Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop hangs frequently

Hanging Malware

  • Please log in to reply

#31
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts

Clock synced to Indian Standard Time

Attached Thumbnails

  • Capture.JPG

  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,590 posts
  • MVP

Ah India.  That explains the time difference.

 

Run Process Explorer (remember to right click and Run As Admin).  Click on the Process column header to sort things by name.  Scroll down and find MagicPlus_helper.exe. Right click on it and Kill Process.  Then see if you can now uninstall MagicPlus.  IF that doesn't work we will try to remove it like a virus with FRST.


  • 0

#33
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts

Hi

 

Unable to remove MagicPlus through Process Explorer--3 attempts and it keeps coming back.  How do I do it through FRST?


  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,590 posts
  • MVP

The Idea was to kill the process with process explorer then try to remove Magicplus the usual way but we should be able to remove most of it with FRST:

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   2.91KB   2 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


  • 0

#35
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts

Hi

 

Done as instructed. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05.2019
Ran by admin (administrator) on USER (Acer Aspire E5-573) (24-05-2019 05:55:41)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Huawei Technologies Co., Ltd. -> ) C:\ProgramData\MobileBrServ\mbbService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [CheckNDISPort55ac29] => C:\Program Files (x86)\Vodafone Mobile Connect\CheckNDISPort_df.exe [478928 2017-10-13] (ZTE CORPORATION -> )
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Vodafone Mobile Connect\CancelAutoPlay_df.exe [448208 2017-10-13] (ZTE CORPORATION -> )
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-22] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-09-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3D22F6EB-7D48-4581-8A4A-7761F8E75A76}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7E9EBC38-283C-4B56-89DA-0535C2A81429}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{8C0C8C41-DE5D-461D-8BFB-EE4420C2962F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{F916C187-3FE7-40E2-8C16-F14583B0F455}: [DhcpNameServer] 192.168.43.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1]

Internet Explorer:
==================
HKU\S-1-5-21-844090339-168977430-2555540811-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-07-27] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-844090339-168977430-2555540811-1001 -> Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)

FireFox:
========
FF DefaultProfile: 4t3exipe.default-1551755093489
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4t3exipe.default-1551755093489 [2019-05-24]
FF Extension: (Facebook Container) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4t3exipe.default-1551755093489\Extensions\@contain-facebook.xpi [2019-05-23]
FF Extension: (ETP Search Volume Study) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4t3exipe.default-1551755093489\Extensions\[email protected] [2019-05-15]
FF Extension: (Online Convert) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4t3exipe.default-1551755093489\Extensions\[email protected] [2019-04-08]
FF Extension: (Facebook Messenger Message Cleaner) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4t3exipe.default-1551755093489\Extensions\{847eddef-437f-4b5f-93db-b230488bc239}.xpi [2019-03-14]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-04-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-03-05] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-03-05] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://homepage-web.com/?s=acer&m=home
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://homepage-web.com/?s=acer&m=start"
CHR DefaultSearchURL: Default -> hxxps://192.168.1.240/bahmni/favicon.ico
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2019-05-21]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-29]
CHR Extension: (Video & GIF Downloader For Facebook™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajanondpapegkikdhmmhmoogcaajdokn [2018-12-14]
CHR Extension: (Kaspersky Protection) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-11-15]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-29]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-20]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2019-04-19]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-20]
CHR Extension: (OpenERP) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapopdbfnfhcgfdldoielojfiidmecaj [2018-12-14]
CHR Extension: (Video Downloader professional) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2019-04-19]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-12-14]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-15]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-05-21]
CHR Extension: (Delete All Messages) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiidlnejdlfoacoeleopkljhbckmlko [2019-03-28]
CHR Extension: (Delete All Messages for Facebook™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnpnpdgfopkoibbhemhdinhcbghpokf [2019-05-21]
CHR Extension: (Multi Forward for Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmdplljmniahpamcmabdnahmjdlikpm [2017-08-02]
CHR Extension: (Save to Facebook) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2019-05-21]
CHR Extension: (Grammarly for Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-05-21]
CHR Extension: (Facebook Fast Delete Messages) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\klmpnhheahecaojonebajllddfhpilan [2017-06-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-21]
CHR Extension: (Anti-Phishing & Authenticity Checker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggehmlfnempkheebgikhmemhnnpacle [2018-12-14]
CHR Extension: (Messenger Cleaner) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhfajmpgiahjmnbhemaehbgadnhnhbd [2019-03-15]
CHR Extension: (Bahmni Home) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlejgcccohmalhjkncfcbnbekihgnnmg [2017-07-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-15]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-21]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-29]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKU\S-1-5-21-844090339-168977430-2555540811-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [322176 2014-12-01] (Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed]
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [26472 2019-05-02] (IDSA Production signing key -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [72552 2019-05-02] (IDSA Production signing key -> Intel)
S4 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [125168 2014-12-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-03-11] (Intel Corporation - pGFX -> Intel Corporation)
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel® Software Asset Manager -> Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2018-12-07] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-27] (Microsoft Corporation) [File not signed]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] (Huawei Technologies Co., Ltd. -> )
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG -> Nero AG)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-07-01] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [528576 2018-02-20] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [75600 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [125568 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [91472 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [236672 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [1091920 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1168000 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [58704 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [60536 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [60784 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50304 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [46416 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [48080 2018-02-12] (AnchorFree Inc -> The OpenVPN Project)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [104576 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [184960 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [218240 2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2299392 2015-01-29] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros, Inc.)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
R3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Microsoft Windows -> Realtek )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 AndnetBus; \SystemRoot\System32\drivers\lgandnetbus64.sys [X]
S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-24 05:55 - 2019-05-24 05:56 - 000021359 _____ C:\Users\admin\Desktop\FRST.txt
2019-05-24 05:39 - 2019-05-24 05:42 - 000004691 _____ C:\Users\admin\Desktop\Fixlog.txt
2019-05-22 06:59 - 2019-05-24 05:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-05-21 16:44 - 2019-05-23 16:53 - 000003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-05-21 16:41 - 2019-05-21 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-05-21 16:40 - 2019-05-21 16:44 - 000000000 ____D C:\ProgramData\Intel
2019-05-21 16:40 - 2019-05-21 16:40 - 000003616 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-05-21 16:40 - 2019-05-21 16:40 - 000003370 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-05-20 09:02 - 2019-05-20 09:02 - 000004551 _____ C:\Users\admin\Desktop\Process Explorer.TXT
2019-05-20 08:51 - 2019-05-23 09:12 - 000009780 _____ C:\Users\admin\Desktop\VEW2.txt
2019-05-20 08:47 - 2019-05-23 09:10 - 000014419 _____ C:\Users\admin\Desktop\VEW1.txt
2019-05-20 08:44 - 2019-05-23 09:12 - 000009780 _____ C:\VEW.txt
2019-05-20 08:37 - 2019-05-20 08:57 - 000006482 _____ C:\Users\admin\Desktop\junk.txt
2019-05-20 06:43 - 2019-05-20 06:43 - 000002534 _____ C:\Users\admin\Desktop\Geeks.txt
2019-05-20 06:14 - 2019-05-20 06:14 - 000061440 _____ ( ) C:\Users\admin\Desktop\VEW.exe
2019-05-19 13:27 - 2019-05-19 13:27 - 000000826 _____ C:\Users\admin\Desktop\LatencyMon.lnk
2019-05-19 13:27 - 2019-05-19 13:27 - 000000814 _____ C:\Users\admin\Desktop\In Depth Latency Tests.lnk
2019-05-19 13:27 - 2019-05-19 13:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2019-05-19 13:27 - 2019-05-19 13:27 - 000000000 ____D C:\Program Files\LatencyMon
2019-05-19 13:27 - 2015-07-13 11:16 - 000026368 _____ (Resplendence Software Projects Sp.) C:\Windows\system32\Drivers\rspLLL64.sys
2019-05-19 13:25 - 2019-05-19 13:25 - 002323432 _____ (Resplendence Software Projects Sp. ) C:\Users\admin\Desktop\LatencyMon.exe
2019-05-19 08:50 - 2019-05-19 08:50 - 000005205 _____ C:\Users\admin\Desktop\System Idle Process.txt
2019-05-19 08:45 - 2019-05-19 08:47 - 000180106 _____ C:\Users\admin\Desktop\USERSPECCY.txt
2019-05-19 08:43 - 2019-05-19 08:43 - 000000808 _____ C:\Users\Public\Desktop\Speccy.lnk
2019-05-19 08:43 - 2019-05-19 08:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2019-05-19 08:43 - 2019-05-19 08:43 - 000000000 ____D C:\Program Files\Speccy
2019-05-19 08:36 - 2019-05-20 08:56 - 000006482 _____ C:\junk.txt
2019-05-19 08:36 - 2019-05-19 08:40 - 000006239 _____ C:\Windows\system32\junk.txt
2019-05-19 08:23 - 2019-05-19 08:23 - 002703128 _____ (Sysinternals - www.sysinternals.com) C:\Users\admin\Desktop\procexp.exe
2019-05-18 13:49 - 2019-05-18 13:49 - 000000000 ____D C:\Users\admin\AppData\Local\FreemakeVideoDownloader
2019-05-18 13:48 - 2019-05-18 13:53 - 000000000 ____D C:\ProgramData\Freemake
2019-05-18 13:48 - 2019-05-18 13:51 - 000000000 ____D C:\Users\admin\Documents\Freemake
2019-05-18 13:47 - 2019-05-18 13:52 - 000000000 ____D C:\Program Files (x86)\Freemake
2019-05-17 09:50 - 2019-05-17 09:51 - 000128454 _____ C:\Users\admin\Desktop\Hari Krishna Prahlad CV.pdf
2019-05-16 13:09 - 2019-05-19 16:22 - 000003332 _____ C:\Users\admin\Desktop\jokes.txt
2019-05-15 08:32 - 2019-05-06 09:17 - 001311768 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-05-15 08:32 - 2019-05-06 09:06 - 001677024 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-05-15 08:32 - 2019-05-06 09:06 - 001537776 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-05-15 08:32 - 2019-05-06 09:05 - 007363320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-05-15 08:32 - 2019-05-06 09:04 - 000805384 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-05-15 08:32 - 2019-05-06 09:03 - 001136208 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-05-15 08:32 - 2019-05-06 07:42 - 000861184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-05-15 08:32 - 2019-05-06 07:38 - 001040384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-05-15 08:32 - 2019-05-06 07:11 - 001197056 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2019-05-15 08:32 - 2019-04-30 06:21 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-05-15 08:32 - 2019-04-30 06:21 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-05-15 08:32 - 2019-04-25 09:31 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-05-15 08:32 - 2019-04-25 09:10 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-05-15 08:32 - 2019-04-25 09:01 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-05-15 08:32 - 2019-04-25 08:58 - 005775360 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-05-15 08:32 - 2019-04-25 08:56 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-05-15 08:32 - 2019-04-25 08:39 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-05-15 08:32 - 2019-04-25 08:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-05-15 08:32 - 2019-04-25 08:28 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2019-05-15 08:32 - 2019-04-25 08:20 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-05-15 08:32 - 2019-04-25 08:16 - 015285248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-05-15 08:32 - 2019-04-25 08:12 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2019-05-15 08:32 - 2019-04-25 08:10 - 004493312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-05-15 08:32 - 2019-04-25 08:07 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-05-15 08:32 - 2019-04-25 08:05 - 013682176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-05-15 08:32 - 2019-04-25 08:05 - 005303808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-05-15 08:32 - 2019-04-25 07:54 - 001557504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-05-15 08:32 - 2019-04-25 07:48 - 004831232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-05-15 08:32 - 2019-04-25 07:44 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-05-15 08:32 - 2019-04-25 07:44 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-05-15 08:32 - 2019-04-25 07:42 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-05-15 08:32 - 2019-04-20 22:11 - 000081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2019-05-15 08:32 - 2019-04-17 06:15 - 022373296 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-05-15 08:32 - 2019-04-17 06:11 - 019790872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-05-15 08:32 - 2019-04-16 19:15 - 001756160 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-05-15 08:32 - 2019-04-16 19:10 - 001493504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-05-15 08:32 - 2019-04-14 22:07 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-05-15 08:32 - 2019-04-14 22:05 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-05-15 08:32 - 2019-04-14 21:39 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-05-15 08:32 - 2019-04-14 21:37 - 000113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2019-05-15 08:32 - 2019-04-09 03:47 - 000537096 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-05-15 08:32 - 2019-04-09 03:47 - 000139912 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-05-15 08:32 - 2019-04-09 03:43 - 000449744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-05-15 08:32 - 2019-04-09 03:42 - 000136736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-05-15 08:32 - 2019-04-09 03:10 - 000136432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2019-05-15 08:32 - 2019-04-07 06:27 - 001214720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-05-15 08:32 - 2019-04-07 02:01 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-05-15 08:32 - 2019-04-07 02:01 - 000376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2019-05-15 08:32 - 2019-04-07 02:01 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-05-15 08:32 - 2019-04-07 02:01 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-05-15 08:32 - 2019-04-07 02:01 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-05-15 08:32 - 2019-04-07 00:09 - 002172832 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2019-05-15 08:32 - 2019-04-07 00:09 - 001662512 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-05-15 08:32 - 2019-04-06 21:12 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-05-15 08:32 - 2019-04-06 04:17 - 000096208 _____ (Microsoft Corporation) C:\Windows\system32\cryptdll.dll
2019-05-15 08:32 - 2019-04-06 04:16 - 000177608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-05-15 08:32 - 2019-04-06 04:14 - 000073248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdll.dll
2019-05-15 08:32 - 2019-04-05 19:37 - 003324928 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-05-15 08:32 - 2019-04-05 19:36 - 001253888 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-05-15 08:32 - 2019-04-05 19:36 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-05-15 08:32 - 2019-04-05 19:36 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-05-15 08:32 - 2019-04-05 19:31 - 003618304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-05-15 08:32 - 2019-04-05 19:31 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-05-15 08:32 - 2019-04-05 05:28 - 000863232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2019-05-15 08:32 - 2019-04-05 03:45 - 000513416 _____ C:\Windows\SysWOW64\locale.nls
2019-05-15 08:32 - 2019-04-05 03:45 - 000513416 _____ C:\Windows\system32\locale.nls
2019-05-15 08:32 - 2019-04-04 23:31 - 000469504 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2019-05-15 08:32 - 2019-04-04 23:11 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-05-15 08:32 - 2019-04-04 22:40 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2019-05-15 08:32 - 2019-04-04 22:19 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-05-15 08:32 - 2019-04-04 22:18 - 000713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2019-05-15 08:32 - 2019-04-04 22:14 - 002779648 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2019-05-15 08:32 - 2019-04-04 21:45 - 000562176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2019-05-15 08:32 - 2019-04-04 21:40 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2019-05-15 08:32 - 2015-06-10 04:09 - 000053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2019-05-15 08:32 - 2015-06-10 04:08 - 001201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2019-05-14 19:26 - 2019-05-14 19:26 - 000390192 _____ C:\Users\admin\Desktop\Jalaluddin Rumi.pdf
2019-05-11 12:39 - 2019-05-23 08:30 - 000000000 ____D C:\Users\admin\Desktop\DW
2019-05-11 12:37 - 2019-05-24 05:54 - 000000000 ____D C:\FRST
2019-05-11 12:35 - 2019-05-24 05:39 - 002435072 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2019-05-11 10:59 - 2019-05-11 11:00 - 003809414 _____ C:\Users\admin\Downloads\video-1557488557.mp4
2019-05-09 19:34 - 2019-05-09 19:34 - 000236152 _____ C:\Users\admin\Desktop\Gitanjali.pdf
2019-05-09 17:31 - 2019-05-09 17:31 - 000301749 _____ C:\Users\admin\Desktop\Nationalism by Tagore.pdf
2019-05-09 13:25 - 2019-05-09 13:25 - 000178127 _____ C:\Users\admin\Downloads\NationalismTagore.epub
2019-05-09 09:40 - 2019-05-09 09:40 - 009152798 _____ C:\Users\admin\Downloads\app-com.vidmix.app-homesite-release-v1.7.9.1-39-20190422-173209.apk
2019-05-07 10:40 - 2019-05-07 10:40 - 007931026 _____ C:\Users\admin\Desktop\kolam.mp4
2019-05-05 17:30 - 2019-05-05 17:30 - 000004830 _____ C:\Users\admin\Desktop\Patiala.txt
2019-05-05 10:44 - 2019-05-05 10:45 - 017988470 _____ C:\Users\admin\Downloads\Clausewitz On War_compressed.pdf
2019-04-29 10:25 - 2019-04-29 10:26 - 000002760 _____ C:\Windows\SysWOW64\lgAxconfig.ini
2019-04-29 10:25 - 2019-04-29 10:26 - 000000000 ____D C:\ProgramData\LGMOBILEAX
2019-04-29 10:25 - 2019-04-29 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
2019-04-29 10:25 - 2011-05-06 10:37 - 000655872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr90.dll
2019-04-29 10:25 - 2011-05-06 10:37 - 000568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp90.dll
2019-04-29 10:25 - 2011-05-06 10:37 - 000224768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcm90.dll
2019-04-29 10:25 - 2006-04-30 05:33 - 000053248 _____ () C:\Windows\SysWOW64\CommonDL.dll
2019-04-29 10:25 - 2005-09-29 22:39 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
2019-04-29 10:24 - 2019-04-29 10:24 - 016691672 _____ (LG Electronics) C:\Users\admin\Downloads\LGMobileDriver_WHQL_Ver_4.2.0(2).exe
2019-04-29 10:24 - 2019-04-29 10:24 - 001763528 _____ (LG Electronics) C:\Users\admin\Downloads\LGMobileSupportTool.exe
2019-04-29 10:16 - 2019-04-29 10:18 - 114146416 _____ (Anvsoft) C:\Users\admin\Downloads\syncios_data_transfer.exe
2019-04-29 10:02 - 2019-04-29 10:02 - 016691672 _____ (LG Electronics) C:\Users\admin\Downloads\LGMobileDriver_WHQL_Ver_4.2.0(1).exe
2019-04-28 12:23 - 2019-04-28 12:23 - 000970920 _____ C:\Users\admin\Downloads\video-1556431002.mp4
2019-04-26 14:55 - 2019-04-26 15:01 - 013324765 _____ C:\Users\admin\Desktop\cow.mp4

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-24 05:52 - 2017-04-25 09:49 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-05-24 05:52 - 2017-04-21 08:35 - 000000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2019-05-24 05:51 - 2017-04-20 06:50 - 000003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-844090339-168977430-2555540811-1001
2019-05-24 05:45 - 2013-08-22 20:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-24 05:37 - 2017-04-21 08:36 - 000003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D4A6C8BA-157C-4671-970D-5A9A13D3CC10}
2019-05-23 08:17 - 2017-04-30 09:51 - 000001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-23 08:17 - 2017-04-30 09:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-23 08:12 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-05-22 10:20 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\ELAM
2019-05-22 06:13 - 2017-04-21 12:17 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-22 06:13 - 2017-04-21 12:17 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-21 16:41 - 2017-04-20 06:56 - 000000000 ____D C:\Program Files (x86)\Intel
2019-05-21 16:40 - 2017-04-20 06:54 - 000000000 ____D C:\Program Files\Intel
2019-05-21 16:40 - 2017-04-20 06:53 - 000000000 ____D C:\ProgramData\Package Cache
2019-05-21 08:41 - 2014-03-18 15:34 - 000820208 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-21 08:41 - 2013-08-22 19:06 - 000000000 ____D C:\Windows\Inf
2019-05-20 17:23 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\rescache
2019-05-20 13:35 - 2018-11-05 16:20 - 000000000 ____D C:\Users\admin\Desktop\phone
2019-05-20 13:34 - 2019-03-04 13:58 - 000000000 ____D C:\Users\admin\Desktop\New Phone
2019-05-20 07:36 - 2013-08-22 20:14 - 000483952 _____ C:\Windows\system32\FNTCACHE.DAT
2019-05-20 07:33 - 2013-08-22 20:50 - 000000000 ____D C:\Windows\CbsTemp
2019-05-19 14:30 - 2019-01-20 13:49 - 000000000 ____D C:\Users\admin\AppData\Roaming\vlc
2019-05-17 09:29 - 2017-07-12 08:33 - 000000000 ____D C:\Users\admin\Desktop\Hari
2019-05-17 09:07 - 2013-08-22 21:06 - 000000000 ___RD C:\Windows\ToastData
2019-05-17 08:49 - 2017-06-24 08:00 - 000000000 ____D C:\Windows\system32\MRT
2019-05-17 08:19 - 2017-06-24 08:00 - 132445408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-05-16 08:16 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\AppReadiness
2019-05-15 18:25 - 2017-04-21 12:08 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 18:25 - 2017-04-21 12:08 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-14 10:04 - 2019-03-11 17:35 - 000000000 ____D C:\Users\admin\Desktop\New Pics
2019-05-09 14:31 - 2019-03-11 17:40 - 000000000 ____D C:\Users\admin\Desktop\PDF
2019-05-08 12:40 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-05-08 12:40 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\system32\Macromed
2019-05-07 05:54 - 2017-04-19 19:10 - 000000000 ____D C:\Users\admin\AppData\Roaming\Atheros
2019-05-06 11:58 - 2019-04-19 07:58 - 000000000 ____D C:\Users\admin\Desktop\Phone Final
2019-05-06 11:57 - 2017-04-20 07:01 - 000000000 ____D C:\Users\admin\Documents\Bluetooth Folder
2019-05-06 05:54 - 2017-04-30 08:19 - 000000000 ____D C:\Program Files (x86)\LenovoUsbDriver
2019-05-03 13:22 - 2017-09-27 15:52 - 000000000 ____D C:\Users\admin\Desktop\AMS
2019-05-03 03:29 - 2017-06-21 08:03 - 000835688 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-05-03 03:29 - 2017-06-21 08:03 - 000179816 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-01 06:04 - 2018-11-13 12:01 - 000000000 ____D C:\Users\admin\Desktop\Pics

==================== Files in the root of some directories =======

2017-05-08 13:26 - 2017-09-09 13:54 - 000005120 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-11 19:12 - 2017-05-11 19:12 - 000000000 _____ () C:\Users\admin\AppData\Local\{D0478A62-141E-4DB0-823C-FBA3EF766F66}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-05-23 10:35
==================== End of FRST.txt ============================

Attached Files


  • 0

#36
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts

Addition logAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by admin (24-05-2019 05:57:11)
Running from C:\Users\admin\Desktop
Windows 8.1 Pro (Update) (X64) (2017-04-20 01:13:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-844090339-168977430-2555540811-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-844090339-168977430-2555540811-500 - Administrator - Disabled)
Guest (S-1-5-21-844090339-168977430-2555540811-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{EACFB65E-21AA-4DF1-8B57-0DBC46D4C513}) (Version: 7.1 - Intel) Hidden
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3012 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Backup and Sync from Google (HKLM\...\{F9EEDE46-6409-4ECC-8AB6-7062464987A4}) (Version: 3.43.4275.9540 - Google, Inc.)
Evernote v. 6.6.4 (HKLM-x32\...\{FAA0F386-730B-11E7-8B9C-005056951CAD}) (Version: 6.6.4.5512 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
HP LaserJet 1020 Series (HKLM\...\HP LaserJet 1020 Series) (Version:  - )
iBall Face2Face Webcam C8.0 (HKLM-x32\...\{D20DAFCD-D58E-44EC-99CA-BB1FD7387F5C}) (Version: 1.0.0.0 - VideoCap)
Intel Driver && Support Assistant (HKLM-x32\...\{1C86244D-6CBD-4067-BD27-1C263B7D5B35}) (Version: 19.4.18.9 - Intel) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4156 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{B2913DAE-3EBC-4C88-8245-0AA34B2E461D}) (Version: 17.1.1450.0402 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{f2e24019-b9cf-40fd-861f-1f67a73ec7e7}) (Version: 19.4.18.9 - Intel)
IrfanView 4.52 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.52 - Irfan Skiljan)
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
LatencyMon 6.71 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Lenovo Moto Smart Assistant (HKLM-x32\...\{C050AF2D-DD41-455E-A65E-628637B4A9CC}) (Version: 3.0.0.6 - Lenovo)
LenovoUsbDriver 1.1.29 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.1.29 - Lenovo)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mobile Assistant (HKLM-x32\...\{BAE5A642-2B18-411F-A79A-D3B213385ACA}) (Version: 1.4.1.14200 - Lenovo)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.26.01.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 67.0 (x64 en-US) (HKLM\...\Mozilla Firefox 67.0 (x64 en-US)) (Version: 67.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Nero 7 Essentials (HKLM-x32\...\{66B6D13A-9CC1-417D-B6F2-58AA539D1033}) (Version: 7.03.1303 - Nero AG)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.336 - Qualcomm Atheros Communications)
Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.177L - Qualcomm Atheros)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.47 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39063 - Realtek Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vodafone Mobile Connect (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.3 - ZTE Corporation)
WhatsApp (HKU\S-1-5-21-844090339-168977430-2555540811-1001\...\WhatsApp) (Version: 0.3.2043 - WhatsApp)
Windows Driver Package - MediaTek Inc. (wdm_usb) Ports  (01/22/2015 3.0.1504.0) (HKLM\...\BD5E2A628C2263FAEC66A4BFF2E88B897427E4C3) (Version: 01/22/2015 3.0.1504.0 - MediaTek Inc.)
WinRAR 5.70 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinZip (HKLM-x32\...\WinZip) (Version:  8.1  (4331) - WinZip Computing, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-844090339-168977430-2555540811-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-25] (Nero AG -> Nero AG)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC -> Google)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [2014-12-01] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC -> Google)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-03-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-04-16] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLSTB.DLL [2001-11-27] (WinZip Computing, Inc.) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Bahmni Home.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=nlejgcccohmalhjkncfcbnbekihgnnmg
ShortcutWithArgument: C:\Users\Public\Desktop\Vodafone.lnk -> C:\Program Files (x86)\Vodafone Mobile Connect\LaunchWebUI.exe () -> hxxp://vodafonemobileconnect.4G

==================== Loaded Modules (Whitelisted) ==============

2014-12-01 06:58 - 2014-12-01 06:58 - 000011264 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-12-01 06:54 - 2014-12-01 06:54 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2015-01-27 04:12 - 2015-01-27 04:12 - 000139264 _____ () [File not signed] C:\Windows\system32\ihvmanager\AthIHVManager.dll
2006-10-27 02:10 - 2006-10-27 02:10 - 000335872 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
2015-01-27 04:11 - 2015-01-27 04:11 - 000376320 _____ (Quacomm Atheros, Inc.) [File not signed] C:\Windows\system32\ihvmanager\AthIhvWlanVoE.dll
2014-12-01 07:00 - 2014-12-01 07:00 - 000012928 _____ (Qualcomm Atheros -> ) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-12-01 07:01 - 2014-12-01 07:01 - 000107648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000134784 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
2014-12-01 07:01 - 2014-12-01 07:01 - 000033408 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\CommApi.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000203392 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\FolderViewImpl.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000085632 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\GattI.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000126592 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\gatts.DLL
2014-12-01 07:01 - 2014-12-01 07:01 - 000083072 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Handsfree.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000034432 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ipc.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 000063104 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ModuleManager.dll
2014-12-01 07:01 - 2014-12-01 07:01 - 001067648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\OutLookLib.dll
2014-12-01 07:02 - 2014-12-01 07:02 - 000291456 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll
2014-12-01 07:02 - 2014-12-01 07:02 - 000130176 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\skypeagent.dll
2014-12-01 07:02 - 2014-12-01 07:02 - 000027264 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\TCPConnection.dll
2014-12-01 07:02 - 2014-12-01 07:02 - 000116352 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\utils.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000308224 _____ (Qualcomm Atheros Commnucations) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\LE\LE.dll
2014-12-01 06:56 - 2014-12-01 06:56 - 000210432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Audio\audio.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000162304 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BasicPrintProfile\BPP.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000177152 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\BIP\BIP.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000018432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\DID\DId.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000035840 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FAX\Fax.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000422400 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\FileTransfer\FileTransfer.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000096256 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\GapSdp\GapSdp.dll
2014-12-01 06:51 - 2014-12-01 06:51 - 000096768 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\goep\goep.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000029696 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HCRP\Hcrp.dll
2014-12-01 06:55 - 2014-12-01 06:55 - 000142848 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\HealthDevice\HDP.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000091136 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\L2capLib\l2caplib.dll
2014-12-01 06:51 - 2014-12-01 06:51 - 000181248 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\ObjPush.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000066048 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\OppOperation\OppOperation.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000067072 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\pbap\pbap.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000063488 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\RfcommLib\rfcommlib.dll
2014-12-01 06:57 - 2014-12-01 06:57 - 000097280 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\sap\sap.dll
2014-12-01 06:58 - 2014-12-01 06:58 - 000087552 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\SesMgr\sesmgr.dll
2014-12-01 06:56 - 2014-12-01 06:56 - 000055296 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\spp\spp.dll
2014-12-01 06:56 - 2014-12-01 06:56 - 000064512 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Sync\Sync.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 18:55 - 2017-09-19 06:32 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-844090339-168977430-2555540811-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\IrfanView\IrfanView_Wallpaper.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: AVP16.0.1 => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: klvssbrigde64 => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: Service KMSELDI => 2
MSCONFIG\Services: UCBrowserSvc => 2
HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df"
HKLM\...\StartupApproved\Run32: => "CheckNDISPort55ac29"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3698853D-E40D-4AA0-A66F-DBB0E4A80524}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EF178FBD-4C15-4C3D-BD1D-5BF6DE8C0CC3}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe No File
FirewallRules: [{A92C2F83-407A-42B3-90A4-BD76EC4D07FE}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe No File
FirewallRules: [{40AF8126-4D6F-45EE-A00B-8C78BC172281}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

29-04-2019 10:04:36 Installed LG Mobile Driver
14-05-2019 14:46:46 Scheduled Checkpoint
21-05-2019 16:39:29 Intel® Driver & Support Assistant

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2019 05:47:17 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/24/2019 05:47:15 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (05/24/2019 05:46:28 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Driver & Support Assistant service hung on starting.

Error: (05/24/2019 05:45:11 AM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (05/24/2019 05:44:37 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Driver & Support Assistant service hung on starting.

Error: (05/24/2019 05:43:26 AM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.37 02/16/2016
Motherboard: Acer ZORO_BH
Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 49%
Total physical RAM: 4016.42 MB
Available physical RAM: 2024.2 MB
Total Virtual: 5680.42 MB
Available Virtual: 3299.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:243.8 GB) (Free:167.39 GB) NTFS
Drive d: (Data) (Fixed) (Total:341.8 GB) (Free:321.09 GB) NTFS
Drive e: () (Fixed) (Total:345.57 GB) (Free:284.28 GB) NTFS

\\?\Volume{b5d81129-2565-11e7-8250-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F7B2ADD7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=243.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=341.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,590 posts
  • MVP

Uninstall

 

Intel® Driver & Support Assistant

 

It doesn't work right on your PC.

 

You also probably need to clear the TPM.  See:

 

https://answers.micr...81-979e7ae37aa9

 

for several methods and also read the warning.

 

Are you getting a warning that your Windows Software needs to be activated?

 

Let's try Latency Monitor again and see if things look any better.


  • 0

#38
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts

Did as instructed.

 

------------------------------------

 

_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be having trouble handling real-time audio and other tasks. You are likely to experience buffer underruns appearing as drop outs, clicks or pops. One or more DPC routines that belong to a driver running in your system appear to be executing for too long. One problem may be related to power management, disable CPU throttling settings in Control Panel and BIOS setup. Check for BIOS updates.
LatencyMon has been analyzing your system for  0:01:32  (h:mm:ss) on all processors.


_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        USER
OS version:                                           Windows 8.1 , 6.3, build: 9600 (x64)
Hardware:                                             Aspire E5-573, Acer, ZORO_BH
CPU:                                                  GenuineIntel Intel® Core™ i3-5005U CPU @ 2.00GHz
Logical processors:                                   4
Processor groups:                                     1
RAM:                                                  4016 MB total


_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   20 MHz

Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.


_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.

Highest measured interrupt to process latency (µs):   1490.431237
Average measured interrupt to process latency (µs):   16.349784

Highest measured interrupt to DPC latency (µs):       1015.295480
Average measured interrupt to DPC latency (µs):       4.646566


_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.

Highest ISR routine execution time (µs):              37.5850
Driver with highest ISR routine execution time:       i8042prt.sys - i8042 Port Driver, Microsoft Corporation

Highest reported total ISR routine time (%):          0.003218
Driver with highest ISR total time:                   hal.dll - Hardware Abstraction Layer DLL, Microsoft Corporation

Total time spent in ISRs (%)                          0.006711

ISR count (execution time <250 µs):                   3474
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                0
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0


_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.

Highest DPC routine execution time (µs):              2333.7450
Driver with highest DPC routine execution time:       Wdf01000.sys - Kernel Mode Driver Framework Runtime, Microsoft Corporation

Highest reported total DPC routine time (%):          0.090812
Driver with highest DPC total execution time:         Wdf01000.sys - Kernel Mode Driver Framework Runtime, Microsoft Corporation

Total time spent in DPCs (%)                          0.277222

DPC count (execution time <250 µs):                   58992
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                560
DPC count (execution time 1000-1999 µs):              20
DPC count (execution time 2000-3999 µs):              2
DPC count (execution time >=4000 µs):                 0


_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.

NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.

Process with highest pagefault count:                 rundll32.exe

Total number of hard pagefaults                       4121
Hard pagefault count of hardest hit process:          2018
Number of processes hit:                              19


_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       2.520066
CPU 0 ISR highest execution time (µs):                37.5850
CPU 0 ISR total execution time (s):                   0.013323
CPU 0 ISR count:                                      2116
CPU 0 DPC highest execution time (µs):                2333.7450
CPU 0 DPC total execution time (s):                   0.737698
CPU 0 DPC count:                                      45198
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       1.008894
CPU 1 ISR highest execution time (µs):                31.2250
CPU 1 ISR total execution time (s):                   0.005213
CPU 1 ISR count:                                      617
CPU 1 DPC highest execution time (µs):                1642.350
CPU 1 DPC total execution time (s):                   0.163459
CPU 1 DPC count:                                      8162
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.624691
CPU 2 ISR highest execution time (µs):                30.40
CPU 2 ISR total execution time (s):                   0.003301
CPU 2 ISR count:                                      392
CPU 2 DPC highest execution time (µs):                804.980
CPU 2 DPC total execution time (s):                   0.063668
CPU 2 DPC count:                                      3267
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.515856
CPU 3 ISR highest execution time (µs):                17.250
CPU 3 ISR total execution time (s):                   0.002904
CPU 3 ISR count:                                      349
CPU 3 DPC highest execution time (µs):                968.9550
CPU 3 DPC total execution time (s):                   0.057257
CPU 3 DPC count:                                      2947
_________________________________________________________________________________________________________
 


  • 0

#39
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts

"Are you getting a warning that your Windows Software needs to be activated?"

No, please.


  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,590 posts
  • MVP

No improvement then. 

 

 

If you aren't using LG Mobile Driver please uninstall it.  If you are using it then get a new version.

 

 

Can you go back into MSCONFIG and turn everything back on again?  I think if you check the first button on the General page (normal startup) then OK and reboot that should do it.   You have parts of Kaspersky turned off.  Then do a FRST scan again and post both logs.   

 

Also unplug any USB devices that you can live without and run a new Latency Monitor


  • 0

Advertisements


#41
Hari Prahlad

Hari Prahlad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts

Hi

 

Latency Monitor after unplugging Vodafone Mobile Internet dongle:

 

_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts.
LatencyMon has been analyzing your system for  0:01:01  (h:mm:ss) on all processors.


_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        USER
OS version:                                           Windows 8.1 , 6.3, build: 9600 (x64)
Hardware:                                             Aspire E5-573, Acer, ZORO_BH
CPU:                                                  GenuineIntel Intel® Core™ i3-5005U CPU @ 2.00GHz
Logical processors:                                   4
Processor groups:                                     1
RAM:                                                  4016 MB total


_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   20 MHz

Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.


_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.

Highest measured interrupt to process latency (µs):   401.919177
Average measured interrupt to process latency (µs):   15.858724

Highest measured interrupt to DPC latency (µs):       164.351663
Average measured interrupt to DPC latency (µs):       3.476610


_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.

Highest ISR routine execution time (µs):              25.740
Driver with highest ISR routine execution time:       hal.dll - Hardware Abstraction Layer DLL, Microsoft Corporation

Highest reported total ISR routine time (%):          0.005107
Driver with highest ISR total time:                   hal.dll - Hardware Abstraction Layer DLL, Microsoft Corporation

Total time spent in ISRs (%)                          0.007849

ISR count (execution time <250 µs):                   2305
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                0
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0


_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.

Highest DPC routine execution time (µs):              263.530
Driver with highest DPC routine execution time:       ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation

Highest reported total DPC routine time (%):          0.016339
Driver with highest DPC total execution time:         storport.sys - Microsoft Storage Port Driver, Microsoft Corporation

Total time spent in DPCs (%)                          0.079713

DPC count (execution time <250 µs):                   20710
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                1
DPC count (execution time 1000-1999 µs):              0
DPC count (execution time 2000-3999 µs):              0
DPC count (execution time >=4000 µs):                 0


_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.

NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.

Process with highest pagefault count:                 avp.exe

Total number of hard pagefaults                       4115
Hard pagefault count of hardest hit process:          1988
Number of processes hit:                              5


_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.36090
CPU 0 ISR highest execution time (µs):                25.740
CPU 0 ISR total execution time (s):                   0.004716
CPU 0 ISR count:                                      543
CPU 0 DPC highest execution time (µs):                234.4350
CPU 0 DPC total execution time (s):                   0.062969
CPU 0 DPC count:                                      10832
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.523575
CPU 1 ISR highest execution time (µs):                20.490
CPU 1 ISR total execution time (s):                   0.005404
CPU 1 ISR count:                                      621
CPU 1 DPC highest execution time (µs):                263.530
CPU 1 DPC total execution time (s):                   0.064155
CPU 1 DPC count:                                      4299
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.346710
CPU 2 ISR highest execution time (µs):                21.460
CPU 2 ISR total execution time (s):                   0.007001
CPU 2 ISR count:                                      898
CPU 2 DPC highest execution time (µs):                96.6850
CPU 2 DPC total execution time (s):                   0.053505
CPU 2 DPC count:                                      4540
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.260365
CPU 3 ISR highest execution time (µs):                19.7650
CPU 3 ISR total execution time (s):                   0.002113
CPU 3 ISR count:                                      243
CPU 3 DPC highest execution time (µs):                234.70
CPU 3 DPC total execution time (s):                   0.014718
CPU 3 DPC count:                                      1040
_________________________________________________________________________________________________________
 

 

--------------------------------------------------

Attached Files


  • 0






Similar Topics


Also tagged with one or more of these keywords: Hanging, Malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP