My machine runs Windows 10. I use Kaspersky for anti-virus.
Recently the computer has been very slow, especially, but Chrome is also slower, but not to the extent that Firefox is. I use Thunderbird to manage my Verizon-yahoo emails. Most of the time the emails hang up while Verizon-Yahoo tells me "Checking Inbox for new messages," and then after a minute or two, I get the error message, "Connections to server incoming.verizon.yahoo.net timed out."
Shutting Thunderbird down and reloading usually helps, but after I get my messages, some problems remain, such a the inability to forward messages -- I get the follow error message:
Sending of the message failed.
The message could not be sent because the connection to Outgoing server (SMTP) outgoing.yahoo.verizon.net was lost in the middle of the transaction. Try again.
Here are my Farbar logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.02.2019 02
Ran by Baba (administrator) on FIRSTFLOOR (22-02-2019 13:53:19)
Running from C:\Users\Baba\Desktop
Loaded Profiles: Baba & DefaultAppPool (Available Profiles: Baba & LULI & DefaultAppPool)
Platform: Windows 10 Pro Version 1803 17134.590 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avpui.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(f.lux Software LLC) C:\Users\Baba\AppData\Local\FluxSoftware\Flux\flux.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Wanari Ltd.) C:\Gyula Commander\Gyula's Navigator\WinNav.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [193112 2017-03-09] (Intel® pGFX -> Intel Corporation)
HKLM...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe [420960 2017-03-09] (Intel® pGFX -> Intel Corporation)
HKLM...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe [463960 2017-03-09] (Intel® pGFX -> Intel Corporation)
HKLM...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (Canon Inc. -> CANON INC.)
HKLM-x32...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (Canon Inc. -> CANON INC.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\Run: [f.lux] => C:\Users\Baba\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\Policies\Explorer: [New Value #1] 0000000000000000
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\MountPoints2: {c0f0c393-f040-11e3-b541-002522cc415f} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-14] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
GroupPolicy: Restriction ? <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7c3d8d50-f45f-4136-b83e-632f1b96058e}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{859b3bdf-7f10-4215-8454-797533f4d8fb}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2725568288-2542343644-1725383603-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-2725568288-2542343644-1725383603-1000 -> {FDD2333B-BFEA-4AF5-8C5A-C0D7E995061E} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\IEExt\ie_plugin.dll [2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-21] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft)
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\IEExt\ie_plugin.dll [2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\IEExt\ie_plugin.dll [2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
FireFox:
========
FF DefaultProfile: z21laev6.default-1526912703655
FF ProfilePath: c:\programdata\kaspersky lab\safebrowser\kis\s-1-5-21-2725568288-2542343644-1725383603-1000\firefox [2018-07-03]
FF ProfilePath: C:\Users\Baba\AppData\Roaming\Mozilla\Firefox\Profiles\z21laev6.default-1526912703655 [2019-02-22]
FF Homepage: Mozilla\Firefox\Profiles\z21laev6.default-1526912703655 -> www.msn.com
FF Extension: (Honey) - C:\Users\Baba\AppData\Roaming\Mozilla\Firefox\Profiles\z21laev6.default-1526912703655\Extensions\
[email protected] [2019-02-11]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-07-31]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-12] ()
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-12] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2725568288-2542343644-1725383603-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Baba\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-27] (Citrix Online)
Chrome:
=======
CHR NewTab: Default -> Active:"chrome-extension://llelondjpcjljnjihdflhpclcpbiaiba/iframe_msn.html"
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Profile: C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default [2019-02-22]
CHR Extension: (Slides) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-18]
CHR Extension: (Docs) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-18]
CHR Extension: (Google Drive) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-18]
CHR Extension: (YouTube) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-18]
CHR Extension: (Sheets) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-18]
CHR Extension: (Google Docs Offline) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30]
CHR Extension: (MSN New Tab) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\llelondjpcjljnjihdflhpclcpbiaiba [2019-02-22]
CHR Extension: (Kaspersky Protection) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2018-05-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-10]
CHR Extension: (Gmail) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-22]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2013-10-24] (ArcSoft, Inc. -> ArcSoft, Inc.)
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\avp.exe [354672 2017-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe [426416 2018-05-25] (Kaspersky Lab -> AO Kaspersky Lab)
S2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [116224 2009-10-14] (WDC) [File not signed]
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-05] (Microsoft Corporation -> Microsoft Corporation)
S4 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-05] (Microsoft Corporation -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (Kaspersky Lab -> AO Kaspersky Lab)
R3 igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [5382856 2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 IntcDAud; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [317440 2010-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel® Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70880 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [119904 2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [85704 2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2018-10-25] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207560 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [1214752 2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP18.0.0\Bases\klids.sys [190784 2019-01-14] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1058616 2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-06-22] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45768 2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [244544 2019-02-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [100136 2019-02-04] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [301336 2019-02-13] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116096 2019-02-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [198464 2019-02-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93888 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [141000 2018-07-31] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2018-05-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [121344 2018-04-11] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.)
