13 10:09 - 2019-02-05 21:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-13 10:09 - 2019-02-05 21:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-13 10:09 - 2019-02-05 21:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-13 10:09 - 2019-02-05 21:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-13 10:09 - 2019-02-05 20:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-13 10:09 - 2019-01-12 03:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-13 10:09 - 2019-01-11 21:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-13 10:09 - 2019-01-09 13:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-13 10:09 - 2019-01-09 12:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-13 10:09 - 2019-01-09 12:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-13 10:09 - 2019-01-09 12:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-13 10:09 - 2019-01-09 12:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-13 10:09 - 2019-01-09 05:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-13 10:09 - 2019-01-09 04:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-13 10:09 - 2019-01-09 03:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-13 10:09 - 2019-01-09 03:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-13 10:09 - 2019-01-09 00:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-13 10:09 - 2019-01-09 00:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-13 10:09 - 2019-01-09 00:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-13 10:09 - 2019-01-09 00:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-13 10:09 - 2019-01-09 00:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-13 10:09 - 2019-01-09 00:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-13 10:09 - 2019-01-09 00:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-13 10:09 - 2019-01-09 00:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-13 10:09 - 2019-01-09 00:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-13 10:09 - 2019-01-09 00:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-13 10:09 - 2019-01-09 00:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-13 10:09 - 2019-01-09 00:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-13 10:09 - 2019-01-09 00:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-13 10:09 - 2019-01-09 00:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-13 10:09 - 2019-01-09 00:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-13 10:09 - 2019-01-09 00:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-13 10:09 - 2019-01-09 00:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-13 10:09 - 2019-01-09 00:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-13 10:09 - 2019-01-09 00:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-13 10:09 - 2019-01-09 00:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-13 10:09 - 2019-01-09 00:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-13 10:09 - 2019-01-09 00:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-13 10:09 - 2019-01-09 00:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-13 10:09 - 2019-01-09 00:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-13 10:09 - 2019-01-09 00:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-13 10:09 - 2019-01-09 00:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-13 10:09 - 2019-01-09 00:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-13 10:09 - 2019-01-09 00:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-13 10:09 - 2019-01-09 00:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-13 10:09 - 2019-01-09 00:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-13 10:09 - 2019-01-09 00:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-13 10:09 - 2019-01-09 00:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-13 10:09 - 2019-01-09 00:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-13 10:09 - 2019-01-09 00:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-13 10:09 - 2019-01-09 00:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-13 10:09 - 2019-01-09 00:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-13 10:09 - 2019-01-09 00:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-13 10:09 - 2019-01-09 00:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 10:09 - 2019-01-09 00:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-13 10:09 - 2019-01-09 00:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-13 10:09 - 2019-01-09 00:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-13 10:09 - 2019-01-09 00:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 10:09 - 2019-01-09 00:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-13 10:09 - 2019-01-09 00:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-13 10:09 - 2019-01-09 00:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-13 10:09 - 2019-01-09 00:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-13 10:09 - 2019-01-09 00:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-13 10:09 - 2019-01-09 00:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-13 10:09 - 2019-01-09 00:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-13 10:09 - 2019-01-09 00:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-13 10:09 - 2019-01-09 00:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-13 10:09 - 2019-01-08 23:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-13 10:09 - 2019-01-08 23:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-13 10:09 - 2019-01-08 04:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-13 10:09 - 2019-01-07 22:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-13 10:09 - 2019-01-07 22:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-13 10:09 - 2019-01-07 22:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-05 16:56 - 2019-02-05 16:56 - 000000080 ___SH C:\bootTel.dat
2019-02-04 11:23 - 2019-02-04 11:23 - 000100136 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2019-01-31 10:44 - 2018-09-19 23:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-01-30 12:21 - 2019-01-30 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series User Registration
2019-01-30 12:18 - 2019-01-30 12:18 - 000000000 ____D C:\Program Files\Canon
2019-01-25 14:14 - 2019-01-25 14:14 - 000309973 _____ C:\Users\Baba\Downloads\2016Catalog
2019-01-23 15:38 - 2019-02-10 16:20 - 000000000 ___RD C:\Users\Baba\OneDrive
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-02-22 13:50 - 2018-07-17 20:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-22 13:01 - 2015-08-12 13:38 - 000000000 ____D C:\Users\Baba\AppData\Local\ClassicShell
2019-02-22 12:59 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-22 12:52 - 2016-11-22 00:31 - 000000000 ____D C:\Users\Baba\AppData\LocalLow\Mozilla
2019-02-22 12:12 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-22 12:09 - 2014-05-23 01:13 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-02-21 18:51 - 2018-07-17 21:29 - 000004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{533217DB-FD4E-42B3-B68C-EDDD1267D52C}
2019-02-21 18:51 - 2015-08-12 14:06 - 000000000 ____D C:\Users\LULI\AppData\Local\ClassicShell
2019-02-21 18:44 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-21 17:58 - 2016-11-22 14:52 - 000000000 ____D C:\Users\LULI\AppData\LocalLow\Mozilla
2019-02-19 23:40 - 2018-04-11 16:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-02-19 16:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-16 15:20 - 2018-05-21 09:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-02-16 15:02 - 2017-01-05 22:42 - 000000845 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2019-02-16 15:02 - 2015-12-25 15:58 - 000000000 ____D C:\Mozilla Thunderbird
2019-02-16 15:02 - 2014-06-12 00:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-16 15:01 - 2017-03-10 10:12 - 000001537 _____ C:\Users\Baba\Desktop\Mozilla Thunderbird.lnk
2019-02-15 12:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-02-14 20:19 - 2018-07-17 21:00 - 000968720 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-14 20:19 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-14 20:14 - 2018-07-17 21:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-14 20:13 - 2018-04-11 16:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-02-14 19:49 - 2018-01-18 12:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-14 19:23 - 2018-01-12 22:31 - 000000000 ____D C:\Program Files\rempl
2019-02-13 18:11 - 2018-10-25 07:05 - 000000000 ____D C:\WINDOWS\Minidump
2019-02-13 17:44 - 2018-07-17 20:36 - 000426312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-13 17:40 - 2018-04-11 18:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-13 17:40 - 2018-04-11 18:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-13 17:40 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-13 17:39 - 2018-04-11 18:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-13 17:39 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-13 17:39 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-13 14:54 - 2018-05-21 09:25 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-02-13 12:50 - 2018-07-17 21:29 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-02-13 12:48 - 2015-11-05 10:00 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-13 10:29 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-13 10:07 - 2014-05-23 12:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-12 23:00 - 2014-05-23 12:45 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-12 20:45 - 2018-07-17 21:29 - 000004576 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-02-12 20:45 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-02-12 20:45 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-02-10 16:20 - 2018-07-17 22:39 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2725568288-2542343644-1725383603-1000
2019-02-10 16:20 - 2018-07-17 20:50 - 000002364 _____ C:\Users\Baba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-09 11:35 - 2016-03-02 10:24 - 000004536 _____ C:\Users\Baba\Documents\PDF_Log.txt
2019-02-08 17:11 - 2018-07-17 21:29 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2725568288-2542343644-1725383603-1001
2019-02-08 17:11 - 2018-07-17 20:50 - 000002364 _____ C:\Users\LULI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-08 17:11 - 2015-08-12 14:05 - 000000000 ___RD C:\Users\LULI\OneDrive
2019-02-08 10:40 - 2018-07-17 21:50 - 000000000 ____D C:\ProgramData\Packages
2019-02-05 22:01 - 2014-05-22 20:36 - 000407542 __RSH C:\bootmgr
2019-02-04 12:09 - 2014-06-12 00:12 - 000000000 ____D C:\ProgramData\Mozilla
2019-02-02 17:53 - 2018-11-14 18:16 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-02 17:53 - 2018-11-14 18:16 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-30 12:28 - 2014-05-25 08:55 - 000000000 ____D C:\Program Files (x86)\Canon
2019-01-30 12:23 - 2015-04-03 09:44 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2019-01-30 12:23 - 2015-04-03 09:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2019-01-30 12:20 - 2015-10-14 09:04 - 000000000 ____D C:\ProgramData\CanonIJWSpt
2019-01-30 12:20 - 2015-10-14 09:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2019-01-30 12:18 - 2015-11-11 23:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series Manual
2019-01-30 12:13 - 2014-07-29 19:31 - 000000000 ____D C:\Users\LULI\AppData\Roaming\Canon
2019-01-30 12:13 - 2014-06-12 00:06 - 000000000 ____D C:\Users\Baba\AppData\Roaming\Canon
2019-01-27 22:22 - 2018-07-18 00:06 - 000000000 ____D C:\Users\Baba\AppData\Local\D3DSCache
2019-01-23 15:38 - 2018-07-17 20:50 - 000000000 ____D C:\Users\Baba
 
Some files in TEMP:
====================
2019-01-21 23:07 - 2019-01-21 23:07 - 001974624 _____ (Oracle Corporation) C:\Users\Baba\AppData\Local\Temp\jre-8u201-windows-au.exe
2019-01-30 12:14 - 2010-07-23 04:47 - 000868752 ____N (CANON INC.) C:\Users\Baba\AppData\Local\Temp\MSETUP4.EXE
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-17 20:36
 
==================== End of FRST.txt ============================
 
 
and the Addition:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 02
Ran by Baba (22-02-2019 13:55:08)
Running from C:\Users\Baba\Desktop
Windows 10 Pro Version 1803 17134.590 (X64) (2018-07-18 02:31:46)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2725568288-2542343644-1725383603-500 - Administrator - Disabled)
Baba (S-1-5-21-2725568288-2542343644-1725383603-1000 - Administrator - Enabled) => C:\Users\Baba
DefaultAccount (S-1-5-21-2725568288-2542343644-1725383603-503 - Limited - Disabled)
Guest (S-1-5-21-2725568288-2542343644-1725383603-501 - Limited - Disabled)
LULI (S-1-5-21-2725568288-2542343644-1725383603-1001 - Administrator - Enabled) => C:\Users\LULI
WDAGUtilityAccount (S-1-5-21-2725568288-2542343644-1725383603-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20091 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ArcSoft PhotoStudio 6 (HKLM-x32\...\{F95BCC10-FDA6-45BC-9AEC-C4CCCB385844}) (Version: 6.0.5.182 - ArcSoft)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version:  - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version:  - Canon Inc.)
Canon MX880 series User Registration (HKLM-x32\...\Canon MX880 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
f.lux (HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\Flux) (Version:  - f.lux Software LLC)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 65.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0.1 (x64 en-US)) (Version: 65.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Mozilla Thunderbird 60.5.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.5.1 (x86 en-US)) (Version: 60.5.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OmniPage SE 2.0 (HKLM-x32\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
Paradox (HKLM-x32\...\_{B568643E-076D-48A2-B5C3-7F0144D668D8}) (Version:  - Corel Corporation)
Paradox (HKLM-x32\...\{B568643E-076D-48A2-B5C3-7F0144D668D8}) (Version: 11.4 - Corel Corporation) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PrimoPDF Packages (HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\PrimoPDF Packages) (Version:  - ) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Stellar Phoenix Excel Repair (HKLM-x32\...\Stellar Phoenix Excel Repair_is1) (Version: 5.5.0.0 - Stellar Information Technology Pvt Ltd.)
TurboCAD Deluxe v11.2 (HKLM-x32\...\{2EEF331B-6AC8-471A-84AE-6A9ED940EDC2}) (Version: 11 - IMSI)
UBitMenu UK (HKLM-x32\...\{C8748FFB-1713-4e95-B3DF-4F1622D96F93}_is1) (Version: 01.04 - UBit Schweiz AG)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{B36AB323-9849-4486-AB8F-93E64A06E716}) (Version: 1.1.1.6 - Western Digital)
WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation)
WordPerfect Office X6 - Common Files (HKLM-x32\...\{315FE707-7A15-4B1B-8C5A-955428AAA01D}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Common Files English (HKLM-x32\...\{E1AF3785-AA77-471E-ABC5-4C2B459B877A}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Extras (HKLM-x32\...\{98F94B9C-9FF5-4053-85A6-3D4F3FA3EBA0}) (Version: 1.00.0000 - Corel Corporation)
WordPerfect Office X6 - IPM (HKLM-x32\...\{230100D9-27B4-49A3-A30F-D44B51EF56AA}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files (HKLM-x32\...\{440F51A9-8CA3-41D7-AFD5-F47820895949}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files English (HKLM-x32\...\{C4D92146-95DE-415A-99CC-51FBFF7C10CF}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Oxford (HKLM-x32\...\{8959569B-D9BA-43A9-972A-D509EE7D4BA9}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files (HKLM-x32\...\{EAA5C699-6DB5-4508-BD64-B79EB9409C9D}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files English (HKLM-x32\...\{86ACFB25-0FA5-4A01-96B5-EE8F229D456E}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files (HKLM-x32\...\{069793F3-E123-47B9-88DB-5DE76FF32ADB}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files English (HKLM-x32\...\{10FFE1D7-6A72-4483-9856-1A2FBBC5A425}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Setup Files (HKLM-x32\...\{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - System Files (HKLM-x32\...\{8270ABE3-53A5-4046-BF84-EB5FBB0F5B10}) (Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files (HKLM-x32\...\{CCADD122-70A5-47A6-8722-1BD5267B85F5}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files English (HKLM-x32\...\{CD29C36F-2C6D-4ED3-BC21-B20C8038E9A5}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - WT (HKLM-x32\...\{0F7A0D0F-6576-489E-B20B-B7C8F95BBCC3}) (Version: 16.1 -  Corel Corporation) Hidden
WordPerfect Office X6 (HKLM-x32\...\_{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.0.0.429 - Corel Corporation)
WordPerfect Office X6 (HKLM-x32\...\{F6582F6F-6CD1-4B62-8BC6-EACF98AF410F}) (Version: 16.3 - Corel Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2725568288-2542343644-1725383603-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft)
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers1-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1-x32: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers2-x32: [QuickFinderMenu] -> {45dfc9aa-83c4-4ded-bc9d-f0442b4b02ea} => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\PFSE160.DLL [2013-02-13] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers4-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4-x32-x32: [QuickFinderMenu] -> {45dfc9aa-83c4-4ded-bc9d-f0442b4b02ea} => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\PFSE160.DLL [2013-02-13] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CFB409B-20BE-414D-8043-A1246D8E0931} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {11D215A5-965D-4488-8D22-FE408B8BA1DB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {12FC2C0B-182B-40F3-9C4F-7DCA286C5D4F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1CC4108E-CE42-48F4-883B-8BCB00ADE184} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {1D28A775-9142-47FD-92AF-2E08F54F3C1F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {200842F9-9226-4313-8FFA-09DA2FB1B686} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {274A02ED-2182-48C3-909C-F06C38F94E4D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2977D7D9-8CC1-466A-9700-682579C9446D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {302DD5E4-C4DB-4464-838A-B32FB24F3BAA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {34B1411D-BB8C-4754-A2FC-9A5B482990F0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {34DD0165-3A4D-46F0-B447-931A9AA90DB5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3612DEA1-5E73-415B-85F0-39B91F86D5E2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {37B5FC89-CF89-4553-A66B-246405986E0D} - System32\Tasks\{3C4851B8-E534-4046-8D5C-FB19C1E6A784} => C:\Windows\system32\pcalua.exe -a "C:\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\VS Revo Group\Revo Uninstaller"
Task: {38C1FDE2-24E0-4BFA-B49C-1B1F8770F046} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {3923E5BD-FDFF-473A-8459-F287189CC20C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {41B1DED8-8041-4EC3-9D58-3C2063C36CAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {440E53A5-5B92-473C-8E27-2014F3419446} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {461BF656-1915-437D-B38E-C5E5BA7516EE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {528A0898-E9AF-4A3C-B033-DA0A665DBEFA} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe (Garmin International, Inc. -> )
Task: {5D25B177-B947-4A5D-8DDA-689EEF41A108} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {63A8AA73-C5CD-4819-8E23-44DBCDA01616} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {79DA7D54-2650-444C-BD64-1FB496C92336} - System32\Tasks\{E82607DB-91BE-410B-B9C7-87446FC2DDBA} => "c:\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.18.59.105/en/abandoninstall?page=tsPlugin
Task: {7D4339D3-3FFE-40B7-8540-D0002B53FD81} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8130C257-B07D-481E-B2FC-17343D9B9139} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {831597CC-D25D-4792-9CC4-608EA90BDAFE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {84B93907-185C-4C43-A4FD-191564783691} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {924923AD-4641-489D-936F-13E025411862} - System32\Tasks\Asrsetup => F:\ASRSetup.exe
Task: {9B8E37D6-5A30-4161-AB1D-B4A136C5207B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9CB6AB2B-B2E2-4365-86C4-C10862DE0F28} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A2224AC9-F141-40E1-9882-8340B6A84E32} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B1925673-35F0-4ADA-B470-797CA4195D5F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {B57BF88D-2754-471D-AC78-3A52ECF35042} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B6CF9D92-E3E4-4F97-857C-CECEA8399343} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BCA448CD-92D4-44E4-888E-A79A7ECE56FB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C05BA778-14B3-431B-9B85-D2C402F5E8D5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D593B5A5-1A58-42C2-AC50-4E4C083523AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D84D4011-8EEC-4A5B-B236-D989D68292A3} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D862D8AD-6E54-4649-A7DE-C91018D544EE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DB782008-4BF5-4282-B2FF-6CAB0F79216B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCA480F3-6BFF-41D1-A4FB-155215714F47} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E342E123-6091-4499-BA62-F338A589D5A6} - System32\Tasks\Western Digital\SmartWare\____Volume_707e1b3c_e212_11e3_a237_806e6f6e6963______Volume_c0f0c39f_f040_11e3_b541_002522cc415f__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {E6DBA9C9-312A-47F9-8718-51F1465893E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E7AB0303-E56B-4166-BB17-574157D6CE05} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E9DFC845-8197-4C5E-89FD-2B37529522F7} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {F369DF17-C336-433B-AC48-29BDD7BFFE34} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FDC242AE-1730-4790-8A50-E761F427594B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FE1A2124-3D50-4D22-890E-0B6B8BAE5F65} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-10-31 11:55 - 2011-02-28 17:37 - 000095008 _____ () C:\WINDOWS\System32\Primomonnt.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 12:32 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-02-13 10:09 - 2019-02-05 21:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-02-21 18:17 - 2019-02-21 18:18 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-02-21 18:17 - 2019-02-21 18:18 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2019-01-31 17:52 - 2019-01-31 17:55 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-01-31 17:52 - 2019-01-31 17:55 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 05:43 - 2017-10-05 05:46 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-01-15 14:53 - 2019-01-15 14:55 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-01-31 17:52 - 2019-01-31 17:55 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-01-31 17:52 - 2019-01-31 17:55 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-01-31 17:52 - 2019-01-31 17:55 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-30 12:01 - 2018-08-30 12:05 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-26 18:09 - 2018-07-26 18:11 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-08 10:39 - 2019-02-08 10:40 - 028028416 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2019-02-08 10:39 - 2019-02-08 10:40 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2017-12-01 10:24 - 2017-12-01 10:24 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-28 21:39 - 2018-11-28 21:40 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-08 10:39 - 2019-02-08 10:40 - 006033408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2019-02-14 19:49 - 2019-02-13 00:14 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll
2019-02-14 19:49 - 2019-02-13 00:14 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll
2018-10-04 14:36 - 2018-10-04 14:39 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-02-21 18:17 - 2019-02-21 18:18 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-02-14 19:46 - 2019-02-14 19:47 - 010541568 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-02-14 19:46 - 2019-02-14 19:47 - 002933760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\skypert.dll
2019-02-14 19:46 - 2019-02-14 19:47 - 000688640 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2019-02-14 19:46 - 2019-02-14 19:47 - 002362096 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\Processing.NDI.Lib.UWP.x64.dll
2019-02-12 09:51 - 2019-02-12 09:51 - 008562688 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1901.311.0_x64__8wekyb3d8bbwe\OneConnect.dll
2018-05-25 21:21 - 2018-05-25 21:21 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\kpcengine.2.3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Windows\twain_32\wiatwain.ds\;C:\Windows\twain_32\CNQ8400F;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\Control Panel\Desktop\\Wallpaper -> D:\Desktop\BMPs\Pride&P1.bmp
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\Services: AJRouter => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppHostSvc => 2
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: AssignedAccessManagerSvc => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BITS => 3
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: camsvc => 3
MSCONFIG\Services: CDPSvc => 2
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DeviceAssociationService => 3
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: DevQueryBroker => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: diagnosticshub.standardcollector.service => 3
MSCONFIG\Services: diagsvc => 3
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: DmEnrollmentSvc => 3
MSCONFIG\Services: dmwappushservice => 3
MSCONFIG\Services: DoSvc => 3
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: DsmSvc => 3
MSCONFIG\Services: DsSvc => 3
MSCONFIG\Services: DusmSvc => 2
MSCONFIG\Services: Eaphost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: FrameServer => 3
MSCONFIG\Services: GraphicsPerfSvc => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: HvHost => 3
MSCONFIG\Services: icssvc => 3
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: InstallService => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: IpxlatCfgSvc => 3
MSCONFIG\Services: irmon => 3
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: LicenseManager => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 3
MSCONFIG\Services: MapsBroker => 2
MSCONFIG\Services: Microsoft Office Groove Audit Service => 3
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: MSMQ => 2
MSCONFIG\Services: NaturalAuthentication => 3
MSCONFIG\Services: NcaSvc => 3
MSCONFIG\Services: NcbService => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: NetMsmqActivator => 2
MSCONFIG\Services: NetPipeActivator => 2
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NetSetupSvc => 3
MSCONFIG\Services: NetTcpActivator => 2
MSCONFIG\Services: NetTcpPortSharing => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: odserv => 3
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 3
MSCONFIG\Services: PeerDistSvc => 3
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: PhoneSvc => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PlugPlay => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: PushToInstall => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RetailDemo => 3
MSCONFIG\Services: RmSvc => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SEMgrSvc => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensorDataService => 3
MSCONFIG\Services: SensorService => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedRealitySvc => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: SmsRouter => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: spectrum => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: TieringEngineService => 3
MSCONFIG\Services: TokenBroker => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UsoSvc => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvmsession => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: w3logsvc => 3
MSCONFIG\Services: W3SVC => 2
MSCONFIG\Services: WalletService => 3
MSCONFIG\Services: WarpJITSvc => 3
MSCONFIG\Services: WAS => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WFDSConMgrSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WirelessKB850NotificationService => 2
MSCONFIG\Services: wisvc => 3
MSCONFIG\Services: WlanSvc => 3
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: wlpasvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: WpnService => 2
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxGipSvc => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B7D819A0-2E66-41B9-9AF6-2BC4E0A7B074}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{37C8E12B-F6BA-4892-A854-EA46BD738107}] => (Allow) C:\Mozilla Firefox\firefox.exe No File
FirewallRules: [{01CCF067-A393-49D9-B944-14A547732E85}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B3799B94-0C32-49C9-88D6-010F200A895F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
 
