Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Laptop hangs frequently

Started by Hari Prahlad , May 11 2019 01:31 AM

Hanging Malware

This topic is locked

#1
Hari Prahlad

Posted 11 May 2019 - 01:31 AM

Member

Member
301 posts

My laptop hangs very frequently. Am I infected?

I give below FRST logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05.2019
Ran by admin (administrator) on USER (Acer Aspire E5-573) (11-05-2019 12:44:04)
Running from C:\Users\admin\Desktop\DW
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Huawei Technologies Co., Ltd. -> ) C:\ProgramData\MobileBrServ\mbbService.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
(LENOVO -> Lenovo) [File not signed] C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499208 2016-03-22] (LENOVO -> Lenovo) [File not signed]
HKLM-x32\...\Run: [CheckNDISPort55ac29] => C:\Program Files (x86)\Vodafone Mobile Connect\CheckNDISPort_df.exe [478928 2017-10-13] (ZTE CORPORATION -> )
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Vodafone Mobile Connect\CancelAutoPlay_df.exe [448208 2017-10-13] (ZTE CORPORATION -> )
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {096eaa51-0d84-11e9-8286-5c93a27a9186} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {5221b181-7b5a-11e7-826d-5c93a27a9186} - "G:\AutoRun.exe"
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {71144e2f-6179-11e9-829c-5c93a27a9186} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {71145190-6179-11e9-829c-5c93a27a9186} - "G:\LG_PC_Programs.exe"
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {71145b2f-6179-11e9-829c-5c93a27a9186} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {d5bb046f-d9f0-11e8-827d-5c93a27a9186} - "G:\Windows\AutoRun.exe"
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\MountPoints2: {f95a5e0f-bb05-11e7-8275-5c93a27a9186} - "G:\Lenovo_Suite.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-07] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-09-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DCDEB5C-2A7C-48A4-A53B-EC4FB36A6600} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-04-21] (Google Inc -> Google Inc.)
Task: {3FC3F079-6081-49FF-916A-1F0D51593867} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-04-21] (Google Inc -> Google Inc.)
Task: {4C51BB2A-E344-40EB-BF4E-DAEEBC48BA50} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\admin\Desktop\ESET.exe
Task: {69DBB2D3-CDFE-44DE-965A-C049476056F8} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41728 2014-08-30] (Acer Incorporated -> )
Task: {718B462D-642E-4D71-A58A-130FB25AC2FA} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [791232 2018-10-27] (Kaspersky Lab -> AO Kaspersky Lab)
Task: {CE05F840-39B2-4BC0-8553-57BBCEEAA31A} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [474344 2014-06-09] (Acer Incorporated -> Acer Incorporated)
Task: {DC0695CA-614F-412E-A84E-12FC1736A951} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\admin\Desktop\ESET.exe
Task: {E7872C45-D201-4AF3-9705-3115CB2C7B24} - System32\Tasks\lenovo mobile auto run => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499208 2016-03-22] (LENOVO -> Lenovo) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3D22F6EB-7D48-4581-8A4A-7761F8E75A76}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7E9EBC38-283C-4B56-89DA-0535C2A81429}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{8C0C8C41-DE5D-461D-8BFB-EE4420C2962F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{F916C187-3FE7-40E2-8C16-F14583B0F455}: [DhcpNameServer] 192.168.43.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1]

Internet Explorer:
==================
HKU\S-1-5-21-844090339-168977430-2555540811-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-07-27] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-844090339-168977430-2555540811-1001 -> Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)