S3 nuviocir; C:\WINDOWS\system32\DRIVERS\nuviocir_x64.sys [40464 2015-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-11-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [14464 2009-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [328696 2018-11-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-05] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation -> Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-22 13:53 - 2019-02-22 13:54 - 000022801 _____ C:\Users\Baba\Desktop\FRST.txt
2019-02-22 13:51 - 2019-02-22 13:51 - 002435072 _____ (Farbar) C:\Users\Baba\Desktop\FRST64.exe
2019-02-22 13:08 - 2019-02-22 13:53 - 000000000 ____D C:\FRST
2019-02-13 10:33 - 2019-02-13 10:33 - 000301336 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2019-02-13 10:32 - 2019-02-13 10:33 - 000198464 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2019-02-13 10:32 - 2019-02-13 10:32 - 000244544 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2019-02-13 10:32 - 2019-02-13 10:32 - 000116096 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2019-02-13 10:11 - 2019-02-05 22:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-13 10:11 - 2019-02-05 22:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-13 10:10 - 2019-02-06 02:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-13 10:10 - 2019-02-06 02:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-13 10:10 - 2019-02-05 22:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-13 10:10 - 2019-02-05 22:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-13 10:10 - 2019-02-05 22:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-13 10:10 - 2019-02-05 21:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-13 10:10 - 2019-02-05 21:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-13 10:10 - 2019-02-05 21:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-13 10:10 - 2019-02-05 21:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-13 10:10 - 2019-02-05 21:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-13 10:10 - 2019-02-05 21:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-13 10:10 - 2019-02-05 21:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-13 10:10 - 2019-02-05 21:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-13 10:10 - 2019-02-05 21:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-13 10:10 - 2019-01-09 12:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-13 10:10 - 2019-01-09 12:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-13 10:10 - 2019-01-09 12:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-13 10:10 - 2019-01-09 04:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-13 10:10 - 2019-01-09 00:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-13 10:10 - 2019-01-09 00:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-13 10:10 - 2019-01-09 00:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-13 10:10 - 2019-01-09 00:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-13 10:10 - 2019-01-09 00:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-13 10:10 - 2019-01-09 00:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-13 10:10 - 2019-01-09 00:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-13 10:10 - 2019-01-09 00:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-13 10:10 - 2019-01-09 00:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-13 10:10 - 2019-01-09 00:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-13 10:10 - 2019-01-09 00:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-13 10:10 - 2019-01-09 00:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-13 10:10 - 2019-01-09 00:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-13 10:10 - 2019-01-09 00:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-13 10:09 - 2019-02-06 02:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-13 10:09 - 2019-02-06 02:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-13 10:09 - 2019-02-06 02:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-13 10:09 - 2019-02-06 02:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-13 10:09 - 2019-02-06 02:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-13 10:09 - 2019-02-06 02:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-13 10:09 - 2019-02-06 01:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-13 10:09 - 2019-02-06 01:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-13 10:09 - 2019-02-06 01:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-13 10:09 - 2019-02-06 01:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-13 10:09 - 2019-02-05 22:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-13 10:09 - 2019-02-05 22:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-13 10:09 - 2019-02-05 22:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-13 10:09 - 2019-02-05 22:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-13 10:09 - 2019-02-05 22:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-13 10:09 - 2019-02-05 22:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-13 10:09 - 2019-02-05 22:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-13 10:09 - 2019-02-05 22:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-13 10:09 - 2019-02-05 22:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-13 10:09 - 2019-02-05 22:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-13 10:09 - 2019-02-05 22:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-13 10:09 - 2019-02-05 22:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-13 10:09 - 2019-02-05 22:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-13 10:09 - 2019-02-05 22:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-13 10:09 - 2019-02-05 22:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-13 10:09 - 2019-02-05 22:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-13 10:09 - 2019-02-05 22:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-13 10:09 - 2019-02-05 22:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-13 10:09 - 2019-02-05 22:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-13 10:09 - 2019-02-05 21:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-13 10:09 - 2019-02-05 21:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-13 10:09 - 2019-02-05 21:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-13 10:09 - 2019-02-05 21:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-13 10:09 - 2019-02-05 21:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-13 10:09 - 2019-02-05 21:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-13 10:09 - 2019-02-05 21:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-13 10:09 - 2019-02-05 21:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-13 10:09 - 2019-02-05 21:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-13 10:09 - 2019-02-05 21:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-13 10:09 - 2019-02-05 21:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-13 10:09 - 2019-02-05 21:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-13 10:09 - 2019-02-05 21:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-13 10:09 - 2019-02-05 21:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-13 10:09 - 2019-02-05 21:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-13 10:09 - 2019-02-05 21:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-13 10:09 - 2019-02-05 21:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-13 10:09 - 2019-02-05 21:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-13 10:09 - 2019-02-05 21:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-13 10:09 - 2019-02-05 21:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-13 10:09 - 2019-02-05 21:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-13 10:09 - 2019-02-05 21:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-13 10:09 - 2019-02-05 21:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-13 10:09 - 2019-02-05 21:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-13 10:09 - 2019-02-05 21:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-13 10:09 - 2019-02-05 21:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-13 10:09 - 2019-02-05 21:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-13 10:09 - 2019-02-05 20:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-13 10:09 - 2019-01-12 03:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-13 10:09 - 2019-01-11 21:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-13 10:09 - 2019-01-09 13:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-13 10:09 - 2019-01-09 12:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-13 10:09 - 2019-01-09 12:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-13 10:09 - 2019-01-09 12:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-13 10:09 - 2019-01-09 12:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-13 10:09 - 2019-01-09 05:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-13 10:09 - 2019-01-09 04:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-13 10:09 - 2019-01-09 03:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-13 10:09 - 2019-01-09 03:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-13 10:09 - 2019-01-09 00:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-13 10:09 - 2019-01-09 00:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-13 10:09 - 2019-01-09 00:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-13 10:09 - 2019-01-09 00:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-13 10:09 - 2019-01-09 00:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-13 10:09 - 2019-01-09 00:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-13 10:09 - 2019-01-09 00:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-13 10:09 - 2019-01-09 00:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-13 10:09 - 2019-01-09 00:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-13 10:09 - 2019-01-09 00:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-13 10:09 - 2019-01-09 00:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-13 10:09 - 2019-01-09 00:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-13 10:09 - 2019-01-09 00:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-13 10:09 - 2019-01-09 00:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-13 10:09 - 2019-01-09 00:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-13 10:09 - 2019-01-09 00:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-13 10:09 - 2019-01-09 00:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-13 10:09 - 2019-01-09 00:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-13 10:09 - 2019-01-09 00:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-13 10:09 - 2019-01-09 00:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-13 10:09 - 2019-01-09 00:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-13 10:09 - 2019-01-09 00:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-13 10:09 - 2019-01-09 00:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-13 10:09 - 2019-01-09 00:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-13 10:09 - 2019-01-09 00:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-13 10:09 - 2019-01-09 00:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-13 10:09 - 2019-01-09 00:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-13 10:09 - 2019-01-09 00:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-13 10:09 - 2019-01-09 00:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-13 10:09 - 2019-01-09 00:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-13 10:09 - 2019-01-09 00:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-13 10:09 - 2019-01-09 00:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-13 10:09 - 2019-01-09 00:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-13 10:09 - 2019-01-09 00:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-13 10:09 - 2019-01-09 00:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-13 10:09 - 2019-01-09 00:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-13 10:09 - 2019-01-09 00:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-13 10:09 - 2019-01-09 00:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-13 10:09 - 2019-01-09 00:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 10:09 - 2019-01-09 00:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-13 10:09 - 2019-01-09 00:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-13 10:09 - 2019-01-09 00:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-13 10:09 - 2019-01-09 00:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 10:09 - 2019-01-09 00:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-13 10:09 - 2019-01-09 00:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-13 10:09 - 2019-01-09 00:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-13 10:09 - 2019-01-09 00:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-13 10:09 - 2019-01-09 00:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-13 10:09 - 2019-01-09 00:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-13 10:09 - 2019-01-09 00:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-13 10:09 - 2019-01-09 00:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-13 10:09 - 2019-01-09 00:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-13 10:09 - 2019-01-08 23:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-13 10:09 - 2019-01-08 23:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-13 10:09 - 2019-01-08 04:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-13 10:09 - 2019-01-07 22:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-13 10:09 - 2019-01-07 22:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-13 10:09 - 2019-01-07 22:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-05 16:56 - 2019-02-05 16:56 - 000000080 ___SH C:\bootTel.dat
2019-02-04 11:23 - 2019-02-04 11:23 - 000100136 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2019-01-31 10:44 - 2018-09-19 23:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-01-30 12:21 - 2019-01-30 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series User Registration