==================== Restore Points =========================
 
31-01-2019 10:44:09 Windows Update
12-02-2019 22:59:04 Windows Update
20-02-2019 11:38:34 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Unknown USB Device (Port Reset Failed)
Description: Unknown USB Device (Port Reset Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/19/2019 10:48:52 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (02/19/2019 10:48:52 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
 
Error: (02/15/2019 10:42:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 65.0.1.6981 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2be4
 
Start Time: 01d4c5a6ab4911d9
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\Mozilla Firefox\firefox.exe
 
Report Id: c2fa2348-c884-4f9a-8c8a-29f6479742c9
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/06/2019 03:11:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LockApp.exe version 10.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 21b4
 
Start Time: 01d4be546e045374
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
 
Report Id: d1e9c684-ae75-456b-9d9e-8ceedf2123a9
 
Faulting package full name: Microsoft.LockApp_10.0.17134.1_neutral__cw5n1h2txyewy
 
Faulting package-relative application ID: WindowsDefaultLockScreen
 
Error: (02/05/2019 09:59:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: ntdll.dll, version: 10.0.17134.471, time stamp: 0x7e614c22
Exception code: 0xc0000008
Fault offset: 0x000000000009e78a
Faulting process id: 0xe64
Faulting application start time: 0x01d4bd9dd659cbd4
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 0c28a509-3b78-49c3-8339-81816dec93fd
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/30/2019 04:36:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 64.0.2.6947, time stamp: 0x5c34ddf7
Faulting module name: MSVCP140.dll, version: 14.15.26706.0, time stamp: 0x5b3efc99
Exception code: 0xc0000005
Fault offset: 0x0000000000034e46
Faulting process id: 0x2ee4
Faulting application start time: 0x01d4b8e19b5bd752
Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files\Mozilla Firefox\MSVCP140.dll
Report Id: 6e72d824-f5a1-4d4c-84c5-b69fdfbdd323
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/30/2019 12:49:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: ntdll.dll, version: 10.0.17134.471, time stamp: 0x7e614c22
Exception code: 0xc0000008
Fault offset: 0x000000000009e78a
Faulting process id: 0xda8
Faulting application start time: 0x01d4b8c095276297
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 390d0aa1-a87c-4888-86ec-ce5cc1e6092f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/29/2019 10:59:03 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
 
System errors:
=============
Error: (02/22/2019 12:52:15 PM) (Source: DCOM) (EventID: 10016) (User: FirstFloor)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user FirstFloor\Baba SID (S-1-5-21-2725568288-2542343644-1725383603-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/22/2019 12:09:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/21/2019 11:31:56 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
 
Error: (02/21/2019 09:01:03 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (02/21/2019 05:56:21 PM) (Source: DCOM) (EventID: 10016) (User: FirstFloor)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user FirstFloor\LULI SID (S-1-5-21-2725568288-2542343644-1725383603-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/21/2019 12:20:37 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (02/21/2019 10:18:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/21/2019 09:48:50 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
 
Windows Defender:
===================================
Date: 2018-10-22 16:05:58.555
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D4827E09-7CA7-4A83-B57D-923B997B3EF5}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-08-24 20:30:55.387
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.133.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2018-12-12 12:34:14.769
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\f2bad0ba1f328082c30cec1140c265ff\Package_for_RollupFix~~amd64~~17134.471.1.5\amd64_microsoft-windows-security-spp-clientext_31bf3856ad364e35_10.0.17134.471_none_ae4cd96e074d9bf4\sppcext.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-12-12 12:34:14.212
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\f2bad0ba1f328082c30cec1140c265ff\Package_for_RollupFix~~amd64~~17134.471.1.5\amd64_microsoft-windows-security-spp-clientext_31bf3856ad364e35_10.0.17134.471_none_ae4cd96e074d9bf4\sppcext.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-12-12 12:34:14.202
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\f2bad0ba1f328082c30cec1140c265ff\Package_for_RollupFix~~amd64~~17134.471.1.5\amd64_microsoft-windows-security-spp-clientext_31bf3856ad364e35_10.0.17134.471_none_ae4cd96e074d9bf4\sppcext.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-12-12 12:34:10.967
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\f2bad0ba1f328082c30cec1140c265ff\Package_for_RollupFix~~amd64~~17134.471.1.5\amd64_microsoft-windows-security-spp-clientext_31bf3856ad364e35_10.0.17134.471_none_ae4cd96e074d9bf4\sppcext.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-12-12 12:32:00.794
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\f2bad0ba1f328082c30cec1140c265ff\Package_for_RollupFix~~amd64~~17134.471.1.5\amd64_microsoft-windows-security-spp-extcom_31bf3856ad364e35_10.0.17134.471_none_ec5f168d96444f28\SppExtComObj.Exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-12-12 12:31:56.463
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\f2bad0ba1f328082c30cec1140c265ff\Package_for_RollupFix~~amd64~~17134.471.1.5\amd64_microsoft-windows-security-spp-extcom_31bf3856ad364e35_10.0.17134.471_none_ec5f168d96444f28\SppExtComObj.Exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-12-12 12:31:52.419
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\f2bad0ba1f328082c30cec1140c265ff\Package_for_RollupFix~~amd64~~17134.471.1.5\amd64_microsoft-windows-security-spp-extcom_31bf3856ad364e35_10.0.17134.471_none_ec5f168d96444f28\SppExtComObj.Exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-12-12 12:31:49.345
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\f2bad0ba1f328082c30cec1140c265ff\Package_for_RollupFix~~amd64~~17134.471.1.5\amd64_microsoft-windows-security-spp-extcom_31bf3856ad364e35_10.0.17134.471_none_ec5f168d96444f28\SppExtComObj.Exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU G530 @ 2.40GHz
Percentage of memory in use: 34%
Total physical RAM: 7912.68 MB
Available physical RAM: 5204.04 MB
Total Virtual: 15848.68 MB
Available Virtual: 12778.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:365.38 GB) (Free:275.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:512.69 GB) (Free:495.74 GB) NTFS
Drive e: () (Fixed) (Total:518.35 GB) (Free:511.03 GB) NTFS
 
\\?\Volume{9c73f259-0000-0000-0000-40585b000000}\ () (Fixed) (Total:0.83 GB) (Free:0.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 9C73F259)
Partition 1: (Active) - (Size=365.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=853 MB) - (Type=27)
Partition 3: (Not Active) - (Size=1031 GB) - (Type=0F Extended)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

Does anyone know why my topic is not Bold, as is the others on page 1 of this forum?


  • 0

#3
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

Does anyone know why my topic is not Bold, as is all the others on page 1 of this forum?

 

Secondly, how can I delete this duplicate post reply?


Edited by jsaklas, 23 February 2019 - 11:30 AM.

  • 0

#4
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 898 posts
Welcome to the Geeks To Go malware removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:
  • Do not run any fixes or tools on your system unless I request that you do so.
  • Please read all instructions completely before you complete them.
  • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
  • If you have pirated or illegal software on your computer, uninstall it before proceeding.
  • If you don't respond to your topic in 4 days, it will be closed. You can have it reopened by contacting me or any staff member by pm with the address of the thread.
  • If you have questions about anything, please ask.
--------------------


Highlight the contents of the below code box and press Ctrl + C:
Start::

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction ? <==== ATTENTION

SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2725568288-2542343644-1725383603-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 

U3 idsvc; no ImagePath

ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File

Task: {0CFB409B-20BE-414D-8043-A1246D8E0931} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {274A02ED-2182-48C3-909C-F06C38F94E4D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {34B1411D-BB8C-4754-A2FC-9A5B482990F0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {34DD0165-3A4D-46F0-B447-931A9AA90DB5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3612DEA1-5E73-415B-85F0-39B91F86D5E2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {37B5FC89-CF89-4553-A66B-246405986E0D} - System32\Tasks\{3C4851B8-E534-4046-8D5C-FB19C1E6A784} => C:\Windows\system32\pcalua.exe -a "C:\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\VS Revo Group\Revo Uninstaller"
Task: {831597CC-D25D-4792-9CC4-608EA90BDAFE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B1925673-35F0-4ADA-B470-797CA4195D5F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {B57BF88D-2754-471D-AC78-3A52ECF35042} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D593B5A5-1A58-42C2-AC50-4E4C083523AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E6DBA9C9-312A-47F9-8718-51F1465893E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F369DF17-C336-433B-AC48-29BDD7BFFE34} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

FirewallRules: [{37C8E12B-F6BA-4892-A854-EA46BD738107}] => (Allow) C:\Mozilla Firefox\firefox.exe No File

End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
Please copy and paste the contents of the fixlog into your next reply.

---------------------------

Download AdwCleaner and save it to your Desktop.
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. If no objects are detected, close the AdwCleaner window.
  • If any objects are detected, make sure that all the boxes are checked and click on the Clean and Repair button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
  • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.
Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers).

---------------------------

Let me know if the problems persist.

Thanks.
  • 0

#5
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

iMacG3,

 

Thank you for the reply.  I also sought help on Bleepingcomputer.  I received help from dc3 and after several scans, etc., I was told to load and run W10 ISO repair.  Because, effectively I had no internet access, I had to download everything onto my W7 machine, put them on a memory stick then transfer them to the W10 machine.  All non-internet functions (Word, Excel, WordPerfect, Paint, etc. worked fine, only internet access was messed up.

 

The W10 repair worked and I am again on the W10 machine.

 

I am, by no means, a computer expert, so I leave it to you if we should continue the malware search.  I don't want to waste you time, but if you feel it would be useful, then I am, of course, willing.   So, before I follow your guidance from your reply, let me know you decision.

 

Thanks again.


  • 0

#6
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 898 posts
Hi,


We can run a scan with FRST to check for any malware remnants, if present.