FireFox:
========
FF DefaultProfile: 4t3exipe.default-1551755093489
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4t3exipe.default-1551755093489 [2019-05-11]
FF Extension: (Facebook Container) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4t3exipe.default-1551755093489\Extensions\@contain-facebook.xpi [2019-03-26]
FF Extension: (Online Convert) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4t3exipe.default-1551755093489\Extensions\[email protected] [2019-04-08]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4t3exipe.default-1551755093489\Extensions\[email protected] [2019-05-07]
FF Extension: (Facebook Messenger Message Cleaner) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4t3exipe.default-1551755093489\Extensions\{847eddef-437f-4b5f-93db-b230488bc239}.xpi [2019-03-14]
FF Extension: (Baidu Search Update) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4t3exipe.default-1551755093489\features\{a30efafa-877b-4299-945e-abbf8ecd6327}\[email protected] [2019-05-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-04-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-03-05] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-03-05] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://homepage-web.com/?s=acer&m=home
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://homepage-web.com/?s=acer&m=start"
CHR DefaultSearchURL: Default -> hxxps://192.168.1.240/bahmni/favicon.ico
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2019-05-06]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-29]
CHR Extension: (Video & GIF Downloader For Facebook™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajanondpapegkikdhmmhmoogcaajdokn [2018-12-14]
CHR Extension: (Kaspersky Protection) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-11-15]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-29]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-20]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2019-04-19]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-20]
CHR Extension: (OpenERP) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapopdbfnfhcgfdldoielojfiidmecaj [2018-12-14]
CHR Extension: (Video Downloader professional) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2019-04-19]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-12-14]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-15]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-05-06]
CHR Extension: (Delete All Messages) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiidlnejdlfoacoeleopkljhbckmlko [2019-03-28]
CHR Extension: (Delete All Messages for Facebook™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnpnpdgfopkoibbhemhdinhcbghpokf [2019-05-06]
CHR Extension: (Multi Forward for Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmdplljmniahpamcmabdnahmjdlikpm [2017-08-02]
CHR Extension: (Save to Facebook) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2019-02-19]
CHR Extension: (Grammarly for Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-05-06]
CHR Extension: (Facebook Fast Delete Messages) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\klmpnhheahecaojonebajllddfhpilan [2017-06-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-21]
CHR Extension: (Anti-Phishing & Authenticity Checker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggehmlfnempkheebgikhmemhnnpacle [2018-12-14]
CHR Extension: (Messenger Cleaner) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhfajmpgiahjmnbhemaehbgadnhnhbd [2019-03-15]
CHR Extension: (Bahmni Home) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlejgcccohmalhjkncfcbnbekihgnnmg [2017-07-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-15]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-29]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKU\S-1-5-21-844090339-168977430-2555540811-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [322176 2014-12-01] (Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed]
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
S4 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [125168 2014-12-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-03-11] (Intel Corporation - pGFX -> Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-27] (Microsoft Corporation) [File not signed]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] (Huawei Technologies Co., Ltd. -> )
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG -> Nero AG)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-07-01] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [75600 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [125568 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [91472 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [236672 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [1091920 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1168000 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [58704 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [60536 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [60784 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50304 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [46416 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [48080 2018-02-12] (AnchorFree Inc -> The OpenVPN Project)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [104576 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [184960 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [218240 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2299392 2015-01-29] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros, Inc.)
R3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Microsoft Windows -> Realtek )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 AndnetBus; \SystemRoot\System32\drivers\lgandnetbus64.sys [X]
S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-11 12:39 - 2019-05-11 12:44 - 000000000 ____D C:\Users\admin\Desktop\DW
2019-05-11 12:37 - 2019-05-11 12:44 - 000000000 ____D C:\FRST
2019-05-11 12:35 - 2019-05-11 12:36 - 002430976 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2019-05-11 10:59 - 2019-05-11 11:00 - 003809414 _____ C:\Users\admin\Downloads\video-1557488557.mp4
2019-05-11 09:50 - 2019-05-11 09:50 - 000024463 _____ C:\Users\admin\Desktop\moon.jpeg
2019-05-09 19:34 - 2019-05-09 19:34 - 000236152 _____ C:\Users\admin\Desktop\Gitanjali.pdf
2019-05-09 17:31 - 2019-05-09 17:31 - 000301749 _____ C:\Users\admin\Desktop\Nationalism by Tagore.pdf
2019-05-09 13:25 - 2019-05-09 13:25 - 000178127 _____ C:\Users\admin\Downloads\NationalismTagore.epub
2019-05-09 09:40 - 2019-05-09 09:40 - 009152798 _____ C:\Users\admin\Downloads\app-com.vidmix.app-homesite-release-v1.7.9.1-39-20190422-173209.apk
2019-05-07 17:53 - 2019-05-09 19:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-05-07 10:40 - 2019-05-07 10:40 - 007931026 _____ C:\Users\admin\Desktop\kolam.mp4
2019-05-05 17:30 - 2019-05-05 17:30 - 000004830 _____ C:\Users\admin\Desktop\Patiala.txt
2019-05-05 10:44 - 2019-05-05 10:45 - 017988470 _____ C:\Users\admin\Downloads\Clausewitz On War_compressed.pdf
2019-05-01 11:08 - 2019-05-01 11:08 - 000000000 ____D C:\Windows\LastGood
2019-04-29 10:25 - 2019-04-29 10:26 - 000002760 _____ C:\Windows\SysWOW64\lgAxconfig.ini
2019-04-29 10:25 - 2019-04-29 10:26 - 000000000 ____D C:\ProgramData\LGMOBILEAX
2019-04-29 10:25 - 2019-04-29 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
2019-04-29 10:25 - 2011-05-06 10:37 - 000655872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr90.dll
2019-04-29 10:25 - 2011-05-06 10:37 - 000568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp90.dll
2019-04-29 10:25 - 2011-05-06 10:37 - 000224768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcm90.dll
2019-04-29 10:25 - 2006-04-30 05:33 - 000053248 _____ () C:\Windows\SysWOW64\CommonDL.dll
2019-04-29 10:25 - 2005-09-29 22:39 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2019-04-29 10:24 - 2019-04-29 10:24 - 016691672 _____ (LG Electronics) C:\Users\admin\Downloads\LGMobileDriver_WHQL_Ver_4.2.0(2).exe
2019-04-29 10:24 - 2019-04-29 10:24 - 001763528 _____ (LG Electronics) C:\Users\admin\Downloads\LGMobileSupportTool.exe
2019-04-29 10:16 - 2019-04-29 10:18 - 114146416 _____ (Anvsoft) C:\Users\admin\Downloads\syncios_data_transfer.exe
2019-04-29 10:02 - 2019-04-29 10:02 - 016691672 _____ (LG Electronics) C:\Users\admin\Downloads\LGMobileDriver_WHQL_Ver_4.2.0(1).exe
2019-04-28 12:23 - 2019-04-28 12:23 - 000970920 _____ C:\Users\admin\Downloads\video-1556431002.mp4
2019-04-26 14:55 - 2019-04-26 15:01 - 013324765 _____ C:\Users\admin\Desktop\cow.mp4
2019-04-22 11:50 - 2019-04-22 11:50 - 037117827 _____ C:\Users\admin\Desktop\The Wisdom of China by Lin Yutang.pdf
2019-04-22 08:53 - 2019-04-22 08:53 - 023926468 _____ C:\Users\admin\Downloads\history of India.mp4
2019-04-19 09:54 - 2019-04-19 09:54 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2019-04-19 09:53 - 2019-04-19 09:53 - 016691672 _____ (LG Electronics) C:\Users\admin\Downloads\LGMobileDriver_WHQL_Ver_4.2.0.exe
2019-04-19 07:58 - 2019-05-06 11:58 - 000000000 ____D C:\Users\admin\Desktop\Phone Final
2019-04-18 11:57 - 2019-04-18 12:09 - 016270251 _____ C:\Users\admin\Downloads\download.htm
2019-04-18 06:22 - 2019-04-18 06:22 - 002903323 _____ C:\Users\admin\Downloads\Frederic-Martel-In-The-Closet-Of-The-Vaticanl.pdf
2019-04-16 11:36 - 2019-04-16 11:41 - 000000000 ____D C:\Users\admin\Desktop\Notre Dam
2019-04-14 07:20 - 2019-04-14 07:20 - 000107521 _____ C:\Users\admin\Downloads\pdf2doc.zip
2019-04-12 13:33 - 2019-04-12 13:36 - 000000000 ____D C:\Users\admin\Downloads\Gail Tredwell - Holy [bleep] - Ebook
2019-04-12 12:33 - 2019-04-12 13:18 - 094799680 _____ C:\Users\admin\Downloads\Gail Tredwell - Holy [bleep] - Ebook.zip
2019-04-12 08:16 - 2019-04-02 06:46 - 004169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-04-12 08:16 - 2019-03-26 21:41 - 007079936 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2019-04-12 08:16 - 2019-03-26 21:27 - 005276160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2019-04-12 08:16 - 2019-03-26 21:10 - 007798272 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2019-04-12 08:16 - 2019-03-26 21:05 - 005270528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2019-04-12 08:16 - 2019-03-26 11:44 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-04-12 08:16 - 2019-03-26 10:42 - 020280832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-04-12 08:16 - 2019-03-26 10:35 - 015284736 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-04-12 08:16 - 2019-03-26 10:30 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-04-12 08:16 - 2019-03-26 09:54 - 013682176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-04-12 08:16 - 2019-03-21 06:59 - 002452432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-04-12 08:16 - 2019-03-16 09:33 - 002535664 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-04-12 08:16 - 2019-03-16 09:06 - 001902752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-04-12 08:16 - 2019-03-16 08:17 - 003617280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-04-12 08:16 - 2019-03-09 22:13 - 003822080 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2019-04-12 08:16 - 2019-03-09 22:01 - 003274752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2019-04-12 08:16 - 2019-03-09 21:58 - 002348544 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2019-04-12 08:16 - 2019-03-09 21:31 - 003547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-04-12 08:16 - 2019-02-10 00:25 - 022373096 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-04-12 08:16 - 2019-02-09 23:53 - 019790664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-04-12 08:15 - 2019-03-31 02:27 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2019-04-12 08:15 - 2019-03-26 13:46 - 001311976 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-04-12 08:15 - 2019-03-26 11:30 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\sxssrv.dll
2019-04-12 08:15 - 2019-03-26 11:22 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-04-12 08:15 - 2019-03-26 11:20 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-04-12 08:15 - 2019-03-26 10:38 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-04-12 08:15 - 2019-03-26 10:36 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-04-12 08:15 - 2019-03-26 10:26 - 001040384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-04-12 08:15 - 2019-03-26 10:21 - 000498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-04-12 08:15 - 2019-03-26 10:18 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-04-12 08:15 - 2019-03-26 10:18 - 001556992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-04-12 08:15 - 2019-03-26 09:38 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-04-12 08:15 - 2019-03-26 09:34 - 001332224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-04-12 08:15 - 2019-03-16 09:16 - 000805176 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-04-12 08:15 - 2019-03-16 08:59 - 000611656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-04-12 08:15 - 2019-03-16 08:21 - 001755136 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-04-12 08:15 - 2019-03-16 08:19 - 001493504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-04-12 08:15 - 2019-03-16 08:18 - 003324416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-04-12 08:15 - 2019-03-14 11:27 - 007368952 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-04-12 08:15 - 2019-03-14 11:26 - 001677024 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-04-12 08:15 - 2019-03-14 11:26 - 001537560 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-04-12 08:15 - 2019-03-14 00:43 - 001369096 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-04-12 08:15 - 2019-03-09 22:21 - 001115136 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2019-04-12 08:15 - 2019-03-09 22:05 - 001085952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-04-12 08:15 - 2019-03-09 21:49 - 001550848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2019-04-12 08:15 - 2019-03-09 19:50 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-04-12 08:15 - 2019-03-09 19:50 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2019-04-12 08:15 - 2019-03-09 19:50 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-04-12 08:15 - 2019-03-09 19:50 - 000340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-04-12 08:15 - 2019-02-21 23:04 - 000281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2019-04-12 08:14 - 2019-03-26 11:10 - 005777920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-04-12 08:14 - 2019-03-26 11:10 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-04-12 08:14 - 2019-03-26 10:52 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-04-12 08:14 - 2019-03-26 10:45 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2019-04-12 08:14 - 2019-03-26 10:40 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-04-12 08:14 - 2019-03-26 10:39 - 000381440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-04-12 08:14 - 2019-03-26 10:13 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-04-12 08:14 - 2019-03-26 10:06 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-04-12 08:14 - 2019-03-26 09:59 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-04-12 08:14 - 2019-03-26 09:56 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2019-04-12 08:14 - 2019-03-26 09:53 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-04-12 08:14 - 2019-03-26 09:52 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-04-12 08:14 - 2019-03-26 09:52 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-04-12 08:14 - 2019-03-26 09:51 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-04-12 08:14 - 2019-03-26 09:32 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-04-12 08:14 - 2019-03-16 08:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-04-12 08:14 - 2019-03-16 08:09 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-04-12 08:14 - 2019-03-09 22:38 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\oleprn.dll
2019-04-12 08:14 - 2019-03-09 22:17 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleprn.dll
2019-04-12 08:14 - 2019-03-09 19:50 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2019-04-12 08:14 - 2019-02-24 20:13 - 001308456 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-04-12 08:14 - 2019-02-21 23:06 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-04-12 08:14 - 2019-02-21 23:05 - 000684032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-04-12 08:14 - 2019-02-21 23:04 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-04-12 08:14 - 2019-02-21 22:01 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-04-12 08:14 - 2019-02-12 09:18 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-11 12:50 - 2017-04-21 08:36 - 000003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D4A6C8BA-157C-4671-970D-5A9A13D3CC10}
2019-05-11 10:47 - 2017-04-25 09:49 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-05-11 09:04 - 2017-04-21 08:35 - 000000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2019-05-10 14:29 - 2017-04-20 06:50 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-844090339-168977430-2555540811-1001
2019-05-09 19:55 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\AppReadiness
2019-05-09 19:53 - 2019-01-20 13:49 - 000000000 ____D C:\Users\admin\AppData\Roaming\vlc
2019-05-09 19:25 - 2017-04-30 09:51 - 000001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-09 14:31 - 2019-03-11 17:40 - 000000000 ____D C:\Users\admin\Desktop\PDF
2019-05-09 08:19 - 2019-03-11 17:35 - 000000000 ____D C:\Users\admin\Desktop\New Pics
2019-05-08 12:40 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-05-08 12:40 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\system32\Macromed
2019-05-08 07:36 - 2017-04-30 09:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-07 17:19 - 2017-04-21 12:17 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-07 17:19 - 2017-04-21 12:17 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-07 07:54 - 2013-08-22 19:06 - 000000000 ____D C:\Windows\Inf
2019-05-07 05:54 - 2017-04-19 19:10 - 000000000 ____D C:\Users\admin\AppData\Roaming\Atheros
2019-05-06 11:57 - 2017-04-20 07:01 - 000000000 ____D C:\Users\admin\Documents\Bluetooth Folder
2019-05-06 08:47 - 2014-03-18 15:34 - 000820208 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-06 05:54 - 2017-04-30 08:19 - 000000000 ____D C:\Program Files (x86)\LenovoUsbDriver
2019-05-03 13:22 - 2017-09-27 15:52 - 000000000 ____D C:\Users\admin\Desktop\AMS
2019-05-02 11:41 - 2019-03-04 13:58 - 000000000 ____D C:\Users\admin\Desktop\New Phone
2019-05-02 11:05 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\ELAM
2019-05-01 06:04 - 2018-11-13 12:01 - 000000000 ____D C:\Users\admin\Desktop\Pics
2019-04-24 17:20 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\rescache
2019-04-22 17:45 - 2013-08-22 20:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-20 11:27 - 2017-09-23 08:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-04-19 12:39 - 2017-04-21 15:02 - 000000000 ___RD C:\Users\admin\Google Drive
2019-04-19 09:54 - 2017-04-20 06:59 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-04-17 13:58 - 2018-11-13 12:03 - 000000000 ____D C:\Users\admin\Desktop\Video
2019-04-17 13:56 - 2019-01-21 08:36 - 000000000 ____D C:\Users\admin\Desktop\Word
2019-04-17 07:58 - 2019-03-06 09:55 - 000001606 _____ C:\Users\admin\Desktop\Install Kaspersky Internet Security version 19.0.0.1088.lnk
2019-04-16 15:01 - 2018-10-27 19:08 - 001168000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2019-04-16 15:01 - 2018-10-27 19:08 - 000236672 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2019-04-16 15:01 - 2018-10-27 19:08 - 000152496 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll
2019-04-16 15:01 - 2018-10-09 20:03 - 001091920 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2019-04-16 15:01 - 2018-10-09 20:03 - 000184960 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2019-04-16 15:01 - 2018-10-09 20:03 - 000125568 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupflt.sys
2019-04-16 15:01 - 2018-10-09 20:03 - 000091472 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kldisk.sys
2019-04-16 15:01 - 2018-10-09 20:03 - 000075600 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupdisk.sys
2019-04-16 15:01 - 2018-10-09 20:03 - 000046416 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpnpflt.sys
2019-04-16 15:01 - 2018-02-24 05:17 - 000218240 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys
2019-04-16 15:01 - 2018-02-17 02:50 - 000104576 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwfp.sys
2019-04-16 15:01 - 2018-02-12 04:17 - 000058704 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2019-04-16 15:01 - 2018-01-15 05:13 - 000060536 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klkbdflt.sys
2019-04-16 15:01 - 2017-12-11 11:49 - 000060784 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klmouflt.sys
2019-04-16 15:01 - 2017-05-30 18:51 - 000050304 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpd.sys
2019-04-16 06:24 - 2013-08-22 21:06 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-13 18:09 - 2013-08-22 20:14 - 000483952 _____ C:\Windows\system32\FNTCACHE.DAT
2019-04-13 14:25 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-04-13 14:22 - 2013-08-22 21:06 - 000000000 ___RD C:\Windows\ToastData
2019-04-13 11:00 - 2013-08-22 20:50 - 000000000 ____D C:\Windows\CbsTemp
2019-04-12 10:29 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\LiveKernelReports
2019-04-12 10:08 - 2017-06-24 08:00 - 000000000 ____D C:\Windows\system32\MRT
2019-04-12 10:03 - 2017-06-24 08:00 - 131129288 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2017-05-08 13:26 - 2017-09-09 13:54 - 000005120 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-11 19:12 - 2017-05-11 19:12 - 000000000 _____ () C:\Users\admin\AppData\Local\{D0478A62-141E-4DB0-823C-FBA3EF766F66}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-05-04 11:42
==================== End of FRST.txt ============================

--------------------------------------------------------------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05.2019
Ran by admin (11-05-2019 12:50:49)
Running from C:\Users\admin\Desktop\DW
Windows 8.1 Pro (Update) (X64) (2017-04-20 01:13:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

admin (S-1-5-21-844090339-168977430-2555540811-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-844090339-168977430-2555540811-500 - Administrator - Disabled)
Guest (S-1-5-21-844090339-168977430-2555540811-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3012 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Backup and Sync from Google (HKLM\...\{F9EEDE46-6409-4ECC-8AB6-7062464987A4}) (Version: 3.43.4275.9540 - Google, Inc.)
Evernote v. 6.6.4 (HKLM-x32\...\{FAA0F386-730B-11E7-8B9C-005056951CAD}) (Version: 6.6.4.5512 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
HP LaserJet 1020 Series (HKLM\...\HP LaserJet 1020 Series) (Version: - )
iBall Face2Face Webcam C8.0 (HKLM-x32\...\{D20DAFCD-D58E-44EC-99CA-BB1FD7387F5C}) (Version: 1.0.0.0 - VideoCap)
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4156 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{B2913DAE-3EBC-4C88-8245-0AA34B2E461D}) (Version: 17.1.1450.0402 - Intel Corporation)
IrfanView 4.52 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.52 - Irfan Skiljan)
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
Lenovo Moto Smart Assistant (HKLM-x32\...\{C050AF2D-DD41-455E-A65E-628637B4A9CC}) (Version: 3.0.0.6 - Lenovo)
LenovoUsbDriver 1.1.29 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.1.29 - Lenovo)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mobile Assistant (HKLM-x32\...\{BAE5A642-2B18-411F-A79A-D3B213385ACA}) (Version: 1.4.1.14200 - Lenovo)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.26.01.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 66.0.5 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.5 (x64 en-US)) (Version: 66.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Nero 7 Essentials (HKLM-x32\...\{66B6D13A-9CC1-417D-B6F2-58AA539D1033}) (Version: 7.03.1303 - Nero AG)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.336 - Qualcomm Atheros Communications)
Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.177L - Qualcomm Atheros)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.47 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39063 - Realtek Semiconductor Corp.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vodafone Mobile Connect (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.3 - ZTE Corporation)
WhatsApp (HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\WhatsApp) (Version: 0.3.2043 - WhatsApp)
Windows Driver Package - MediaTek Inc. (wdm_usb) Ports (01/22/2015 3.0.1504.0) (HKLM\...\BD5E2A628C2263FAEC66A4BFF2E88B897427E4C3) (Version: 01/22/2015 3.0.1504.0 - MediaTek Inc.)
WinRAR 5.70 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinZip (HKLM-x32\...\WinZip) (Version: 8.1 (4331) - WinZip Computing, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-844090339-168977430-2555540811-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-25] (Nero AG -> Nero AG)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC -> Google)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC -> Google)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-03-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Bahmni Home.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nlejgcccohmalhjkncfcbnbekihgnnmg
ShortcutWithArgument: C:\Users\Public\Desktop\Vodafone.lnk -> C:\Program Files (x86)\Vodafone Mobile Connect\LaunchWebUI.exe () -> hxxp://vodafonemobileconnect.4G

==================== Loaded Modules (Whitelisted) ==============

2014-12-01 06:58 - 2014-12-01 06:58 - 000011264 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-12-01 06:54 - 2014-12-01 06:54 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2015-01-27 04:12 - 2015-01-27 04:12 - 000139264 _____ () [File not signed] C:\Windows\system32\ihvmanager\AthIHVManager.dll
2016-03-22 16:09 - 2016-03-22 16:09 - 000109704 _____ (LENOVO -> ) [File not signed] C:\Program Files (x86)\MagicPlus\crashreport.dll
2016-03-22 16:09 - 2016-03-22 16:09 - 000354440 _____ (LENOVO -> ) [File not signed] C:\Program Files (x86)\MagicPlus\UsbHelper.dll
2016-03-22 16:09 - 2016-03-22 16:09 - 002499208 _____ (LENOVO -> Lenovo) [File not signed] C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
2016-03-22 16:09 - 2016-03-22 16:09 - 000418952 _____ (LENOVO -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\MagicPlus\MSVCP100.dll
2016-03-22 16:09 - 2016-03-22 16:09 - 000771720 _____ (LENOVO -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\MagicPlus\MSVCR100.dll
2006-10-27 02:10 - 2006-10-27 02:10 - 000335872 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
2015-01-27 04:11 - 2015-01-27 04:11 - 000376320 _____ (Quacomm Atheros, Inc.) [File not signed] C:\Windows\system32\ihvmanager\AthIhvWlanVoE.dll
2014-12-01 07:00 - 2014-12-01 07:00 - 000012928 _____ (Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-12-01 07:01 - 2014-12-01 07:01 - 000107648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000134784 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
2014-12-01 07:01 - 2014-12-01 07:01 - 000033408 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\CommApi.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000203392 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\FolderViewImpl.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000085632 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\GattI.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000126592 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\gatts.DLL
2014-12-01 07:01 - 2014-12-01 07:01 - 000083072 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Handsfree.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000034432 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ipc.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000063104 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ModuleManager.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 001067648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\OutLookLib.dll
2014-12-01 07:02 - 2014-12-01 07:02 - 000291456 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll
2014-12-01 07:02 - 2014-12-01 07:02 - 000130176 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\skypeagent.dll
2014-12-01 07:02 - 2014-12-01 07:02 - 000027264 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\TCPConnection.dll
2014-12-01 07:02 - 2014-12-01 07:02 - 000116352 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\utils.dll
2014-12-01 07:00 - 2014-12-01 07:00 - 000361600 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Windows\System32\AthCredentialProvider.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000308224 _____ (Qualcomm Atheros Commnucations) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\LE\LE.dll
2014-12-01 06:56 - 2014-12-01 06:56 - 000210432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Audio\audio.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000162304 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BasicPrintProfile\BPP.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000177152 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BIP\BIP.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000018432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\DID\DId.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000035840 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FAX\Fax.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000422400 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FileTransfer\FileTransfer.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000096256 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\GapSdp\GapSdp.dll
2014-12-01 06:51 - 2014-12-01 06:51 - 000096768 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\goep\goep.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000029696 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HCRP\Hcrp.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000142848 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HealthDevice\HDP.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000091136 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\L2capLib\l2caplib.dll
2014-12-01 06:51 - 2014-12-01 06:51 - 000181248 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\ObjPush.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000066048 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\OppOperation.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000067072 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\pbap\pbap.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000063488 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\RfcommLib\rfcommlib.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000097280 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\sap\sap.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000087552 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\SesMgr\sesmgr.dll
2014-12-01 06:56 - 2014-12-01 06:56 - 000055296 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\spp\spp.dll
2014-12-01 06:56 - 2014-12-01 06:56 - 000064512 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Sync\Sync.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 18:55 - 2017-09-19 06:32 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-844090339-168977430-2555540811-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\IrfanView\IrfanView_Wallpaper.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: AVP16.0.1 => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: klvssbrigde64 => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: Service KMSELDI => 2
MSCONFIG\Services: UCBrowserSvc => 2
HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df"
HKLM\...\StartupApproved\Run32: => "CheckNDISPort55ac29"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3698853D-E40D-4AA0-A66F-DBB0E4A80524}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EF178FBD-4C15-4C3D-BD1D-5BF6DE8C0CC3}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe No File
FirewallRules: [{A92C2F83-407A-42B3-90A4-BD76EC4D07FE}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe No File
FirewallRules: [{11F77D66-3102-4471-80EA-F51714E64D1B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

19-04-2019 09:54:14 Installed LG Mobile Driver
27-04-2019 07:32:56 Scheduled Checkpoint
29-04-2019 10:04:36 Installed LG Mobile Driver

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/11/2019 12:38:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19291_none_6248a9f3ecb5e89b.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19291_none_a9f5e0cb013211a1.manifest.

Error: (05/11/2019 12:38:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19291_none_6248a9f3ecb5e89b.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19291_none_a9f5e0cb013211a1.manifest.

Error: (05/11/2019 12:38:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19291_none_6248a9f3ecb5e89b.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19291_none_a9f5e0cb013211a1.manifest.

Error: (05/11/2019 12:38:41 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19291_none_6248a9f3ecb5e89b.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19291_none_a9f5e0cb013211a1.manifest.

Error: (05/11/2019 10:22:40 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/11/2019 08:10:18 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/11/2019 08:10:05 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).

Error: (05/11/2019 06:16:45 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

System errors:
=============
Error: (05/11/2019 08:53:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (05/10/2019 12:49:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KSDE3.0.0 service.

Error: (05/09/2019 07:24:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.

Error: (05/09/2019 06:24:19 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (05/09/2019 06:24:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/09/2019 06:24:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (05/08/2019 11:49:08 AM) (Source: DCOM) (EventID: 10010) (User: user)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (05/08/2019 11:48:58 AM) (Source: DCOM) (EventID: 10010) (User: user)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Windows Defender:
===================================
Date: 2019-03-15 12:41:09.038
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80073aba
Error description: The resource is too old to be compatible.
Signature version: 1.155.266.0;1.155.266.0
Engine version: 1.1.9700.0

Date: 2017-04-25 09:28:04.158
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2017-04-25 09:28:04.158
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2017-04-24 19:54:26.943
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 106.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.9700.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2017-04-24 19:54:26.938
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.155.266.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.9700.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

==================== Memory info ===========================

BIOS: Insyde Corp. V1.15 05/27/2015
Motherboard: Acer ZORO_BH
Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 89%
Total physical RAM: 4016.42 MB
Available physical RAM: 433.8 MB
Total Virtual: 7301.78 MB
Available Virtual: 2665.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:243.8 GB) (Free:166.27 GB) NTFS
Drive d: (Data) (Fixed) (Total:341.8 GB) (Free:321.11 GB) NTFS
Drive e: () (Fixed) (Total:345.57 GB) (Free:284.28 GB) NTFS

\\?\Volume{b5d81129-2565-11e7-8250-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F7B2ADD7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=243.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=341.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Thanks in advance for any guidance.

#2
RKinner

Posted 18 May 2019 - 04:45 AM

Malware Expert

Expert
24,625 posts

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/

(Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!)
Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.
(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it. Point it at the file and hit Open.
Now click on Attach this file.

#3
Hari Prahlad

Posted 18 May 2019 - 08:52 PM

Member

Topic Starter
Member
301 posts

Thanks. Will do.

#4
Hari Prahlad

Posted 18 May 2019 - 09:25 PM

Member

Topic Starter
Member
301 posts

Hi,

This part...

"Copy the next 2 lines:

TASKLIST /SVC > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply."

didn't quite work out. Notepad was blank.

The other two files are attached.

Hope I've done things right.

Attached Files

System Idle Process.txt 5.08KB 378 downloads

#5
RKinner

Posted 18 May 2019 - 10:01 PM

Malware Expert

Expert
24,625 posts

I removed your speccy log since you forgot to remove the serial number.

The stuff that didn't work isn't important. I only need it if Process Explorer shows a problem with svchost.exe. Sometimes you have to copy each line separately to get it to work.

With Process Explorer you skipped the step about

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

but there is no sign of an infection so we don't really need to make a new log.

I'm not seeing anything that could cause a problem. Temps are good. Hard drive is good (tho it does say the laptop might have been dropped in the past). Let's try Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin. It will install and then start the program.
It will tell you to click on the Start button but there isn't one.
Instead click on the green arrowhead (looks like a Play button). Let it run for at least 20 seconds. Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.

What make and model laptop is this? There should be a sticker on the bottom.

#6
Hari Prahlad

Posted 19 May 2019 - 02:00 AM

Member

Topic Starter
Member
301 posts

Hi

Acer Aspire E 15

_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be having trouble handling real-time audio and other tasks. You are likely to experience buffer underruns appearing as drop outs, clicks or pops. One or more DPC routines that belong to a driver running in your system appear to be executing for too long. At least one detected problem appears to be network related. In case you are using a WLAN adapter, try disabling it to get better results. One problem may be related to power management, disable CPU throttling settings in Control Panel and BIOS setup. Check for BIOS updates.
LatencyMon has been analyzing your system for 0:00:24 (h:mm:ss) on all processors.

_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        USER
OS version:                                           Windows 8.1 , 6.3, build: 9600 (x64)
Hardware:                                             Aspire E5-573, Acer, ZORO_BH
CPU:                                                  GenuineIntel Intel® Core™ i3-5005U CPU @ 2.00GHz
Logical processors:                                   4
Processor groups:                                     1
RAM:                                                  4016 MB total

_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   1995 MHz

Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.

_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.

Highest measured interrupt to process latency (µs):   824.175119
Average measured interrupt to process latency (µs):   16.089121

Highest measured interrupt to DPC latency (µs):       786.712614
Average measured interrupt to DPC latency (µs):       4.699371

_________________________________________________________________________________________________________
REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.

Highest ISR routine execution time (µs):              27.994987
Driver with highest ISR routine execution time:       i8042prt.sys - i8042 Port Driver, Microsoft Corporation

Highest reported total ISR routine time (%):          0.006265
Driver with highest ISR total time:                   i8042prt.sys - i8042 Port Driver, Microsoft Corporation

Total time spent in ISRs (%)                          0.007216

ISR count (execution time <250 µs):                   668
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                0
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0

_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.

Highest DPC routine execution time (µs):              2025.654135
Driver with highest DPC routine execution time:       Wdf01000.sys - Kernel Mode Driver Framework Runtime, Microsoft Corporation

Highest reported total DPC routine time (%):          0.070454
Driver with highest DPC total execution time:         dxgkrnl.sys - DirectX Graphics Kernel, Microsoft Corporation

Total time spent in DPCs (%)                          0.185852

DPC count (execution time <250 µs):                   11485
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                109
DPC count (execution time 1000-1999 µs):              3
DPC count (execution time 2000-3999 µs):              1
DPC count (execution time >=4000 µs):                 0

_________________________________________________________________________________________________________
REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.

NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.

Process with highest pagefault count:                 svchost.exe

Total number of hard pagefaults                       350
Hard pagefault count of hardest hit process:          170
Number of processes hit:                              7

_________________________________________________________________________________________________________
PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.404240
CPU 0 ISR highest execution time (µs):                27.994987
CPU 0 ISR total execution time (s):                   0.003466
CPU 0 ISR count:                                      391
CPU 0 DPC highest execution time (µs):                2025.654135
CPU 0 DPC total execution time (s):                   0.129689
CPU 0 DPC count:                                      9099
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.197080
CPU 1 ISR highest execution time (µs):                20.375940
CPU 1 ISR total execution time (s):                   0.002068
CPU 1 ISR count:                                      165
CPU 1 DPC highest execution time (µs):                829.503759
CPU 1 DPC total execution time (s):                   0.027886
CPU 1 DPC count:                                      1450
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.110807
CPU 2 ISR highest execution time (µs):                26.741855
CPU 2 ISR total execution time (s):                   0.000983
CPU 2 ISR count:                                      79
CPU 2 DPC highest execution time (µs):                635.468672
CPU 2 DPC total execution time (s):                   0.012856
CPU 2 DPC count:                                      477
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.118114
CPU 3 ISR highest execution time (µs):                23.764411
CPU 3 ISR total execution time (s):                   0.000455
CPU 3 ISR count:                                      33
CPU 3 DPC highest execution time (µs):                555.102757
CPU 3 DPC total execution time (s):                   0.009154
CPU 3 DPC count:                                      572
_________________________________________________________________________________________________________

Is this okay?

#7
RKinner

Posted 19 May 2019 - 05:31 AM

Malware Expert

Expert
24,625 posts

You did this one correctly but it is showing some problems. Let's try dism and see if that helps:

Open an elevated command prompt:

http://www.eightforu...indows-8-a.html

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)

Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

(I use two spaces so you can be sure to see where one space goes.)
Hit Enter. This will take a while (10-20 minutes) to complete. Once the prompt returns:

Reboot. Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow

This will also take a few minutes.

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt

Hit Enter. Then type::

notepad %UserProfile%\desktop\junk.txt

Hit Enter.

Copy the text from notepad and paste it into a reply.

After you finish SFC, regardless of the result:

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

Rerun Latency Monitor as before and post the result. If it is still showing page faults then click on Processes then click twice on Hard Pagefaults column header. This should sort things with the worst offenders at the top. What processes are causing page faults? There is no way to save the info but you can make a screenshot if using the snipping tool or just retype the names.

IF svchost is still in the list then:

Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt

notepad \junk.txt

Open an Elevated Command Prompt:
Win 8: http://www.eightforu...indows-8-a.html

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Run Process Explorer as before and post the log.

Still looking for the make and model of the PC

#8
Hari Prahlad

Posted 19 May 2019 - 06:47 PM

Member

Topic Starter
Member
301 posts

I'll do as you have instructed.

PC Make and model is Acer Aspire E 15

#9
RKinner

Posted 19 May 2019 - 09:07 PM

Malware Expert

Expert
24,625 posts

There should be more to the model number per Acer's support website.

#10
Hari Prahlad

Posted 19 May 2019 - 09:50 PM

Member

Topic Starter
Member
301 posts

Acer E5-573-32JT is what I can make out.

Here are the logs

-----------------------------------------------------------------

Junk.txt

Image Name                     PID Services
========================= ======== ============================================
System Idle Process              0 N/A
System                           4 N/A
smss.exe                       464 N/A
csrss.exe                      660 N/A
wininit.exe                    760 N/A
csrss.exe                      788 N/A
winlogon.exe                   832 N/A
services.exe                   884 N/A
lsass.exe                      892 SamSs, VaultSvc
svchost.exe                    964 BrokerInfrastructure, DcomLaunch, LSM,
                                   PlugPlay, Power, SystemEventsBroker
svchost.exe                   1004 RpcEptMapper, RpcSs
dwm.exe                        648 N/A
svchost.exe                    664 Audiosrv, Dhcp, EventLog,
                                   HomeGroupProvider, lmhosts, Wcmsvc, wscsvc
svchost.exe                    604 Appinfo, BITS, Browser, IKEEXT, iphlpsvc,
                                   LanmanServer, MMCSS, ProfSvc, Schedule,
                                   SENS, ShellHWDetection, Themes, Winmgmt,
                                   wuauserv
svchost.exe                   1044 bthserv, EventSystem, fdPHost, FontCache,
                                   netprofm, nsi, WdiServiceHost,
                                   WinHttpAutoProxySvc
svchost.exe                   1108 AudioEndpointBuilder,
                                   DeviceAssociationService, hidserv,
                                   NcbService, PcaSvc, SysMain, TrkWks,
                                   WdiSystemHost, WlanSvc, wudfsvc
svchost.exe                   1212 CryptSvc, Dnscache, LanmanWorkstation,
                                   NlaSvc
wlanext.exe                   1328 N/A
conhost.exe                   1348 N/A
spoolsv.exe                   1412 Spooler
svchost.exe                   1456 BFE, DPS, MpsSvc, NcdAutoSetup
avp.exe                       1588 AVP19.0.0
svchost.exe                   1668 DiagTrack
dasHost.exe                   1684 N/A
mdm.exe                       1708 MDM
mbbService.exe                1780 Mobile Broadband HL Service
Locator.exe                   1932 RpcLocator
svchost.exe                   1964 stisvc
WmiApSrv.exe                  2008 wmiApSrv
svchost.exe                   2140 FDResPub, SSDPSRV, TimeBroker
svchost.exe                   2252 PolicyAgent
WUDFHost.exe                  2348 N/A
taskhostex.exe                3176 N/A
explorer.exe                  3336 N/A
taskeng.exe                   3596 N/A
MagicPlus_helper.exe          3640 N/A
SearchIndexer.exe             3708 WSearch
avpui.exe                     3696 N/A
BtvStack.exe                  4536 N/A
ActivateDesktop.exe           4552 N/A
EvernoteClipper.exe           4640 N/A
GoogleCrashHandler.exe        4720 N/A
GoogleCrashHandler64.exe      4728 N/A
firefox.exe                   4464 N/A
notepad.exe                   4184 N/A
firefox.exe                   1508 N/A
firefox.exe                   4432 N/A
firefox.exe                   5364 N/A
ksde.exe                      3216 KSDE3.0.0
ksdeui.exe                    1160 N/A
WmiPrvSE.exe                  1260 N/A
taskhost.exe                  5344 N/A
firefox.exe                   4052 N/A
firefox.exe                   5784 N/A
audiodg.exe                   3468 N/A
firefox.exe                   4040 N/A
VEW.exe                       5244 N/A
VEW.exe                       1084 N/A
VEW.exe                       4676 N/A
VEW.exe                        520 N/A
VEW.exe                       4772 N/A
LatMon.exe                    5180 N/A
SnippingTool.exe              1244 N/A
cmd.exe                       2204 N/A
conhost.exe                   3460 N/A
tasklist.exe                   528 N/A
WmiPrvSE.exe                  5264 N/A

------------------------------------------------------------------------------

VEW2

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 20/05/2019 08:48:55

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/05/2019 03:11:23
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 20/05/2019 02:06:39
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Log: 'Application' Date/Time: 20/05/2019 02:06:39
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Log: 'Application' Date/Time: 20/05/2019 01:15:26
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: Dism.exe, version: 6.3.9600.17031, time stamp: 0x53086fa3 Faulting module name: DismCore.dll, version: 6.3.9600.17031, time stamp: 0x53086ee7 Exception code: 0xc0000005 Fault offset: 0x0000000000019950 Faulting process id: 0x12fc Faulting application start time: 0x01d50ea5e763d54b Faulting application path: C:\Windows\system32\Dism.exe Faulting module path: C:\Windows\System32\Dism\DismCore.dll Report Id: bf0d4ce5-7a9c-11e9-829f-5c93a27a9186 Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 20/05/2019 00:43:00
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Log: 'Application' Date/Time: 20/05/2019 00:43:00
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=7

Log: 'Application' Date/Time: 19/05/2019 07:57:45
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19358_none_6244092fecba36f7.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19358_none_a9f1400701365ffd.manifest.

Log: 'Application' Date/Time: 19/05/2019 07:57:45
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19358_none_6244092fecba36f7.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.19358_none_a9f1400701365ffd.manifest.

Log: 'Application' Date/Time: 19/05/2019 07:51:52
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=6

Log: 'Application' Date/Time: 19/05/2019 07:51:41
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Log: 'Application' Date/Time: 19/05/2019 07:51:38
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-CEIP
A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).

Log: 'Application' Date/Time: 19/05/2019 02:47:55
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Log: 'Application' Date/Time: 18/05/2019 12:41:19
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Log: 'Application' Date/Time: 18/05/2019 03:18:40
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=5

Log: 'Application' Date/Time: 18/05/2019 03:18:40
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Log: 'Application' Date/Time: 17/05/2019 10:51:12
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=4

Log: 'Application' Date/Time: 17/05/2019 10:51:01
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Log: 'Application' Date/Time: 17/05/2019 07:22:23
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-CEIP
A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).

Log: 'Application' Date/Time: 17/05/2019 06:29:55
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Log: 'Application' Date/Time: 17/05/2019 06:29:54
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/05/2019 00:38:06
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> took 80 second(s) to handle the notification event (Logoff).

Log: 'Application' Date/Time: 12/05/2019 00:37:45
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> is taking long time to handle the notification event (Logoff).

Log: 'Application' Date/Time: 25/04/2019 11:16:18
Type: Warning Category: 3
Event: 472 Source: ESENT
LiveComm (2820) C:\Users\admin\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\nouser0000000000000002\120712-0049\: The shadow header page of file C:\Users\admin\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\nouser0000000000000002\120712-0049\DBStore\edb.chk was damaged. The primary header page (4096 bytes) was used instead.

Log: 'Application' Date/Time: 25/04/2019 11:15:58
Type: Warning Category: 3
Event: 472 Source: ESENT
LiveComm (2308) C:\Users\admin\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\nouser0000000000000002\120712-0049\: The shadow header page of file C:\Users\admin\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\nouser0000000000000002\120712-0049\DBStore\edb.chk was damaged. The primary header page (4096 bytes) was used instead.

Log: 'Application' Date/Time: 25/04/2019 11:14:55
Type: Warning Category: 3
Event: 472 Source: ESENT
LiveComm (4208) C:\Users\admin\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\nouser0000000000000002\120712-0049\: The shadow header page of file C:\Users\admin\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\nouser0000000000000002\120712-0049\DBStore\edb.chk was damaged. The primary header page (4096 bytes) was used instead.

Log: 'Application' Date/Time: 10/04/2019 00:40:52
Type: Warning Category: 3
Event: 472 Source: ESENT
LiveComm (2060) C:\Users\admin\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\nouser0000000000000002\120712-0049\: The shadow header page of file C:\Users\admin\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\nouser0000000000000002\120712-0049\DBStore\edb.chk was damaged. The primary header page (4096 bytes) was used instead.

Log: 'Application' Date/Time: 10/04/2019 00:40:29
Type: Warning Category: 3
Event: 472 Source: ESENT
LiveComm (3804) C:\Users\admin\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\nouser0000000000000002\120712-0049\: The shadow header page of file C:\Users\admin\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\nouser0000000000000002\120712-0049\DBStore\edb.chk was damaged. The primary header page (4096 bytes) was used instead.

Log: 'Application' Date/Time: 21/03/2019 12:28:48
Type: Warning Category: 3
Event: 472 Source: ESENT
LiveComm (3660) C:\Users\admin\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\nouser0000000000000002\120712-0049\: The shadow header page of file C:\Users\admin\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\nouser0000000000000002\120712-0049\DBStore\edb.chk was damaged. The primary header page (4096 bytes) was used instead.

Log: 'Application' Date/Time: 16/03/2019 00:48:36
Type: Warning Category: 3
Event: 472 Source: ESENT
LiveComm (1964) C:\Users\admin\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\nouser0000000000000002\120712-0049\: The shadow header page of file C:\Users\admin\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\nouser0000000000000002\120712-0049\DBStore\edb.chk was damaged. The primary header page (4096 bytes) was used instead.

Log: 'Application' Date/Time: 14/02/2019 12:01:35
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe' (pid 2804) cannot be restarted - Application SID does not match Conductor SID..

-----------------------------------------------------------

VEW1

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 20/05/2019 08:44:41

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/05/2019 01:59:44
Type: Error Category: 0
Event: 10029 Source: Microsoft-Windows-DistributedCOM
The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.

Log: 'System' Date/Time: 20/05/2019 01:55:40
Type: Error Category: 0
Event: 10029 Source: Microsoft-Windows-DistributedCOM
The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.

Log: 'System' Date/Time: 20/05/2019 01:51:37
Type: Error Category: 0
Event: 10029 Source: Microsoft-Windows-DistributedCOM
The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.

Log: 'System' Date/Time: 20/05/2019 01:47:28
Type: Error Category: 0
Event: 10029 Source: Microsoft-Windows-DistributedCOM
The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.

Log: 'System' Date/Time: 17/05/2019 04:16:07
Type: Error Category: 2
Event: 10317 Source: Microsoft-Windows-NDIS
Miniport Remote NDIS based Internet Sharing Device, {3D22F6EB-7D48-4581-8A4A-7761F8E75A76}, had event Fatal error: The miniport has failed a power transition to operational power

Log: 'System' Date/Time: 13/05/2019 11:33:32
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 13/05/2019 02:03:20
Type: Error Category: 0
Event: 11 Source: disk
The driver detected a controller error on \Device\Harddisk1\DR77.

Log: 'System' Date/Time: 12/05/2019 00:40:31
Type: Error Category: 2
Event: 10317 Source: Microsoft-Windows-NDIS
Miniport Remote NDIS based Internet Sharing Device, {3D22F6EB-7D48-4581-8A4A-7761F8E75A76}, had event Fatal error: The miniport has failed a power transition to operational power

Log: 'System' Date/Time: 11/05/2019 03:23:13
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Log: 'System' Date/Time: 10/05/2019 07:19:58
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KSDE3.0.0 service.

Log: 'System' Date/Time: 09/05/2019 13:54:58
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Mozilla Maintenance Service service terminated with the following error: Incorrect function.

Log: 'System' Date/Time: 09/05/2019 00:54:19
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Log: 'System' Date/Time: 09/05/2019 00:54:19
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/05/2019 00:54:19
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Log: 'System' Date/Time: 08/05/2019 06:19:08
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/05/2019 06:18:58
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/05/2019 06:18:32
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/05/2019 06:18:18
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/05/2019 06:17:55
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/05/2019 06:06:48
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/05/2019 02:06:21
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_ZTE&Prod_MMC_Storage&Rev_2.31#7&2738072d&0&1234567890ABCDEF&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.

Log: 'System' Date/Time: 20/05/2019 02:03:58
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\ihvmanager\AthIHVManager.dll

Log: 'System' Date/Time: 20/05/2019 00:54:45
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name b1sync.zemanta.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 19/05/2019 10:52:32
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name vodafonemobileconnect.4g timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 19/05/2019 09:01:29
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000b3) was retried.

Log: 'System' Date/Time: 19/05/2019 09:01:29
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000b3) was retried.

Log: 'System' Date/Time: 19/05/2019 09:01:29
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000b3) was retried.

Log: 'System' Date/Time: 19/05/2019 09:01:29
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000b3) was retried.

Log: 'System' Date/Time: 19/05/2019 09:01:29
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000b3) was retried.

Log: 'System' Date/Time: 19/05/2019 09:01:29
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000b3) was retried.

Log: 'System' Date/Time: 19/05/2019 09:01:29
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000b3) was retried.

Log: 'System' Date/Time: 19/05/2019 09:01:29
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000b3) was retried.

Log: 'System' Date/Time: 19/05/2019 09:01:29
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000b3) was retried.

Log: 'System' Date/Time: 19/05/2019 09:01:29
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000b3) was retried.

Log: 'System' Date/Time: 19/05/2019 09:01:29
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000b3) was retried.

Log: 'System' Date/Time: 19/05/2019 09:01:29
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000b3) was retried.

Log: 'System' Date/Time: 19/05/2019 09:01:29
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000b3) was retried.

Log: 'System' Date/Time: 19/05/2019 09:01:29
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000b3) was retried.

Log: 'System' Date/Time: 19/05/2019 09:01:29
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000b3) was retried.

Log: 'System' Date/Time: 19/05/2019 09:01:29
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000b3) was retried.

----------------------------------------------------------------------------------------------

Process Explorer

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name
System Idle Process   75.51   0 K   4 K   0
avp.exe   8.37   312,192 K   183,020 K   1588   Kaspersky Anti-Virus   AO Kaspersky Lab
LatMon.exe   5.25   27,868 K   37,348 K   5180
procexp64.exe   3.18   44,888 K   58,356 K   4084   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com
firefox.exe   1.60   384,328 K   413,756 K   4464   Firefox   Mozilla Corporation
dwm.exe   1.27   26,420 K   28,912 K   648
Interrupts   1.05   0 K   0 K   n/a   Hardware Interrupts and DPCs
System   0.92   6,296 K   2,264 K   4
mbbService.exe   0.75   1,500 K   4,084 K   1780
explorer.exe   0.54   52,068 K   83,296 K   3336   Windows Explorer   Microsoft Corporation
firefox.exe   0.44   235,064 K   351,620 K   5784   Firefox   Mozilla Corporation
csrss.exe   0.33   2,440 K   38,652 K   788
firefox.exe   0.32   120,068 K   155,736 K   4432   Firefox   Mozilla Corporation
firefox.exe   0.23   412,908 K   495,944 K   4052   Firefox   Mozilla Corporation
svchost.exe   0.07   7,632 K   12,504 K   1212   Host Process for Windows Services   Microsoft Corporation
avpui.exe   0.06   76,784 K   5,312 K   3696   Kaspersky Anti-Virus   AO Kaspersky Lab
mdm.exe   0.03   1,532 K   4,352 K   1708   Machine Debug Manager   Microsoft Corporation
firefox.exe   0.03   71,704 K   141,368 K   4040   Firefox   Mozilla Corporation
firefox.exe   0.02   130,816 K   149,992 K   5364   Firefox   Mozilla Corporation
svchost.exe   0.01   4,264 K   8,624 K   964   Host Process for Windows Services   Microsoft Corporation
EvernoteClipper.exe   < 0.01   3,248 K   5,068 K   4640   Evernote Clipper   Evernote Corp., 305 Walnut Street, Redwood City, CA 94063
svchost.exe   < 0.01   3,360 K   6,600 K   1004   Host Process for Windows Services   Microsoft Corporation
lsass.exe   < 0.01   4,236 K   8,088 K   892   Local Security Authority Process   Microsoft Corporation
svchost.exe   < 0.01   78,716 K   81,488 K   1108   Host Process for Windows Services   Microsoft Corporation
BtvStack.exe   < 0.01   11,608 K   10,844 K   4536   Extension Core   Qualcomm®Atheros®
csrss.exe   < 0.01   1,808 K   3,260 K   660
WUDFHost.exe       1,456 K   4,452 K   2348
WmiPrvSE.exe       1,512 K   5,768 K   5276
WmiPrvSE.exe       2,716 K   5,736 K   1260
WmiApSrv.exe       1,068 K   3,892 K   2008   WMI Performance Reverse Adapter   Microsoft Corporation
wlanext.exe       1,176 K   3,444 K   1328
winlogon.exe       1,448 K   5,396 K   832
wininit.exe       860 K   3,108 K   760
VEW.exe       1,876 K   6,940 K   5244
VEW.exe       1,848 K   6,844 K   1084
VEW.exe       1,848 K   6,976 K   4676
VEW.exe       1,848 K   6,988 K   520
VEW.exe       1,848 K   7,028 K   4772
taskhostex.exe       3,924 K   9,408 K   3176   Host Process for Windows Tasks   Microsoft Corporation
taskhost.exe       12,088 K   18,212 K   5344
taskeng.exe       1,296 K   4,884 K   3596
svchost.exe       22,260 K   29,552 K   604   Host Process for Windows Services   Microsoft Corporation
svchost.exe       13,324 K   16,812 K   1456   Host Process for Windows Services   Microsoft Corporation
svchost.exe       23,744 K   21,536 K   664   Host Process for Windows Services   Microsoft Corporation
svchost.exe       8,652 K   12,136 K   1044   Host Process for Windows Services   Microsoft Corporation
svchost.exe       4,944 K   9,784 K   1668   Host Process for Windows Services   Microsoft Corporation
svchost.exe       1,804 K   4,696 K   1964   Host Process for Windows Services   Microsoft Corporation
svchost.exe       3,140 K   5,504 K   2140   Host Process for Windows Services   Microsoft Corporation
svchost.exe       1,384 K   3,556 K   2252   Host Process for Windows Services   Microsoft Corporation
spoolsv.exe       3,680 K   7,172 K   1412   Spooler SubSystem App   Microsoft Corporation
SnippingTool.exe       9,920 K   32,240 K   1244   Snipping Tool   Microsoft Corporation
smss.exe       272 K   820 K   464
services.exe       2,600 K   5,268 K   884
SearchIndexer.exe       18,304 K   12,320 K   3708   Microsoft Windows Search Indexer   Microsoft Corporation
procexp.exe       2,848 K   8,048 K   524   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com
notepad.exe       1,492 K   7,144 K   4184   Notepad   Microsoft Corporation
notepad.exe       9,004 K   27,932 K   4616
MagicPlus_helper.exe       14,412 K   32 K   3640
Locator.exe       428 K   1,760 K   1932   Rpc Locator   Microsoft Corporation
ksdeui.exe       6,432 K   3,112 K   1160   Kaspersky Secure Connection   AO Kaspersky Lab
ksde.exe       22,868 K   10,676 K   3216   Kaspersky Secure Connection   AO Kaspersky Lab
GoogleCrashHandler64.exe       1,280 K   16 K   4728
GoogleCrashHandler.exe       1,852 K   48 K   4720
firefox.exe       23,760 K   39,348 K   4364   Firefox   Mozilla Corporation
firefox.exe       66,176 K   57,992 K   1508   Firefox   Mozilla Corporation
dasHost.exe       2,764 K   5,652 K   1684
conhost.exe       1,312 K   5,696 K   3460
conhost.exe       636 K   2,380 K   1348
cmd.exe       1,496 K   2,404 K   2204
audiodg.exe       6,348 K   9,204 K   3468
ActivateDesktop.exe       1,208 K   4,116 K   4552

----------------------------------------------------

Latency Monitor Screenshot is taken. How do I attach it here, please?

Would this be okay?

https://imgur.com/oltWQeY

#11
Hari Prahlad

Posted 19 May 2019 - 09:54 PM

Member

Topic Starter
Member
301 posts

For the Latency Monitor Screenshot, again...

https://hariprahlad2...ird_party=1#_=_

#12
RKinner

Posted 20 May 2019 - 09:27 PM

Malware Expert

Expert
24,625 posts

The first screen shot worked but you forgot to click on the Had Pagefault column header to sort them with the largest number of pagefaults at the top.

Right now tho I think this is a problem we need to worry about

Log: 'System' Date/Time: 19/05/2019 09:01:29
Type: Warning Category: 0
Event: 153 Source: disk
The IO operation at logical block address 0x0 for Disk 1 (PDO name: \Device\000000b3) was retried.

Search for

Device Manager

hit Enter

Look for IDE ATA/ATAPI controllers. Click on the arrow in front and it should open to show you the controller. Right click on it and Update Driver. If Windows says you have the best driver then Right click and select Properties then Details then change it to Hardware IDs then highlight the first one and right click and Copy. Move to a Reply to this post and Ctrl + v to paste. Also Properties, Driver. What date and version does it show?

#13
Hari Prahlad

Posted 20 May 2019 - 10:48 PM

Member

Topic Starter
Member
301 posts

PCI\VEN_8086&DEV_9C83&SUBSYS_098A1025&REV_03

---------------------------

Intel® Series Chipset Family SATA AHCI Controller
Driver Provider Intel Corporation
Driver Date 23-Aug-16
Driver Version 14.8.12.1059

#14
RKinner

Posted 21 May 2019 - 04:35 AM

Malware Expert

Expert
24,625 posts

Acer's driver is older. See if Intel has anything newer for you:

https://downloadcenter.intel.com/

then click on Get Started where it says:
Automatically update your drivers

"Identify your products and get driver and software updates for your Intel hardware." then follow the prompts.

Can you repost your speccy log? This time remove the serial number first.

#15
Hari Prahlad

Posted 21 May 2019 - 05:16 AM

Member

Topic Starter
Member
301 posts

Done as directed.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: Hanging, Malware

Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,735 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,806 views	DR M 16 Apr 2023
Security → Virus, Spyware, Malware Removal → Checkmate Ransomware detection / removal? Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more...	0 replies 1,864 views	JcTcom 18 Aug 2022
Security → Virus, Spyware, Malware Removal → Getting a warning over & over but not getting it clean [Solved] Started by Phlegmbot , 28 Mar 2022 malware, spyware, redirect 1 2	Hot 21 replies 6,801 views	DR M 10 Apr 2022
Security → Virus, Spyware, Malware Removal → PC keeps hanging and restarting on its own [Closed] Started by lolx21341 , 29 Jan 2022 Hanging, Restarting, Virus and 2 more...	3 replies 3,605 views	DR M 03 Feb 2022