2019-01-30 12:18 - 2019-01-30 12:18 - 000000000 ____D C:\Program Files\Canon
2019-01-25 14:14 - 2019-01-25 14:14 - 000309973 _____ C:\Users\Baba\Downloads\2016Catalog
2019-01-23 15:38 - 2019-02-10 16:20 - 000000000 ___RD C:\Users\Baba\OneDrive
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-22 13:50 - 2018-07-17 20:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-22 13:01 - 2015-08-12 13:38 - 000000000 ____D C:\Users\Baba\AppData\Local\ClassicShell
2019-02-22 12:59 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-22 12:52 - 2016-11-22 00:31 - 000000000 ____D C:\Users\Baba\AppData\LocalLow\Mozilla
2019-02-22 12:12 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-22 12:09 - 2014-05-23 01:13 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-02-21 18:51 - 2018-07-17 21:29 - 000004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{533217DB-FD4E-42B3-B68C-EDDD1267D52C}
2019-02-21 18:51 - 2015-08-12 14:06 - 000000000 ____D C:\Users\LULI\AppData\Local\ClassicShell
2019-02-21 18:44 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-21 17:58 - 2016-11-22 14:52 - 000000000 ____D C:\Users\LULI\AppData\LocalLow\Mozilla
2019-02-19 23:40 - 2018-04-11 16:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-02-19 16:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-16 15:20 - 2018-05-21 09:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-02-16 15:02 - 2017-01-05 22:42 - 000000845 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2019-02-16 15:02 - 2015-12-25 15:58 - 000000000 ____D C:\Mozilla Thunderbird
2019-02-16 15:02 - 2014-06-12 00:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-16 15:01 - 2017-03-10 10:12 - 000001537 _____ C:\Users\Baba\Desktop\Mozilla Thunderbird.lnk
2019-02-15 12:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-02-14 20:19 - 2018-07-17 21:00 - 000968720 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-14 20:19 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-14 20:14 - 2018-07-17 21:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-14 20:13 - 2018-04-11 16:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-02-14 19:49 - 2018-01-18 12:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-14 19:23 - 2018-01-12 22:31 - 000000000 ____D C:\Program Files\rempl
2019-02-13 18:11 - 2018-10-25 07:05 - 000000000 ____D C:\WINDOWS\Minidump
2019-02-13 17:44 - 2018-07-17 20:36 - 000426312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-13 17:40 - 2018-04-11 18:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-13 17:40 - 2018-04-11 18:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-13 17:40 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-13 17:39 - 2018-04-11 18:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-13 17:39 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-13 17:39 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-13 14:54 - 2018-05-21 09:25 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-02-13 12:50 - 2018-07-17 21:29 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-02-13 12:48 - 2015-11-05 10:00 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-13 10:29 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-13 10:07 - 2014-05-23 12:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-12 23:00 - 2014-05-23 12:45 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-12 20:45 - 2018-07-17 21:29 - 000004576 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-02-12 20:45 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-02-12 20:45 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-02-10 16:20 - 2018-07-17 22:39 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2725568288-2542343644-1725383603-1000
2019-02-10 16:20 - 2018-07-17 20:50 - 000002364 _____ C:\Users\Baba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-09 11:35 - 2016-03-02 10:24 - 000004536 _____ C:\Users\Baba\Documents\PDF_Log.txt
2019-02-08 17:11 - 2018-07-17 21:29 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2725568288-2542343644-1725383603-1001
2019-02-08 17:11 - 2018-07-17 20:50 - 000002364 _____ C:\Users\LULI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-08 17:11 - 2015-08-12 14:05 - 000000000 ___RD C:\Users\LULI\OneDrive
2019-02-08 10:40 - 2018-07-17 21:50 - 000000000 ____D C:\ProgramData\Packages
2019-02-05 22:01 - 2014-05-22 20:36 - 000407542 __RSH C:\bootmgr
2019-02-04 12:09 - 2014-06-12 00:12 - 000000000 ____D C:\ProgramData\Mozilla
2019-02-02 17:53 - 2018-11-14 18:16 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-02 17:53 - 2018-11-14 18:16 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-30 12:28 - 2014-05-25 08:55 - 000000000 ____D C:\Program Files (x86)\Canon
2019-01-30 12:23 - 2015-04-03 09:44 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2019-01-30 12:23 - 2015-04-03 09:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2019-01-30 12:20 - 2015-10-14 09:04 - 000000000 ____D C:\ProgramData\CanonIJWSpt
2019-01-30 12:20 - 2015-10-14 09:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2019-01-30 12:18 - 2015-11-11 23:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series Manual
2019-01-30 12:13 - 2014-07-29 19:31 - 000000000 ____D C:\Users\LULI\AppData\Roaming\Canon
2019-01-30 12:13 - 2014-06-12 00:06 - 000000000 ____D C:\Users\Baba\AppData\Roaming\Canon
2019-01-27 22:22 - 2018-07-18 00:06 - 000000000 ____D C:\Users\Baba\AppData\Local\D3DSCache
2019-01-23 15:38 - 2018-07-17 20:50 - 000000000 ____D C:\Users\Baba
Some files in TEMP:
====================
2019-01-21 23:07 - 2019-01-21 23:07 - 001974624 _____ (Oracle Corporation) C:\Users\Baba\AppData\Local\Temp\jre-8u201-windows-au.exe
2019-01-30 12:14 - 2010-07-23 04:47 - 000868752 ____N (CANON INC.) C:\Users\Baba\AppData\Local\Temp\MSETUP4.EXE
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-07-17 20:36
==================== End of FRST.txt ============================
and the Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 02
Ran by Baba (22-02-2019 13:55:08)
Running from C:\Users\Baba\Desktop
Windows 10 Pro Version 1803 17134.590 (X64) (2018-07-18 02:31:46)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2725568288-2542343644-1725383603-500 - Administrator - Disabled)
Baba (S-1-5-21-2725568288-2542343644-1725383603-1000 - Administrator - Enabled) => C:\Users\Baba
DefaultAccount (S-1-5-21-2725568288-2542343644-1725383603-503 - Limited - Disabled)
Guest (S-1-5-21-2725568288-2542343644-1725383603-501 - Limited - Disabled)
LULI (S-1-5-21-2725568288-2542343644-1725383603-1001 - Administrator - Enabled) => C:\Users\LULI
WDAGUtilityAccount (S-1-5-21-2725568288-2542343644-1725383603-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20091 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ArcSoft PhotoStudio 6 (HKLM-x32\...\{F95BCC10-FDA6-45BC-9AEC-C4CCCB385844}) (Version: 6.0.5.182 - ArcSoft)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version: - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version: - Canon Inc.)
Canon MX880 series User Registration (HKLM-x32\...\Canon MX880 series User Registration) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
f.lux (HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\Flux) (Version: - f.lux Software LLC)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 65.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0.1 (x64 en-US)) (Version: 65.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Mozilla Thunderbird 60.5.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.5.1 (x86 en-US)) (Version: 60.5.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OmniPage SE 2.0 (HKLM-x32\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
Paradox (HKLM-x32\...\_{B568643E-076D-48A2-B5C3-7F0144D668D8}) (Version: - Corel Corporation)
Paradox (HKLM-x32\...\{B568643E-076D-48A2-B5C3-7F0144D668D8}) (Version: 11.4 - Corel Corporation) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PrimoPDF Packages (HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\...\PrimoPDF Packages) (Version: - ) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Stellar Phoenix Excel Repair (HKLM-x32\...\Stellar Phoenix Excel Repair_is1) (Version: 5.5.0.0 - Stellar Information Technology Pvt Ltd.)
TurboCAD Deluxe v11.2 (HKLM-x32\...\{2EEF331B-6AC8-471A-84AE-6A9ED940EDC2}) (Version: 11 - IMSI)
UBitMenu UK (HKLM-x32\...\{C8748FFB-1713-4e95-B3DF-4F1622D96F93}_is1) (Version: 01.04 - UBit Schweiz AG)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{B36AB323-9849-4486-AB8F-93E64A06E716}) (Version: 1.1.1.6 - Western Digital)
WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation)
WordPerfect Office X6 - Common Files (HKLM-x32\...\{315FE707-7A15-4B1B-8C5A-955428AAA01D}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Common Files English (HKLM-x32\...\{E1AF3785-AA77-471E-ABC5-4C2B459B877A}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Extras (HKLM-x32\...\{98F94B9C-9FF5-4053-85A6-3D4F3FA3EBA0}) (Version: 1.00.0000 - Corel Corporation)
WordPerfect Office X6 - IPM (HKLM-x32\...\{230100D9-27B4-49A3-A30F-D44B51EF56AA}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files (HKLM-x32\...\{440F51A9-8CA3-41D7-AFD5-F47820895949}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files English (HKLM-x32\...\{C4D92146-95DE-415A-99CC-51FBFF7C10CF}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Oxford (HKLM-x32\...\{8959569B-D9BA-43A9-972A-D509EE7D4BA9}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files (HKLM-x32\...\{EAA5C699-6DB5-4508-BD64-B79EB9409C9D}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files English (HKLM-x32\...\{86ACFB25-0FA5-4A01-96B5-EE8F229D456E}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files (HKLM-x32\...\{069793F3-E123-47B9-88DB-5DE76FF32ADB}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files English (HKLM-x32\...\{10FFE1D7-6A72-4483-9856-1A2FBBC5A425}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - Setup Files (HKLM-x32\...\{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - System Files (HKLM-x32\...\{8270ABE3-53A5-4046-BF84-EB5FBB0F5B10}) (Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files (HKLM-x32\...\{CCADD122-70A5-47A6-8722-1BD5267B85F5}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files English (HKLM-x32\...\{CD29C36F-2C6D-4ED3-BC21-B20C8038E9A5}) (Version: 16.3 - Corel Corporation) Hidden
WordPerfect Office X6 - WT (HKLM-x32\...\{0F7A0D0F-6576-489E-B20B-B7C8F95BBCC3}) (Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 (HKLM-x32\...\_{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.0.0.429 - Corel Corporation)
WordPerfect Office X6 (HKLM-x32\...\{F6582F6F-6CD1-4B62-8BC6-EACF98AF410F}) (Version: 16.3 - Corel Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2725568288-2542343644-1725383603-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft)
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers1-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1-x32: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers2-x32: [QuickFinderMenu] -> {45dfc9aa-83c4-4ded-bc9d-f0442b4b02ea} => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\PFSE160.DLL [2013-02-13] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers4-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4-x32-x32: [QuickFinderMenu] -> {45dfc9aa-83c4-4ded-bc9d-f0442b4b02ea} => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\PFSE160.DLL [2013-02-13] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\ShellEx.dll [2018-10-25] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2015-07-20] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0CFB409B-20BE-414D-8043-A1246D8E0931} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {11D215A5-965D-4488-8D22-FE408B8BA1DB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {12FC2C0B-182B-40F3-9C4F-7DCA286C5D4F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1CC4108E-CE42-48F4-883B-8BCB00ADE184} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {1D28A775-9142-47FD-92AF-2E08F54F3C1F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {200842F9-9226-4313-8FFA-09DA2FB1B686} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {274A02ED-2182-48C3-909C-F06C38F94E4D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2977D7D9-8CC1-466A-9700-682579C9446D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {302DD5E4-C4DB-4464-838A-B32FB24F3BAA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {34B1411D-BB8C-4754-A2FC-9A5B482990F0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {34DD0165-3A4D-46F0-B447-931A9AA90DB5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3612DEA1-5E73-415B-85F0-39B91F86D5E2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {37B5FC89-CF89-4553-A66B-246405986E0D} - System32\Tasks\{3C4851B8-E534-4046-8D5C-FB19C1E6A784} => C:\Windows\system32\pcalua.exe -a "C:\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\VS Revo Group\Revo Uninstaller"
Task: {38C1FDE2-24E0-4BFA-B49C-1B1F8770F046} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {3923E5BD-FDFF-473A-8459-F287189CC20C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {41B1DED8-8041-4EC3-9D58-3C2063C36CAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {440E53A5-5B92-473C-8E27-2014F3419446} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {461BF656-1915-437D-B38E-C5E5BA7516EE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {528A0898-E9AF-4A3C-B033-DA0A665DBEFA} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe (Garmin International, Inc. -> )
Task: {5D25B177-B947-4A5D-8DDA-689EEF41A108} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {63A8AA73-C5CD-4819-8E23-44DBCDA01616} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {79DA7D54-2650-444C-BD64-1FB496C92336} - System32\Tasks\{E82607DB-91BE-410B-B9C7-87446FC2DDBA} => "c:\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.18.59.105/en/abandoninstall?page=tsPlugin
Task: {7D4339D3-3FFE-40B7-8540-D0002B53FD81} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8130C257-B07D-481E-B2FC-17343D9B9139} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {831597CC-D25D-4792-9CC4-608EA90BDAFE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {84B93907-185C-4C43-A4FD-191564783691} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {924923AD-4641-489D-936F-13E025411862} - System32\Tasks\Asrsetup => F:\ASRSetup.exe
Task: {9B8E37D6-5A30-4161-AB1D-B4A136C5207B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9CB6AB2B-B2E2-4365-86C4-C10862DE0F28} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A2224AC9-F141-40E1-9882-8340B6A84E32} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B1925673-35F0-4ADA-B470-797CA4195D5F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {B57BF88D-2754-471D-AC78-3A52ECF35042} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B6CF9D92-E3E4-4F97-857C-CECEA8399343} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BCA448CD-92D4-44E4-888E-A79A7ECE56FB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C05BA778-14B3-431B-9B85-D2C402F5E8D5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D593B5A5-1A58-42C2-AC50-4E4C083523AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D84D4011-8EEC-4A5B-B236-D989D68292A3} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D862D8AD-6E54-4649-A7DE-C91018D544EE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DB782008-4BF5-4282-B2FF-6CAB0F79216B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCA480F3-6BFF-41D1-A4FB-155215714F47} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E342E123-6091-4499-BA62-F338A589D5A6} - System32\Tasks\Western Digital\SmartWare\____Volume_707e1b3c_e212_11e3_a237_806e6f6e6963______Volume_c0f0c39f_f040_11e3_b541_002522cc415f__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {E6DBA9C9-312A-47F9-8718-51F1465893E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E7AB0303-E56B-4166-BB17-574157D6CE05} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E9DFC845-8197-4C5E-89FD-2B37529522F7} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {F369DF17-C336-433B-AC48-29BDD7BFFE34} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FDC242AE-1730-4790-8A50-E761F427594B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FE1A2124-3D50-4D22-890E-0B6B8BAE5F65} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-10-31 11:55 - 2011-02-28 17:37 - 000095008 _____ () C:\WINDOWS\System32\Primomonnt.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 12:32 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-02-13 10:09 - 2019-02-05 21:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-02-21 18:17 - 2019-02-21 18:18 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-02-21 18:17 - 2019-02-21 18:18 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2019-01-31 17:52 - 2019-01-31 17:55 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-01-31 17:52 - 2019-01-31 17:55 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 05:43 - 2017-10-05 05:46 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-01-15 14:53 - 2019-01-15 14:55 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-01-31 17:52 - 2019-01-31 17:55 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-01-31 17:52 - 2019-01-31 17:55 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-01-31 17:52 - 2019-01-31 17:55 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-30 12:01 - 2018-08-30 12:05 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-26 18:09 - 2018-07-26 18:11 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-08 10:39 - 2019-02-08 10:40 - 028028416 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2019-02-08 10:39 - 2019-02-08 10:40 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2017-12-01 10:24 - 2017-12-01 10:24 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-28 21:39 - 2018-11-28 21:40 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-08 10:39 - 2019-02-08 10:40 - 006033408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2019-02-14 19:49 - 2019-02-13 00:14 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll
2019-02-14 19:49 - 2019-02-13 00:14 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll
2018-10-04 14:36 - 2018-10-04 14:39 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-02-21 18:17 - 2019-02-21 18:18 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-02-14 19:46 - 2019-02-14 19:47 - 010541568 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-02-14 19:46 - 2019-02-14 19:47 - 002933760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\skypert.dll
2019-02-14 19:46 - 2019-02-14 19:47 - 000688640 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2019-02-14 19:46 - 2019-02-14 19:47 - 002362096 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\Processing.NDI.Lib.UWP.x64.dll
2019-02-12 09:51 - 2019-02-12 09:51 - 008562688 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1901.311.0_x64__8wekyb3d8bbwe\OneConnect.dll
2018-05-25 21:21 - 2018-05-25 21:21 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\kpcengine.2.3.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Windows\twain_32\wiatwain.ds\;C:\Windows\twain_32\CNQ8400F;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2725568288-2542343644-1725383603-1000\Control Panel\Desktop\\Wallpaper -> D:\Desktop\BMPs\Pride&P1.bmp
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\Services: AJRouter => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppHostSvc => 2
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: AssignedAccessManagerSvc => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BITS => 3
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: camsvc => 3
MSCONFIG\Services: CDPSvc => 2
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DeviceAssociationService => 3
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: DevQueryBroker => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: diagnosticshub.standardcollector.service => 3
MSCONFIG\Services: diagsvc => 3
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: DmEnrollmentSvc => 3
MSCONFIG\Services: dmwappushservice => 3
MSCONFIG\Services: DoSvc => 3
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: DsmSvc => 3
MSCONFIG\Services: DsSvc => 3
MSCONFIG\Services: DusmSvc => 2
MSCONFIG\Services: Eaphost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: FrameServer => 3
MSCONFIG\Services: GraphicsPerfSvc => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: HvHost => 3
MSCONFIG\Services: icssvc => 3
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: InstallService => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: IpxlatCfgSvc => 3
MSCONFIG\Services: irmon => 3
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: LicenseManager => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 3
MSCONFIG\Services: MapsBroker => 2
MSCONFIG\Services: Microsoft Office Groove Audit Service => 3
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: MSMQ => 2
MSCONFIG\Services: NaturalAuthentication => 3
MSCONFIG\Services: NcaSvc => 3
MSCONFIG\Services: NcbService => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: NetMsmqActivator => 2
MSCONFIG\Services: NetPipeActivator => 2
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NetSetupSvc => 3
MSCONFIG\Services: NetTcpActivator => 2
MSCONFIG\Services: NetTcpPortSharing => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: odserv => 3
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 3
MSCONFIG\Services: PeerDistSvc => 3
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: PhoneSvc => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PlugPlay => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: PushToInstall => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RetailDemo => 3
MSCONFIG\Services: RmSvc => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SEMgrSvc => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensorDataService => 3
MSCONFIG\Services: SensorService => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedRealitySvc => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: SmsRouter => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: spectrum => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: TieringEngineService => 3
MSCONFIG\Services: TokenBroker => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UsoSvc => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvmsession => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: w3logsvc => 3
MSCONFIG\Services: W3SVC => 2
MSCONFIG\Services: WalletService => 3
MSCONFIG\Services: WarpJITSvc => 3
MSCONFIG\Services: WAS => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WFDSConMgrSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WirelessKB850NotificationService => 2
MSCONFIG\Services: wisvc => 3
MSCONFIG\Services: WlanSvc => 3
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: wlpasvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: WpnService => 2
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxGipSvc => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B7D819A0-2E66-41B9-9AF6-2BC4E0A7B074}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{37C8E12B-F6BA-4892-A854-EA46BD738107}] => (Allow) C:\Mozilla Firefox\firefox.exe No File
FirewallRules: [{01CCF067-A393-49D9-B944-14A547732E85}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B3799B94-0C32-49C9-88D6-010F200A895F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
==================== Restore Points =========================
31-01-2019 10:44:09 Windows Update
12-02-2019 22:59:04 Windows Update
20-02-2019 11:38:34 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: Unknown USB Device (Port Reset Failed)
Description: Unknown USB Device (Port Reset Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/19/2019 10:48:52 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (02/19/2019 10:48:52 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
Error: (02/15/2019 10:42:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 65.0.1.6981 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2be4
Start Time: 01d4c5a6ab4911d9
Termination Time: 4294967295
Application Path: C:\Program Files\Mozilla Firefox\firefox.exe
Report Id: c2fa2348-c884-4f9a-8c8a-29f6479742c9
Faulting package full name:
Faulting package-relative application ID:
Error: (02/06/2019 03:11:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LockApp.exe version 10.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 21b4
Start Time: 01d4be546e045374
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
Report Id: d1e9c684-ae75-456b-9d9e-8ceedf2123a9
Faulting package full name: Microsoft.LockApp_10.0.17134.1_neutral__cw5n1h2txyewy
Faulting package-relative application ID: WindowsDefaultLockScreen
Error: (02/05/2019 09:59:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: ntdll.dll, version: 10.0.17134.471, time stamp: 0x7e614c22
Exception code: 0xc0000008
Fault offset: 0x000000000009e78a
Faulting process id: 0xe64
Faulting application start time: 0x01d4bd9dd659cbd4
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 0c28a509-3b78-49c3-8339-81816dec93fd
Faulting package full name:
Faulting package-relative application ID:
Error: (01/30/2019 04:36:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 64.0.2.6947, time stamp: 0x5c34ddf7
Faulting module name: MSVCP140.dll, version: 14.15.26706.0, time stamp: 0x5b3efc99
Exception code: 0xc0000005
Fault offset: 0x0000000000034e46
Faulting process id: 0x2ee4
Faulting application start time: 0x01d4b8e19b5bd752
Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files\Mozilla Firefox\MSVCP140.dll
Report Id: 6e72d824-f5a1-4d4c-84c5-b69fdfbdd323
Faulting package full name:
Faulting package-relative application ID:
Error: (01/30/2019 12:49:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: ntdll.dll, version: 10.0.17134.471, time stamp: 0x7e614c22
Exception code: 0xc0000008
Fault offset: 0x000000000009e78a
Faulting process id: 0xda8
Faulting application start time: 0x01d4b8c095276297
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 390d0aa1-a87c-4888-86ec-ce5cc1e6092f
Faulting package full name:
Faulting package-relative application ID:
Error: (01/29/2019 10:59:03 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
System errors:
=============
Error: (02/22/2019 12:52:15 PM) (Source: DCOM) (EventID: 10016) (User: FirstFloor)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user FirstFloor\Baba SID (S-1-5-21-2725568288-2542343644-1725383603-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/22/2019 12:09:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/21/2019 11:31:56 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
Error: (02/21/2019 09:01:03 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (02/21/2019 05:56:21 PM) (Source: DCOM) (EventID: 10016) (User: FirstFloor)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user FirstFloor\LULI SID (S-1-5-21-2725568288-2542343644-1725383603-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/21/2019 12:20:37 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (02/21/2019 10:18:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/21/2019 09:48:50 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Windows Defender:
===================================
Date: 2018-10-22 16:05:58.555
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D4827E09-7CA7-4A83-B57D-923B997B3EF5}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-08-24 20:30:55.387
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.133.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2018-12-12 12:34:14.769
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\f2bad0ba1f328082c30cec1140c265ff\Package_for_RollupFix~~amd64~~17134.471.1.5\amd64_microsoft-windows-security-spp-clientext_31bf3856ad364e35_10.0.17134.471_none_ae4cd96e074d9bf4\sppcext.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-12-12 12:34:14.212
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\f2bad0ba1f328082c30cec1140c265ff\Package_for_RollupFix~~amd64~~17134.471.1.5\amd64_microsoft-windows-security-spp-clientext_31bf3856ad364e35_10.0.17134.471_none_ae4cd96e074d9bf4\sppcext.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-12-12 12:34:14.202
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\f2bad0ba1f328082c30cec1140c265ff\Package_for_RollupFix~~amd64~~17134.471.1.5\amd64_microsoft-windows-security-spp-clientext_31bf3856ad364e35_10.0.17134.471_none_ae4cd96e074d9bf4\sppcext.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-12-12 12:34:10.967
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\f2bad0ba1f328082c30cec1140c265ff\Package_for_RollupFix~~amd64~~17134.471.1.5\amd64_microsoft-windows-security-spp-clientext_31bf3856ad364e35_10.0.17134.471_none_ae4cd96e074d9bf4\sppcext.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-12-12 12:32:00.794
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\f2bad0ba1f328082c30cec1140c265ff\Package_for_RollupFix~~amd64~~17134.471.1.5\amd64_microsoft-windows-security-spp-extcom_31bf3856ad364e35_10.0.17134.471_none_ec5f168d96444f28\SppExtComObj.Exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-12-12 12:31:56.463
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\f2bad0ba1f328082c30cec1140c265ff\Package_for_RollupFix~~amd64~~17134.471.1.5\amd64_microsoft-windows-security-spp-extcom_31bf3856ad364e35_10.0.17134.471_none_ec5f168d96444f28\SppExtComObj.Exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-12-12 12:31:52.419
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\f2bad0ba1f328082c30cec1140c265ff\Package_for_RollupFix~~amd64~~17134.471.1.5\amd64_microsoft-windows-security-spp-extcom_31bf3856ad364e35_10.0.17134.471_none_ec5f168d96444f28\SppExtComObj.Exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-12-12 12:31:49.345
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SoftwareDistribution\Download\f2bad0ba1f328082c30cec1140c265ff\Package_for_RollupFix~~amd64~~17134.471.1.5\amd64_microsoft-windows-security-spp-extcom_31bf3856ad364e35_10.0.17134.471_none_ec5f168d96444f28\SppExtComObj.Exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Celeron® CPU G530 @ 2.40GHz
Percentage of memory in use: 34%
Total physical RAM: 7912.68 MB
Available physical RAM: 5204.04 MB
Total Virtual: 15848.68 MB
Available Virtual: 12778.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:365.38 GB) (Free:275.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:512.69 GB) (Free:495.74 GB) NTFS
Drive e: () (Fixed) (Total:518.35 GB) (Free:511.03 GB) NTFS
\\?\Volume{9c73f259-0000-0000-0000-40585b000000}\ () (Fixed) (Total:0.83 GB) (Free:0.45 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 9C73F259)
Partition 1: (Active) - (Size=365.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=853 MB) - (Type=27)
Partition 3: (Not Active) - (Size=1031 GB) - (Type=0F Extended)
==================== End of Addition.txt ============================