Download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
  • If you receive a SmartScreen warning, click on More Info and Run Anyway.
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, two log files will open - FRST.txt and Addition.txt.
  • Copy and paste the contents of FRST.txt and Addition.txt into your next reply.
Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.
  • 0

#7
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

iMang3,

 

Here is the Addition log (the FRST log will follow in a second post):

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.02.2019 01
Ran by Baba (28-02-2019 19:02:41)
Running from C:\Users\Baba\Desktop
Windows 10 Pro Version 1809 17763.253 (X64) (2019-02-27 05:46:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2725568288-2542343644-1725383603-500 - Administrator - Disabled)
Baba (S-1-5-21-2725568288-2542343644-1725383603-1000 - Administrator - Enabled) => C:\Users\Baba
DefaultAccount (S-1-5-21-2725568288-2542343644-1725383603-503 - Limited - Disabled)
Guest (S-1-5-21-2725568288-2542343644-1725383603-501 - Limited - Disabled)
LULI (S-1-5-21-2725568288-2542343644-1725383603-1001 - Administrator - Enabled) => C:\Users\LULI
WDAGUtilityAccount (S-1-5-21-2725568288-2542343644-1725383603-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Disabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Disabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ArcSoft PhotoStudio 6 (HKLM-x32\...\{F95BCC10-FDA6-45BC-9AEC-C4CCCB385844}) (Version: 6.0.5.182 - ArcSoft)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version:  - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version:  - Canon Inc.)
Canon MX880 series User Registration (HKLM-x32\...\Canon MX880 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
f.lux (HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\Flux) (Version:  - f.lux Software LLC)
f.lux (HKU\S-1-5-21-2725568288-2542343644-1725383603-1001\...\Flux) (Version:  - f.lux Software LLC)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.119 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2725568288-2542343644-1725383603-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 65.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0.1 (x64 en-US)) (Version: 65.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Mozilla Thunderbird 60.5.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.5.1 (x86 en-US)) (Version: 60.5.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OmniPage SE 2.0 (HKLM-x32\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
Paradox (HKLM-x32\...\_{B568643E-076D-48A2-B5C3-7F0144D668D8}) (Version:  - Corel Corporation)
Paradox (HKLM-x32\...\{B568643E-076D-48A2-B5C3-7F0144D668D8}) (Version: 11.4 - Corel Corporation) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PrimoPDF Packages (HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\PrimoPDF Packages) (Version:  - ) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Stellar Phoenix Excel Repair (HKLM-x32\...\Stellar Phoenix Excel Repair_is1) (Version: 5.5.0.0 - Stellar Information Technology Pvt Ltd.)
TurboCAD Deluxe v11.2 (HKLM-x32\...\{2EEF331B-6AC8-471A-84AE-6A9ED940EDC2}) (Version: 11 - IMSI)
UBitMenu UK (HKLM-x32\...\{C8748FFB-1713-4e95-B3DF-4F1622D96F93}_is1) (Version: 01.04 - UBit Schweiz AG)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{B36AB323-9849-4486-AB8F-93E64A06E716}) (Version: 1.1.1.6 - Western Digital)
WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation)
WordPerfect Office X6 - Common Files (HKLM-x32\...\{315FE707-7A15-4B1B-8C5A-955428AAA01D}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Common Files English (HKLM-x32\...\{E1AF3785-AA77-471E-ABC5-4C2B459B877A}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Extras (HKLM-x32\...\{98F94B9C-9FF5-4053-85A6-3D4F3FA3EBA0}) (Version: 1.00.0000 - Corel Corporation)
WordPerfect Office X6 - IPM (HKLM-x32\...\{230100D9-27B4-49A3-A30F-D44B51EF56AA}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files (HKLM-x32\...\{440F51A9-8CA3-41D7-AFD5-F47820895949}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files English (HKLM-x32\...\{C4D92146-95DE-415A-99CC-51FBFF7C10CF}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Oxford (HKLM-x32\...\{8959569B-D9BA-43A9-972A-D509EE7D4BA9}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files (HKLM-x32\...\{EAA5C699-6DB5-4508-BD64-B79EB9409C9D}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files English (HKLM-x32\...\{86ACFB25-0FA5-4A01-96B5-EE8F229D456E}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files (HKLM-x32\...\{069793F3-E123-47B9-88DB-5DE76FF32ADB}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files English (HKLM-x32\...\{10FFE1D7-6A72-4483-9856-1A2FBBC5A425}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Setup Files (HKLM-x32\...\{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - System Files (HKLM-x32\...\{8270ABE3-53A5-4046-BF84-EB5FBB0F5B10}) (Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files (HKLM-x32\...\{CCADD122-70A5-47A6-8722-1BD5267B85F5}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files English (HKLM-x32\...\{CD29C36F-2C6D-4ED3-BC21-B20C8038E9A5}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - WT (HKLM-x32\...\{0F7A0D0F-6576-489E-B20B-B7C8F95BBCC3}) (Version: 16.1 -  Corel Corporation) Hidden
WordPerfect Office X6 (HKLM-x32\...\_{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.0.0.429 - Corel Corporation)
WordPerfect Office X6 (HKLM-x32\...\{F6582F6F-6CD1-4B62-8BC6-EACF98AF410F}) (Version: 16.3 - Corel Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2725568288-2542343644-1725383603-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-2725568288-2542343644-1725383603-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers2-x32: [QuickFinderMenu] -> {45dfc9aa-83c4-4ded-bc9d-f0442b4b02ea} => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\PFSE160.DLL [2013-02-13] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4-x32: [QuickFinderMenu] -> {45dfc9aa-83c4-4ded-bc9d-f0442b4b02ea} => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\PFSE160.DLL [2013-02-13] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CFB409B-20BE-414D-8043-A1246D8E0931} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {11626404-1834-4A58-89B6-7CA6C41F7885} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {11D215A5-965D-4488-8D22-FE408B8BA1DB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {12FC2C0B-182B-40F3-9C4F-7DCA286C5D4F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1CC4108E-CE42-48F4-883B-8BCB00ADE184} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {1D28A775-9142-47FD-92AF-2E08F54F3C1F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {200842F9-9226-4313-8FFA-09DA2FB1B686} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {253552BC-FB5E-479E-AD76-B3BCD42DD069} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {274A02ED-2182-48C3-909C-F06C38F94E4D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2977D7D9-8CC1-466A-9700-682579C9446D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {302DD5E4-C4DB-4464-838A-B32FB24F3BAA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {34B1411D-BB8C-4754-A2FC-9A5B482990F0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {34DD0165-3A4D-46F0-B447-931A9AA90DB5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3612DEA1-5E73-415B-85F0-39B91F86D5E2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {37B5FC89-CF89-4553-A66B-246405986E0D} - System32\Tasks\{3C4851B8-E534-4046-8D5C-FB19C1E6A784} => C:\Windows\system32\pcalua.exe -a "C:\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\VS Revo Group\Revo Uninstaller"
Task: {38C1FDE2-24E0-4BFA-B49C-1B1F8770F046} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {3923E5BD-FDFF-473A-8459-F287189CC20C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {41B1DED8-8041-4EC3-9D58-3C2063C36CAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {440E53A5-5B92-473C-8E27-2014F3419446} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {461BF656-1915-437D-B38E-C5E5BA7516EE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {528A0898-E9AF-4A3C-B033-DA0A665DBEFA} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe (Garmin International, Inc. -> )
Task: {5D25B177-B947-4A5D-8DDA-689EEF41A108} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {63A8AA73-C5CD-4819-8E23-44DBCDA01616} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {79DA7D54-2650-444C-BD64-1FB496C92336} - System32\Tasks\{E82607DB-91BE-410B-B9C7-87446FC2DDBA} => "c:\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.18.59.105/en/abandoninstall?page=tsPlugin
Task: {7D4339D3-3FFE-40B7-8540-D0002B53FD81} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8130C257-B07D-481E-B2FC-17343D9B9139} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {831597CC-D25D-4792-9CC4-608EA90BDAFE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {84B93907-185C-4C43-A4FD-191564783691} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {924923AD-4641-489D-936F-13E025411862} - System32\Tasks\Asrsetup => F:\ASRSetup.exe
Task: {9B8E37D6-5A30-4161-AB1D-B4A136C5207B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9CB6AB2B-B2E2-4365-86C4-C10862DE0F28} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A2224AC9-F141-40E1-9882-8340B6A84E32} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {A9EDD0E4-A1EE-47CC-8839-7A14B88C9A3F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B1925673-35F0-4ADA-B470-797CA4195D5F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {B38C4B7F-4ADA-4884-80EC-D62E2FEBDFF4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B57BF88D-2754-471D-AC78-3A52ECF35042} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B6CF9D92-E3E4-4F97-857C-CECEA8399343} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BCA448CD-92D4-44E4-888E-A79A7ECE56FB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C05BA778-14B3-431B-9B85-D2C402F5E8D5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D593B5A5-1A58-42C2-AC50-4E4C083523AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D84D4011-8EEC-4A5B-B236-D989D68292A3} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D862D8AD-6E54-4649-A7DE-C91018D544EE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DB782008-4BF5-4282-B2FF-6CAB0F79216B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCA480F3-6BFF-41D1-A4FB-155215714F47} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E342E123-6091-4499-BA62-F338A589D5A6} - System32\Tasks\Western Digital\SmartWare\____Volume_707e1b3c_e212_11e3_a237_806e6f6e6963______Volume_c0f0c39f_f040_11e3_b541_002522cc415f__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {E6DBA9C9-312A-47F9-8718-51F1465893E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E7AB0303-E56B-4166-BB17-574157D6CE05} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E9DFC845-8197-4C5E-89FD-2B37529522F7} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {F369DF17-C336-433B-AC48-29BDD7BFFE34} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FDC242AE-1730-4790-8A50-E761F427594B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FE1A2124-3D50-4D22-890E-0B6B8BAE5F65} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-10-14 09:02 - 2010-09-08 11:27 - 000328192 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2016-07-30 08:05 - 2016-07-30 08:05 - 003661784 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2016-07-30 08:05 - 2016-07-30 08:05 - 000163800 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
2016-07-30 08:05 - 2016-07-30 08:05 - 000883160 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2016-07-30 08:05 - 2016-07-30 08:05 - 000289240 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\System32\StartMenuHelper64.dll
2003-10-16 15:36 - 2003-10-16 15:36 - 000230912 _____ (Wanari Ltd.) [File not signed] C:\Gyula Commander\Gyula's Navigator\WinNav.exe
2014-05-22 23:32 - 2011-02-01 14:53 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\StatusStrings.dll
2014-05-22 23:32 - 2011-02-01 14:57 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\xerces-c_2_7.dll
2019-02-27 00:19 - 2019-02-27 00:19 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2019-02-27 00:19 - 2019-02-27 00:19 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2019-01-30 12:20 - 2010-09-10 14:57 - 000023040 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll
2019-02-27 00:19 - 2019-02-27 00:19 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Windows\twain_32\wiatwain.ds\;C:\Windows\twain_32\CNQ8400F;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\Control Panel\Desktop\\Wallpaper -> D:\Desktop\BMPs\Pride&P1.bmp
HKU\S-1-5-21-2725568288-2542343644-1725383603-1001\Control Panel\Desktop\\Wallpaper -> D:\Desktop\BMPs\Ari-Danae1.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AJRouter => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppHostSvc => 2
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: AssignedAccessManagerSvc => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BITS => 3
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: camsvc => 3
MSCONFIG\Services: CDPSvc => 2
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DeviceAssociationService => 3
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: DevQueryBroker => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: diagnosticshub.standardcollector.service => 3
MSCONFIG\Services: diagsvc => 3
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: DmEnrollmentSvc => 3
MSCONFIG\Services: dmwappushservice => 3
MSCONFIG\Services: DoSvc => 3
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: DsmSvc => 3
MSCONFIG\Services: DsSvc => 3
MSCONFIG\Services: DusmSvc => 2
MSCONFIG\Services: Eaphost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: FrameServer => 3
MSCONFIG\Services: GraphicsPerfSvc => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: HvHost => 3
MSCONFIG\Services: icssvc => 3
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: InstallService => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: IpxlatCfgSvc => 3
MSCONFIG\Services: irmon => 3
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: LicenseManager => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 3
MSCONFIG\Services: MapsBroker => 2
MSCONFIG\Services: Microsoft Office Groove Audit Service => 3
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: MSMQ => 2
MSCONFIG\Services: NaturalAuthentication => 3
MSCONFIG\Services: NcaSvc => 3
MSCONFIG\Services: NcbService => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: NetMsmqActivator => 2
MSCONFIG\Services: NetPipeActivator => 2
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NetSetupSvc => 3
MSCONFIG\Services: NetTcpActivator => 2
MSCONFIG\Services: NetTcpPortSharing => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: odserv => 3
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 3
MSCONFIG\Services: PeerDistSvc => 3
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: PhoneSvc => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PlugPlay => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: PushToInstall => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RetailDemo => 3
MSCONFIG\Services: RmSvc => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SEMgrSvc => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensorDataService => 3
MSCONFIG\Services: SensorService => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedRealitySvc => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: SmsRouter => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: spectrum => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: TieringEngineService => 3
MSCONFIG\Services: TokenBroker => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UsoSvc => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvmsession => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: w3logsvc => 3
MSCONFIG\Services: W3SVC => 2
MSCONFIG\Services: WalletService => 3
MSCONFIG\Services: WarpJITSvc => 3
MSCONFIG\Services: WAS => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WFDSConMgrSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WirelessKB850NotificationService => 2
MSCONFIG\Services: wisvc => 3
MSCONFIG\Services: WlanSvc => 3
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: wlpasvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: WpnService => 2
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxGipSvc => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run32: => "APSDaemon"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2923A4A2-4984-4CF3-92F6-317C26C0EFD0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{01CCF067-A393-49D9-B944-14A547732E85}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{37C8E12B-F6BA-4892-A854-EA46BD738107}] => (Allow) C:\Mozilla Firefox\firefox.exe No File
FirewallRules: [{B7D819A0-2E66-41B9-9AF6-2BC4E0A7B074}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)

==================== Restore Points =========================

27-02-2019 10:47:14 Windows Update

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Port Reset Failed)
Description: Unknown USB Device (Port Reset Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2019 03:12:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeSH.exe, version: 11.0.17763.1, time stamp: 0x1244354f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x000000000000008c
Faulting process id: 0x2dc0
Faulting application start time: 0x01d4ced8c81d22d9
Faulting application path: C:\WINDOWS\system32\MicrosoftEdgeSH.exe
Faulting module path: unknown
Report Id: fed23217-6bd4-4913-9846-ef25e8447bb5
Faulting package full name: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (02/27/2019 12:49:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeSH.exe, version: 11.0.17763.1, time stamp: 0x1244354f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x000000000000008c
Faulting process id: 0x17bc
Faulting application start time: 0x01d4ce60361dd92e
Faulting application path: C:\WINDOWS\system32\MicrosoftEdgeSH.exe
Faulting module path: unknown
Report Id: 01bdf342-4d4a-4c95-82b6-c9686723753b
Faulting package full name: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (02/27/2019 12:31:43 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (02/27/2019 12:31:11 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (02/27/2019 12:31:11 AM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (02/27/2019 12:31:10 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (02/27/2019 12:20:41 AM) (Source: WAS-LA) (EventID: 7005) (User: )
Description: Listener Adapter protocol 'net.pipe' attempted to communicate to Windows Process Activation Service and failed. The Listener Adapter is now in a bad state.  Cause: This is caused by Out of Memory issues or failures between Windows Process Activation Service and Listener Adapter.  Fix: To fix this condition, stop Listener Adapter then Windows Process Activation Service, restart Windows Process Activation Service, and finally restart Listener Adapter.

Error: (02/27/2019 12:07:00 AM) (Source: MSMQ) (EventID: 2000) (User: )
Description: The Message Queuing service cannot start. The registry value '\HKLM\SOFTWARE\Microsoft\MSMQ\Parameters\MachineCache\QMId' cannot be retrieved from the local Windows Registry. Error 2: The system cannot find the file specified.


System errors:
=============
Error: (02/28/2019 04:39:08 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/28/2019 02:33:20 PM) (Source: DCOM) (EventID: 10016) (User: FirstFloor)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user FirstFloor\LULI SID (S-1-5-21-2725568288-2542343644-1725383603-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2019 02:33:17 PM) (Source: DCOM) (EventID: 10016) (User: FirstFloor)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user FirstFloor\LULI SID (S-1-5-21-2725568288-2542343644-1725383603-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2019 02:26:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: 2019-02 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB4487044).

Error: (02/28/2019 11:10:17 AM) (Source: DCOM) (EventID: 10016) (User: FirstFloor)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user FirstFloor\Baba SID (S-1-5-21-2725568288-2542343644-1725383603-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2019 11:10:17 AM) (Source: DCOM) (EventID: 10016) (User: FirstFloor)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user FirstFloor\Baba SID (S-1-5-21-2725568288-2542343644-1725383603-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2019 11:05:28 AM) (Source: DCOM) (EventID: 10016) (User: FirstFloor)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user FirstFloor\Baba SID (S-1-5-21-2725568288-2542343644-1725383603-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2019 11:05:28 AM) (Source: DCOM) (EventID: 10016) (User: FirstFloor)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user FirstFloor\Baba SID (S-1-5-21-2725568288-2542343644-1725383603-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU G530 @ 2.40GHz
Percentage of memory in use: 60%
Total physical RAM: 7912.68 MB
Available physical RAM: 3138.37 MB
Total Virtual: 15848.68 MB
Available Virtual: 9976.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:365.38 GB) (Free:272.52 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:512.69 GB) (Free:495.73 GB) NTFS
Drive e: () (Fixed) (Total:518.35 GB) (Free:511.05 GB) NTFS

\\?\Volume{9c73f259-0000-0000-0000-40585b000000}\ () (Fixed) (Total:0.83 GB) (Free:0.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 9C73F259)
Partition 1: (Active) - (Size=365.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=853 MB) - (Type=27)
Partition 3: (Not Active) - (Size=1031 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================


  • 0

#8
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

iMacg3,

 

And the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.02.2019 01
Ran by Baba (administrator) on FIRSTFLOOR (28-02-2019 19:00:12)
Running from C:\Users\Baba\Desktop
Loaded Profiles: Baba & LULI (Available Profiles: Baba & LULI & DefaultAppPool)
Platform: Windows 10 Pro Version 1809 17763.253 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ArcSoft, Inc. -> ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\snmp.exe
(Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20453.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\LULI\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\LULI\AppData\Local\FluxSoftware\Flux\flux.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20453.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Mozilla Thunderbird\thunderbird.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\Baba\AppData\Local\FluxSoftware\Flux\flux.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Mozilla Thunderbird\thunderbird.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Wanari Ltd.) [File not signed] C:\Gyula Commander\Gyula's Navigator\WinNav.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (Canon Inc. -> CANON INC.)
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\Run: [f.lux] => C:\Users\Baba\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\Policies\Explorer: [New Value #1] 0000000000000000
HKU\S-1-5-21-2725568288-2542343644-1725383603-1001\...\Run: [f.lux] => C:\Users\LULI\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (F.lux Software LLC -> f.lux Software LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-25] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7c3d8d50-f45f-4136-b83e-632f1b96058e}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{859b3bdf-7f10-4215-8454-797533f4d8fb}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2725568288-2542343644-1725383603-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-2725568288-2542343644-1725383603-1000 -> {FDD2333B-BFEA-4AF5-8C5A-C0D7E995061E} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2725568288-2542343644-1725383603-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\IEExt\ie_plugin.dll [2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\IEExt\ie_plugin.dll [2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)

FireFox:
========
FF DefaultProfile: z21laev6.default-1526912703655
FF ProfilePath: c:\programdata\kaspersky lab\safebrowser\kis\s-1-5-21-2725568288-2542343644-1725383603-1000\firefox [2018-07-03]
FF ProfilePath: C:\Users\Baba\AppData\Roaming\Mozilla\Firefox\Profiles\z21laev6.default-1526912703655 [2019-02-28]
FF Homepage: Mozilla\Firefox\Profiles\z21laev6.default-1526912703655 -> www.msn.com
FF Extension: (Honey) - C:\Users\Baba\AppData\Roaming\Mozilla\Firefox\Profiles\z21laev6.default-1526912703655\Extensions\[email protected] [2019-02-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-07-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-12] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-12] (Adobe Systems Incorporated -> )
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2725568288-2542343644-1725383603-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Baba\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-27] (Citrix Online -> Citrix Online)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/
CHR NewTab: Default ->  Active:"chrome-extension://llelondjpcjljnjihdflhpclcpbiaiba/iframe_msn.html"
CHR Profile: C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default [2019-02-26]
CHR Extension: (Slides) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-18]
CHR Extension: (Docs) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-18]
CHR Extension: (Google Drive) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-18]
CHR Extension: (YouTube) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-18]
CHR Extension: (Sheets) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-18]
CHR Extension: (SearchBar) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjefgkhmchopegjeicnblodnidbammed [2019-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30]
CHR Extension: (MSN New Tab) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\llelondjpcjljnjihdflhpclcpbiaiba [2019-02-22]
CHR Extension: (Kaspersky Protection) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2018-05-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-10]
CHR Extension: (Gmail) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-22]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2013-10-24] (ArcSoft, Inc. -> ArcSoft, Inc.)
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe [354672 2017-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe [426416 2018-05-25] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381128 2019-01-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SNMP; C:\WINDOWS\System32\snmp.exe [53248 2019-02-27] (Microsoft Windows -> Microsoft Corporation)
R2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [46592 2019-02-27] (Microsoft Windows -> Microsoft Corporation)
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [116224 2009-10-14] (WDC) [File not signed]
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-22] (Microsoft Corporation -> Microsoft Corporation)
S4 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (Kaspersky Lab -> AO Kaspersky Lab)
R3 igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [5382856 2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 IntcDAud; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [317440 2010-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel® Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70880 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [119904 2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [85704 2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2018-10-25] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207560 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [1214752 2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP18.0.0\Bases\klids.sys [190784 2019-02-22] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1058616 2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-06-22] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45768 2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [244544 2019-02-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [100136 2019-02-04] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [301336 2019-02-13] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116096 2019-02-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [198464 2019-02-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93888 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [141000 2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [121344 2018-09-15] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.)
R3 nuviocir; C:\WINDOWS\system32\DRIVERS\nuviocir_x64.sys [40464 2015-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-02-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-22] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-28 18:59 - 2019-02-28 18:59 - 000000000 ____D C:\Users\Baba\Desktop\FRST-OlderVersion
2019-02-27 15:10 - 2019-02-27 15:10 - 000000020 ___SH C:\Users\LULI\ntuser.ini
2019-02-27 10:52 - 2019-02-27 10:52 - 004488192 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-02-27 10:52 - 2019-02-27 10:52 - 003442176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-02-27 10:52 - 2019-02-27 10:52 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpsnap.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmpsnap.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntwin.exe
2019-02-27 10:52 - 2019-02-27 10:52 - 000107882 _____ C:\WINDOWS\SysWOW64\mib_ii.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000107882 _____ C:\WINDOWS\system32\mib_ii.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntagnt.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntwin.exe
2019-02-27 10:52 - 2019-02-27 10:52 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntagnt.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2019-02-27 10:52 - 2019-02-27 10:52 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2019-02-27 10:52 - 2019-02-27 10:52 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
2019-02-27 10:52 - 2019-02-27 10:52 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hostmib.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000048593 _____ C:\WINDOWS\SysWOW64\hostmib.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000048593 _____ C:\WINDOWS\system32\hostmib.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmp.exe
2019-02-27 10:52 - 2019-02-27 10:52 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\lmmib2.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hostmib.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lmmib2.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000034317 _____ C:\WINDOWS\SysWOW64\msiprip2.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000034317 _____ C:\WINDOWS\system32\msiprip2.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000030448 _____ C:\WINDOWS\SysWOW64\mcastmib.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000030448 _____ C:\WINDOWS\system32\mcastmib.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntcmd.exe
2019-02-27 10:52 - 2019-02-27 10:52 - 000026236 _____ C:\WINDOWS\SysWOW64\wins.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000026236 _____ C:\WINDOWS\system32\wins.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000026100 _____ C:\WINDOWS\SysWOW64\lmmib2.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000026100 _____ C:\WINDOWS\system32\lmmib2.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000022462 _____ C:\WINDOWS\SysWOW64\rfc2571.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000022462 _____ C:\WINDOWS\system32\rfc2571.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntcmd.exe
2019-02-27 10:52 - 2019-02-27 10:52 - 000021271 _____ C:\WINDOWS\SysWOW64\http.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000021271 _____ C:\WINDOWS\system32\http.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64mib.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000015799 _____ C:\WINDOWS\SysWOW64\ipforwd.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000015799 _____ C:\WINDOWS\system32\ipforwd.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000015032 _____ C:\WINDOWS\SysWOW64\authserv.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000015032 _____ C:\WINDOWS\system32\authserv.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000014032 _____ C:\WINDOWS\SysWOW64\accserv.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000014032 _____ C:\WINDOWS\system32\accserv.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000013767 _____ C:\WINDOWS\SysWOW64\msipbtp.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000013767 _____ C:\WINDOWS\system32\msipbtp.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpmib.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmpmib.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000006179 _____ C:\WINDOWS\SysWOW64\ftp.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000006179 _____ C:\WINDOWS\system32\ftp.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000004597 _____ C:\WINDOWS\SysWOW64\dhcp.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000004597 _____ C:\WINDOWS\system32\dhcp.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000004411 _____ C:\WINDOWS\SysWOW64\smi.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000004411 _____ C:\WINDOWS\system32\smi.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000000698 _____ C:\WINDOWS\SysWOW64\inetsrv.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000000698 _____ C:\WINDOWS\system32\inetsrv.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000000581 _____ C:\WINDOWS\SysWOW64\msft.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000000581 _____ C:\WINDOWS\system32\msft.mib
2019-02-27 03:03 - 2019-02-27 00:47 - 000000000 ____D C:\Windows.old
2019-02-27 00:51 - 2019-02-27 00:51 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-02-27 00:47 - 2019-02-27 00:47 - 000000020 ___SH C:\Users\Baba\ntuser.ini
2019-02-27 00:44 - 2019-02-28 18:55 - 000004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{533217DB-FD4E-42B3-B68C-EDDD1267D52C}
2019-02-27 00:44 - 2019-02-27 19:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-27 00:44 - 2019-02-27 00:47 - 000003322 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-02-27 00:44 - 2019-02-27 00:46 - 000003752 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-02-27 00:44 - 2019-02-27 00:46 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-27 00:44 - 2019-02-27 00:46 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2725568288-2542343644-1725383603-1001
2019-02-27 00:44 - 2019-02-27 00:46 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2725568288-2542343644-1725383603-1000
2019-02-27 00:44 - 2019-02-27 00:46 - 000002702 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2019-02-27 00:44 - 2019-02-27 00:46 - 000002332 _____ C:\WINDOWS\System32\Tasks\{3C4851B8-E534-4046-8D5C-FB19C1E6A784}
2019-02-27 00:44 - 2019-02-27 00:46 - 000002188 _____ C:\WINDOWS\System32\Tasks\{E82607DB-91BE-410B-B9C7-87446FC2DDBA}
2019-02-27 00:44 - 2019-02-27 00:45 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-02-27 00:44 - 2019-02-27 00:45 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-27 00:44 - 2019-02-27 00:45 - 000002378 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2019-02-27 00:44 - 2019-02-27 00:45 - 000002376 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2019-02-27 00:44 - 2019-02-27 00:45 - 000002292 _____ C:\WINDOWS\System32\Tasks\Asrsetup
2019-02-27 00:44 - 2019-02-27 00:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2019-02-27 00:44 - 2019-02-27 00:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\Western Digital
2019-02-27 00:41 - 2019-02-27 00:44 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2019-02-27 00:41 - 2019-02-27 00:44 - 000015243 _____ C:\WINDOWS\diagerr.xml
2019-02-27 00:28 - 2019-02-27 19:17 - 000971820 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-27 00:18 - 2019-02-27 00:18 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-02-27 00:13 - 2019-02-27 15:10 - 000000000 ____D C:\Users\LULI
2019-02-27 00:13 - 2019-02-27 00:47 - 000000000 ____D C:\Users\Baba
2019-02-27 00:13 - 2019-02-27 00:26 - 000000000 ____D C:\Users\DefaultAppPool
2019-02-27 00:13 - 2018-09-15 02:29 - 000001105 _____ C:\Users\LULI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-27 00:13 - 2018-09-15 02:29 - 000001105 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-27 00:13 - 2018-09-15 02:29 - 000001105 _____ C:\Users\Baba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-27 00:09 - 2019-02-27 00:09 - 000000000 ____D C:\ProgramData\USOShared
2019-02-27 00:09 - 2018-09-15 02:28 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2019-02-27 00:05 - 2019-02-28 18:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-27 00:05 - 2019-02-27 00:22 - 000461408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-26 23:41 - 2019-02-27 03:03 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2019-02-26 23:41 - 2019-02-26 23:41 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2019-02-26 23:39 - 2019-02-26 23:41 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-02-26 23:37 - 2019-02-27 03:03 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-02-26 23:37 - 2019-02-26 23:37 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2019-02-26 23:37 - 2019-02-26 23:37 - 000000000 ____D C:\WINDOWS\system32\msmq
2019-02-26 23:37 - 2019-02-26 23:37 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2019-02-26 23:37 - 2019-02-26 23:37 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-02-26 23:37 - 2019-02-26 23:37 - 000000000 ____D C:\Program Files\MSBuild
2019-02-26 23:37 - 2019-02-26 23:37 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-02-26 23:37 - 2019-02-26 23:37 - 000000000 ____D C:\inetpub
2019-02-26 23:34 - 2018-09-09 17:17 - 001167960 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2019-02-26 23:34 - 2018-09-09 17:16 - 000035440 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2019-02-26 23:34 - 2018-08-29 17:56 - 000780376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2019-02-26 23:34 - 2018-08-29 17:56 - 000104560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2019-02-26 23:34 - 2018-08-29 17:56 - 000036896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2019-02-26 23:33 - 2018-09-09 17:16 - 000126064 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2019-02-26 23:21 - 2019-02-26 23:21 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-02-26 22:53 - 2019-02-27 00:47 - 000000000 ___DC C:\WINDOWS\Panther
2019-02-26 18:43 - 2019-02-26 18:43 - 000000000 ___HD C:\$Windows.~WS
2019-02-26 17:33 - 2019-02-26 17:33 - 000000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2019-02-26 17:33 - 2019-02-26 17:33 - 000000719 _____ C:\Users\Baba\Desktop\Windows 10 Update Assistant.lnk
2019-02-26 17:33 - 2019-02-26 17:33 - 000000000 ___HD C:\$GetCurrent
2019-02-26 17:33 - 2019-02-26 17:33 - 000000000 ____D C:\Windows10Upgrade
2019-02-26 17:30 - 2019-02-26 17:30 - 006132216 _____ (Microsoft Corporation) C:\Users\Baba\Desktop\Windows10Upgrade9252.exe
2019-02-24 15:16 - 2019-02-27 19:52 - 000048849 _____ C:\Users\Baba\Desktop\sfcdetails.txt
2019-02-23 15:58 - 2019-02-23 15:59 - 000002807 _____ C:\Users\Baba\Desktop\FSS.txt
2019-02-23 15:58 - 2019-02-23 15:58 - 000899584 _____ (Farbar) C:\Users\Baba\Desktop\FSS (1).exe
2019-02-23 15:56 - 2019-02-23 15:58 - 000899584 _____ (Farbar) C:\Users\Baba\Desktop\FSS.exe
2019-02-22 13:55 - 2019-02-22 13:56 - 000053853 _____ C:\Users\Baba\Desktop\Addition.txt
2019-02-22 13:53 - 2019-02-28 19:01 - 000025314 _____ C:\Users\Baba\Desktop\FRST.txt
2019-02-22 13:51 - 2019-02-28 18:59 - 002434048 _____ (Farbar) C:\Users\Baba\Desktop\FRST64.exe
2019-02-22 13:08 - 2019-02-28 19:00 - 000000000 ____D C:\FRST
2019-02-13 10:33 - 2019-02-13 10:33 - 000301336 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2019-02-13 10:32 - 2019-02-13 10:33 - 000198464 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2019-02-13 10:32 - 2019-02-13 10:32 - 000244544 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2019-02-13 10:32 - 2019-02-13 10:32 - 000116096 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2019-02-05 16:56 - 2019-02-05 16:56 - 000000080 ___SH C:\bootTel.dat
2019-02-04 11:23 - 2019-02-04 11:23 - 000100136 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2019-01-30 12:21 - 2019-02-27 03:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series User Registration
2019-01-30 12:18 - 2019-01-30 12:18 - 000000000 ____D C:\Program Files\Canon

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-28 18:55 - 2015-08-12 13:38 - 000000000 ____D C:\Users\Baba\AppData\Local\ClassicShell
2019-02-28 18:36 - 2018-09-15 02:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-28 18:07 - 2014-05-23 01:13 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-02-28 18:06 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-28 14:37 - 2018-09-15 01:09 - 000000000 ____D C:\WINDOWS\servicing
2019-02-28 14:35 - 2016-11-22 14:52 - 000000000 ____D C:\Users\LULI\AppData\LocalLow\Mozilla
2019-02-28 11:55 - 2018-09-15 02:31 - 000000000 ____D C:\WINDOWS\INF
2019-02-28 11:28 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-28 11:21 - 2016-11-22 00:31 - 000000000 ____D C:\Users\Baba\AppData\LocalLow\Mozilla
2019-02-28 10:16 - 2015-08-12 14:06 - 000000000 ____D C:\Users\LULI\AppData\Local\ClassicShell
2019-02-27 19:16 - 2018-09-15 02:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-27 19:10 - 2017-01-05 23:09 - 000000580 __RSH C:\ProgramData\ntuser.pol
2019-02-27 19:08 - 2018-09-15 01:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-02-27 19:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2019-02-27 19:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2019-02-27 19:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2019-02-27 19:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2019-02-27 19:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2019-02-27 19:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2019-02-27 19:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\et-EE
2019-02-27 19:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\es-MX
2019-02-27 15:30 - 2018-01-21 13:34 - 000000000 ____D C:\Users\LULI\AppData\Local\Packages
2019-02-27 15:12 - 2016-09-22 15:33 - 000000000 ____D C:\Users\LULI\AppData\Local\ConnectedDevicesPlatform
2019-02-27 15:11 - 2018-01-21 14:11 - 000000000 ___RD C:\Users\LULI\3D Objects
2019-02-27 15:11 - 2015-08-12 12:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-02-27 10:48 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ServiceState
2019-02-27 10:43 - 2018-01-21 13:37 - 000000000 ____D C:\Users\Baba\AppData\Local\Packages
2019-02-27 10:42 - 2018-07-17 21:50 - 000000000 ____D C:\ProgramData\Packages
2019-02-27 10:35 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\appcompat
2019-02-27 03:04 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-02-27 03:04 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2019-02-27 03:04 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-02-27 03:04 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\spool
2019-02-27 03:04 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-02-27 03:04 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-02-27 03:04 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\IME
2019-02-27 03:04 - 2018-09-15 02:31 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-02-27 03:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2019-02-27 03:04 - 2015-10-14 09:02 - 000000000 ____D C:\WINDOWS\system32\STRING
2019-02-27 03:04 - 2014-05-25 08:48 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2019-02-27 03:04 - 2014-05-22 23:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2019-02-27 03:03 - 2019-01-14 09:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
2019-02-27 03:03 - 2019-01-13 23:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-27 03:03 - 2018-11-21 11:19 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2019-02-27 03:03 - 2018-10-26 09:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2019-02-27 03:03 - 2018-09-15 02:33 - 000000000 __SHD C:\Program Files\Windows Sidebar
2019-02-27 03:03 - 2018-09-15 02:33 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2019-02-27 03:03 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2019-02-27 03:03 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\schemas
2019-02-27 03:03 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\Resources
2019-02-27 03:03 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-02-27 03:03 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-27 03:03 - 2018-09-15 02:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-02-27 03:03 - 2018-05-25 21:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2019-02-27 03:03 - 2018-05-22 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2019-02-27 03:03 - 2018-05-17 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Excel Repair
2019-02-27 03:03 - 2018-04-10 08:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-02-27 03:03 - 2016-12-30 10:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-02-27 03:03 - 2016-09-22 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2019-02-27 03:03 - 2015-12-08 11:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-02-27 03:03 - 2015-11-11 23:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series Manual
2019-02-27 03:03 - 2015-10-30 04:07 - 000000000 ____D C:\WINDOWS\ShellNew
2019-02-27 03:03 - 2015-10-14 09:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series
2019-02-27 03:03 - 2015-08-07 11:40 - 000000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2019-02-27 03:03 - 2015-04-03 09:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-02-27 03:03 - 2014-10-31 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
2019-02-27 03:03 - 2014-09-12 23:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IMSI TurboCAD Deluxe v11
2019-02-27 03:03 - 2014-07-02 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoStudio 6
2019-02-27 03:03 - 2014-05-25 08:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft OmniPage SE 2.0
2019-02-27 03:03 - 2014-05-25 08:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Presto! PageManager 6
2019-02-27 03:03 - 2014-05-23 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-02-27 03:03 - 2014-05-23 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox
2019-02-27 03:03 - 2014-05-23 14:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office X6
2019-02-27 03:03 - 2014-05-23 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2019-02-27 03:03 - 2014-05-22 23:29 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-02-27 03:03 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2019-02-27 03:03 - 2009-07-14 00:32 - 000000000 ___RD C:\Program Files\Microsoft Games
2019-02-27 03:03 - 2009-07-13 22:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-02-27 00:47 - 2018-01-21 14:06 - 000000000 ___RD C:\Users\Baba\3D Objects
2019-02-27 00:47 - 2016-09-22 12:39 - 000000000 ____D C:\Users\Baba\AppData\Local\ConnectedDevicesPlatform
2019-02-27 00:46 - 2018-09-15 01:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-02-27 00:44 - 2018-09-15 02:33 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-27 00:32 - 2018-09-15 02:33 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-02-27 00:31 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\Registration
2019-02-27 00:31 - 2014-05-22 20:32 - 000032220 _____ C:\WINDOWS\system32\emptyregdb.dat
2019-02-27 00:30 - 2018-09-15 02:33 - 000000000 __RSD C:\WINDOWS\media
2019-02-27 00:26 - 2018-01-18 12:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-27 00:20 - 2014-05-23 00:34 - 000000000 ____D C:\Users\Baba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-02-27 00:09 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\USOPrivate
2019-02-27 00:09 - 2018-05-12 11:16 - 000000000 ____D C:\Program Files\KeyboardNotification
2019-02-27 00:08 - 2017-08-02 21:58 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2019-02-26 23:57 - 2018-09-15 02:36 - 000000000 ____D C:\WINDOWS\Setup
2019-02-26 23:57 - 2014-05-22 20:36 - 000008192 __RSH C:\BOOTSECT.BAK
2019-02-26 23:52 - 2015-08-12 10:08 - 000000001 ___SH C:\BOOTNXT
2019-02-26 23:52 - 2014-05-22 20:36 - 000408342 __RSH C:\bootmgr
2019-02-26 23:49 - 2018-09-15 02:33 - 000000000 __RHD C:\Users\Public\Libraries
2019-02-26 23:49 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-02-26 23:44 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-02-26 23:42 - 2016-05-17 22:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2019-02-26 23:42 - 2015-10-14 09:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2019-02-26 23:42 - 2014-05-25 08:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2019-02-26 23:42 - 2014-05-23 16:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2019-02-26 23:41 - 2017-08-02 21:58 - 000000000 ____D C:\Program Files\Realtek
2019-02-26 23:37 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2019-02-26 23:36 - 2018-09-15 02:41 - 000605696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2019-02-26 23:36 - 2018-09-15 02:41 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2019-02-26 23:36 - 2018-09-15 02:41 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2019-02-26 23:36 - 2018-09-15 02:41 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2019-02-26 23:36 - 2018-09-15 02:41 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2019-02-26 23:36 - 2018-09-15 02:41 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2019-02-26 23:36 - 2018-09-15 02:41 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2019-02-26 23:36 - 2018-09-15 02:41 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2019-02-26 23:36 - 2018-09-15 02:41 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2019-02-26 23:36 - 2018-09-15 02:41 - 000009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2019-02-26 23:36 - 2018-09-15 02:40 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2019-02-26 23:36 - 2018-09-15 02:40 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2019-02-26 23:36 - 2018-09-15 02:40 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2019-02-26 23:36 - 2018-09-15 02:40 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2019-02-26 23:36 - 2018-09-15 02:40 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2019-02-26 23:36 - 2018-09-15 02:40 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2019-02-26 23:36 - 2018-09-15 02:40 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 001401856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2019-02-26 23:36 - 2018-09-15 02:38 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2019-02-26 23:36 - 2018-09-15 02:38 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2019-02-26 23:36 - 2018-09-15 02:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2019-02-26 23:36 - 2018-09-15 02:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2019-02-26 23:36 - 2018-09-15 02:38 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2019-02-26 23:36 - 2018-09-15 02:38 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2019-02-26 23:36 - 2018-09-15 02:37 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2019-02-26 23:35 - 2018-09-15 02:38 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2019-02-26 23:35 - 2018-09-15 02:38 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2019-02-22 23:17 - 2018-05-14 16:57 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-02-22 15:54 - 2015-11-05 10:00 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-16 15:20 - 2018-05-21 09:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-02-16 15:02 - 2017-01-05 22:42 - 000000845 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2019-02-16 15:02 - 2015-12-25 15:58 - 000000000 ____D C:\Mozilla Thunderbird
2019-02-16 15:02 - 2014-06-12 00:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-16 15:01 - 2017-03-10 10:12 - 000001537 _____ C:\Users\Baba\Desktop\Mozilla Thunderbird.lnk
2019-02-14 19:23 - 2018-01-12 22:31 - 000000000 ____D C:\Program Files\rempl
2019-02-13 14:54 - 2018-05-21 09:25 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-02-13 10:07 - 2014-05-23 12:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-12 23:00 - 2014-05-23 12:45 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-10 16:20 - 2019-01-23 15:38 - 000000000 ___RD C:\Users\Baba\OneDrive
2019-02-09 11:35 - 2016-03-02 10:24 - 000004536 _____ C:\Users\Baba\Documents\PDF_Log.txt
2019-02-08 17:11 - 2015-08-12 14:05 - 000000000 ___RD C:\Users\LULI\OneDrive
2019-02-04 12:09 - 2014-06-12 00:12 - 000000000 ____D C:\ProgramData\Mozilla
2019-02-01 17:31 - 2018-09-15 02:36 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-01 17:31 - 2018-09-15 02:36 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-30 12:28 - 2014-05-25 08:55 - 000000000 ____D C:\Program Files (x86)\Canon
2019-01-30 12:23 - 2015-04-03 09:44 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2019-01-30 12:23 - 2015-04-03 09:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2019-01-30 12:20 - 2015-10-14 09:04 - 000000000 ____D C:\ProgramData\CanonIJWSpt
2019-01-30 12:13 - 2014-07-29 19:31 - 000000000 ____D C:\Users\LULI\AppData\Roaming\Canon
2019-01-30 12:13 - 2014-06-12 00:06 - 000000000 ____D C:\Users\Baba\AppData\Roaming\Canon

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================


  • 0

#9
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 898 posts
Hi,

For now, please just post to the topic here until it's marked "Resolved" - once we're finished, you can continue with the topic at BleepingComputer.

---------------

Press the Windows Key + R. This will open the Run box.
Type Appwiz.cpl and click OK.

A list of installed programs will appear. Uninstall the below programs by selecting them and clicking Uninstall:

PrimoPDF Packages

Follow the steps in the uninstaller to remove the program.

(Note - no need to uninstall PrimoPDF. Uninstall the program PrimoPDF Packages.)

-------------------

Highlight the contents of the below code box and press Ctrl + C:
Start::

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File

Task: {0CFB409B-20BE-414D-8043-A1246D8E0931} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {274A02ED-2182-48C3-909C-F06C38F94E4D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {34B1411D-BB8C-4754-A2FC-9A5B482990F0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {34DD0165-3A4D-46F0-B447-931A9AA90DB5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3612DEA1-5E73-415B-85F0-39B91F86D5E2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {37B5FC89-CF89-4553-A66B-246405986E0D} - System32\Tasks\{3C4851B8-E534-4046-8D5C-FB19C1E6A784} => C:\Windows\system32\pcalua.exe -a "C:\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\VS Revo Group\Revo Uninstaller"
Task: {461BF656-1915-437D-B38E-C5E5BA7516EE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {831597CC-D25D-4792-9CC4-608EA90BDAFE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B1925673-35F0-4ADA-B470-797CA4195D5F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {B57BF88D-2754-471D-AC78-3A52ECF35042} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D593B5A5-1A58-42C2-AC50-4E4C083523AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E6DBA9C9-312A-47F9-8718-51F1465893E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F369DF17-C336-433B-AC48-29BDD7BFFE34} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2725568288-2542343644-1725383603-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-2725568288-2542343644-1725383603-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =


End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
Please copy and paste the contents of the fixlog into your next reply.

Thanks.
  • 0

#10
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

iMacg3,

 

Here is the Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.02.2019 01
Ran by Baba (28-02-2019 22:49:15) Run:1
Running from C:\Users\Baba\Desktop
Loaded Profiles: Baba & LULI (Available Profiles: Baba & LULI & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
Task: {0CFB409B-20BE-414D-8043-A1246D8E0931} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {274A02ED-2182-48C3-909C-F06C38F94E4D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {34B1411D-BB8C-4754-A2FC-9A5B482990F0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {34DD0165-3A4D-46F0-B447-931A9AA90DB5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3612DEA1-5E73-415B-85F0-39B91F86D5E2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {37B5FC89-CF89-4553-A66B-246405986E0D} - System32\Tasks\{3C4851B8-E534-4046-8D5C-FB19C1E6A784} => C:\Windows\system32\pcalua.exe -a "C:\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\VS Revo Group\Revo Uninstaller"
Task: {461BF656-1915-437D-B38E-C5E5BA7516EE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {831597CC-D25D-4792-9CC4-608EA90BDAFE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B1925673-35F0-4ADA-B470-797CA4195D5F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {B57BF88D-2754-471D-AC78-3A52ECF35042} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D593B5A5-1A58-42C2-AC50-4E4C083523AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E6DBA9C9-312A-47F9-8718-51F1465893E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F369DF17-C336-433B-AC48-29BDD7BFFE34} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2725568288-2542343644-1725383603-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-2725568288-2542343644-1725383603-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CFB409B-20BE-414D-8043-A1246D8E0931}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CFB409B-20BE-414D-8043-A1246D8E0931}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{274A02ED-2182-48C3-909C-F06C38F94E4D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{274A02ED-2182-48C3-909C-F06C38F94E4D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34B1411D-BB8C-4754-A2FC-9A5B482990F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34B1411D-BB8C-4754-A2FC-9A5B482990F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34DD0165-3A4D-46F0-B447-931A9AA90DB5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34DD0165-3A4D-46F0-B447-931A9AA90DB5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3612DEA1-5E73-415B-85F0-39B91F86D5E2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3612DEA1-5E73-415B-85F0-39B91F86D5E2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37B5FC89-CF89-4553-A66B-246405986E0D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37B5FC89-CF89-4553-A66B-246405986E0D}" => removed successfully
C:\WINDOWS\System32\Tasks\{3C4851B8-E534-4046-8D5C-FB19C1E6A784} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3C4851B8-E534-4046-8D5C-FB19C1E6A784}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{461BF656-1915-437D-B38E-C5E5BA7516EE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{461BF656-1915-437D-B38E-C5E5BA7516EE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{831597CC-D25D-4792-9CC4-608EA90BDAFE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{831597CC-D25D-4792-9CC4-608EA90BDAFE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1925673-35F0-4ADA-B470-797CA4195D5F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1925673-35F0-4ADA-B470-797CA4195D5F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B57BF88D-2754-471D-AC78-3A52ECF35042}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B57BF88D-2754-471D-AC78-3A52ECF35042}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D593B5A5-1A58-42C2-AC50-4E4C083523AA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D593B5A5-1A58-42C2-AC50-4E4C083523AA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6DBA9C9-312A-47F9-8718-51F1465893E5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6DBA9C9-312A-47F9-8718-51F1465893E5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F369DF17-C336-433B-AC48-29BDD7BFFE34}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F369DF17-C336-433B-AC48-29BDD7BFFE34}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => removed successfully
HKLM\Software\Classes\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => not found
HKU\S-1-5-21-2725568288-2542343644-1725383603-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => removed successfully
HKLM\Software\Classes\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => not found

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24558289 B
Java, Flash, Steam htmlcache => 1298 B
Windows/system/drivers => 355308 B
Edge => 3710778 B
Chrome => 150733502 B
Firefox => 80470320 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 22818 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3588 B
LocalService => 0 B
NetworkService => 8030 B
NetworkService => 0 B
Baba => 3839668 B
LULI => 10125249 B
DefaultAppPool => 39202 B

RecycleBin => 100149823 B
EmptyTemp: => 366.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:52:38 ====


  • 0

Advertisements


#11
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 898 posts
Hi,

Right-click on FRST/FRST64 and click Run as Administrator
Click on Scan. Once the scan is complete, two log files will open in Notepad. (FRST.txt and Addition.txt)

Please copy and paste the contents of FRST.txt and Addition.txt in your next reply.

---------------------------

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • Click on Get Started.
  • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.

  • 0

#12
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

iMacg3,

 

Here are the two scans from FRST64; in the next post I will do the EST Scans:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.02.2019 01
Ran by Baba (administrator) on FIRSTFLOOR (01-03-2019 10:52:58)
Running from C:\Users\Baba\Desktop
Loaded Profiles: Baba & LULI (Available Profiles: Baba & LULI & DefaultAppPool)
Platform: Windows 10 Pro Version 1809 17763.316 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ArcSoft, Inc. -> ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe
(Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20453.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\Baba\AppData\Local\FluxSoftware\Flux\flux.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\LULI\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\LULI\AppData\Local\FluxSoftware\Flux\flux.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (Canon Inc. -> CANON INC.)
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\Run: [f.lux] => C:\Users\Baba\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\Policies\Explorer: [New Value #1] 0000000000000000
HKU\S-1-5-21-2725568288-2542343644-1725383603-1001\...\Run: [f.lux] => C:\Users\LULI\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (F.lux Software LLC -> f.lux Software LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-25] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7c3d8d50-f45f-4136-b83e-632f1b96058e}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{859b3bdf-7f10-4215-8454-797533f4d8fb}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-2725568288-2542343644-1725383603-1000 -> {FDD2333B-BFEA-4AF5-8C5A-C0D7E995061E} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\IEExt\ie_plugin.dll [2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\IEExt\ie_plugin.dll [2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)

FireFox:
========
FF DefaultProfile: z21laev6.default-1526912703655
FF ProfilePath: c:\programdata\kaspersky lab\safebrowser\kis\s-1-5-21-2725568288-2542343644-1725383603-1000\firefox [2018-07-03]
FF ProfilePath: C:\Users\Baba\AppData\Roaming\Mozilla\Firefox\Profiles\z21laev6.default-1526912703655 [2019-03-01]
FF Homepage: Mozilla\Firefox\Profiles\z21laev6.default-1526912703655 -> www.msn.com
FF Extension: (Honey) - C:\Users\Baba\AppData\Roaming\Mozilla\Firefox\Profiles\z21laev6.default-1526912703655\Extensions\[email protected] [2019-02-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-07-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-12] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-12] (Adobe Systems Incorporated -> )
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2725568288-2542343644-1725383603-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Baba\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-27] (Citrix Online -> Citrix Online)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/
CHR NewTab: Default ->  Active:"chrome-extension://llelondjpcjljnjihdflhpclcpbiaiba/iframe_msn.html"
CHR Profile: C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default [2019-02-28]
CHR Extension: (Slides) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-18]
CHR Extension: (Docs) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-18]
CHR Extension: (Google Drive) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-18]
CHR Extension: (YouTube) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-18]
CHR Extension: (Sheets) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-18]
CHR Extension: (SearchBar) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjefgkhmchopegjeicnblodnidbammed [2019-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30]
CHR Extension: (MSN New Tab) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\llelondjpcjljnjihdflhpclcpbiaiba [2019-02-22]
CHR Extension: (Kaspersky Protection) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2018-05-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-10]
CHR Extension: (Gmail) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-22]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2013-10-24] (ArcSoft, Inc. -> ArcSoft, Inc.)
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe [354672 2017-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe [426416 2018-05-25] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381128 2019-01-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SNMP; C:\WINDOWS\System32\snmp.exe [53248 2019-02-27] (Microsoft Windows -> Microsoft Corporation)
R2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [46592 2019-02-27] (Microsoft Windows -> Microsoft Corporation)
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [116224 2009-10-14] (WDC) [File not signed]
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-22] (Microsoft Corporation -> Microsoft Corporation)
S4 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (Kaspersky Lab -> AO Kaspersky Lab)
R3 igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [5382856 2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 IntcDAud; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [317440 2010-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel® Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70880 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [119904 2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [85704 2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2018-10-25] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207560 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [1214752 2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP18.0.0\Bases\klids.sys [190784 2019-02-22] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1058616 2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-06-22] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45768 2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [244544 2019-02-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [100136 2019-02-04] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [301336 2019-02-13] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116096 2019-02-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [198464 2019-02-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93888 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [141000 2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [121344 2018-09-15] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.)
S3 nuviocir; C:\WINDOWS\system32\DRIVERS\nuviocir_x64.sys [40464 2015-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-02-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-22] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-28 22:49 - 2019-02-28 22:52 - 000009790 _____ C:\Users\Baba\Desktop\Fixlog.txt
2019-02-28 18:59 - 2019-02-28 18:59 - 000000000 ____D C:\Users\Baba\Desktop\FRST-OlderVersion
2019-02-28 14:34 - 2019-02-28 14:34 - 019284480 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 019023872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 007897088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 007724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 005440008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 005112792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 004488192 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-02-28 14:34 - 2019-02-28 14:34 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 003442176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-02-28 14:34 - 2019-02-28 14:34 - 002469648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 002278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 001309184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 001289192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 001282640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 001259024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-28 14:34 - 2019-02-28 14:34 - 001200920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\assignedaccessmanagersvc.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 000829440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 000762272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 000617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessManager.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 000429056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 000421904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2019-02-28 14:34 - 2019-02-28 14:34 - 000263360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-28 14:33 - 2019-02-28 14:34 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 026807296 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 023439360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 020812288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 015224832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 008875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 007883776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 006540424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 006070272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 005584864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 005205464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 004885504 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 004688896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 004627456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 004526080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 003922944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 002942464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 002776920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 002689024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 002298880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 002275888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001720936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001700864 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001671864 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001467560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001271608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001168384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001047552 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 001018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000875008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-28 14:33 - 2019-02-28 14:33 - 000762368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000652320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000649272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000622592 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000522312 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-02-28 14:33 - 2019-02-28 14:33 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-28 14:33 - 2019-02-28 14:33 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasppp.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000277536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2019-02-28 14:33 - 2019-02-28 14:33 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spopk.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupcln.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-28 14:33 - 2019-02-28 14:33 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlahc.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\PktMon.exe
2019-02-28 14:33 - 2019-02-28 14:33 - 000091424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\nslookup.exe
2019-02-28 14:33 - 2019-02-28 14:33 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nslookup.exe
2019-02-28 14:33 - 2019-02-28 14:33 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-28 14:33 - 2019-02-28 14:33 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-28 14:32 - 2019-02-28 14:32 - 002927120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-28 14:32 - 2019-02-28 14:32 - 002702528 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-28 14:32 - 2019-02-28 14:32 - 002626592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-28 14:32 - 2019-02-28 14:32 - 002072728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-28 14:32 - 2019-02-28 14:32 - 001994768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-28 14:32 - 2019-02-28 14:32 - 000588304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2019-02-28 14:32 - 2019-02-28 14:32 - 000535048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-02-28 14:32 - 2019-02-28 14:32 - 000475152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-28 14:32 - 2019-02-28 14:32 - 000430904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2019-02-28 14:32 - 2019-02-28 14:32 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-28 14:32 - 2019-02-28 14:32 - 000262672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-28 14:32 - 2019-02-28 14:32 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-28 14:32 - 2019-02-28 14:32 - 000121872 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 022111856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 009683984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-28 14:31 - 2019-02-28 14:31 - 005565952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 004702704 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-28 14:31 - 2019-02-28 14:31 - 004298752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 004019200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 003662336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-28 14:31 - 2019-02-28 14:31 - 002437552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 001969680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-28 14:31 - 2019-02-28 14:31 - 001715712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 001696936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-28 14:31 - 2019-02-28 14:31 - 001641400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 001467384 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-28 14:31 - 2019-02-28 14:31 - 001446400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 001415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 001341584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-28 14:31 - 2019-02-28 14:31 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 001178344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-28 14:31 - 2019-02-28 14:31 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2019-02-28 14:31 - 2019-02-28 14:31 - 000982032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-28 14:31 - 2019-02-28 14:31 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000901632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000887808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000800256 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000726208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-02-28 14:31 - 2019-02-28 14:31 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000496872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2019-02-28 14:31 - 2019-02-28 14:31 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasppp.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\spopk.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2019-02-28 14:31 - 2019-02-28 14:31 - 000074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2019-02-28 14:31 - 2019-02-28 14:31 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpkinstall.exe
2019-02-28 14:31 - 2019-02-28 14:31 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-28 14:30 - 2019-02-28 14:30 - 007645600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-28 14:30 - 2019-02-28 14:30 - 005527552 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-02-28 14:30 - 2019-02-28 14:30 - 003386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-28 14:30 - 2019-02-28 14:30 - 002618880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2019-02-28 14:30 - 2019-02-28 14:30 - 002488320 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-02-28 14:30 - 2019-02-28 14:30 - 002187264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-28 14:30 - 2019-02-28 14:30 - 001604096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-28 14:30 - 2019-02-28 14:30 - 001533440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-28 14:30 - 2019-02-28 14:30 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-28 14:30 - 2019-02-28 14:30 - 001054200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-28 14:30 - 2019-02-28 14:30 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-28 14:30 - 2019-02-28 14:30 - 000864056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2019-02-28 14:30 - 2019-02-28 14:30 - 000820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-02-28 14:30 - 2019-02-28 14:30 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2019-02-28 14:30 - 2019-02-28 14:30 - 000097592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2019-02-28 14:29 - 2019-02-28 14:29 - 017520640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 005561856 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 004991096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 003556352 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 002992640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 002766136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 002721280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-28 14:29 - 2019-02-28 14:29 - 002466304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 002149368 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 002085376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 002021584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 001975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 001700880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 001331744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 001258512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-02-28 14:29 - 2019-02-28 14:29 - 001255736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-28 14:29 - 2019-02-28 14:29 - 001221120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-02-28 14:29 - 2019-02-28 14:29 - 001209360 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 001050936 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-28 14:29 - 2019-02-28 14:29 - 000982576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000970256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000865784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000850968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000822448 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000806560 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-28 14:29 - 2019-02-28 14:29 - 000806560 _____ C:\WINDOWS\system32\locale.nls
2019-02-28 14:29 - 2019-02-28 14:29 - 000799568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000765960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000752136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-02-28 14:29 - 2019-02-28 14:29 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000741888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000651792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-28 14:29 - 2019-02-28 14:29 - 000651304 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-02-28 14:29 - 2019-02-28 14:29 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000629576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000612368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2019-02-28 14:29 - 2019-02-28 14:29 - 000604552 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-02-28 14:29 - 2019-02-28 14:29 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-02-28 14:29 - 2019-02-28 14:29 - 000506408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000419128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-28 14:29 - 2019-02-28 14:29 - 000408800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-28 14:29 - 2019-02-28 14:29 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-02-28 14:29 - 2019-02-28 14:29 - 000387384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000375544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-02-28 14:29 - 2019-02-28 14:29 - 000353488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000298296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2019-02-28 14:29 - 2019-02-28 14:29 - 000276488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTF.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000203280 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000202552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MTF.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiohlp.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000195896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-28 14:29 - 2019-02-28 14:29 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2019-02-28 14:29 - 2019-02-28 14:29 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSrv.exe
2019-02-28 14:29 - 2019-02-28 14:29 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2019-02-28 14:29 - 2019-02-28 14:29 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiohlp.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000148480 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2019-02-28 14:29 - 2019-02-28 14:29 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000132104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-02-28 14:29 - 2019-02-28 14:29 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2019-02-28 14:29 - 2019-02-28 14:29 - 000114856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000090424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000080400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2019-02-28 14:29 - 2019-02-28 14:29 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo-overrides.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000047136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-28 14:29 - 2019-02-28 14:29 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-28 14:29 - 2019-02-28 14:29 - 000039304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000033056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-28 14:29 - 2019-02-28 14:29 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-02-28 14:29 - 2019-02-28 14:29 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-02-28 14:29 - 2019-02-28 14:29 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-02-28 14:29 - 2019-02-28 14:29 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-02-28 14:29 - 2019-02-28 14:29 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-02-28 14:29 - 2019-02-28 14:29 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-02-28 14:29 - 2019-02-28 14:29 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-02-28 14:29 - 2019-02-28 14:29 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-02-28 14:29 - 2019-02-28 14:29 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-27 15:10 - 2019-02-27 15:10 - 000000020 ___SH C:\Users\LULI\ntuser.ini
2019-02-27 10:52 - 2019-02-27 10:52 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpsnap.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmpsnap.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntwin.exe
2019-02-27 10:52 - 2019-02-27 10:52 - 000107882 _____ C:\WINDOWS\SysWOW64\mib_ii.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000107882 _____ C:\WINDOWS\system32\mib_ii.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntagnt.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntwin.exe
2019-02-27 10:52 - 2019-02-27 10:52 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntagnt.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2019-02-27 10:52 - 2019-02-27 10:52 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2019-02-27 10:52 - 2019-02-27 10:52 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
2019-02-27 10:52 - 2019-02-27 10:52 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hostmib.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000048593 _____ C:\WINDOWS\SysWOW64\hostmib.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000048593 _____ C:\WINDOWS\system32\hostmib.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmp.exe
2019-02-27 10:52 - 2019-02-27 10:52 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\lmmib2.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hostmib.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lmmib2.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000034317 _____ C:\WINDOWS\SysWOW64\msiprip2.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000034317 _____ C:\WINDOWS\system32\msiprip2.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000030448 _____ C:\WINDOWS\SysWOW64\mcastmib.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000030448 _____ C:\WINDOWS\system32\mcastmib.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntcmd.exe
2019-02-27 10:52 - 2019-02-27 10:52 - 000026236 _____ C:\WINDOWS\SysWOW64\wins.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000026236 _____ C:\WINDOWS\system32\wins.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000026100 _____ C:\WINDOWS\SysWOW64\lmmib2.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000026100 _____ C:\WINDOWS\system32\lmmib2.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000022462 _____ C:\WINDOWS\SysWOW64\rfc2571.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000022462 _____ C:\WINDOWS\system32\rfc2571.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntcmd.exe
2019-02-27 10:52 - 2019-02-27 10:52 - 000021271 _____ C:\WINDOWS\SysWOW64\http.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000021271 _____ C:\WINDOWS\system32\http.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64mib.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000015799 _____ C:\WINDOWS\SysWOW64\ipforwd.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000015799 _____ C:\WINDOWS\system32\ipforwd.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000015032 _____ C:\WINDOWS\SysWOW64\authserv.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000015032 _____ C:\WINDOWS\system32\authserv.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000014032 _____ C:\WINDOWS\SysWOW64\accserv.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000014032 _____ C:\WINDOWS\system32\accserv.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000013767 _____ C:\WINDOWS\SysWOW64\msipbtp.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000013767 _____ C:\WINDOWS\system32\msipbtp.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpmib.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmpmib.dll
2019-02-27 10:52 - 2019-02-27 10:52 - 000006179 _____ C:\WINDOWS\SysWOW64\ftp.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000006179 _____ C:\WINDOWS\system32\ftp.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000004597 _____ C:\WINDOWS\SysWOW64\dhcp.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000004597 _____ C:\WINDOWS\system32\dhcp.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000004411 _____ C:\WINDOWS\SysWOW64\smi.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000004411 _____ C:\WINDOWS\system32\smi.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000000698 _____ C:\WINDOWS\SysWOW64\inetsrv.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000000698 _____ C:\WINDOWS\system32\inetsrv.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000000581 _____ C:\WINDOWS\SysWOW64\msft.mib
2019-02-27 10:52 - 2019-02-27 10:52 - 000000581 _____ C:\WINDOWS\system32\msft.mib
2019-02-27 03:03 - 2019-02-27 00:47 - 000000000 ____D C:\Windows.old
2019-02-27 00:51 - 2019-02-27 00:51 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-02-27 00:47 - 2019-02-27 00:47 - 000000020 ___SH C:\Users\Baba\ntuser.ini
2019-02-27 00:44 - 2019-02-28 22:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-27 00:44 - 2019-02-28 22:44 - 000004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{533217DB-FD4E-42B3-B68C-EDDD1267D52C}
2019-02-27 00:44 - 2019-02-27 00:47 - 000003322 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-02-27 00:44 - 2019-02-27 00:46 - 000003752 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-02-27 00:44 - 2019-02-27 00:46 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-27 00:44 - 2019-02-27 00:46 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2725568288-2542343644-1725383603-1001
2019-02-27 00:44 - 2019-02-27 00:46 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2725568288-2542343644-1725383603-1000
2019-02-27 00:44 - 2019-02-27 00:46 - 000002702 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2019-02-27 00:44 - 2019-02-27 00:46 - 000002188 _____ C:\WINDOWS\System32\Tasks\{E82607DB-91BE-410B-B9C7-87446FC2DDBA}
2019-02-27 00:44 - 2019-02-27 00:45 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-02-27 00:44 - 2019-02-27 00:45 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-27 00:44 - 2019-02-27 00:45 - 000002378 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2019-02-27 00:44 - 2019-02-27 00:45 - 000002376 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2019-02-27 00:44 - 2019-02-27 00:45 - 000002292 _____ C:\WINDOWS\System32\Tasks\Asrsetup
2019-02-27 00:44 - 2019-02-27 00:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2019-02-27 00:44 - 2019-02-27 00:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\Western Digital
2019-02-27 00:41 - 2019-02-27 00:44 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2019-02-27 00:41 - 2019-02-27 00:44 - 000015243 _____ C:\WINDOWS\diagerr.xml
2019-02-27 00:28 - 2019-02-28 23:05 - 000971820 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-27 00:18 - 2019-02-27 00:18 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-02-27 00:13 - 2019-02-27 15:10 - 000000000 ____D C:\Users\LULI
2019-02-27 00:13 - 2019-02-27 00:47 - 000000000 ____D C:\Users\Baba
2019-02-27 00:13 - 2019-02-27 00:26 - 000000000 ____D C:\Users\DefaultAppPool
2019-02-27 00:13 - 2018-09-15 02:29 - 000001105 _____ C:\Users\LULI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-27 00:13 - 2018-09-15 02:29 - 000001105 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-27 00:13 - 2018-09-15 02:29 - 000001105 _____ C:\Users\Baba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-27 00:09 - 2019-02-27 00:09 - 000000000 ____D C:\ProgramData\USOShared
2019-02-27 00:09 - 2018-09-15 02:28 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2019-02-27 00:05 - 2019-03-01 10:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-27 00:05 - 2019-02-28 22:58 - 000461408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-26 23:41 - 2019-02-27 03:03 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2019-02-26 23:41 - 2019-02-26 23:41 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2019-02-26 23:39 - 2019-02-26 23:41 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-02-26 23:37 - 2019-02-27 03:03 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-02-26 23:37 - 2019-02-26 23:37 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2019-02-26 23:37 - 2019-02-26 23:37 - 000000000 ____D C:\WINDOWS\system32\msmq
2019-02-26 23:37 - 2019-02-26 23:37 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2019-02-26 23:37 - 2019-02-26 23:37 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-02-26 23:37 - 2019-02-26 23:37 - 000000000 ____D C:\Program Files\MSBuild
2019-02-26 23:37 - 2019-02-26 23:37 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-02-26 23:37 - 2019-02-26 23:37 - 000000000 ____D C:\inetpub
2019-02-26 23:34 - 2018-09-09 17:17 - 001167960 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2019-02-26 23:34 - 2018-09-09 17:16 - 000035440 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2019-02-26 23:34 - 2018-08-29 17:56 - 000780376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2019-02-26 23:34 - 2018-08-29 17:56 - 000104560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2019-02-26 23:34 - 2018-08-29 17:56 - 000036896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2019-02-26 23:33 - 2018-09-09 17:16 - 000126064 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2019-02-26 23:21 - 2019-02-26 23:21 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-02-26 22:53 - 2019-02-27 00:47 - 000000000 ___DC C:\WINDOWS\Panther
2019-02-26 18:43 - 2019-02-26 18:43 - 000000000 ___HD C:\$Windows.~WS
2019-02-26 17:33 - 2019-02-26 17:33 - 000000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2019-02-26 17:33 - 2019-02-26 17:33 - 000000719 _____ C:\Users\Baba\Desktop\Windows 10 Update Assistant.lnk
2019-02-26 17:33 - 2019-02-26 17:33 - 000000000 ___HD C:\$GetCurrent
2019-02-26 17:33 - 2019-02-26 17:33 - 000000000 ____D C:\Windows10Upgrade
2019-02-26 17:30 - 2019-02-26 17:30 - 006132216 _____ (Microsoft Corporation) C:\Users\Baba\Desktop\Windows10Upgrade9252.exe
2019-02-24 15:16 - 2019-02-27 19:52 - 000048849 _____ C:\Users\Baba\Desktop\sfcdetails.txt
2019-02-23 15:58 - 2019-02-23 15:59 - 000002807 _____ C:\Users\Baba\Desktop\FSS.txt
2019-02-23 15:58 - 2019-02-23 15:58 - 000899584 _____ (Farbar) C:\Users\Baba\Desktop\FSS (1).exe
2019-02-23 15:56 - 2019-02-23 15:58 - 000899584 _____ (Farbar) C:\Users\Baba\Desktop\FSS.exe
2019-02-22 13:55 - 2019-02-28 19:05 - 000047642 _____ C:\Users\Baba\Desktop\Addition.txt
2019-02-22 13:53 - 2019-03-01 10:54 - 000024003 _____ C:\Users\Baba\Desktop\FRST.txt
2019-02-22 13:51 - 2019-02-28 18:59 - 002434048 _____ (Farbar) C:\Users\Baba\Desktop\FRST64.exe
2019-02-22 13:08 - 2019-03-01 10:52 - 000000000 ____D C:\FRST
2019-02-13 10:33 - 2019-02-13 10:33 - 000301336 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2019-02-13 10:32 - 2019-02-13 10:33 - 000198464 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2019-02-13 10:32 - 2019-02-13 10:32 - 000244544 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2019-02-13 10:32 - 2019-02-13 10:32 - 000116096 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2019-02-05 16:56 - 2019-02-05 16:56 - 000000080 ___SH C:\bootTel.dat
2019-02-04 11:23 - 2019-02-04 11:23 - 000100136 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2019-01-30 12:21 - 2019-02-27 03:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series User Registration
2019-01-30 12:18 - 2019-01-30 12:18 - 000000000 ____D C:\Program Files\Canon

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-01 10:52 - 2015-08-12 13:38 - 000000000 ____D C:\Users\Baba\AppData\Local\ClassicShell
2019-03-01 10:46 - 2016-11-22 00:31 - 000000000 ____D C:\Users\Baba\AppData\LocalLow\Mozilla
2019-03-01 10:46 - 2015-08-12 14:06 - 000000000 ____D C:\Users\LULI\AppData\Local\ClassicShell
2019-03-01 10:46 - 2014-05-23 01:13 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-03-01 10:39 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-01 07:38 - 2018-09-15 02:31 - 000000000 ____D C:\WINDOWS\INF
2019-03-01 07:36 - 2016-11-22 14:52 - 000000000 ____D C:\Users\LULI\AppData\LocalLow\Mozilla
2019-03-01 07:33 - 2018-01-21 14:11 - 000000000 ___RD C:\Users\LULI\3D Objects
2019-03-01 07:33 - 2015-08-12 12:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-02-28 23:08 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-28 23:06 - 2018-09-15 02:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-28 23:01 - 2018-01-21 14:06 - 000000000 ___RD C:\Users\Baba\3D Objects
2019-02-28 22:57 - 2018-09-15 01:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-02-28 22:54 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-28 22:54 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-02-28 22:54 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-02-28 22:54 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-02-28 22:54 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-02-28 22:54 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-02-28 22:54 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-28 22:54 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-02-28 22:54 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-28 22:54 - 2018-09-15 01:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-02-28 22:52 - 2014-07-01 15:14 - 000000000 ____D C:\Users\LULI\AppData\LocalLow\Temp
2019-02-28 18:36 - 2018-09-15 02:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-28 14:37 - 2018-09-15 01:09 - 000000000 ____D C:\WINDOWS\servicing
2019-02-28 14:29 - 2014-05-22 20:36 - 000408344 __RSH C:\bootmgr
2019-02-27 19:10 - 2017-01-05 23:09 - 000000580 __RSH C:\ProgramData\ntuser.pol
2019-02-27 19:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2019-02-27 19:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2019-02-27 19:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2019-02-27 19:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2019-02-27 19:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2019-02-27 19:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2019-02-27 19:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\et-EE
2019-02-27 19:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\es-MX
2019-02-27 15:30 - 2018-01-21 13:34 - 000000000 ____D C:\Users\LULI\AppData\Local\Packages
2019-02-27 15:12 - 2016-09-22 15:33 - 000000000 ____D C:\Users\LULI\AppData\Local\ConnectedDevicesPlatform
2019-02-27 10:48 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ServiceState
2019-02-27 10:43 - 2018-01-21 13:37 - 000000000 ____D C:\Users\Baba\AppData\Local\Packages
2019-02-27 10:42 - 2018-07-17 21:50 - 000000000 ____D C:\ProgramData\Packages
2019-02-27 10:35 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\appcompat
2019-02-27 03:04 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-02-27 03:04 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2019-02-27 03:04 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-02-27 03:04 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\spool
2019-02-27 03:04 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-02-27 03:04 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-02-27 03:04 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\IME
2019-02-27 03:04 - 2018-09-15 02:31 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-02-27 03:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2019-02-27 03:04 - 2015-10-14 09:02 - 000000000 ____D C:\WINDOWS\system32\STRING
2019-02-27 03:04 - 2014-05-25 08:48 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2019-02-27 03:04 - 2014-05-22 23:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2019-02-27 03:03 - 2019-01-14 09:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
2019-02-27 03:03 - 2019-01-13 23:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-27 03:03 - 2018-11-21 11:19 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2019-02-27 03:03 - 2018-10-26 09:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2019-02-27 03:03 - 2018-09-15 02:33 - 000000000 __SHD C:\Program Files\Windows Sidebar
2019-02-27 03:03 - 2018-09-15 02:33 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2019-02-27 03:03 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2019-02-27 03:03 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\schemas
2019-02-27 03:03 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\Resources
2019-02-27 03:03 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-02-27 03:03 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-27 03:03 - 2018-09-15 02:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-02-27 03:03 - 2018-05-25 21:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2019-02-27 03:03 - 2018-05-22 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2019-02-27 03:03 - 2018-05-17 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Excel Repair
2019-02-27 03:03 - 2018-04-10 08:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-02-27 03:03 - 2016-12-30 10:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-02-27 03:03 - 2016-09-22 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2019-02-27 03:03 - 2015-12-08 11:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-02-27 03:03 - 2015-11-11 23:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series Manual
2019-02-27 03:03 - 2015-10-30 04:07 - 000000000 ____D C:\WINDOWS\ShellNew
2019-02-27 03:03 - 2015-10-14 09:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series
2019-02-27 03:03 - 2015-08-07 11:40 - 000000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2019-02-27 03:03 - 2015-04-03 09:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-02-27 03:03 - 2014-10-31 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
2019-02-27 03:03 - 2014-09-12 23:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IMSI TurboCAD Deluxe v11
2019-02-27 03:03 - 2014-07-02 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoStudio 6
2019-02-27 03:03 - 2014-05-25 08:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft OmniPage SE 2.0
2019-02-27 03:03 - 2014-05-25 08:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Presto! PageManager 6
2019-02-27 03:03 - 2014-05-23 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-02-27 03:03 - 2014-05-23 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox
2019-02-27 03:03 - 2014-05-23 14:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office X6
2019-02-27 03:03 - 2014-05-23 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2019-02-27 03:03 - 2014-05-22 23:29 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-02-27 03:03 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2019-02-27 03:03 - 2009-07-14 00:32 - 000000000 ___RD C:\Program Files\Microsoft Games
2019-02-27 03:03 - 2009-07-13 22:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-02-27 00:47 - 2016-09-22 12:39 - 000000000 ____D C:\Users\Baba\AppData\Local\ConnectedDevicesPlatform
2019-02-27 00:46 - 2018-09-15 01:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-02-27 00:44 - 2018-09-15 02:33 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-27 00:32 - 2018-09-15 02:33 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-02-27 00:31 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\Registration
2019-02-27 00:31 - 2014-05-22 20:32 - 000032220 _____ C:\WINDOWS\system32\emptyregdb.dat
2019-02-27 00:30 - 2018-09-15 02:33 - 000000000 __RSD C:\WINDOWS\media
2019-02-27 00:26 - 2018-01-18 12:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-27 00:20 - 2014-05-23 00:34 - 000000000 ____D C:\Users\Baba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-02-27 00:09 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\USOPrivate
2019-02-27 00:09 - 2018-05-12 11:16 - 000000000 ____D C:\Program Files\KeyboardNotification
2019-02-27 00:08 - 2017-08-02 21:58 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2019-02-26 23:57 - 2018-09-15 02:36 - 000000000 ____D C:\WINDOWS\Setup
2019-02-26 23:57 - 2014-05-22 20:36 - 000008192 __RSH C:\BOOTSECT.BAK
2019-02-26 23:49 - 2018-09-15 02:33 - 000000000 __RHD C:\Users\Public\Libraries
2019-02-26 23:49 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-02-26 23:42 - 2016-05-17 22:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2019-02-26 23:42 - 2015-10-14 09:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2019-02-26 23:42 - 2014-05-25 08:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2019-02-26 23:42 - 2014-05-23 16:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2019-02-26 23:41 - 2017-08-02 21:58 - 000000000 ____D C:\Program Files\Realtek
2019-02-26 23:37 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2019-02-26 23:36 - 2018-09-15 02:41 - 000605696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2019-02-26 23:36 - 2018-09-15 02:41 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2019-02-26 23:36 - 2018-09-15 02:41 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2019-02-26 23:36 - 2018-09-15 02:41 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2019-02-26 23:36 - 2018-09-15 02:41 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2019-02-26 23:36 - 2018-09-15 02:41 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2019-02-26 23:36 - 2018-09-15 02:41 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2019-02-26 23:36 - 2018-09-15 02:41 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2019-02-26 23:36 - 2018-09-15 02:41 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2019-02-26 23:36 - 2018-09-15 02:41 - 000009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2019-02-26 23:36 - 2018-09-15 02:40 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2019-02-26 23:36 - 2018-09-15 02:40 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2019-02-26 23:36 - 2018-09-15 02:40 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2019-02-26 23:36 - 2018-09-15 02:40 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2019-02-26 23:36 - 2018-09-15 02:40 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2019-02-26 23:36 - 2018-09-15 02:40 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2019-02-26 23:36 - 2018-09-15 02:40 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 001401856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2019-02-26 23:36 - 2018-09-15 02:38 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2019-02-26 23:36 - 2018-09-15 02:38 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2019-02-26 23:36 - 2018-09-15 02:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2019-02-26 23:36 - 2018-09-15 02:38 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2019-02-26 23:36 - 2018-09-15 02:38 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2019-02-26 23:36 - 2018-09-15 02:38 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2019-02-26 23:36 - 2018-09-15 02:38 - 000009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2019-02-26 23:36 - 2018-09-15 02:37 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2019-02-26 23:35 - 2018-09-15 02:38 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2019-02-26 23:35 - 2018-09-15 02:38 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2019-02-22 23:17 - 2018-05-14 16:57 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-02-22 15:54 - 2015-11-05 10:00 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-16 15:20 - 2018-05-21 09:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-02-16 15:02 - 2017-01-05 22:42 - 000000845 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2019-02-16 15:02 - 2015-12-25 15:58 - 000000000 ____D C:\Mozilla Thunderbird
2019-02-16 15:02 - 2014-06-12 00:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-16 15:01 - 2017-03-10 10:12 - 000001537 _____ C:\Users\Baba\Desktop\Mozilla Thunderbird.lnk
2019-02-14 19:23 - 2018-01-12 22:31 - 000000000 ____D C:\Program Files\rempl
2019-02-13 14:54 - 2018-05-21 09:25 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-02-13 10:07 - 2014-05-23 12:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-12 23:00 - 2014-05-23 12:45 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-10 16:20 - 2019-01-23 15:38 - 000000000 ___RD C:\Users\Baba\OneDrive
2019-02-09 11:35 - 2016-03-02 10:24 - 000004536 _____ C:\Users\Baba\Documents\PDF_Log.txt
2019-02-08 17:11 - 2015-08-12 14:05 - 000000000 ___RD C:\Users\LULI\OneDrive
2019-02-04 12:09 - 2014-06-12 00:12 - 000000000 ____D C:\ProgramData\Mozilla
2019-02-01 17:31 - 2018-09-15 02:36 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-01 17:31 - 2018-09-15 02:36 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-30 12:28 - 2014-05-25 08:55 - 000000000 ____D C:\Program Files (x86)\Canon
2019-01-30 12:23 - 2015-04-03 09:44 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2019-01-30 12:23 - 2015-04-03 09:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2019-01-30 12:20 - 2015-10-14 09:04 - 000000000 ____D C:\ProgramData\CanonIJWSpt
2019-01-30 12:13 - 2014-07-29 19:31 - 000000000 ____D C:\Users\LULI\AppData\Roaming\Canon
2019-01-30 12:13 - 2014-06-12 00:06 - 000000000 ____D C:\Users\Baba\AppData\Roaming\Canon

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

and:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.02.2019 01
Ran by Baba (01-03-2019 10:55:20)
Running from C:\Users\Baba\Desktop
Windows 10 Pro Version 1809 17763.316 (X64) (2019-02-27 05:46:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2725568288-2542343644-1725383603-500 - Administrator - Disabled)
Baba (S-1-5-21-2725568288-2542343644-1725383603-1000 - Administrator - Enabled) => C:\Users\Baba
DefaultAccount (S-1-5-21-2725568288-2542343644-1725383603-503 - Limited - Disabled)
Guest (S-1-5-21-2725568288-2542343644-1725383603-501 - Limited - Disabled)
LULI (S-1-5-21-2725568288-2542343644-1725383603-1001 - Administrator - Enabled) => C:\Users\LULI
WDAGUtilityAccount (S-1-5-21-2725568288-2542343644-1725383603-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Disabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Disabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ArcSoft PhotoStudio 6 (HKLM-x32\...\{F95BCC10-FDA6-45BC-9AEC-C4CCCB385844}) (Version: 6.0.5.182 - ArcSoft)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version:  - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version:  - Canon Inc.)
Canon MX880 series User Registration (HKLM-x32\...\Canon MX880 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
f.lux (HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\Flux) (Version:  - f.lux Software LLC)
f.lux (HKU\S-1-5-21-2725568288-2542343644-1725383603-1001\...\Flux) (Version:  - f.lux Software LLC)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.119 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2725568288-2542343644-1725383603-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 65.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0.1 (x64 en-US)) (Version: 65.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Mozilla Thunderbird 60.5.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.5.1 (x86 en-US)) (Version: 60.5.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OmniPage SE 2.0 (HKLM-x32\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
Paradox (HKLM-x32\...\_{B568643E-076D-48A2-B5C3-7F0144D668D8}) (Version:  - Corel Corporation)
Paradox (HKLM-x32\...\{B568643E-076D-48A2-B5C3-7F0144D668D8}) (Version: 11.4 - Corel Corporation) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Stellar Phoenix Excel Repair (HKLM-x32\...\Stellar Phoenix Excel Repair_is1) (Version: 5.5.0.0 - Stellar Information Technology Pvt Ltd.)
TurboCAD Deluxe v11.2 (HKLM-x32\...\{2EEF331B-6AC8-471A-84AE-6A9ED940EDC2}) (Version: 11 - IMSI)
UBitMenu UK (HKLM-x32\...\{C8748FFB-1713-4e95-B3DF-4F1622D96F93}_is1) (Version: 01.04 - UBit Schweiz AG)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{B36AB323-9849-4486-AB8F-93E64A06E716}) (Version: 1.1.1.6 - Western Digital)
WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation)
WordPerfect Office X6 - Common Files (HKLM-x32\...\{315FE707-7A15-4B1B-8C5A-955428AAA01D}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Common Files English (HKLM-x32\...\{E1AF3785-AA77-471E-ABC5-4C2B459B877A}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Extras (HKLM-x32\...\{98F94B9C-9FF5-4053-85A6-3D4F3FA3EBA0}) (Version: 1.00.0000 - Corel Corporation)
WordPerfect Office X6 - IPM (HKLM-x32\...\{230100D9-27B4-49A3-A30F-D44B51EF56AA}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files (HKLM-x32\...\{440F51A9-8CA3-41D7-AFD5-F47820895949}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files English (HKLM-x32\...\{C4D92146-95DE-415A-99CC-51FBFF7C10CF}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Oxford (HKLM-x32\...\{8959569B-D9BA-43A9-972A-D509EE7D4BA9}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files (HKLM-x32\...\{EAA5C699-6DB5-4508-BD64-B79EB9409C9D}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files English (HKLM-x32\...\{86ACFB25-0FA5-4A01-96B5-EE8F229D456E}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files (HKLM-x32\...\{069793F3-E123-47B9-88DB-5DE76FF32ADB}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files English (HKLM-x32\...\{10FFE1D7-6A72-4483-9856-1A2FBBC5A425}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Setup Files (HKLM-x32\...\{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - System Files (HKLM-x32\...\{8270ABE3-53A5-4046-BF84-EB5FBB0F5B10}) (Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files (HKLM-x32\...\{CCADD122-70A5-47A6-8722-1BD5267B85F5}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files English (HKLM-x32\...\{CD29C36F-2C6D-4ED3-BC21-B20C8038E9A5}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - WT (HKLM-x32\...\{0F7A0D0F-6576-489E-B20B-B7C8F95BBCC3}) (Version: 16.1 -  Corel Corporation) Hidden
WordPerfect Office X6 (HKLM-x32\...\_{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.0.0.429 - Corel Corporation)
WordPerfect Office X6 (HKLM-x32\...\{F6582F6F-6CD1-4B62-8BC6-EACF98AF410F}) (Version: 16.3 - Corel Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2725568288-2542343644-1725383603-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-2725568288-2542343644-1725383603-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers2-x32: [QuickFinderMenu] -> {45dfc9aa-83c4-4ded-bc9d-f0442b4b02ea} => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\PFSE160.DLL [2013-02-13] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4-x32: [QuickFinderMenu] -> {45dfc9aa-83c4-4ded-bc9d-f0442b4b02ea} => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\PFSE160.DLL [2013-02-13] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11626404-1834-4A58-89B6-7CA6C41F7885} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {11D215A5-965D-4488-8D22-FE408B8BA1DB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {12FC2C0B-182B-40F3-9C4F-7DCA286C5D4F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1CC4108E-CE42-48F4-883B-8BCB00ADE184} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {1D28A775-9142-47FD-92AF-2E08F54F3C1F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {200842F9-9226-4313-8FFA-09DA2FB1B686} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {253552BC-FB5E-479E-AD76-B3BCD42DD069} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {2977D7D9-8CC1-466A-9700-682579C9446D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {302DD5E4-C4DB-4464-838A-B32FB24F3BAA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {38C1FDE2-24E0-4BFA-B49C-1B1F8770F046} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {3923E5BD-FDFF-473A-8459-F287189CC20C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {41B1DED8-8041-4EC3-9D58-3C2063C36CAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {440E53A5-5B92-473C-8E27-2014F3419446} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {528A0898-E9AF-4A3C-B033-DA0A665DBEFA} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe (Garmin International, Inc. -> )
Task: {5D25B177-B947-4A5D-8DDA-689EEF41A108} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {63A8AA73-C5CD-4819-8E23-44DBCDA01616} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {79DA7D54-2650-444C-BD64-1FB496C92336} - System32\Tasks\{E82607DB-91BE-410B-B9C7-87446FC2DDBA} => "c:\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.18.59.105/en/abandoninstall?page=tsPlugin
Task: {7D4339D3-3FFE-40B7-8540-D0002B53FD81} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8130C257-B07D-481E-B2FC-17343D9B9139} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {84B93907-185C-4C43-A4FD-191564783691} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {924923AD-4641-489D-936F-13E025411862} - System32\Tasks\Asrsetup => F:\ASRSetup.exe
Task: {9B8E37D6-5A30-4161-AB1D-B4A136C5207B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9CB6AB2B-B2E2-4365-86C4-C10862DE0F28} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A2224AC9-F141-40E1-9882-8340B6A84E32} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {A9EDD0E4-A1EE-47CC-8839-7A14B88C9A3F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B38C4B7F-4ADA-4884-80EC-D62E2FEBDFF4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B6CF9D92-E3E4-4F97-857C-CECEA8399343} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BCA448CD-92D4-44E4-888E-A79A7ECE56FB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C05BA778-14B3-431B-9B85-D2C402F5E8D5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D84D4011-8EEC-4A5B-B236-D989D68292A3} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D862D8AD-6E54-4649-A7DE-C91018D544EE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DB782008-4BF5-4282-B2FF-6CAB0F79216B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCA480F3-6BFF-41D1-A4FB-155215714F47} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E342E123-6091-4499-BA62-F338A589D5A6} - System32\Tasks\Western Digital\SmartWare\____Volume_707e1b3c_e212_11e3_a237_806e6f6e6963______Volume_c0f0c39f_f040_11e3_b541_002522cc415f__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {E7AB0303-E56B-4166-BB17-574157D6CE05} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E9DFC845-8197-4C5E-89FD-2B37529522F7} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {FDC242AE-1730-4790-8A50-E761F427594B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FE1A2124-3D50-4D22-890E-0B6B8BAE5F65} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-10-14 09:02 - 2010-09-08 11:27 - 000328192 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2016-07-30 08:05 - 2016-07-30 08:05 - 003661784 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2016-07-30 08:05 - 2016-07-30 08:05 - 000289240 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\System32\StartMenuHelper64.dll
2016-07-30 08:05 - 2016-07-30 08:05 - 000163800 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
2014-05-22 23:32 - 2011-02-01 14:57 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\xerces-c_2_7.dll
2014-05-22 23:32 - 2011-02-01 14:53 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\StatusStrings.dll
2019-02-27 00:19 - 2019-02-27 00:19 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2019-02-27 00:19 - 2019-02-27 00:19 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2019-01-30 12:20 - 2010-09-10 14:57 - 000023040 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Windows\twain_32\wiatwain.ds\;C:\Windows\twain_32\CNQ8400F;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\Control Panel\Desktop\\Wallpaper -> D:\Desktop\BMPs\Pride&P1.bmp
HKU\S-1-5-21-2725568288-2542343644-1725383603-1001\Control Panel\Desktop\\Wallpaper -> D:\Desktop\BMPs\Ari-Danae1.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AJRouter => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppHostSvc => 2
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: AssignedAccessManagerSvc => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BITS => 3
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: camsvc => 3
MSCONFIG\Services: CDPSvc => 2
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DeviceAssociationService => 3
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: DevQueryBroker => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: diagnosticshub.standardcollector.service => 3
MSCONFIG\Services: diagsvc => 3
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: DmEnrollmentSvc => 3
MSCONFIG\Services: dmwappushservice => 3
MSCONFIG\Services: DoSvc => 3
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: DsmSvc => 3
MSCONFIG\Services: DsSvc => 3
MSCONFIG\Services: DusmSvc => 2
MSCONFIG\Services: Eaphost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: FrameServer => 3
MSCONFIG\Services: GraphicsPerfSvc => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: HvHost => 3
MSCONFIG\Services: icssvc => 3
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: InstallService => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: IpxlatCfgSvc => 3
MSCONFIG\Services: irmon => 3
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: LicenseManager => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 3
MSCONFIG\Services: MapsBroker => 2
MSCONFIG\Services: Microsoft Office Groove Audit Service => 3
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: MSMQ => 2
MSCONFIG\Services: NaturalAuthentication => 3
MSCONFIG\Services: NcaSvc => 3
MSCONFIG\Services: NcbService => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: NetMsmqActivator => 2
MSCONFIG\Services: NetPipeActivator => 2
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NetSetupSvc => 3
MSCONFIG\Services: NetTcpActivator => 2
MSCONFIG\Services: NetTcpPortSharing => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: odserv => 3
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 3
MSCONFIG\Services: PeerDistSvc => 3
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: PhoneSvc => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PlugPlay => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: PushToInstall => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RetailDemo => 3
MSCONFIG\Services: RmSvc => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SEMgrSvc => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensorDataService => 3
MSCONFIG\Services: SensorService => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedRealitySvc => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: SmsRouter => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: spectrum => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: TieringEngineService => 3
MSCONFIG\Services: TokenBroker => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UsoSvc => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvmsession => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: w3logsvc => 3
MSCONFIG\Services: W3SVC => 2
MSCONFIG\Services: WalletService => 3
MSCONFIG\Services: WarpJITSvc => 3
MSCONFIG\Services: WAS => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WFDSConMgrSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WirelessKB850NotificationService => 2
MSCONFIG\Services: wisvc => 3
MSCONFIG\Services: WlanSvc => 3
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: wlpasvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: WpnService => 2
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxGipSvc => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run32: => "APSDaemon"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2923A4A2-4984-4CF3-92F6-317C26C0EFD0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{01CCF067-A393-49D9-B944-14A547732E85}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{37C8E12B-F6BA-4892-A854-EA46BD738107}] => (Allow) C:\Mozilla Firefox\firefox.exe No File
FirewallRules: [{B7D819A0-2E66-41B9-9AF6-2BC4E0A7B074}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)

==================== Restore Points =========================

27-02-2019 10:47:14 Windows Update

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Port Reset Failed)
Description: Unknown USB Device (Port Reset Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2019 07:32:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 2976, ProfSvc PID: 1804.

Error: (03/01/2019 07:32:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 6124, ProfSvc PID: 1804.

Error: (02/28/2019 10:50:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/28/2019 10:49:16 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0cfda5c7-9291-4d27-bc70-53d377c39231}

Error: (02/28/2019 10:41:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LockApp.exe version 10.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 32b4

Start Time: 01d4cfd4ed5551b8

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe

Report Id: b6690d0b-757e-444e-90e4-e84eaa019b64

Faulting package full name: Microsoft.LockApp_10.0.17763.1_neutral__cw5n1h2txyewy

Faulting package-relative application ID: WindowsDefaultLockScreen

Hang type: Cross-process

Error: (02/27/2019 03:12:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeSH.exe, version: 11.0.17763.1, time stamp: 0x1244354f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x000000000000008c
Faulting process id: 0x2dc0
Faulting application start time: 0x01d4ced8c81d22d9
Faulting application path: C:\WINDOWS\system32\MicrosoftEdgeSH.exe
Faulting module path: unknown
Report Id: fed23217-6bd4-4913-9846-ef25e8447bb5
Faulting package full name: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (02/27/2019 12:49:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeSH.exe, version: 11.0.17763.1, time stamp: 0x1244354f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x000000000000008c
Faulting process id: 0x17bc
Faulting application start time: 0x01d4ce60361dd92e
Faulting application path: C:\WINDOWS\system32\MicrosoftEdgeSH.exe
Faulting module path: unknown
Report Id: 01bdf342-4d4a-4c95-82b6-c9686723753b
Faulting package full name: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (02/27/2019 12:31:43 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A


System errors:
=============
Error: (03/01/2019 07:35:34 AM) (Source: DCOM) (EventID: 10016) (User: FirstFloor)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user FirstFloor\LULI SID (S-1-5-21-2725568288-2542343644-1725383603-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/01/2019 07:35:31 AM) (Source: DCOM) (EventID: 10016) (User: FirstFloor)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user FirstFloor\LULI SID (S-1-5-21-2725568288-2542343644-1725383603-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2019 11:11:40 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (02/28/2019 11:04:43 PM) (Source: DCOM) (EventID: 10016) (User: FirstFloor)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user FirstFloor\Baba SID (S-1-5-21-2725568288-2542343644-1725383603-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2019 11:04:42 PM) (Source: DCOM) (EventID: 10016) (User: FirstFloor)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user FirstFloor\Baba SID (S-1-5-21-2725568288-2542343644-1725383603-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2019 11:03:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2019 11:03:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2019 11:03:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU G530 @ 2.40GHz
Percentage of memory in use: 51%
Total physical RAM: 7912.68 MB
Available physical RAM: 3815.97 MB
Total Virtual: 15848.68 MB
Available Virtual: 11813.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:365.38 GB) (Free:272.41 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:512.69 GB) (Free:495.73 GB) NTFS
Drive e: () (Fixed) (Total:518.35 GB) (Free:511.05 GB) NTFS

\\?\Volume{9c73f259-0000-0000-0000-40585b000000}\ () (Fixed) (Total:0.83 GB) (Free:0.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 9C73F259)
Partition 1: (Active) - (Size=365.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=853 MB) - (Type=27)
Partition 3: (Not Active) - (Size=1031 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================


  • 0

#13
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

iMacg3,

 

Here is the ESET log:

 

3/1/2019 15:02:02 PM
Files scanned: 449334
Infected files: 14
Cleaned threats: 14
Total scan time 03:25:07
Scan status: Finished
 


  • 0

#14
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 898 posts
Hi,

If all is well:

Uninstall FRST
  • Right-click on FRST/FRST64, and select Rename.
  • Rename it to Uninstall.exe and press Enter on your keyboard.
  • Double-click on Uninstall.exe. Your computer will restart, and allow it to do so. FRST will now uninstall.
---------------------

Here are some tips to keep your computer safe on the Internet:

Keep your antivirus up to date and enabled. If you use Windows 8.1 or 10, using Windows Defender is sufficient protection. However, if you use Windows 7, running an antivirus is recommended. Some good AVs are Microsoft Security Essentials, BitDefender, or Kaspersky.

Keep your Windows operating system up to date. Make sure the Automatic Updates feature on your computer is enabled, so Windows can install updates automatically and keep your system up to date. Additionally, make sure to keep your third party software (such as Java, Adobe Flash, and Web browsers) up to date as well.

Use secure passwords. Make sure your passwords are complex and difficult to guess. There are password managers (for example, Bitwarden) that can help you keep track of your passwords and use secure passwords. Make sure to use a different password at every website that requires a login.

Don't download attachments without knowing what they are. Do not download any email attachments that end with an extension of .exe, .pif, .com, or .bat. When downloading third party software, make sure to download it from the developer. Also, un-check offers of additional software when installing some software you want.

I do not recommend you use "Peer-to-Peer" file sharing (P2P) programs. This is an easy way to get your computer infected, almost as easy as intentionally infecting your computer.
Avoid pirated/"cracked" software. Like using P2P applications, there is a high risk of infecting your computer.

Here are some guides for you to read about keeping your computer safe -

Keep your computer safe on the Internet

Answers to common security questions

If you ever have any malware infections on your computer (hopefully not) you can always come back here for help.

Safe surfing! :)
  • 0

#15
jsaklas

jsaklas

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

iMacg3,

 

Thanks for all your help.  Before you (or whoever) marks this as "Resolved," I have a questions.  I currently have Kaspersky on both my W7 and W10 computers.  Based on your advice and since I am happy with K, I will keep it on my W7 computer, but do you recommend that I keep it and Windows Defender on this (the W10 Pro) computer?

 

Also, one of the capabilities of Windows Defender is an App & Browser control but the description says "SmartScreen for Microsoft Store."  What is that?  I have never, to may knowledge, worked with SmartScreen and I never got, nor will I ever get, anything  from the Microsoft Store.  May I, not enable this App & Browser control?


  • 0






Similar Topics


Also tagged with one or more of these keywords: Slow, time out, Partial loading

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP