Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Wotsuper2.1


  • Please log in to reply

#1
MikeBack

MikeBack

    Member

  • Member
  • PipPip
  • 70 posts

Good Day

I have somehow infected my computer with the Worsuper2.1 virus.  Kaspersky shows it as a Trojan.

I have looked up the removal of the programme on the internet and tried to remove it in the method suggested without any success.  Some of the files mentioned in the article do not show on my machine.

Please can you assist me.

Here is the FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2020
Ran by 27845 (administrator) on DESKTOP-5VOB4P7 (MSI MS-7680) (17-01-2020 12:12:19)
Running from C:\Users\27845\Desktop
Loaded Profiles: 27845 (Available Profiles: 27845)
Platform: Windows 10 Pro Version 1809 17763.973 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Beo\90678640.exe
() [File not signed] C:\Users\27845\AppData\Local\Temp\3184765357.exe
() [File not signed] D:\Program Files\AutoSpec\assb.exe
() [File not signed] D:\Program Files\AutoSpec\mysql\bin\mysqld-opt.exe
() [File not signed] D:\Program Files\AutoSpec\NetsyncV2\AutoSpecNetsync.exe
(Access Denied)  [File not signed] C:\Users\27845\AppData\Local\Temp\msbd4xpflf1\wotsuper1.exe
(Access Denied)  [File not signed] C:\Users\27845\AppData\Local\Temp\ulq4x0uyp0p\wotsuper1.exe
(Access Denied)  [File not signed] C:\Users\27845\AppData\Local\Temp\ypiu4vd4gnz\wotsuper1.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\27845\AppData\Roaming\BitTorrent Web\helper.exe
(Epic Games Inc. -> Epic Games, Inc.) D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) D:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\btweb.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\transport_proxy.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksdeui.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Lotus Development Corporation) [File not signed] E:\lotus\organize\easyclip.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\27845\AppData\Local\Microsoft\OneDrive\19.222.1110.0006\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\27845\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation -> Mozilla Corporation) E:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRPE.EXE
(SOFTPERFECT PTY. LTD. -> SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) E:\WPS Office\11.2.0.9127\office6\wpscenter.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6637776 2015-03-26] (SOFTPERFECT PTY. LTD. -> SoftPerfect Research)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-31] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AutoSpecNetsync2] => D:\Program Files\AutoSpec\NetsyncV2\AutoSpecNetsync.exe [1166336 2019-03-06] () [File not signed]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [k4ksywwbmgn] => C:\Program Files (x86)\Beo\90678640.exe [615424 2020-01-15] () [File not signed]
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIRPE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [btweb] => C:\Users\27845\AppData\Roaming\BitTorrent Web\btweb.exe [5463768 2019-12-20] (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [EpicGamesLauncher] => D:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36074896 2020-01-14] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe [580048 2019-12-16] (Kaspersky Lab -> AO Kaspersky Lab)
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\MountPoints2: {09da0e7a-84c6-11e9-a533-8c89a59f49e3} - "N:\Setup.exe"
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\MountPoints2: {9a5b42c6-9931-11e9-a537-d46e0e010e39} - "N:\Setup.exe"
HKU\S-1-5-18\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-09] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\27845\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar980.lnk [2020-01-16]
ShortcutTarget: Sidebar980.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2019-05-16]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk [2019-05-15]
ShortcutTarget: Lotus Organizer EasyClip.lnk -> E:\lotus\organize\easyclip.exe (Lotus Development Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus QuickStart.lnk [2019-05-15]
ShortcutTarget: Lotus QuickStart.lnk -> E:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18F4A969-48E2-458B-82E5-24D95CC8FE19} - System32\Tasks\WpsExternal_27845_20200104045407 => E:\WPS Office\11.2.0.9127\office6\wps.exe [1073832 2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {1B06D1E9-0A23-48FA-928E-A390DB064F6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {1C835AC6-DB51-4A0E-B87F-ACB98BF4FFF2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
Task: {27A91D4F-85B9-47EF-9A44-9E37D77958A0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2E728C34-5EAC-4766-8564-16A92D88219E} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
Task: {B2452D6C-5DC3-44D6-90F4-B7815ABCB0C8} - System32\Tasks\Auslogics\Registry Cleaner\Start Registry Cleaner on 27845 logon => C:\Program Files (x86)\Auslogics\Registry Cleaner\Integrator.exe [3127160 2019-12-26] (Auslogics Labs Pty Ltd -> Auslogics)
Task: {C8D3FE9A-88F7-459A-A2BC-2CC9BAB974F6} - System32\Tasks\WpsUpdateTask_27845 => E:\WPS Office\11.2.0.9127\office6\wpsupdate.exe [157864 2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> )
Task: {E3195DB3-38FD-4067-BF8E-4DFFA1C46952} - System32\Tasks\EPSON L386 Series Update {394B0EFC-6B7C-4F2C-8205-E6873C1D9F0C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON L386 Series Update {394B0EFC-6B7C-4F2C-8205-E6873C1D9F0C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE:/EXE:{394B0EFC-6B7C-4F2C-8205-E6873C1D9F0C} /F:UpdateWORKGROUP\DESKTOP-5VOB4P7$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6676de20-6a9b-423c-bc53-a907df6e849a}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{a55e343d-5dd5-4f53-85cc-d66fa3368c81}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxl1oRC_xS3_uy7wBCFXcBUJsi9iCnwRohuO6nwNkfBWrhragj_BDnL2aIerEGzk8Q_o3EmaJ4jBImulj6m0f6VAeMDWwyJo2ThWXgeO8RwE62FnfOmrf5zvogV_fw1DvWXBMCSIV46r4dRRBUB80X4YhJCU9WNOq_Y-iyMBumA,,&q={searchTerms}
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.za/
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-31] (Logitech Inc -> Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\x64\ie_engine.dll [2019-12-16] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-31] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\ie_engine.dll [2019-12-16] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1433173932-3963356919-369050832-1001 -> Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1433173932-3963356919-369050832-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Edge:
======
Edge Notifications: HKU\S-1-5-21-1433173932-3963356919-369050832-1001 -> hxxps://www.kaspersky.co.za

FireFox:
========
FF DefaultProfile: q6lhne0s.default
FF ProfilePath: C:\Users\27845\AppData\Roaming\Mozilla\Firefox\Profiles\q6lhne0s.default [2020-01-17]
FF Homepage: Mozilla\Firefox\Profiles\q6lhne0s.default -> file:///C:/ProgramData/Voyasollams/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\q6lhne0s.default -> file:///C:/ProgramData/Voyasollams/ff.NT
FF HomepageOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF NewTabOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: [email protected]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\27845\AppData\Roaming\Mozilla\Firefox\Profiles\q6lhne0s.default\Extensions\[email protected] [2020-01-10]
FF Extension: (Mozilla Official) - C:\Users\27845\AppData\Roaming\Mozilla\Firefox\Profiles\q6lhne0s.default\Extensions\{14553439-2741-4e9d-b474-784f336f58c9} [2020-01-15] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-10-28]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-05-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2019-05-09] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2019-05-11] [Legacy] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-05-09] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-05-09] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-03] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2020-01-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2020-01-10] <==== ATTENTION

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"BcastDVRUserService_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\BcastDVRUserService_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"BluetoothUserService_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\BluetoothUserService_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"CaptureService_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\CaptureService_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"cbdhsvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\cbdhsvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"CDPUserSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\CDPUserSvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"ConsentUxUserSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\ConsentUxUserSvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"DevicePickerUserSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\DevicePickerUserSvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"DevicesFlowUserSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\DevicesFlowUserSvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"MessagingService_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MessagingService_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"OneSyncSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\OneSyncSvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"PimIndexMaintenanceSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\PimIndexMaintenanceSvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"PrintWorkflowUserSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\PrintWorkflowUserSvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"UnistoreSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\UnistoreSvc_4e1c5 => C:\Windows\System32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"UserDataSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\UserDataSvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"WpnUserService_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\WpnUserService_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"{45487F67-EC9F-4449-A6F2-2D0970F9B80B}" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\{45487F67-EC9F-4449-A6F2-2D0970F9B80B} => C:\Windows\System32\drivers\Wdf66150.sys [6504336 2020-01-15] (Access Denied)  [File not signed] <==== ATTENTION (Rootkit!/Locked Service)

R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2017-02-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2019-05-09] (Kaspersky Lab -> AO Kaspersky Lab)
R2 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [354008 2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE4.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe [619752 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5378320 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11795800 2019-04-15] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wpscloudsvr; E:\WPS Office\wpscloudsvr.exe [790184 2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [75600 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [126288 2019-08-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [91472 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [236672 2019-08-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [1093240 2019-08-05] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [201280 2019-12-10] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1168000 2019-08-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [58704 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [60536 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [60784 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50304 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [46416 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\drivers\kltap.sys [48592 2018-03-16] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [251256 2019-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [99152 2019-05-08] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [306248 2019-10-17] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [119744 2019-10-17] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [204520 2019-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [104576 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [184960 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [218240 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 networx; C:\Windows\System32\drivers\networx.sys [60736 2015-03-17] (SOFTPERFECT PTY. LTD. -> NetFilterSDK.com)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [9860816 2019-05-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [45664 2020-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [355760 2020-01-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-06] (Microsoft Windows -> Microsoft Corporation)
S1 bkwzglic; \??\C:\Windows\system32\drivers\bkwzglic.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-17 12:12 - 2020-01-17 12:14 - 000038555 _____ C:\Users\27845\Desktop\FRST.txt
2020-01-17 12:11 - 2020-01-17 12:13 - 000000000 ____D C:\FRST
2020-01-17 12:11 - 2020-01-17 12:11 - 002573312 _____ (Farbar) C:\Users\27845\Desktop\FRST64.exe
2020-01-16 21:23 - 2020-01-16 21:23 - 000001756 _____ C:\Users\27845\Desktop\Garbage Cleaner.lnk
2020-01-16 21:20 - 2020-01-16 21:23 - 000000000 ____D C:\ProgramData\Garbage Cleaner
2020-01-16 15:02 - 2020-01-17 11:13 - 000000000 ____D C:\ProgramData\0KZNVGKEGG770ZJSKZHSHS2JP
2020-01-16 15:02 - 2020-01-16 15:02 - 000000000 ____D C:\Program Files (x86)\wotsuper
2020-01-16 14:27 - 2020-01-16 14:27 - 000000000 ___HD C:\OneDriveTemp
2020-01-16 14:26 - 2020-01-16 14:27 - 000610316 _____ C:\Windows\Minidump\011620-19187-01.dmp
2020-01-16 14:20 - 2020-01-16 14:26 - 529495121 _____ C:\Windows\MEMORY.DMP
2020-01-16 14:20 - 2020-01-16 14:21 - 000610636 _____ C:\Windows\Minidump\011620-18656-01.dmp
2020-01-16 14:18 - 2020-01-17 00:22 - 018874368 ____N C:\Windows\system32\config\SYSTEM
2020-01-16 14:06 - 2020-01-16 14:06 - 000000000 ____D C:\Windows\system32\Tasks\Auslogics
2020-01-16 14:06 - 2020-01-16 14:06 - 000000000 ____D C:\Program Files (x86)\Auslogics
2020-01-16 14:00 - 2020-01-16 14:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamTrips
2020-01-16 14:00 - 2020-01-16 14:00 - 000000000 ____D C:\Program Files (x86)\Seed Trade
2020-01-16 14:00 - 2020-01-16 14:00 - 000000000 ____D C:\Program Files (x86)\DreamTrips
2020-01-16 12:27 - 2020-01-16 13:28 - 015348488 _____ (Auslogics ) C:\Users\27845\Downloads\registry-cleaner-setup.exe
2020-01-16 12:12 - 2020-01-16 12:13 - 000000000 ____D C:\AdwCleaner
2020-01-15 19:21 - 2020-01-16 09:43 - 000000000 ____D C:\ProgramData\7M9M0TDBY4L4O1J2VR5AJDFY8
2020-01-15 17:23 - 2020-01-15 17:23 - 009668408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 008905728 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 007922688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 007645392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 006543736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 005436696 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 004588544 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 003637248 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 002707968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 002469440 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 002419712 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 002323896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 002149160 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001936520 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001721144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001701888 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001677088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001670800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001665712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001258296 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 001200920 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001084416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001050624 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 001049400 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000949248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000930816 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000878080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000839680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\MdmDiagnostics.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000677144 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000673792 _____ (Microsoft Corporation) C:\Windows\system32\wiaaut.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000651776 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\SppExtComObj.Exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaaut.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000541264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000410616 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000405304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 000378368 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000350416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000326144 _____ (Microsoft Corporation) C:\Windows\system32\DiagnosticLogCSP.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000322048 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\ConhostV1.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000289792 _____ (Microsoft Corporation) C:\Windows\system32\provops.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000228864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000189440 _____ (Microsoft Corporation) C:\Windows\system32\sti_ci.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000154976 _____ (Microsoft Corporation) C:\Windows\system32\dmcmnutils.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\wiadss.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsusbhub.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000122568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmcmnutils.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadss.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\enterpriseresourcemanager.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\wiarpc.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\provtool.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\enterpriseresourcemanager.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\LSCSHostPolicy.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2020-01-15 15:32 - 2020-01-15 15:36 - 000000000 ____D C:\ProgramData\CGQNHC7T6GKTA6UOU2Z8NT2CK
2020-01-15 15:23 - 2020-01-15 15:26 - 000000000 ____D C:\ProgramData\J2SZZ27BLSEH18K6HW3G3NPII
2020-01-15 15:12 - 2020-01-15 15:15 - 000000000 ____D C:\ProgramData\L2W3LCU7AVIGVJJD5AD4WP8JU
2020-01-15 15:02 - 2020-01-15 15:05 - 000000000 ____D C:\ProgramData\DSI2XKSEKNN8MWE1E8D9QKCDM
2020-01-15 14:30 - 2020-01-15 14:30 - 000028690 _____ C:\Users\27845\Documents\cc_20200115_143041.reg
2020-01-15 14:25 - 2020-01-15 14:55 - 000000000 ____D C:\ProgramData\CS82ZZ0S0XZRNNXEASNVYWCJ7
2020-01-15 14:15 - 2020-01-15 14:15 - 000000000 ____D C:\ProgramData\456C36BR2D44WJ1NQSTUJUKC6
2020-01-15 13:58 - 2020-01-15 13:58 - 000602112 _____ C:\Windows\system32\e92G0.exe
2020-01-15 12:14 - 2020-01-16 14:25 - 018874368 _____ C:\Windows\system32\C_32770.NLS
2020-01-15 12:13 - 2020-01-15 12:14 - 000000000 ____D C:\ProgramData\KZEVI3HGKU5TA6T9NL28EXZEQ
2020-01-15 12:05 - 2020-01-15 12:06 - 000000000 ____D C:\ProgramData\KUKPX4VLJ67XYC1SDHJVWYVW6
2020-01-15 11:44 - 2020-01-15 12:02 - 000000000 ____D C:\Users\27845\AppData\LocalLow\AdLibs
2020-01-15 11:44 - 2020-01-15 11:44 - 000000266 _____ C:\Users\27845\AppData\LocalLow\thunderbird.txt
2020-01-15 11:32 - 2020-01-15 11:32 - 001895384 _____ C:\Users\27845\AppData\Local\Istech.bin
2020-01-15 11:32 - 2020-01-15 11:32 - 000000000 ____D C:\Windows\SysWOW64\jwvaxflh
2020-01-15 11:31 - 2020-01-15 11:31 - 008460288 _____ C:\Users\27845\AppData\Local\agent.dat
2020-01-15 11:31 - 2020-01-15 11:31 - 002157848 _____ C:\Users\27845\AppData\Local\Zimsoft.tst
2020-01-15 11:31 - 2020-01-15 11:31 - 000602112 _____ C:\Windows\system32\61dzW5w9.exe
2020-01-15 11:31 - 2020-01-15 11:31 - 000126464 _____ C:\Users\27845\AppData\Local\noah.dat
2020-01-15 11:31 - 2020-01-15 11:31 - 000070992 _____ C:\Users\27845\AppData\Local\Config.xml
2020-01-15 11:31 - 2020-01-15 11:29 - 001767424 _____ C:\Users\27845\AppData\Local\Zimsoft.exe
2020-01-15 11:30 - 2020-01-15 19:23 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2020-01-15 11:30 - 2020-01-15 19:23 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-01-15 11:30 - 2020-01-15 11:31 - 000005568 _____ C:\Users\27845\AppData\Local\md.xml
2020-01-15 11:30 - 2020-01-15 11:30 - 006504336 ____N C:\Windows\system32\Drivers\Wdf66150.sys
2020-01-15 11:30 - 2020-01-15 11:30 - 000140800 _____ C:\Users\27845\AppData\Local\installer.dat
2020-01-15 11:30 - 2020-01-15 11:30 - 000126464 _____ C:\Users\27845\AppData\Local\lobby.dat
2020-01-15 11:30 - 2020-01-15 11:30 - 000068317 _____ C:\Users\27845\AppData\Local\Bioflex.tst
2020-01-15 11:30 - 2020-01-15 11:30 - 000044032 _____ C:\Users\27845\AppData\Local\ApplicationHosting.dat
2020-01-15 11:30 - 2020-01-15 11:30 - 000000000 ____D C:\ProgramData\I2PWNYQQ6KB0AOEUMD6APQ8KB
2020-01-15 11:30 - 2020-01-15 11:29 - 001767424 _____ C:\Users\27845\AppData\Local\Bioflex.exe
2020-01-15 11:29 - 2020-01-15 11:30 - 000000000 ____D C:\Program Files (x86)\Beo
2020-01-15 11:29 - 2020-01-15 11:29 - 000000000 ____D C:\Users\27845\AppData\Roaming\Novicorp
2020-01-15 11:29 - 2020-01-15 11:29 - 000000000 ____D C:\Users\27845\AppData\Local\Novicorp
2020-01-15 11:29 - 2020-01-15 11:29 - 000000000 ____D C:\Program Files (x86)\Novicorp WinToFlash
2020-01-15 11:27 - 2020-01-15 11:28 - 001728000 _____ C:\Users\27845\AppData\Roaming\scvrrv.exe
2020-01-15 11:26 - 2020-01-15 14:12 - 000000000 ____D C:\Windows\system32\Tasks\System
2020-01-15 11:26 - 2020-01-15 14:12 - 000000000 ____D C:\Users\27845\AppData\Roaming\Intel Rapid
2020-01-15 11:26 - 2020-01-15 11:26 - 016061440 _____ C:\Users\27845\AppData\Roaming\ervdetbrvyb.exe
2020-01-15 11:26 - 2020-01-15 11:26 - 000000000 ____D C:\ProgramData\UBlockPlugin
2020-01-15 11:24 - 2020-01-15 14:52 - 000000000 ____D C:\Program Files (x86)\Copa
2020-01-15 11:23 - 2020-01-15 11:23 - 000000000 ____D C:\ProgramData\Newfol
2020-01-07 23:18 - 2020-01-07 23:18 - 003794953 _____ C:\Users\27845\Desktop\Construction-Cost-Guide-2019.pdf
2020-01-06 15:13 - 2020-01-06 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2020-01-06 15:13 - 2020-01-06 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2020-01-06 15:13 - 2020-01-06 15:13 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2020-01-06 15:12 - 2020-01-06 15:12 - 000000000 ____D C:\Windows\PCHEALTH
2020-01-06 15:12 - 2020-01-06 15:12 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2020-01-06 15:12 - 2020-01-06 15:12 - 000000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2020-01-06 15:12 - 2020-01-06 15:12 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2020-01-06 15:11 - 2020-01-06 15:13 - 000000000 ____D C:\Windows\SHELLNEW
2020-01-06 15:11 - 2020-01-06 15:11 - 000000000 __RHD C:\MSOCache
2020-01-06 15:11 - 2020-01-06 15:11 - 000000000 ____D C:\Program Files\Microsoft Office
2020-01-06 15:11 - 2020-01-06 15:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2020-01-06 15:07 - 2020-01-06 15:07 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2020-01-06 13:04 - 2020-01-06 13:04 - 000005114 _____ C:\Users\27845\Documents\cc_20200106_130358.reg
2020-01-06 13:00 - 2020-01-06 13:00 - 000039834 _____ C:\Users\27845\Documents\cc_20200106_130003.reg
2020-01-04 04:54 - 2020-01-04 04:54 - 000003988 _____ C:\Windows\system32\Tasks\WpsExternal_27845_20200104045407
2020-01-04 04:54 - 2020-01-04 04:54 - 000000000 ____D C:\Users\27845\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2019-12-20 16:11 - 2019-12-20 16:11 - 000000450 _____ C:\Windows\wotsuper.reg

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-17 12:13 - 2019-05-13 18:44 - 000000000 ____D C:\Users\27845\AppData\Roaming\BitTorrent Web
2020-01-17 12:10 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-17 11:59 - 2019-05-08 23:25 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-01-17 11:11 - 2019-05-07 18:27 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-01-16 15:19 - 2019-05-07 22:23 - 000000000 ____D C:\Users\27845\AppData\LocalLow\Mozilla
2020-01-16 14:32 - 2019-05-07 18:36 - 000840852 _____ C:\Windows\system32\PerfStringBackup.INI
2020-01-16 14:32 - 2018-09-15 09:31 - 000000000 ____D C:\Windows\INF
2020-01-16 14:27 - 2019-11-11 09:56 - 000032768 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-shm
2020-01-16 14:27 - 2019-11-11 09:55 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-shm
2020-01-16 14:27 - 2019-11-11 09:55 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb-shm
2020-01-16 14:27 - 2019-09-05 09:00 - 000000000 ____D C:\Users\27845\AppData\Local\BitTorrentHelper
2020-01-16 14:27 - 2019-05-07 18:50 - 000000000 ___RD C:\Users\27845\OneDrive
2020-01-16 14:26 - 2019-09-09 10:34 - 000000000 ____D C:\Windows\Minidump
2020-01-16 14:26 - 2019-07-31 17:23 - 000000000 ____D C:\ProgramData\NVIDIA
2020-01-16 14:26 - 2019-05-13 18:23 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-01-16 14:26 - 2019-05-07 18:27 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-16 14:18 - 2018-09-15 08:09 - 000786432 _____ C:\Windows\system32\config\BBI
2020-01-16 14:07 - 2019-05-07 23:48 - 000000000 ____D C:\Users\27845\Desktop\TOOLS
2020-01-16 14:07 - 2019-05-07 23:25 - 000000000 ____D C:\ProgramData\Auslogics
2020-01-16 14:06 - 2019-05-07 23:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2020-01-16 13:36 - 2019-05-09 00:54 - 000000000 ____D C:\Users\27845\AppData\Local\Microsoft Help
2020-01-16 12:46 - 2019-11-11 09:56 - 000086552 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-wal
2020-01-16 12:14 - 2019-05-07 18:41 - 000000000 ____D C:\Users\27845
2020-01-16 12:13 - 2019-05-13 18:49 - 000000000 ____D C:\Users\27845\AppData\Roaming\Lavasoft
2020-01-16 12:13 - 2019-05-13 18:49 - 000000000 ____D C:\Users\27845\AppData\Local\Lavasoft
2020-01-16 12:13 - 2019-05-13 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2020-01-16 12:13 - 2019-05-13 18:49 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2020-01-16 12:13 - 2019-05-13 18:44 - 000000000 ____D C:\ProgramData\Lavasoft
2020-01-16 12:13 - 2019-05-09 01:02 - 000002324 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-16 12:13 - 2019-05-09 01:02 - 000002283 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-01-16 12:13 - 2019-05-09 01:02 - 000002283 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-01-15 18:23 - 2019-06-18 04:43 - 000000000 ____D C:\Program Files\UNP
2020-01-15 18:20 - 2019-05-07 18:27 - 000614344 _____ C:\Windows\system32\FNTCACHE.DAT
2020-01-15 18:18 - 2018-09-15 09:33 - 000000000 ___SD C:\Windows\system32\UNP
2020-01-15 18:18 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\ShellExperiences
2020-01-15 18:18 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\bcastdvr
2020-01-15 17:39 - 2019-05-08 00:37 - 000000000 ____D C:\Windows\system32\MRT
2020-01-15 17:27 - 2019-05-08 00:37 - 120202352 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-01-15 17:27 - 2018-09-15 09:23 - 000000000 ____D C:\Windows\CbsTemp
2020-01-15 16:22 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\LiveKernelReports
2020-01-15 14:05 - 2019-05-07 23:38 - 000000000 ____D C:\Program Files\CCleaner
2020-01-15 11:30 - 2018-09-15 08:09 - 017973248 _____ C:\Windows\system32\C_3389.NLS
2020-01-15 11:29 - 2019-05-07 22:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-01-14 22:24 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-14 22:24 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\AppReadiness
2020-01-11 15:38 - 2019-05-07 21:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-01-11 15:37 - 2018-09-15 08:09 - 018087936 _____ C:\Windows\system32\config\BCD00000000
2020-01-11 14:42 - 2019-05-07 18:50 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1433173932-3963356919-369050832-1001
2020-01-11 14:42 - 2019-05-07 18:41 - 000002374 _____ C:\Users\27845\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-11 11:56 - 2019-05-07 23:38 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-01-10 23:15 - 2019-05-07 22:23 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-01-10 14:00 - 2019-05-07 19:06 - 000001613 _____ C:\Users\27845\Desktop\IExplore.lnk
2020-01-08 23:44 - 2018-09-15 08:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-01-06 15:15 - 2018-09-15 09:31 - 000000167 _____ C:\Windows\win.ini
2020-01-06 15:13 - 2019-05-13 14:05 - 000000000 ____D C:\Program Files (x86)\MSBuild
2020-01-06 15:13 - 2019-05-07 18:27 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-01-06 15:12 - 2019-05-09 00:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-01-06 15:12 - 2018-09-15 09:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-01-06 15:03 - 2019-05-07 23:07 - 000748816 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2020-01-06 13:32 - 2019-11-11 09:55 - 000057712 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-wal
2020-01-06 13:03 - 2019-05-07 18:47 - 000000000 ____D C:\Users\27845\AppData\Local\Packages
2020-01-06 13:00 - 2019-05-08 21:55 - 000000000 ___RD C:\Users\27845\Documents\MEGA
2020-01-06 13:00 - 2019-05-08 21:18 - 000000000 ____D C:\Windows\system32\Tasks\MEGA
2020-01-06 12:52 - 2019-05-08 04:10 - 000000000 ____D C:\Windows\Panther
2020-01-05 18:04 - 2019-07-10 00:24 - 000001908 _____ C:\Users\27845\Desktop\BitTorrent Web.lnk
2020-01-05 18:04 - 2019-05-13 18:44 - 000001894 _____ C:\Users\27845\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk
2020-01-04 04:54 - 2019-05-11 01:39 - 000003574 _____ C:\Windows\system32\Tasks\WpsUpdateTask_27845
2020-01-02 11:15 - 2019-05-07 19:39 - 000000000 ____D C:\Users\27845\AppData\Local\PlaceholderTileLogoFolder
2020-01-02 11:15 - 2019-05-07 18:48 - 000000000 ____D C:\Users\27845\AppData\Local\Publishers
2019-12-22 11:10 - 2019-05-30 12:13 - 000000925 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2019-12-22 11:10 - 2019-05-07 21:56 - 000000925 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2019-12-22 11:10 - 2019-05-07 21:56 - 000000925 _____ C:\ProgramData\Desktop\Mozilla Thunderbird.lnk
2019-12-20 12:10 - 2019-05-09 01:01 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories ========

2020-01-15 11:30 - 2020-01-15 19:23 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-01-15 11:30 - 2020-01-15 19:23 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2018-09-15 09:28 - 2018-09-15 09:28 - 000232960 ___SH () C:\Users\27845\AppData\Roaming\dthritw
2020-01-15 11:26 - 2020-01-15 11:26 - 016061440 _____ () C:\Users\27845\AppData\Roaming\ervdetbrvyb.exe
2018-09-15 09:28 - 2018-09-15 09:28 - 000000270 ___SH () C:\Users\27845\AppData\Roaming\scdsvfc
2020-01-15 11:27 - 2020-01-15 11:28 - 001728000 _____ () C:\Users\27845\AppData\Roaming\scvrrv.exe
2018-09-15 09:28 - 2018-09-15 09:28 - 000314570 ___SH () C:\Users\27845\AppData\Roaming\trtcjua
2020-01-15 11:31 - 2020-01-15 11:31 - 008460288 _____ () C:\Users\27845\AppData\Local\agent.dat
2020-01-15 11:30 - 2020-01-15 11:30 - 000044032 _____ () C:\Users\27845\AppData\Local\ApplicationHosting.dat
2020-01-15 11:30 - 2020-01-15 11:29 - 001767424 _____ () C:\Users\27845\AppData\Local\Bioflex.exe
2020-01-15 11:30 - 2020-01-15 11:30 - 000068317 _____ () C:\Users\27845\AppData\Local\Bioflex.tst
2020-01-15 11:31 - 2020-01-15 11:31 - 000070992 _____ () C:\Users\27845\AppData\Local\Config.xml
2020-01-15 11:30 - 2020-01-15 11:30 - 000140800 _____ () C:\Users\27845\AppData\Local\installer.dat
2020-01-15 11:32 - 2020-01-15 11:32 - 001895384 _____ () C:\Users\27845\AppData\Local\Istech.bin
2020-01-15 11:30 - 2020-01-15 11:30 - 000126464 _____ () C:\Users\27845\AppData\Local\lobby.dat
2020-01-15 11:30 - 2020-01-15 11:31 - 000005568 _____ () C:\Users\27845\AppData\Local\md.xml
2020-01-15 11:31 - 2020-01-15 11:31 - 000126464 _____ () C:\Users\27845\AppData\Local\noah.dat
2020-01-15 11:32 - 2020-01-15 11:32 - 000032038 _____ () C:\Users\27845\AppData\Local\uninstall_temp.ico
2020-01-15 11:31 - 2020-01-15 11:29 - 001767424 _____ () C:\Users\27845\AppData\Local\Zimsoft.exe
2020-01-15 11:31 - 2020-01-15 11:31 - 002157848 _____ () C:\Users\27845\AppData\Local\Zimsoft.tst

==================== FLock ==============================

2020-01-17 00:22 C:\Windows\system32\config\SYSTEM
2020-01-15 11:30 C:\Windows\system32\Drivers\Wdf66150.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Here is the Addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2020
Ran by 27845 (17-01-2020 12:18:15)
Running from C:\Users\27845\Desktop
Windows 10 Pro Version 1809 17763.973 (X64) (2019-05-07 16:30:37)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

27845 (S-1-5-21-1433173932-3963356919-369050832-1001 - Administrator - Enabled) => C:\Users\27845
Administrator (S-1-5-21-1433173932-3963356919-369050832-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1433173932-3963356919-369050832-503 - Limited - Disabled)
Guest (S-1-5-21-1433173932-3963356919-369050832-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1433173932-3963356919-369050832-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
8GadgetPack (HKLM-x32\...\{9B9D3CF8-D10A-4A8D-8630-37ED01E9A37D}) (Version: 28.0.0 - 8GadgetPack.net)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 8.0.1.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 8.3.0.0 - Auslogics Labs Pty Ltd)
BitTorrent Web (HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\btweb) (Version: 1.0.7 - BitTorrent, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
Corel Graphics - Windows Shell Extension (HKLM\...\_{3CAAE169-6001-48ED-B2C6-5B6F511552FD}) (Version: 18.0.0.448 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{3CAAE169-6001-48ED-B2C6-5B6F511552FD}) (Version: 18.0.448 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{C8730B1A-133D-4546-8E21-9EC186341F20}) (Version: 18.0.448 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (HKLM-x32\...\{5D0275EA-F3CE-450A-A5A3-F852E30CA46F}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (HKLM-x32\...\{994F3055-8433-46A7-8E1F-6CC7B68B01F0}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (HKLM-x32\...\{EFB8E269-0619-475B-8C5B-96F98551AA33}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (HKLM-x32\...\{84749C5C-FA80-4779-BD96-544165A8CD31}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (HKLM-x32\...\{30FAE453-9F77-4F70-928E-042BEF00D011}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (HKLM-x32\...\{41263A64-D276-484F-9056-AD58C8995E35}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (HKLM-x32\...\{8DADD35F-49CE-4D18-AE6D-135DD150E74F}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (HKLM-x32\...\{7F5DE3F2-5865-4D4A-89D1-AAEFE1F96E50}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (HKLM-x32\...\{657EAD32-8E7A-43C0-A794-3BB31B00DC34}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (HKLM-x32\...\{D29A4F85-0FB7-4E54-B591-044652C4295F}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (HKLM-x32\...\{0A0143FF-ECB5-4960-A2E0-DC3150ABBBE0}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (HKLM-x32\...\{950055ED-DC61-4874-8EDB-E5CDE1D218CD}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (HKLM-x32\...\{F3286FA3-DF68-4948-8D1D-ED3A539077B3}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (HKLM-x32\...\{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (HKLM-x32\...\{877522BE-A318-4603-9B00-DF319C6FA2B1}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (HKLM-x32\...\{4C614BD3-607E-4289-BB51-4D87EC7BBD62}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (HKLM-x32\...\{246FE426-2661-4DD6-9603-DF2E6832387C}) (Version: 17.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (HKLM-x32\...\_{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.1.0.572 - Corel Corporation)
CorelDRAW Graphics Suite X7 (HKLM-x32\...\{08A60D9D-C206-46BF-9602-1F2616878CF7}) (Version: 17.1 - Corel Corporation) Hidden
DataCAD 16 (HKLM-x32\...\{0E9D81AE-03F0-42B2-A9BE-75D347CFF537}) (Version: 16.04.01 - DATACAD LLC)
DataCAD 16 Setup (HKLM-x32\...\{8A80DF77-CC7A-45D6-81BD-12C2CE4289C4}) (Version: 16.04.01 - DATACAD LLC) Hidden
DataCAD 19 (HKLM-x32\...\{65C9BB7F-1A20-4133-9167-9999518E1773}) (Version: 19.03.03.01 - DATACAD LLC)
DreamTrips version 2.12 (HKLM-x32\...\{13E374E4-E610-4F9E-ACC4-E461DA17D869}_is1) (Version: 2.12 - DreamTrips Inc)
Epic Games Launcher (HKLM-x32\...\{5B340CD5-07E3-41AA-9117-0A0EC863E454}) (Version: 1.1.220.0 - Epic Games, Inc.)
Epson Easy Photo Print 2 (HKLM-x32\...\{F05A434E-D3CF-4B44-9D3E-779D42090781}) (Version: 2.8.0.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON L386 Series Printer Uninstall (HKLM\...\EPSON L386 Series) (Version:  - Seiko Epson Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.56.1.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{0854CD22-DF5E-4587-B977-6FC9DB57B63D}) (Version: 4.5.0 - Seiko Epson Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky Lab)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.126 - Logitech)
Lotus NotesSQL 3.01 driver (HKLM-x32\...\{113EECD6-9A04-11D4-811D-00805F923B86}) (Version:  - )
Lotus SmartSuite - English (HKLM-x32\...\{536D6172-7453-7569-7465-392E37300409}) (Version: 9.7.0 - Lotus Development Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Mozilla Firefox 72.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 72.0.1 (x64 en-US)) (Version: 72.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.3.0 - Mozilla)
Mozilla Thunderbird 68.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 68.3.0 (x86 en-US)) (Version: 68.3.0 - Mozilla)
Mozilla Thunderbird 68.3.1 (x86 en-US) (HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Mozilla Thunderbird 68.3.1 (x86 en-US)) (Version: 68.3.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetWorx 5.3.4 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
Novicorp WinToFlash Lite version 1.13.0000 (HKLM-x32\...\{A1A1FF24-34C6-4B77-BDB7-A689979F018C}_is1) (Version: 1.13.0000 - Novicorp)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
OpenOffice 4.1.6 (HKLM-x32\...\{16E4FF6B-31E8-4037-B627-D87CF872E32B}) (Version: 4.16.9790 - Apache Software Foundation)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
pdfreader2019 version 20.01 (HKLM-x32\...\{624C8304-BA22-422C-97D6-A1233BC1167E}_is1) (Version: 20.01 - )
SketchUp 2013 (HKLM-x32\...\{72B622C9-AA10-47D7-A10C-377CF9BC8502}) (Version: 13.0.4124 - Trimble Navigation Limited)
SketchUp 2017 (HKLM\...\{BCA90A4C-9C6A-49D1-91F9-594A0BE02432}) (Version: 17.1.174 - Trimble, Inc.)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.8352 - TeamViewer)
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unreal Datasmith Exporter for SketchUp Pro (HKLM\...\{E73898B2-FF0E-4AEB-BA67-8B67CF9A6213}) (Version: 4.23.0.0 - Epic Games, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
wotsuper 2.1 (HKLM-x32\...\wotsuper 2.1) (Version: 2.1 - wotsuper)
WPS Office (11.2.0.9127) (HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Kingsoft Office) (Version: 11.2.0.9127 - Kingsoft Corp.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

Packages:
=========
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [2019-11-16] (Dolby Laboratories)
Jewels of Rome: Match gems to restore the city -> C:\Program Files\WindowsApps\828B5831.JewelsofRomeMatchgemstorestorethecity_1.7.701.0_x86__ytsefhwckbdv6 [2020-01-07] (G5 Entertainment AB)
Kaspersky Password Manager Extension -> C:\Program Files\WindowsApps\KasperskyLab.KasperskyPasswordManagerExtension_2.9.1.0_x64__8jx5e25qw3tdc [2019-12-18] (Kaspersky Lab)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-05-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-05-07] (Microsoft Corporation) [MS Ad]
Microsoft Jigsaw -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJigsaw_1.9.1911.0_x86__8wekyb3d8bbwe [2019-12-19] (Microsoft Studios) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.12130.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Studios) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-13] (Microsoft Studios) [MS Ad]
Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.6.10070.0_x64__8wekyb3d8bbwe [2019-12-25] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
Photo Editor | Polarr -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.10.7.0_x64__jb41c8remg0x2 [2019-12-24] (Polarr)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1433173932-3963356919-369050832-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\27845\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-1433173932-3963356919-369050832-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\27845\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-1433173932-3963356919-369050832-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> E:\WPS Office\11.2.0.9127\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1433173932-3963356919-369050832-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> E:\Program Files\WinZip\adxloader64.dll () [File not signed]
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6718864 2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => E:\Program Files\WinZip\wzshls64.dll [2013-07-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => E:\Program Files\WinZip\wzshls64.dll [2013-07-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => E:\Program Files\WinZip\wzshls64.dll [2013-07-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers1_S-1-5-21-1433173932-3963356919-369050832-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => E:\WPS Office\11.2.0.9127\office6\kwpsmenushellext64.dll [2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-1433173932-3963356919-369050832-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => E:\WPS Office\11.2.0.9127\office6\kwpsmenushellext64.dll [2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\27845\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
ShortcutWithArgument: C:\Users\27845\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

==================== Loaded Modules (Whitelisted) =============

2019-05-07 23:16 - 2015-03-03 15:50 - 000758784 _____ () [File not signed] C:\Program Files\NetWorx\sqlite.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 001414656 _____ () [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\avcodec-58.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 000898048 _____ () [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\avformat-58.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 000451072 _____ () [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\avutil-56.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 000151552 _____ () [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\swresample-3.dll
2019-09-03 23:00 - 2019-09-03 23:00 - 098275328 _____ () [File not signed] D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2019-09-03 23:00 - 2019-09-03 23:00 - 000092672 _____ () [File not signed] D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2019-09-03 23:00 - 2019-09-03 23:00 - 003922432 _____ () [File not signed] D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2019-04-16 09:22 - 2002-04-10 11:42 - 000233472 _____ () [File not signed] D:\Program Files\AutoSpec\NetsyncV2\libmySQL.DLL
2019-04-16 09:22 - 2014-07-25 15:54 - 000706560 ____N () [File not signed] D:\Program Files\AutoSpec\wombat.dll
1998-08-28 16:42 - 1998-08-28 16:42 - 000153088 _____ () [File not signed] E:\lotus\organize\ormmime.dll
1998-08-28 16:42 - 1998-08-28 16:42 - 000138752 _____ () [File not signed] E:\lotus\organize\ormprot.dll
1998-08-28 16:42 - 1998-08-28 16:42 - 000220160 _____ () [File not signed] E:\lotus\organize\ormutil.dll
2019-05-08 00:50 - 2019-01-27 14:34 - 000638464 _____ (Helmut Buhler) [File not signed] C:\Program Files\Windows Sidebar\dwmapi.dll
2001-07-25 14:24 - 2001-07-25 14:24 - 000162816 _____ (Lotus Developement Corp) [File not signed] E:\lotus\organize\orgapi32.dll
1998-01-06 18:49 - 1998-01-06 18:49 - 000125952 _____ (Lotus Development Corporation) [File not signed] E:\lotus\compnent\LTSCSN13.DLL
2001-07-25 14:05 - 2001-07-25 14:05 - 000023040 _____ (Lotus Development Corporation) [File not signed] E:\lotus\organize\ecEN.dll
2001-07-25 14:09 - 2001-07-25 14:09 - 002895872 _____ (Lotus Development Corporation) [File not signed] E:\lotus\organize\OR1C50EN.DLL
2001-07-25 14:09 - 2001-07-25 14:09 - 000886272 _____ (Lotus Development Corporation) [File not signed] E:\lotus\organize\ORBACK.dll
2001-07-25 14:07 - 2001-07-25 14:07 - 000779264 _____ (Lotus Development Corporation) [File not signed] E:\lotus\organize\orutil.dll
2001-05-29 03:38 - 2001-05-29 03:38 - 000330752 _____ (Lotus Development Corporation.) [File not signed] E:\lotus\compnent\LTASWN23.DLL
1998-06-17 11:45 - 1998-06-17 11:45 - 000077878 _____ (Microsoft Corporation) [File not signed] E:\lotus\organize\MSVCIRT.dll
2019-07-31 17:24 - 2017-10-27 18:06 - 000760032 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
2019-07-31 17:24 - 2017-10-27 18:06 - 000874368 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2019-07-31 17:24 - 2017-10-27 18:06 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2016-05-09 09:20 - 2016-05-09 09:20 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2019-09-03 23:00 - 2019-09-03 23:00 - 000547840 _____ (The Chromium Authors) [File not signed] D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 001277952 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\LIBEAY32.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\27845\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 09:31 - 2019-05-11 17:58 - 000006895 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 3dns-2.adobe.com #192.150.22.22
127.0.0.1 3dns-3.adobe.com #192.150.14.21
127.0.0.1 3dns-4.adobe.com #192.150.18.247
127.0.0.1 3dns-5.adobe.com #192.150.22.46
127.0.0.1 adobe-dns.adobe.com #192.150.11.30
127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
127.0.0.1 adobe.activate.com #69.175.22.26
127.0.0.1 activate.adobe.com #192.150.22.40
127.0.0.1 activate.wip3.adobe.com #192.150.22.40
127.0.0.1 activate.wip4.adobe.com #192.150.22.40
127.0.0.1 activate-sea.adobe.com #192.150.22.40
127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
127.0.0.1 ereg.adobe.com #192.150.18.103
127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
127.0.0.1 practivate.adobe.com #192.150.18.54
127.0.0.1 www.wip3.adobe.com #192.150.8.60
127.0.0.1 www.wip4.adobe.com #192.150.18.200
127.0.0.1 www.adobeereg.com #75.125.24.83
127.0.0.1 adobeereg.com #207.66.2.10
127.0.0.1 hl2rcv.adobe.com #192.150.14.174
127.0.0.1 wwis-dubc1-vip30.adobe.com #192.150.8.30
127.0.0.1 wwis-dubc1-vip31.adobe.com #192.150.8.31
127.0.0.1 wwis-dubc1-vip32.adobe.com #192.150.8.32
127.0.0.1 wwis-dubc1-vip33.adobe.com #192.150.8.33
127.0.0.1 wwis-dubc1-vip34.adobe.com #192.150.8.34
127.0.0.1 wwis-dubc1-vip35.adobe.com #192.150.8.35
127.0.0.1 wwis-dubc1-vip36.adobe.com #192.150.8.36
127.0.0.1 wwis-dubc1-vip37.adobe.com #192.150.8.37

There are 89 more lines.

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2EFAAC53-ED29-4294-A3D8-8EFAFA5423FF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{11ED0506-1D7E-4828-BDB8-7A60C79580CC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5874E804-9F10-4128-AEF3-826322D71230}] => (Allow) C:\Program Files\NetWorx\networx.exe (SOFTPERFECT PTY. LTD. -> SoftPerfect Research)
FirewallRules: [{0FFE1D1A-8AA3-4284-AE29-6DD6E063A755}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{22A12BAD-6D4F-46B2-9F13-2194F01B927E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{0FB2C62D-99F9-40C4-A7DB-6C8B6184BA02}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{5AF23BAC-56FB-4580-8513-D0C32439F714}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{8C7CCBC3-C1B6-4483-A7DC-13723B0B420B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{A943A13E-D3BE-4EF2-BE88-4EA9D99425E3}] => (Allow) E:\WPS Office\11.2.0.9127\office6\wps.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
FirewallRules: [TCP Query User{47D717EF-B8AB-4DA4-9C41-33A8686B60A5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{AFD2556C-22F0-4663-9100-627CCD268C61}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{07F3D827-6BDA-4823-B4DE-9EC0C77193EE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{24C6FABE-D249-44D6-A37D-1C4CE0D7B3AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A2966F60-25C3-468E-AE13-6FBD2D0EB782}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{374183A5-992E-46E8-A819-540E8052DE93}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E374618A-A4D2-4D77-BF8A-EEF972EDE56A}] => (Allow) C:\Users\27845\AppData\Roaming\BitTorrent Web\btweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
FirewallRules: [{2480E7A2-C9CC-401A-8FBA-961B5DB806FF}] => (Allow) C:\Users\27845\AppData\Roaming\BitTorrent Web\btweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
FirewallRules: [{0B7A7E8C-CAAF-4CDD-BF06-AEB51229A077}] => (Block) e:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{3375061E-3C3E-4137-A439-AD51EB086BBE}] => (Block) e:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{5381295C-0AB0-474A-85DD-48F9F0A447B0}] => (Allow) D:\Program Files\AutoSpec\Autospec.exe (NDTec) [File not signed]
FirewallRules: [{D66D08F3-ADD7-45F1-A94E-48C1112814EA}] => (Allow) D:\Program Files\AutoSpec\Autospec.exe (NDTec) [File not signed]
FirewallRules: [{B5BE4A8B-0A92-41C2-AD8D-6A2A1D5168F0}] => (Allow) D:\Program Files\AutoSpec\assb.exe () [File not signed]
FirewallRules: [{60D12B64-D430-4E08-8E21-657814DF020A}] => (Allow) D:\Program Files\AutoSpec\assb.exe () [File not signed]
FirewallRules: [{4C23A3CD-E5FD-4BE6-9AB0-770C46D7AEC2}] => (Allow) D:\Program Files\AutoSpec\asloader.exe () [File not signed]
FirewallRules: [{6337ED56-1403-4CFE-9C7A-6531AE6B7B50}] => (Allow) D:\Program Files\AutoSpec\asloader.exe () [File not signed]
FirewallRules: [{F25E99A3-84E8-4CD7-8712-EAECC71A6C2F}] => (Allow) D:\Program Files\AutoSpec\mysql\bin\mysqld-nt.exe () [File not signed]
FirewallRules: [{2B4984E9-AE18-4306-AFF7-1AA714862D65}] => (Allow) D:\Program Files\AutoSpec\mysql\bin\mysqld-nt.exe () [File not signed]
FirewallRules: [{5F90537E-1A13-4DDB-97D4-62AD9A10BD50}] => (Allow) D:\Program Files\AutoSpec\mysql\bin\mysqld-opt.exe () [File not signed]
FirewallRules: [{E4CB22E8-AEC5-4630-8700-201A9EF00A49}] => (Allow) D:\Program Files\AutoSpec\mysql\bin\mysqld-opt.exe () [File not signed]

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:111.79 GB) (Free:52.06 GB) (47%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (01/17/2020 11:59:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.17763.771, time stamp: 0x066482d2
Faulting module name: KERNELBASE.dll, version: 10.0.17763.914, time stamp: 0x6cc9b5fd
Exception code: 0x8007000e
Fault offset: 0x001219b2
Faulting process id: 0x1454
Faulting application start time: 0x01d5cc6f816dbe61
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 20e12b53-fb4c-429b-bec4-3b8ba7d6a3a7
Faulting package full name:
Faulting package-relative application ID:

Error: (01/17/2020 11:13:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.17763.831, time stamp: 0x5d969e25
Faulting module name: twinapi.appcore.dll, version: 10.0.17763.973, time stamp: 0x0d83a788
Exception code: 0xc000027b
Fault offset: 0x00000000000bd578
Faulting process id: 0x11c0
Faulting application start time: 0x01d5cc8c4b94b3cd
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Faulting module path: C:\Windows\SYSTEM32\twinapi.appcore.dll
Report Id: 0a124302-1e47-4e98-b6ab-3db5267496f8
Faulting package full name: Microsoft.MicrosoftEdge_44.17763.831.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (01/16/2020 09:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Garbage Cleaner.exe, version: 2.5.1.0, time stamp: 0x9a0def61
Faulting module name: KERNELBASE.dll, version: 10.0.17763.914, time stamp: 0xfb6790ac
Exception code: 0xe0434352
Fault offset: 0x0000000000039159
Faulting process id: 0x1acc
Faulting application start time: 0x01d5cca261cf415f
Faulting application path: C:\ProgramData\Garbage Cleaner\Garbage Cleaner.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: b555d66d-9146-4187-b8af-61329606ee13
Faulting package full name:
Faulting package-relative application ID:

Error: (01/16/2020 09:23:46 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Garbage Cleaner.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.WebException
   at System.Net.WebClient.DownloadFile(System.Uri, System.String)
   at Garbage_Cleaner.Form1..ctor()
   at Garbage_Cleaner.Program.Main()

Error: (01/16/2020 03:02:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeSH.exe, version: 11.0.17763.1, time stamp: 0x1244354f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x000000000000008c
Faulting process id: 0x290c
Faulting application start time: 0x01d5cc6d30b8ef74
Faulting application path: C:\Windows\system32\MicrosoftEdgeSH.exe
Faulting module path: unknown
Report Id: a4330030-b3ac-49ff-be3c-4b03a279e615
Faulting package full name: Microsoft.MicrosoftEdge_44.17763.831.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (01/16/2020 02:17:10 PM) (Source: ESENT) (EventID: 485) (User: )
Description: svchost (3588,D,35) SRUJet: An attempt to delete the file "C:\Windows\system32\sru\SRUDB.jfm" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The delete file operation will fail with error -1032 (0xfffffbf8).

Error: (01/16/2020 02:17:00 PM) (Source: ESENT) (EventID: 530) (User: )
Description: svchost (3588,D,35) SRUJet: The database page read from the file "C:\Windows\system32\sru\SRUDB.dat" at offset 20480 (0x0000000000005000) (database page 4 (0x4)) for 4096 (0x00001000) bytes failed verification due to a lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1).

The flush state on database page 4 (0x4) was 0 while the flush state on flush map page 0 (0x0) was 1.

If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (01/16/2020 02:17:00 PM) (Source: ESENT) (EventID: 476) (User: )
Description: svchost (3588,D,35) SRUJet: The database page read from the file "C:\Windows\system32\sru\SRUDB.dat" at offset 20480 (0x0000000000005000) (database page 4 (0x4)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

System errors:
=============
Error: (01/16/2020 02:27:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/16/2020 02:27:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/16/2020 02:27:28 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001a (0x0000000000061941, 0x000001ca80000000, 0x000000000000000f, 0xffffad887b8fbb00). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 3e3893a4-f73d-4e60-af44-e620c3b26888.

Error: (01/16/2020 02:27:26 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5VOB4P7)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user DESKTOP-5VOB4P7\27845 SID (S-1-5-21-1433173932-3963356919-369050832-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/16/2020 02:26:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (01/16/2020 02:26:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 14:20:55 on ‎2020/‎01/‎16 was unexpected.

Error: (01/16/2020 02:18:16 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-5VOB4P7)
Description: Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error:
"0"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/16/2020 02:18:16 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-5VOB4P7)
Description: Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error:
"0"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Windows Defender:
===================================
Date: 2020-01-15 14:14:29.938
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...85&enterprise=0
Name: Trojan:MSIL/Kryptik.MJ!ibt
ID: 2147744485
Severity: Severe
Category: Trojan
Path: file:_C:\Users\27845\AppData\Local\Temp\ksi1q3jg1gm\mkwm2pbipvb.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Beo\90678640.exe
Signature Version: AV: 1.307.2371.0, AS: 1.307.2371.0, NIS: 1.307.2371.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2020-01-15 14:14:28.237
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...09&enterprise=0
Name: Trojan:MSIL/Adload.B!MSR
ID: 2147748509
Severity: Severe
Category: Trojan
Path: file:_C:\Users\27845\AppData\Local\Temp\flr4fs45jl3\yzahvixlkyx.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Beo\90678640.exe
Signature Version: AV: 1.307.2371.0, AS: 1.307.2371.0, NIS: 1.307.2371.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2020-01-15 13:59:08.953
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...85&enterprise=0
Name: Trojan:MSIL/Kryptik.MJ!ibt
ID: 2147744485
Severity: Severe
Category: Trojan
Path: file:_C:\Users\27845\AppData\Local\Temp\dstwaqw0lak\rperskw0fp4.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Beo\90678640.exe
Signature Version: AV: 1.307.2371.0, AS: 1.307.2371.0, NIS: 1.307.2371.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2020-01-15 13:58:47.562
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...09&enterprise=0
Name: Trojan:MSIL/Adload.B!MSR
ID: 2147748509
Severity: Severe
Category: Trojan
Path: file:_C:\Users\27845\AppData\Local\Temp\52bhcskprra\5dpbm4pqpug.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Beo\90678640.exe
Signature Version: AV: 1.307.2371.0, AS: 1.307.2371.0, NIS: 1.307.2371.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2020-01-15 12:16:30.001
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...85&enterprise=0
Name: Trojan:MSIL/Kryptik.MJ!ibt
ID: 2147744485
Severity: Severe
Category: Trojan
Path: file:_C:\Users\27845\AppData\Local\Temp\scjhtvo2yfg\shcdvrm0dnb.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.307.2371.0, AS: 1.307.2371.0, NIS: 1.307.2371.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2019-05-13 15:07:02.862
Description:
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...97&enterprise=0
Name: SoftwareBundler:Win32/ICLoader.E
ID: 249597
Severity: High
Category: Software Bundler
Path: process:_pid:1900,ProcessStart:132022254638798305
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: C:\Users\27845\AppData\Local\Temp\RFanzSbeQyz1uLTh\e8432142d85606ae54dc7b76449a3456.exe
Action: Quarantine
Action Status:  No additional actions required
Error Code: 0x80070005
Error description: Access is denied.
Signature Version: AV: 1.293.1502.0, AS: 1.293.1502.0, NIS: 1.293.1502.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4

CodeIntegrity:
===================================

Date: 2020-01-17 02:29:59.041
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2020-01-16 20:31:18.702
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2020-01-16 14:14:28.829
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2020-01-16 09:44:42.121
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2020-01-16 00:24:01.429
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2020-01-15 14:53:25.921
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2020-01-15 14:06:07.579
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2020-01-15 12:17:55.323
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\SearchIndexer.exe) attempted to load \Device\HarddiskVolume10\ProgramData\Voyasollam\Fintop.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. V11.13B2 03/06/2012
Motherboard: MSI H67MA-E35 (MS-7680)
Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 75%
Total physical RAM: 8172.87 MB
Available physical RAM: 2026.84 MB
Total Virtual: 16364.87 MB
Available Virtual: 8660.81 MB

==================== Drives ================================

Drive c: (Windows SSD) (Fixed) (Total:111.79 GB) (Free:52.06 GB) NTFS
Drive d: (WIN7) (Fixed) (Total:250.89 GB) (Free:40.76 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (PROGRAMMES) (Fixed) (Total:170.13 GB) (Free:125.56 GB) NTFS
Drive f: (CAD) (Fixed) (Total:170.06 GB) (Free:73.83 GB) NTFS
Drive g: (DATA) (Fixed) (Total:165.18 GB) (Free:130.34 GB) NTFS
Drive h: (FILLING) (Fixed) (Total:165.04 GB) (Free:121.9 GB) NTFS
Drive i: (Recovery) (Fixed) (Total:9.77 GB) (Free:3.45 GB) NTFS
Drive k: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
Drive l: (WINDOWS) (Fixed) (Total:232.79 GB) (Free:71.06 GB) NTFS

\\?\Volume{3156db60-0000-0000-0000-a0c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3156DB60)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=250.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=670.4 GB) - (Type=0F Extended)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: E224E224)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 962A40A1)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

 

 

Thank you for your assistance

 

MikeBack

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Nasty infection you have there.  Will get back to you with a fixlist in a few minutes.


  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Sorry for the delay.  Just a lot for the fixlist.  Could you try to turn on System Restore and make a restore point before we go any further.

 

https://www.techrada...e-in-windows-10

 

This is a nasty rootkit and sometimes things get messed up when you try to remove it.  It might be better to try MBAR first and see how it does:

 

https://www.malwareb...om/antirootkit/

 

Just hit Download and Save the file.  Right click on the downloaded file and Run As Admin.  Follow the instructions.

 

If MBAR finds and is able to remove your infection please make a new FRST scan and post both logs.  If it doesn't run or doesn't find anything then try the fixlist:

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   38.17KB   251 downloads


Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

 

 

 

 

 

 


  • 0

#4
MikeBack

MikeBack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hi Rkinner

I ran MBAR first as you suggested. Found a whole lot of things and it appears to have fixed them. Ran it again after the reboot and nothing was found.

Here is the FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2020
Ran by 27845 (administrator) on DESKTOP-5VOB4P7 (MSI MS-7680) (19-01-2020 12:47:48)
Running from C:\Users\27845\Desktop
Loaded Profiles: 27845 (Available Profiles: 27845)
Platform: Windows 10 Pro Version 1809 17763.973 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] D:\Program Files\AutoSpec\NetsyncV2\AutoSpecNetsync.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Registry Cleaner\TabReports.exe
(Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Registry Cleaner\ActionCenter.exe
(Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Registry Cleaner\RegistryCleaner.exe
(Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Registry Cleaner\Integrator.exe
(Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Registry Cleaner\TabMakePortable.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\27845\AppData\Roaming\BitTorrent Web\helper.exe
(Epic Games Inc. -> Epic Games, Inc.) D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) D:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\btweb.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_isolation.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\transport_proxy.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksdeui.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Lotus Development Corporation) [File not signed] E:\lotus\organize\easyclip.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\27845\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRPE.EXE
(SOFTPERFECT PTY. LTD. -> SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6637776 2015-03-26] (SOFTPERFECT PTY. LTD. -> SoftPerfect Research)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-31] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AutoSpecNetsync2] => D:\Program Files\AutoSpec\NetsyncV2\AutoSpecNetsync.exe [1166336 2019-03-06] () [File not signed]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIRPE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [btweb] => C:\Users\27845\AppData\Roaming\BitTorrent Web\btweb.exe [5463768 2019-12-20] (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [EpicGamesLauncher] => D:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36074896 2020-01-14] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe [580048 2019-12-16] (Kaspersky Lab -> AO Kaspersky Lab)
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\MountPoints2: {09da0e7a-84c6-11e9-a533-8c89a59f49e3} - "N:\Setup.exe"
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\MountPoints2: {9a5b42c6-9931-11e9-a537-d46e0e010e39} - "N:\Setup.exe"
HKU\S-1-5-18\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-09] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\27845\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar39.lnk [2020-01-19]
ShortcutTarget: Sidebar39.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2019-05-16]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk [2019-05-15]
ShortcutTarget: Lotus Organizer EasyClip.lnk -> E:\lotus\organize\easyclip.exe (Lotus Development Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus QuickStart.lnk [2019-05-15]
ShortcutTarget: Lotus QuickStart.lnk -> E:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18F4A969-48E2-458B-82E5-24D95CC8FE19} - System32\Tasks\WpsExternal_27845_20200104045407 => E:\WPS Office\11.2.0.9127\office6\wps.exe [1073832 2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {1B06D1E9-0A23-48FA-928E-A390DB064F6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {1C835AC6-DB51-4A0E-B87F-ACB98BF4FFF2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
Task: {27A91D4F-85B9-47EF-9A44-9E37D77958A0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2E728C34-5EAC-4766-8564-16A92D88219E} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
Task: {B2452D6C-5DC3-44D6-90F4-B7815ABCB0C8} - System32\Tasks\Auslogics\Registry Cleaner\Start Registry Cleaner on 27845 logon => C:\Program Files (x86)\Auslogics\Registry Cleaner\Integrator.exe [3127160 2019-12-26] (Auslogics Labs Pty Ltd -> Auslogics)
Task: {C8D3FE9A-88F7-459A-A2BC-2CC9BAB974F6} - System32\Tasks\WpsUpdateTask_27845 => E:\WPS Office\11.2.0.9127\office6\wpsupdate.exe [157864 2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> )
Task: {E3195DB3-38FD-4067-BF8E-4DFFA1C46952} - System32\Tasks\EPSON L386 Series Update {394B0EFC-6B7C-4F2C-8205-E6873C1D9F0C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON L386 Series Update {394B0EFC-6B7C-4F2C-8205-E6873C1D9F0C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE:/EXE:{394B0EFC-6B7C-4F2C-8205-E6873C1D9F0C} /F:UpdateWORKGROUP\DESKTOP-5VOB4P7$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6676de20-6a9b-423c-bc53-a907df6e849a}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{a55e343d-5dd5-4f53-85cc-d66fa3368c81}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxl1oRC_xS3_uy7wBCFXcBUJsi9iCnwRohuO6nwNkfBWrhragj_BDnL2aIerEGzk8Q_o3EmaJ4jBImulj6m0f6VAeMDWwyJo2ThWXgeO8RwE62FnfOmrf5zvogV_fw1DvWXBMCSIV46r4dRRBUB80X4YhJCU9WNOq_Y-iyMBumA,,&q={searchTerms}
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.za/
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-31] (Logitech Inc -> Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\x64\ie_engine.dll [2019-12-16] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-31] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\ie_engine.dll [2019-12-16] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1433173932-3963356919-369050832-1001 -> Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1433173932-3963356919-369050832-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

Edge:
======
Edge Notifications: HKU\S-1-5-21-1433173932-3963356919-369050832-1001 -> hxxps://www.kaspersky.co.za
Edge Extension: (Kaspersky Password Manager) -> EdgeExtension_KasperskyLabKasperskyPasswordManagerExtension_8jx5e25qw3tdc => C:\Program Files\WindowsApps\KasperskyLab.KasperskyPasswordManagerExtension_2.9.1.0_x64__8jx5e25qw3tdc [2019-12-18]

FireFox:
========
FF DefaultProfile: q6lhne0s.default
FF ProfilePath: C:\Users\27845\AppData\Roaming\Mozilla\Firefox\Profiles\q6lhne0s.default [2020-01-19]
FF Homepage: Mozilla\Firefox\Profiles\q6lhne0s.default -> file:///C:/ProgramData/Voyasollams/ff.HP
FF HomepageOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF NewTabOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: [email protected]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\27845\AppData\Roaming\Mozilla\Firefox\Profiles\q6lhne0s.default\Extensions\[email protected] [2020-01-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-10-28]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-05-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2019-05-09] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2019-05-11] [Legacy] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-05-09] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-05-09] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-03] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2020-01-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2020-01-10] <==== ATTENTION

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2017-02-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2019-05-09] (Kaspersky Lab -> AO Kaspersky Lab)
R2 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [354008 2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE4.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe [619752 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5378320 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11795800 2019-04-15] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wpscloudsvr; E:\WPS Office\wpscloudsvr.exe [790184 2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [75600 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [126288 2019-08-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [91472 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [236672 2019-08-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [1093240 2019-08-05] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [201280 2019-12-10] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1168000 2019-08-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [58704 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [60536 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [60784 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50304 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [46416 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\drivers\kltap.sys [48592 2018-03-16] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [251256 2019-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [99152 2019-05-08] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [306248 2019-10-17] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [119744 2019-10-17] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [204520 2019-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [104576 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [184960 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [218240 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 networx; C:\Windows\System32\drivers\networx.sys [60736 2015-03-17] (SOFTPERFECT PTY. LTD. -> NetFilterSDK.com)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [9860816 2019-05-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [45664 2020-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [355760 2020-01-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-06] (Microsoft Windows -> Microsoft Corporation)
S1 bkwzglic; \??\C:\Windows\system32\drivers\bkwzglic.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-19 12:47 - 2020-01-19 12:49 - 000029480 _____ C:\Users\27845\Desktop\FRST.txt
2020-01-19 12:47 - 2020-01-19 12:47 - 000000000 ____D C:\Users\27845\Desktop\FRST-OlderVersion
2020-01-19 12:32 - 2020-01-19 12:32 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\743352A5.sys
2020-01-19 12:27 - 2020-01-19 12:27 - 000000000 ___HD C:\OneDriveTemp
2020-01-19 12:24 - 2020-01-19 12:24 - 019398656 ____N C:\Windows\system32\config\SYSTEM
2020-01-19 12:03 - 2020-01-19 12:03 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\6423C25A.sys
2020-01-19 12:03 - 2020-01-19 12:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-01-19 12:02 - 2020-01-19 12:46 - 000000000 ____D C:\Users\27845\Desktop\mbar
2020-01-19 12:02 - 2020-01-19 12:46 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2020-01-19 12:02 - 2020-01-19 12:28 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2020-01-19 12:02 - 2020-01-19 12:02 - 014178840 _____ (Malwarebytes Corp.) C:\Users\27845\Downloads\mbar-1.10.3.1001.exe
2020-01-17 18:46 - 2020-01-17 18:46 - 000604160 _____ C:\Windows\system32\2Yyxb.exe
2020-01-17 15:41 - 2020-01-17 15:44 - 000604160 _____ C:\Windows\system32\Asd1g5U8g2.exe
2020-01-17 12:52 - 2020-01-19 12:23 - 000000000 ____D C:\ProgramData\SYW1O8FEHEIJGS9SBZ9BFCN7K
2020-01-17 12:18 - 2020-01-17 12:52 - 000053263 _____ C:\Users\27845\Desktop\Addition-Old.txt
2020-01-17 12:12 - 2020-01-17 12:20 - 000064262 _____ C:\Users\27845\Desktop\FRST-Old.txt
2020-01-17 12:11 - 2020-01-19 12:48 - 000000000 ____D C:\FRST
2020-01-17 12:11 - 2020-01-19 12:47 - 002572800 _____ (Farbar) C:\Users\27845\Desktop\FRST64.exe
2020-01-16 21:23 - 2020-01-16 21:23 - 000001756 _____ C:\Users\27845\Desktop\Garbage Cleaner.lnk
2020-01-16 21:20 - 2020-01-16 21:23 - 000000000 ____D C:\ProgramData\Garbage Cleaner
2020-01-16 15:02 - 2020-01-17 11:13 - 000000000 ____D C:\ProgramData\0KZNVGKEGG770ZJSKZHSHS2JP
2020-01-16 15:02 - 2020-01-16 15:02 - 000000000 ____D C:\Program Files (x86)\wotsuper
2020-01-16 14:26 - 2020-01-16 14:27 - 000610316 _____ C:\Windows\Minidump\011620-19187-01.dmp
2020-01-16 14:20 - 2020-01-16 14:26 - 529495121 _____ C:\Windows\MEMORY.DMP
2020-01-16 14:20 - 2020-01-16 14:21 - 000610636 _____ C:\Windows\Minidump\011620-18656-01.dmp
2020-01-16 14:06 - 2020-01-16 14:06 - 000000000 ____D C:\Windows\system32\Tasks\Auslogics
2020-01-16 14:06 - 2020-01-16 14:06 - 000000000 ____D C:\Program Files (x86)\Auslogics
2020-01-16 14:00 - 2020-01-16 14:00 - 000000000 ____D C:\Program Files (x86)\Seed Trade
2020-01-16 12:27 - 2020-01-16 13:28 - 015348488 _____ (Auslogics ) C:\Users\27845\Downloads\registry-cleaner-setup.exe
2020-01-16 12:12 - 2020-01-16 12:13 - 000000000 ____D C:\AdwCleaner
2020-01-15 19:21 - 2020-01-16 09:43 - 000000000 ____D C:\ProgramData\7M9M0TDBY4L4O1J2VR5AJDFY8
2020-01-15 17:23 - 2020-01-15 17:23 - 009668408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 008905728 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 007922688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 007645392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 006543736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 005436696 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 004588544 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 003637248 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 002707968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 002469440 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 002419712 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 002323896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 002149160 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001936520 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001721144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001701888 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001677088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001670800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001665712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001258296 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 001200920 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001084416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001050624 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 001049400 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000949248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000930816 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000878080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000839680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\MdmDiagnostics.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000677144 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000673792 _____ (Microsoft Corporation) C:\Windows\system32\wiaaut.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000651776 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\SppExtComObj.Exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaaut.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000541264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000410616 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000405304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 000378368 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000350416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000326144 _____ (Microsoft Corporation) C:\Windows\system32\DiagnosticLogCSP.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000322048 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\ConhostV1.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000289792 _____ (Microsoft Corporation) C:\Windows\system32\provops.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000228864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000189440 _____ (Microsoft Corporation) C:\Windows\system32\sti_ci.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000154976 _____ (Microsoft Corporation) C:\Windows\system32\dmcmnutils.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\wiadss.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsusbhub.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000122568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmcmnutils.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadss.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\enterpriseresourcemanager.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\wiarpc.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\provtool.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\enterpriseresourcemanager.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\LSCSHostPolicy.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2020-01-15 15:32 - 2020-01-15 15:36 - 000000000 ____D C:\ProgramData\CGQNHC7T6GKTA6UOU2Z8NT2CK
2020-01-15 15:23 - 2020-01-15 15:26 - 000000000 ____D C:\ProgramData\J2SZZ27BLSEH18K6HW3G3NPII
2020-01-15 15:12 - 2020-01-15 15:15 - 000000000 ____D C:\ProgramData\L2W3LCU7AVIGVJJD5AD4WP8JU
2020-01-15 15:02 - 2020-01-15 15:05 - 000000000 ____D C:\ProgramData\DSI2XKSEKNN8MWE1E8D9QKCDM
2020-01-15 14:30 - 2020-01-15 14:30 - 000028690 _____ C:\Users\27845\Documents\cc_20200115_143041.reg
2020-01-15 14:25 - 2020-01-15 14:55 - 000000000 ____D C:\ProgramData\CS82ZZ0S0XZRNNXEASNVYWCJ7
2020-01-15 14:15 - 2020-01-15 14:15 - 000000000 ____D C:\ProgramData\456C36BR2D44WJ1NQSTUJUKC6
2020-01-15 13:58 - 2020-01-15 13:58 - 000602112 _____ C:\Windows\system32\e92G0.exe
2020-01-15 12:14 - 2020-01-19 12:25 - 019398656 _____ C:\Windows\system32\C_32770.NLS
2020-01-15 12:13 - 2020-01-15 12:14 - 000000000 ____D C:\ProgramData\KZEVI3HGKU5TA6T9NL28EXZEQ
2020-01-15 12:05 - 2020-01-15 12:06 - 000000000 ____D C:\ProgramData\KUKPX4VLJ67XYC1SDHJVWYVW6
2020-01-15 11:44 - 2020-01-15 12:02 - 000000000 ____D C:\Users\27845\AppData\LocalLow\AdLibs
2020-01-15 11:44 - 2020-01-15 11:44 - 000000266 _____ C:\Users\27845\AppData\LocalLow\thunderbird.txt
2020-01-15 11:32 - 2020-01-15 11:32 - 000000000 ____D C:\Windows\SysWOW64\jwvaxflh
2020-01-15 11:31 - 2020-01-15 11:31 - 000602112 _____ C:\Windows\system32\61dzW5w9.exe
2020-01-15 11:30 - 2020-01-15 19:23 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2020-01-15 11:30 - 2020-01-15 19:23 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-01-15 11:30 - 2020-01-15 11:30 - 006504336 ____N C:\Windows\system32\Drivers\Wdf66150.sys
2020-01-15 11:30 - 2020-01-15 11:30 - 000000000 ____D C:\ProgramData\I2PWNYQQ6KB0AOEUMD6APQ8KB
2020-01-15 11:29 - 2020-01-19 12:23 - 000000000 ____D C:\Program Files (x86)\Novicorp WinToFlash
2020-01-15 11:29 - 2020-01-19 12:23 - 000000000 ____D C:\Program Files (x86)\Beo
2020-01-15 11:29 - 2020-01-15 11:29 - 000000000 ____D C:\Users\27845\AppData\Roaming\Novicorp
2020-01-15 11:29 - 2020-01-15 11:29 - 000000000 ____D C:\Users\27845\AppData\Local\Novicorp
2020-01-15 11:26 - 2020-01-19 12:23 - 000000000 ____D C:\ProgramData\UBlockPlugin
2020-01-15 11:26 - 2020-01-15 14:12 - 000000000 ____D C:\Windows\system32\Tasks\System
2020-01-15 11:26 - 2020-01-15 14:12 - 000000000 ____D C:\Users\27845\AppData\Roaming\Intel Rapid
2020-01-15 11:24 - 2020-01-15 14:52 - 000000000 ____D C:\Program Files (x86)\Copa
2020-01-15 11:23 - 2020-01-15 11:23 - 000000000 ____D C:\ProgramData\Newfol
2020-01-07 23:18 - 2020-01-07 23:18 - 003794953 _____ C:\Users\27845\Desktop\Construction-Cost-Guide-2019.pdf
2020-01-06 15:13 - 2020-01-06 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2020-01-06 15:13 - 2020-01-06 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2020-01-06 15:13 - 2020-01-06 15:13 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2020-01-06 15:12 - 2020-01-06 15:12 - 000000000 ____D C:\Windows\PCHEALTH
2020-01-06 15:12 - 2020-01-06 15:12 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2020-01-06 15:12 - 2020-01-06 15:12 - 000000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2020-01-06 15:12 - 2020-01-06 15:12 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2020-01-06 15:11 - 2020-01-06 15:13 - 000000000 ____D C:\Windows\SHELLNEW
2020-01-06 15:11 - 2020-01-06 15:11 - 000000000 __RHD C:\MSOCache
2020-01-06 15:11 - 2020-01-06 15:11 - 000000000 ____D C:\Program Files\Microsoft Office
2020-01-06 15:11 - 2020-01-06 15:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2020-01-06 15:07 - 2020-01-06 15:07 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2020-01-06 13:04 - 2020-01-06 13:04 - 000005114 _____ C:\Users\27845\Documents\cc_20200106_130358.reg
2020-01-06 13:00 - 2020-01-06 13:00 - 000039834 _____ C:\Users\27845\Documents\cc_20200106_130003.reg
2020-01-04 04:54 - 2020-01-04 04:54 - 000003988 _____ C:\Windows\system32\Tasks\WpsExternal_27845_20200104045407
2020-01-04 04:54 - 2020-01-04 04:54 - 000000000 ____D C:\Users\27845\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2019-12-20 16:11 - 2019-12-20 16:11 - 000000450 _____ C:\Windows\wotsuper.reg

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-19 12:42 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-19 12:41 - 2019-05-08 23:25 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-01-19 12:31 - 2019-05-07 18:36 - 000840852 _____ C:\Windows\system32\PerfStringBackup.INI
2020-01-19 12:31 - 2018-09-15 09:31 - 000000000 ____D C:\Windows\INF
2020-01-19 12:27 - 2019-05-07 18:50 - 000000000 ___RD C:\Users\27845\OneDrive
2020-01-19 12:26 - 2019-09-05 09:00 - 000000000 ____D C:\Users\27845\AppData\Local\BitTorrentHelper
2020-01-19 12:26 - 2019-05-13 18:44 - 000000000 ____D C:\Users\27845\AppData\Roaming\BitTorrent Web
2020-01-19 12:26 - 2019-05-13 18:23 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-01-19 12:25 - 2019-07-31 17:23 - 000000000 ____D C:\ProgramData\NVIDIA
2020-01-19 12:25 - 2019-05-07 18:27 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-19 12:24 - 2018-09-15 08:09 - 000786432 _____ C:\Windows\system32\config\BBI
2020-01-19 11:48 - 2019-05-07 18:27 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-01-17 22:50 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-17 22:50 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\AppReadiness
2020-01-16 15:19 - 2019-05-07 22:23 - 000000000 ____D C:\Users\27845\AppData\LocalLow\Mozilla
2020-01-16 14:27 - 2019-11-11 09:56 - 000032768 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-shm
2020-01-16 14:27 - 2019-11-11 09:55 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-shm
2020-01-16 14:27 - 2019-11-11 09:55 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb-shm
2020-01-16 14:26 - 2019-09-09 10:34 - 000000000 ____D C:\Windows\Minidump
2020-01-16 14:07 - 2019-05-07 23:48 - 000000000 ____D C:\Users\27845\Desktop\TOOLS
2020-01-16 14:07 - 2019-05-07 23:25 - 000000000 ____D C:\ProgramData\Auslogics
2020-01-16 14:06 - 2019-05-07 23:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2020-01-16 13:36 - 2019-05-09 00:54 - 000000000 ____D C:\Users\27845\AppData\Local\Microsoft Help
2020-01-16 12:46 - 2019-11-11 09:56 - 000086552 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-wal
2020-01-16 12:14 - 2019-05-07 18:41 - 000000000 ____D C:\Users\27845
2020-01-16 12:13 - 2019-05-13 18:49 - 000000000 ____D C:\Users\27845\AppData\Roaming\Lavasoft
2020-01-16 12:13 - 2019-05-13 18:49 - 000000000 ____D C:\Users\27845\AppData\Local\Lavasoft
2020-01-16 12:13 - 2019-05-13 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2020-01-16 12:13 - 2019-05-13 18:49 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2020-01-16 12:13 - 2019-05-13 18:44 - 000000000 ____D C:\ProgramData\Lavasoft
2020-01-16 12:13 - 2019-05-09 01:02 - 000002324 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-16 12:13 - 2019-05-09 01:02 - 000002283 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-01-15 18:23 - 2019-06-18 04:43 - 000000000 ____D C:\Program Files\UNP
2020-01-15 18:20 - 2019-05-07 18:27 - 000614344 _____ C:\Windows\system32\FNTCACHE.DAT
2020-01-15 18:18 - 2018-09-15 09:33 - 000000000 ___SD C:\Windows\system32\UNP
2020-01-15 18:18 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\ShellExperiences
2020-01-15 18:18 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\bcastdvr
2020-01-15 17:39 - 2019-05-08 00:37 - 000000000 ____D C:\Windows\system32\MRT
2020-01-15 17:27 - 2019-05-08 00:37 - 120202352 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-01-15 17:27 - 2018-09-15 09:23 - 000000000 ____D C:\Windows\CbsTemp
2020-01-15 16:22 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\LiveKernelReports
2020-01-15 14:05 - 2019-05-07 23:38 - 000000000 ____D C:\Program Files\CCleaner
2020-01-15 11:30 - 2018-09-15 08:09 - 017973248 _____ C:\Windows\system32\C_3389.NLS
2020-01-15 11:29 - 2019-05-07 22:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-01-11 15:38 - 2019-05-07 21:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-01-11 15:37 - 2018-09-15 08:09 - 018087936 _____ C:\Windows\system32\config\BCD00000000
2020-01-11 14:42 - 2019-05-07 18:50 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1433173932-3963356919-369050832-1001
2020-01-11 14:42 - 2019-05-07 18:41 - 000002374 _____ C:\Users\27845\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-11 11:56 - 2019-05-07 23:38 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-01-10 23:15 - 2019-05-07 22:23 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-01-10 14:00 - 2019-05-07 19:06 - 000001613 _____ C:\Users\27845\Desktop\IExplore.lnk
2020-01-08 23:44 - 2018-09-15 08:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-01-06 15:15 - 2018-09-15 09:31 - 000000167 _____ C:\Windows\win.ini
2020-01-06 15:13 - 2019-05-13 14:05 - 000000000 ____D C:\Program Files (x86)\MSBuild
2020-01-06 15:13 - 2019-05-07 18:27 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-01-06 15:12 - 2019-05-09 00:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-01-06 15:12 - 2018-09-15 09:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-01-06 15:03 - 2019-05-07 23:07 - 000748816 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2020-01-06 13:32 - 2019-11-11 09:55 - 000057712 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-wal
2020-01-06 13:03 - 2019-05-07 18:47 - 000000000 ____D C:\Users\27845\AppData\Local\Packages
2020-01-06 13:00 - 2019-05-08 21:55 - 000000000 ___RD C:\Users\27845\Documents\MEGA
2020-01-06 13:00 - 2019-05-08 21:18 - 000000000 ____D C:\Windows\system32\Tasks\MEGA
2020-01-06 12:52 - 2019-05-08 04:10 - 000000000 ____D C:\Windows\Panther
2020-01-05 18:04 - 2019-07-10 00:24 - 000001908 _____ C:\Users\27845\Desktop\BitTorrent Web.lnk
2020-01-05 18:04 - 2019-05-13 18:44 - 000001894 _____ C:\Users\27845\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk
2020-01-04 04:54 - 2019-05-11 01:39 - 000003574 _____ C:\Windows\system32\Tasks\WpsUpdateTask_27845
2020-01-02 11:15 - 2019-05-07 19:39 - 000000000 ____D C:\Users\27845\AppData\Local\PlaceholderTileLogoFolder
2020-01-02 11:15 - 2019-05-07 18:48 - 000000000 ____D C:\Users\27845\AppData\Local\Publishers
2019-12-22 11:10 - 2019-05-30 12:13 - 000000925 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2019-12-22 11:10 - 2019-05-07 21:56 - 000000925 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2019-12-20 12:10 - 2019-05-09 01:01 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories ========

2020-01-15 11:30 - 2020-01-15 19:23 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-01-15 11:30 - 2020-01-15 19:23 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2018-09-15 09:28 - 2018-09-15 09:28 - 000314570 ___SH () C:\Users\27845\AppData\Roaming\trtcjua

==================== FLock ==============================

2020-01-15 11:32 C:\Windows\SysWOW64\jwvaxflh
2020-01-19 12:24 C:\Windows\system32\config\SYSTEM
2020-01-15 11:30 C:\Windows\system32\Drivers\Wdf66150.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Here is the Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2020
Ran by 27845 (19-01-2020 12:49:37)
Running from C:\Users\27845\Desktop
Windows 10 Pro Version 1809 17763.973 (X64) (2019-05-07 16:30:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

27845 (S-1-5-21-1433173932-3963356919-369050832-1001 - Administrator - Enabled) => C:\Users\27845
Administrator (S-1-5-21-1433173932-3963356919-369050832-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1433173932-3963356919-369050832-503 - Limited - Disabled)
Guest (S-1-5-21-1433173932-3963356919-369050832-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1433173932-3963356919-369050832-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
8GadgetPack (HKLM-x32\...\{9B9D3CF8-D10A-4A8D-8630-37ED01E9A37D}) (Version: 28.0.0 - 8GadgetPack.net)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 8.0.1.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 8.3.0.0 - Auslogics Labs Pty Ltd)
BitTorrent Web (HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\btweb) (Version: 1.0.7 - BitTorrent, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
Corel Graphics - Windows Shell Extension (HKLM\...\_{3CAAE169-6001-48ED-B2C6-5B6F511552FD}) (Version: 18.0.0.448 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{3CAAE169-6001-48ED-B2C6-5B6F511552FD}) (Version: 18.0.448 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{C8730B1A-133D-4546-8E21-9EC186341F20}) (Version: 18.0.448 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (HKLM-x32\...\{5D0275EA-F3CE-450A-A5A3-F852E30CA46F}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (HKLM-x32\...\{994F3055-8433-46A7-8E1F-6CC7B68B01F0}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (HKLM-x32\...\{EFB8E269-0619-475B-8C5B-96F98551AA33}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (HKLM-x32\...\{84749C5C-FA80-4779-BD96-544165A8CD31}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (HKLM-x32\...\{30FAE453-9F77-4F70-928E-042BEF00D011}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (HKLM-x32\...\{41263A64-D276-484F-9056-AD58C8995E35}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (HKLM-x32\...\{8DADD35F-49CE-4D18-AE6D-135DD150E74F}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (HKLM-x32\...\{7F5DE3F2-5865-4D4A-89D1-AAEFE1F96E50}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (HKLM-x32\...\{657EAD32-8E7A-43C0-A794-3BB31B00DC34}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (HKLM-x32\...\{D29A4F85-0FB7-4E54-B591-044652C4295F}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (HKLM-x32\...\{0A0143FF-ECB5-4960-A2E0-DC3150ABBBE0}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (HKLM-x32\...\{950055ED-DC61-4874-8EDB-E5CDE1D218CD}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (HKLM-x32\...\{F3286FA3-DF68-4948-8D1D-ED3A539077B3}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (HKLM-x32\...\{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (HKLM-x32\...\{877522BE-A318-4603-9B00-DF319C6FA2B1}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (HKLM-x32\...\{4C614BD3-607E-4289-BB51-4D87EC7BBD62}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (HKLM-x32\...\{246FE426-2661-4DD6-9603-DF2E6832387C}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (HKLM-x32\...\_{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.1.0.572 - Corel Corporation)
CorelDRAW Graphics Suite X7 (HKLM-x32\...\{08A60D9D-C206-46BF-9602-1F2616878CF7}) (Version: 17.1 - Corel Corporation) Hidden
DataCAD 16 (HKLM-x32\...\{0E9D81AE-03F0-42B2-A9BE-75D347CFF537}) (Version: 16.04.01 - DATACAD LLC)
DataCAD 16 Setup (HKLM-x32\...\{8A80DF77-CC7A-45D6-81BD-12C2CE4289C4}) (Version: 16.04.01 - DATACAD LLC) Hidden
DataCAD 19 (HKLM-x32\...\{65C9BB7F-1A20-4133-9167-9999518E1773}) (Version: 19.03.03.01 - DATACAD LLC)
Epic Games Launcher (HKLM-x32\...\{5B340CD5-07E3-41AA-9117-0A0EC863E454}) (Version: 1.1.220.0 - Epic Games, Inc.)
Epson Easy Photo Print 2 (HKLM-x32\...\{F05A434E-D3CF-4B44-9D3E-779D42090781}) (Version: 2.8.0.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON L386 Series Printer Uninstall (HKLM\...\EPSON L386 Series) (Version: - Seiko Epson Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.56.1.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{0854CD22-DF5E-4587-B977-6FC9DB57B63D}) (Version: 4.5.0 - Seiko Epson Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky Lab)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.126 - Logitech)
Lotus NotesSQL 3.01 driver (HKLM-x32\...\{113EECD6-9A04-11D4-811D-00805F923B86}) (Version: - )
Lotus SmartSuite - English (HKLM-x32\...\{536D6172-7453-7569-7465-392E37300409}) (Version: 9.7.0 - Lotus Development Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Mozilla Firefox 72.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 72.0.1 (x64 en-US)) (Version: 72.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.3.0 - Mozilla)
Mozilla Thunderbird 68.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 68.3.0 (x86 en-US)) (Version: 68.3.0 - Mozilla)
Mozilla Thunderbird 68.3.1 (x86 en-US) (HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Mozilla Thunderbird 68.3.1 (x86 en-US)) (Version: 68.3.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetWorx 5.3.4 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research)
Novicorp WinToFlash Lite version 1.13.0000 (HKLM-x32\...\{A1A1FF24-34C6-4B77-BDB7-A689979F018C}_is1) (Version: 1.13.0000 - Novicorp)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
OpenOffice 4.1.6 (HKLM-x32\...\{16E4FF6B-31E8-4037-B627-D87CF872E32B}) (Version: 4.16.9790 - Apache Software Foundation)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
pdfreader2019 version 20.01 (HKLM-x32\...\{624C8304-BA22-422C-97D6-A1233BC1167E}_is1) (Version: 20.01 - )
SketchUp 2013 (HKLM-x32\...\{72B622C9-AA10-47D7-A10C-377CF9BC8502}) (Version: 13.0.4124 - Trimble Navigation Limited)
SketchUp 2017 (HKLM\...\{BCA90A4C-9C6A-49D1-91F9-594A0BE02432}) (Version: 17.1.174 - Trimble, Inc.)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.8352 - TeamViewer)
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unreal Datasmith Exporter for SketchUp Pro (HKLM\...\{E73898B2-FF0E-4AEB-BA67-8B67CF9A6213}) (Version: 4.23.0.0 - Epic Games, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
wotsuper 2.1 (HKLM-x32\...\wotsuper 2.1) (Version: 2.1 - wotsuper)
WPS Office (11.2.0.9127) (HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Kingsoft Office) (Version: 11.2.0.9127 - Kingsoft Corp.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

Packages:
=========
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [2019-11-16] (Dolby Laboratories)
Jewels of Rome: Match gems to restore the city -> C:\Program Files\WindowsApps\828B5831.JewelsofRomeMatchgemstorestorethecity_1.7.701.0_x86__ytsefhwckbdv6 [2020-01-07] (G5 Entertainment AB)
Kaspersky Password Manager Extension -> C:\Program Files\WindowsApps\KasperskyLab.KasperskyPasswordManagerExtension_2.9.1.0_x64__8jx5e25qw3tdc [2019-12-18] (Kaspersky Lab)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-05-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-05-07] (Microsoft Corporation) [MS Ad]
Microsoft Jigsaw -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJigsaw_1.9.1911.0_x86__8wekyb3d8bbwe [2019-12-19] (Microsoft Studios) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.12130.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Studios) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-13] (Microsoft Studios) [MS Ad]
Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.6.10070.0_x64__8wekyb3d8bbwe [2019-12-25] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
Photo Editor | Polarr -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.10.7.0_x64__jb41c8remg0x2 [2019-12-24] (Polarr)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1433173932-3963356919-369050832-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\27845\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-1433173932-3963356919-369050832-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\27845\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-1433173932-3963356919-369050832-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> E:\WPS Office\11.2.0.9127\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1433173932-3963356919-369050832-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> E:\Program Files\WinZip\adxloader64.dll () [File not signed]
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6718864 2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => E:\Program Files\WinZip\wzshls64.dll [2013-07-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => E:\Program Files\WinZip\wzshls64.dll [2013-07-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => E:\Program Files\WinZip\wzshls64.dll [2013-07-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers1_S-1-5-21-1433173932-3963356919-369050832-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => E:\WPS Office\11.2.0.9127\office6\kwpsmenushellext64.dll [2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-1433173932-3963356919-369050832-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => E:\WPS Office\11.2.0.9127\office6\kwpsmenushellext64.dll [2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\27845\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
ShortcutWithArgument: C:\Users\27845\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

==================== Loaded Modules (Whitelisted) =============

2019-05-07 23:16 - 2015-03-03 15:50 - 000758784 _____ () [File not signed] C:\Program Files\NetWorx\sqlite.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 001414656 _____ () [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\avcodec-58.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 000898048 _____ () [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\avformat-58.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 000451072 _____ () [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\avutil-56.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 000151552 _____ () [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\swresample-3.dll
2019-09-03 23:00 - 2019-09-03 23:00 - 098275328 _____ () [File not signed] D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2019-09-03 23:00 - 2019-09-03 23:00 - 000092672 _____ () [File not signed] D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2019-09-03 23:00 - 2019-09-03 23:00 - 003922432 _____ () [File not signed] D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2019-04-16 09:22 - 2002-04-10 11:42 - 000233472 _____ () [File not signed] D:\Program Files\AutoSpec\NetsyncV2\libmySQL.DLL
1998-08-28 16:42 - 1998-08-28 16:42 - 000153088 _____ () [File not signed] E:\lotus\organize\ormmime.dll
1998-08-28 16:42 - 1998-08-28 16:42 - 000138752 _____ () [File not signed] E:\lotus\organize\ormprot.dll
1998-08-28 16:42 - 1998-08-28 16:42 - 000220160 _____ () [File not signed] E:\lotus\organize\ormutil.dll
2019-05-08 00:50 - 2019-01-27 14:34 - 000638464 _____ (Helmut Buhler) [File not signed] C:\Program Files\Windows Sidebar\dwmapi.dll
2001-07-25 14:24 - 2001-07-25 14:24 - 000162816 _____ (Lotus Developement Corp) [File not signed] E:\lotus\organize\orgapi32.dll
1998-01-06 18:49 - 1998-01-06 18:49 - 000125952 _____ (Lotus Development Corporation) [File not signed] E:\lotus\compnent\LTSCSN13.DLL
2001-07-25 14:05 - 2001-07-25 14:05 - 000023040 _____ (Lotus Development Corporation) [File not signed] E:\lotus\organize\ecEN.dll
2001-07-25 14:09 - 2001-07-25 14:09 - 002895872 _____ (Lotus Development Corporation) [File not signed] E:\lotus\organize\OR1C50EN.DLL
2001-07-25 14:09 - 2001-07-25 14:09 - 000886272 _____ (Lotus Development Corporation) [File not signed] E:\lotus\organize\ORBACK.dll
2001-07-25 14:07 - 2001-07-25 14:07 - 000779264 _____ (Lotus Development Corporation) [File not signed] E:\lotus\organize\orutil.dll
2001-05-29 03:38 - 2001-05-29 03:38 - 000330752 _____ (Lotus Development Corporation.) [File not signed] E:\lotus\compnent\LTASWN23.DLL
1998-06-17 11:45 - 1998-06-17 11:45 - 000077878 _____ (Microsoft Corporation) [File not signed] E:\lotus\organize\MSVCIRT.dll
2019-07-31 17:24 - 2017-10-27 18:06 - 000760032 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
2019-07-31 17:24 - 2017-10-27 18:06 - 000874368 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2019-07-31 17:24 - 2017-10-27 18:06 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2016-05-09 09:20 - 2016-05-09 09:20 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2019-09-03 23:00 - 2019-09-03 23:00 - 000547840 _____ (The Chromium Authors) [File not signed] D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 001277952 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\LIBEAY32.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\27845\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 09:31 - 2019-05-11 17:58 - 000006895 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 3dns-2.adobe.com #192.150.22.22
127.0.0.1 3dns-3.adobe.com #192.150.14.21
127.0.0.1 3dns-4.adobe.com #192.150.18.247
127.0.0.1 3dns-5.adobe.com #192.150.22.46
127.0.0.1 adobe-dns.adobe.com #192.150.11.30
127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
127.0.0.1 adobe.activate.com #69.175.22.26
127.0.0.1 activate.adobe.com #192.150.22.40
127.0.0.1 activate.wip3.adobe.com #192.150.22.40
127.0.0.1 activate.wip4.adobe.com #192.150.22.40
127.0.0.1 activate-sea.adobe.com #192.150.22.40
127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
127.0.0.1 ereg.adobe.com #192.150.18.103
127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
127.0.0.1 practivate.adobe.com #192.150.18.54
127.0.0.1 www.wip3.adobe.com #192.150.8.60
127.0.0.1 www.wip4.adobe.com #192.150.18.200
127.0.0.1 www.adobeereg.com #75.125.24.83
127.0.0.1 adobeereg.com #207.66.2.10
127.0.0.1 hl2rcv.adobe.com #192.150.14.174
127.0.0.1 wwis-dubc1-vip30.adobe.com #192.150.8.30
127.0.0.1 wwis-dubc1-vip31.adobe.com #192.150.8.31
127.0.0.1 wwis-dubc1-vip32.adobe.com #192.150.8.32
127.0.0.1 wwis-dubc1-vip33.adobe.com #192.150.8.33
127.0.0.1 wwis-dubc1-vip34.adobe.com #192.150.8.34
127.0.0.1 wwis-dubc1-vip35.adobe.com #192.150.8.35
127.0.0.1 wwis-dubc1-vip36.adobe.com #192.150.8.36
127.0.0.1 wwis-dubc1-vip37.adobe.com #192.150.8.37

There are 89 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2EFAAC53-ED29-4294-A3D8-8EFAFA5423FF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{11ED0506-1D7E-4828-BDB8-7A60C79580CC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5874E804-9F10-4128-AEF3-826322D71230}] => (Allow) C:\Program Files\NetWorx\networx.exe (SOFTPERFECT PTY. LTD. -> SoftPerfect Research)
FirewallRules: [{0FFE1D1A-8AA3-4284-AE29-6DD6E063A755}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{22A12BAD-6D4F-46B2-9F13-2194F01B927E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{0FB2C62D-99F9-40C4-A7DB-6C8B6184BA02}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{5AF23BAC-56FB-4580-8513-D0C32439F714}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{8C7CCBC3-C1B6-4483-A7DC-13723B0B420B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{A943A13E-D3BE-4EF2-BE88-4EA9D99425E3}] => (Allow) E:\WPS Office\11.2.0.9127\office6\wps.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
FirewallRules: [TCP Query User{47D717EF-B8AB-4DA4-9C41-33A8686B60A5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{AFD2556C-22F0-4663-9100-627CCD268C61}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{07F3D827-6BDA-4823-B4DE-9EC0C77193EE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{24C6FABE-D249-44D6-A37D-1C4CE0D7B3AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A2966F60-25C3-468E-AE13-6FBD2D0EB782}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{374183A5-992E-46E8-A819-540E8052DE93}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E374618A-A4D2-4D77-BF8A-EEF972EDE56A}] => (Allow) C:\Users\27845\AppData\Roaming\BitTorrent Web\btweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
FirewallRules: [{2480E7A2-C9CC-401A-8FBA-961B5DB806FF}] => (Allow) C:\Users\27845\AppData\Roaming\BitTorrent Web\btweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
FirewallRules: [{0B7A7E8C-CAAF-4CDD-BF06-AEB51229A077}] => (Block) e:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{3375061E-3C3E-4137-A439-AD51EB086BBE}] => (Block) e:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{5381295C-0AB0-474A-85DD-48F9F0A447B0}] => (Allow) D:\Program Files\AutoSpec\Autospec.exe (NDTec) [File not signed]
FirewallRules: [{D66D08F3-ADD7-45F1-A94E-48C1112814EA}] => (Allow) D:\Program Files\AutoSpec\Autospec.exe (NDTec) [File not signed]
FirewallRules: [{B5BE4A8B-0A92-41C2-AD8D-6A2A1D5168F0}] => (Allow) D:\Program Files\AutoSpec\assb.exe () [File not signed]
FirewallRules: [{60D12B64-D430-4E08-8E21-657814DF020A}] => (Allow) D:\Program Files\AutoSpec\assb.exe () [File not signed]
FirewallRules: [{4C23A3CD-E5FD-4BE6-9AB0-770C46D7AEC2}] => (Allow) D:\Program Files\AutoSpec\asloader.exe () [File not signed]
FirewallRules: [{6337ED56-1403-4CFE-9C7A-6531AE6B7B50}] => (Allow) D:\Program Files\AutoSpec\asloader.exe () [File not signed]
FirewallRules: [{F25E99A3-84E8-4CD7-8712-EAECC71A6C2F}] => (Allow) D:\Program Files\AutoSpec\mysql\bin\mysqld-nt.exe () [File not signed]
FirewallRules: [{2B4984E9-AE18-4306-AFF7-1AA714862D65}] => (Allow) D:\Program Files\AutoSpec\mysql\bin\mysqld-nt.exe () [File not signed]
FirewallRules: [{5F90537E-1A13-4DDB-97D4-62AD9A10BD50}] => (Allow) D:\Program Files\AutoSpec\mysql\bin\mysqld-opt.exe () [File not signed]
FirewallRules: [{E4CB22E8-AEC5-4630-8700-201A9EF00A49}] => (Allow) D:\Program Files\AutoSpec\mysql\bin\mysqld-opt.exe () [File not signed]

==================== Restore Points =========================

19-01-2020 11:59:50 Wotsuper Removal

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/19/2020 12:23:42 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (01/19/2020 12:22:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wotsuper.exe, version: 0.0.0.0, time stamp: 0x5e1f8734
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x71891274
Faulting process id: 0x5794
Faulting application start time: 0x01d5cd242b195792
Faulting application path: C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe
Faulting module path: unknown
Report Id: 53c6adab-e93d-4bbc-a84e-47fcbf406a68
Faulting package full name:
Faulting package-relative application ID:

Error: (01/19/2020 12:22:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wotsuper.exe, version: 0.0.0.0, time stamp: 0x5e1f8734
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x71891274
Faulting process id: 0x5794
Faulting application start time: 0x01d5cd242b195792
Faulting application path: C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe
Faulting module path: unknown
Report Id: e8fd5fe0-5edb-4662-9cd4-780669af4b8c
Faulting package full name:
Faulting package-relative application ID:

Error: (01/19/2020 12:19:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wotsuper.exe, version: 0.0.0.0, time stamp: 0x5e1f8734
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x71891274
Faulting process id: 0x5794
Faulting application start time: 0x01d5cd242b195792
Faulting application path: C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe
Faulting module path: unknown
Report Id: 2b3f2a4b-cf6c-485d-88c1-7e9439d7e51a
Faulting package full name:
Faulting package-relative application ID:

Error: (01/19/2020 12:18:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wotsuper.exe, version: 0.0.0.0, time stamp: 0x5e1f8734
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x71891274
Faulting process id: 0x5794
Faulting application start time: 0x01d5cd242b195792
Faulting application path: C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe
Faulting module path: unknown
Report Id: b2ecc42b-2b6a-4fa8-b73e-626617c1a9ef
Faulting package full name:
Faulting package-relative application ID:

Error: (01/19/2020 12:16:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wotsuper.exe, version: 0.0.0.0, time stamp: 0x5e1f8734
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x71891274
Faulting process id: 0x5794
Faulting application start time: 0x01d5cd242b195792
Faulting application path: C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe
Faulting module path: unknown
Report Id: a8217bf0-7792-4272-83af-00547dbe58f1
Faulting package full name:
Faulting package-relative application ID:

Error: (01/19/2020 12:16:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wotsuper.exe, version: 0.0.0.0, time stamp: 0x5e1f8734
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x71891274
Faulting process id: 0x5794
Faulting application start time: 0x01d5cd242b195792
Faulting application path: C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe
Faulting module path: unknown
Report Id: 30319e70-29e8-4729-9268-caedecfbb117
Faulting package full name:
Faulting package-relative application ID:

Error: (01/19/2020 12:14:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wotsuper.exe, version: 0.0.0.0, time stamp: 0x5e1f8734
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x71891274
Faulting process id: 0x5794
Faulting application start time: 0x01d5cd242b195792
Faulting application path: C:\Program Files (x86)\wotsuper\wotsuper\wotsuper.exe
Faulting module path: unknown
Report Id: f5b43e8e-62ff-4217-9fa8-8238dfaabe60
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (01/19/2020 12:27:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/19/2020 12:27:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/19/2020 12:26:56 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5VOB4P7)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
and APPID
Unavailable
to the user DESKTOP-5VOB4P7\27845 SID (S-1-5-21-1433173932-3963356919-369050832-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/19/2020 12:26:55 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5VOB4P7)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
and APPID
Unavailable
to the user DESKTOP-5VOB4P7\27845 SID (S-1-5-21-1433173932-3963356919-369050832-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/19/2020 12:25:56 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (01/19/2020 12:24:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Passport Container service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (01/19/2020 12:24:41 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The NgcCtnrSvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/16/2020 02:27:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2020-01-15 14:14:29.938
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...85&enterprise=0
Name: Trojan:MSIL/Kryptik.MJ!ibt
ID: 2147744485
Severity: Severe
Category: Trojan
Path: file:_C:\Users\27845\AppData\Local\Temp\ksi1q3jg1gm\mkwm2pbipvb.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Beo\90678640.exe
Signature Version: AV: 1.307.2371.0, AS: 1.307.2371.0, NIS: 1.307.2371.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2020-01-15 14:14:28.237
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...09&enterprise=0
Name: Trojan:MSIL/Adload.B!MSR
ID: 2147748509
Severity: Severe
Category: Trojan
Path: file:_C:\Users\27845\AppData\Local\Temp\flr4fs45jl3\yzahvixlkyx.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Beo\90678640.exe
Signature Version: AV: 1.307.2371.0, AS: 1.307.2371.0, NIS: 1.307.2371.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2020-01-15 13:59:08.953
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...85&enterprise=0
Name: Trojan:MSIL/Kryptik.MJ!ibt
ID: 2147744485
Severity: Severe
Category: Trojan
Path: file:_C:\Users\27845\AppData\Local\Temp\dstwaqw0lak\rperskw0fp4.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Beo\90678640.exe
Signature Version: AV: 1.307.2371.0, AS: 1.307.2371.0, NIS: 1.307.2371.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2020-01-15 13:58:47.562
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...09&enterprise=0
Name: Trojan:MSIL/Adload.B!MSR
ID: 2147748509
Severity: Severe
Category: Trojan
Path: file:_C:\Users\27845\AppData\Local\Temp\52bhcskprra\5dpbm4pqpug.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Beo\90678640.exe
Signature Version: AV: 1.307.2371.0, AS: 1.307.2371.0, NIS: 1.307.2371.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2020-01-15 12:16:30.001
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...85&enterprise=0
Name: Trojan:MSIL/Kryptik.MJ!ibt
ID: 2147744485
Severity: Severe
Category: Trojan
Path: file:_C:\Users\27845\AppData\Local\Temp\scjhtvo2yfg\shcdvrm0dnb.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.307.2371.0, AS: 1.307.2371.0, NIS: 1.307.2371.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2019-05-13 15:07:02.862
Description:
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...97&enterprise=0
Name: SoftwareBundler:Win32/ICLoader.E
ID: 249597
Severity: High
Category: Software Bundler
Path: process:_pid:1900,ProcessStart:132022254638798305
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: C:\Users\27845\AppData\Local\Temp\RFanzSbeQyz1uLTh\e8432142d85606ae54dc7b76449a3456.exe
Action: Quarantine
Action Status: No additional actions required
Error Code: 0x80070005
Error description: Access is denied.
Signature Version: AV: 1.293.1502.0, AS: 1.293.1502.0, NIS: 1.293.1502.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4

CodeIntegrity:
===================================

Date: 2020-01-17 02:29:59.041
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2020-01-16 20:31:18.702
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2020-01-16 14:14:28.829
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2020-01-16 09:44:42.121
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2020-01-16 00:24:01.429
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2020-01-15 14:53:25.921
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2020-01-15 14:06:07.579
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.

Date: 2020-01-15 12:17:55.323
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\SearchIndexer.exe) attempted to load \Device\HarddiskVolume10\ProgramData\Voyasollam\Fintop.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. V11.13B2 03/06/2012
Motherboard: MSI H67MA-E35 (MS-7680)
Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 65%
Total physical RAM: 8172.87 MB
Available physical RAM: 2779.27 MB
Total Virtual: 16364.87 MB
Available Virtual: 10131.08 MB

==================== Drives ================================

Drive c: (Windows SSD) (Fixed) (Total:111.79 GB) (Free:51.43 GB) NTFS
Drive d: (WIN7) (Fixed) (Total:250.89 GB) (Free:40.45 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (PROGRAMMES) (Fixed) (Total:170.13 GB) (Free:125.15 GB) NTFS
Drive f: (CAD) (Fixed) (Total:170.06 GB) (Free:73.49 GB) NTFS
Drive g: (DATA) (Fixed) (Total:165.18 GB) (Free:129.93 GB) NTFS
Drive h: (FILLING) (Fixed) (Total:165.04 GB) (Free:121.5 GB) NTFS
Drive i: (Recovery) (Fixed) (Total:9.77 GB) (Free:3.45 GB) NTFS
Drive k: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
Drive l: (WINDOWS) (Fixed) (Total:232.79 GB) (Free:71.06 GB) NTFS

\\?\Volume{3156db60-0000-0000-0000-a0c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3156DB60)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=250.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=670.4 GB) - (Type=0F Extended)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: E224E224)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 962A40A1)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Kaspersky found a file Istech.bin that it says is infected and that it can not be cleaned. Any idea what this is?


After the cleanup and reboot, the keyboard has a long delay before responding. Any idea what's causing this?

Thanks
Mike Back
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

There's still a bit of the infection.  Let's see if this will help.

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   17.49KB   183 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.


 


  • 0

#6
MikeBack

MikeBack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Here is the log for the fix log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-01-2020
Ran by 27845 (19-01-2020 15:15:26) Run:1
Running from C:\Users\27845\Desktop
Loaded Profiles: 27845 (Available Profiles: 27845)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: Type C:\Windows\wotsuper.reg
C:\Windows\wotsuper.reg
C:\Program Files (x86)\Beo
C:\Users\27845\AppData\Local\Temp\3184765357.exe
C:\Users\27845\AppData\Local\Temp\msbd4xpflf1
C:\Users\27845\AppData\Local\Temp\ulq4x0uyp0p
C:\Users\27845\AppData\Local\Temp\ypiu4vd4gnz
HKLM\...\RunOnce: [k4ksywwbmgn] => C:\Program Files (x86)\Beo\90678640.exe [615424 2020-01-15] () [File not signed]
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\MountPoints2: {09da0e7a-84c6-11e9-a533-8c89a59f49e3} - "N:\Setup.exe"
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\MountPoints2: {9a5b42c6-9931-11e9-a537-d46e0e010e39} - "N:\Setup.exe"
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxl1oRC_xS3_uy7wBCFXcBUJsi9iCnwRohuO6nwNkfBWrhragj_BDnL2aIerEGzk8Q_o3EmaJ4jBImulj6m0f6VAeMDWwyJo2ThWXgeO8RwE62FnfOmrf5zvogV_fw1DvWXBMCSIV46r4dRRBUB80X4YhJCU9WNOq_Y-iyMBumA,,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-1433173932-3963356919-369050832-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2020-01-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2020-01-10] <==== ATTENTION
FF Homepage: Mozilla\Firefox\Profiles\q6lhne0s.default -> file:///C:/ProgramData/Voyasollams/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\q6lhne0s.default -> file:///C:/ProgramData/Voyasollams/ff.NT
FF HomepageOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF NewTabOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: [email protected]
S1 bkwzglic; \??\C:\Windows\system32\drivers\bkwzglic.sys [X]
2020-01-16 21:23 - 2020-01-16 21:23 - 000001756 _____ C:\Users\27845\Desktop\Garbage Cleaner.lnk
2020-01-16 21:20 - 2020-01-16 21:23 - 000000000 ____D C:\ProgramData\Garbage Cleaner
2020-01-16 15:02 - 2020-01-17 11:13 - 000000000 ____D C:\ProgramData\0KZNVGKEGG770ZJSKZHSHS2JP
2020-01-16 15:02 - 2020-01-16 15:02 - 000000000 ____D C:\Program Files (x86)\wotsuper
2020-01-15 19:21 - 2020-01-16 09:43 - 000000000 ____D C:\ProgramData\7M9M0TDBY4L4O1J2VR5AJDFY8
2020-01-15 15:32 - 2020-01-15 15:36 - 000000000 ____D C:\ProgramData\CGQNHC7T6GKTA6UOU2Z8NT2CK
2020-01-15 15:23 - 2020-01-15 15:26 - 000000000 ____D C:\ProgramData\J2SZZ27BLSEH18K6HW3G3NPII
2020-01-15 15:12 - 2020-01-15 15:15 - 000000000 ____D C:\ProgramData\L2W3LCU7AVIGVJJD5AD4WP8JU
2020-01-15 15:02 - 2020-01-15 15:05 - 000000000 ____D C:\ProgramData\DSI2XKSEKNN8MWE1E8D9QKCDM
2020-01-15 14:25 - 2020-01-15 14:55 - 000000000 ____D C:\ProgramData\CS82ZZ0S0XZRNNXEASNVYWCJ7
2020-01-15 14:15 - 2020-01-15 14:15 - 000000000 ____D C:\ProgramData\456C36BR2D44WJ1NQSTUJUKC6
2020-01-15 13:58 - 2020-01-15 13:58 - 000602112 _____ C:\Windows\system32\e92G0.exe
2020-01-15 12:13 - 2020-01-15 12:14 - 000000000 ____D C:\ProgramData\KZEVI3HGKU5TA6T9NL28EXZEQ
2020-01-15 12:05 - 2020-01-15 12:06 - 000000000 ____D C:\ProgramData\KUKPX4VLJ67XYC1SDHJVWYVW6
2020-01-15 11:32 - 2020-01-15 11:32 - 001895384 _____ C:\Users\27845\AppData\Local\Istech.bin
2020-01-15 11:32 - 2020-01-15 11:32 - 000000000 ____D C:\Windows\SysWOW64\jwvaxflh
2020-01-15 11:31 - 2020-01-15 11:31 - 008460288 _____ C:\Users\27845\AppData\Local\agent.dat
2020-01-15 11:31 - 2020-01-15 11:31 - 002157848 _____ C:\Users\27845\AppData\Local\Zimsoft.tst
2020-01-15 11:31 - 2020-01-15 11:31 - 000602112 _____ C:\Windows\system32\61dzW5w9.exe
2020-01-15 11:31 - 2020-01-15 11:31 - 000126464 _____ C:\Users\27845\AppData\Local\noah.dat
2020-01-15 11:31 - 2020-01-15 11:31 - 000070992 _____ C:\Users\27845\AppData\Local\Config.xml
2020-01-15 11:31 - 2020-01-15 11:29 - 001767424 _____ C:\Users\27845\AppData\Local\Zimsoft.exe
2020-01-15 11:30 - 2020-01-15 11:31 - 000005568 _____ C:\Users\27845\AppData\Local\md.xml
2020-01-15 11:30 - 2020-01-15 11:30 - 006504336 ____N C:\Windows\system32\Drivers\Wdf66150.sys
2020-01-15 11:30 - 2020-01-15 11:30 - 000140800 _____ C:\Users\27845\AppData\Local\installer.dat
2020-01-15 11:30 - 2020-01-15 11:30 - 000126464 _____ C:\Users\27845\AppData\Local\lobby.dat
2020-01-15 11:30 - 2020-01-15 11:30 - 000068317 _____ C:\Users\27845\AppData\Local\Bioflex.tst
2020-01-15 11:30 - 2020-01-15 11:30 - 000044032 _____ C:\Users\27845\AppData\Local\ApplicationHosting.dat
2020-01-15 11:30 - 2020-01-15 11:30 - 000000000 ____D C:\ProgramData\I2PWNYQQ6KB0AOEUMD6APQ8KB
2020-01-15 11:30 - 2020-01-15 11:29 - 001767424 _____ C:\Users\27845\AppData\Local\Bioflex.exe
2020-01-15 11:29 - 2020-01-15 11:30 - 000000000 ____D C:\Program Files (x86)\Beo
2020-01-15 11:27 - 2020-01-15 11:28 - 001728000 _____ C:\Users\27845\AppData\Roaming\scvrrv.exe
2020-01-15 11:26 - 2020-01-15 11:26 - 016061440 _____ C:\Users\27845\AppData\Roaming\ervdetbrvyb.exe
2019-12-20 16:11 - 2019-12-20 16:11 - 000000450 _____ C:\Windows\wotsuper.reg
2020-01-16 14:27 - 2019-11-11 09:56 - 000032768 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-shm
2020-01-16 14:27 - 2019-11-11 09:55 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-shm
2020-01-16 14:27 - 2019-11-11 09:55 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb-shm
2020-01-16 12:46 - 2019-11-11 09:56 - 000086552 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-wal
2020-01-06 13:32 - 2019-11-11 09:55 - 000057712 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-wal
2018-09-15 09:28 - 2018-09-15 09:28 - 000232960 ___SH () C:\Users\27845\AppData\Roaming\dthritw
2020-01-15 11:26 - 2020-01-15 11:26 - 016061440 _____ () C:\Users\27845\AppData\Roaming\ervdetbrvyb.exe
2018-09-15 09:28 - 2018-09-15 09:28 - 000000270 ___SH () C:\Users\27845\AppData\Roaming\scdsvfc
2020-01-15 11:27 - 2020-01-15 11:28 - 001728000 _____ () C:\Users\27845\AppData\Roaming\scvrrv.exe
2018-09-15 09:28 - 2018-09-15 09:28 - 000314570 ___SH () C:\Users\27845\AppData\Roaming\trtcjua
2020-01-15 11:31 - 2020-01-15 11:31 - 008460288 _____ () C:\Users\27845\AppData\Local\agent.dat
2020-01-15 11:30 - 2020-01-15 11:30 - 000044032 _____ () C:\Users\27845\AppData\Local\ApplicationHosting.dat
2020-01-15 11:30 - 2020-01-15 11:29 - 001767424 _____ () C:\Users\27845\AppData\Local\Bioflex.exe
2020-01-15 11:30 - 2020-01-15 11:30 - 000068317 _____ () C:\Users\27845\AppData\Local\Bioflex.tst
2020-01-15 11:31 - 2020-01-15 11:31 - 000070992 _____ () C:\Users\27845\AppData\Local\Config.xml
2020-01-15 11:30 - 2020-01-15 11:30 - 000140800 _____ () C:\Users\27845\AppData\Local\installer.dat
2020-01-15 11:32 - 2020-01-15 11:32 - 001895384 _____ () C:\Users\27845\AppData\Local\Istech.bin
2020-01-15 11:30 - 2020-01-15 11:30 - 000126464 _____ () C:\Users\27845\AppData\Local\lobby.dat
2020-01-15 11:30 - 2020-01-15 11:31 - 000005568 _____ () C:\Users\27845\AppData\Local\md.xml
2020-01-15 11:31 - 2020-01-15 11:31 - 000126464 _____ () C:\Users\27845\AppData\Local\noah.dat
2020-01-15 11:32 - 2020-01-15 11:32 - 000032038 _____ () C:\Users\27845\AppData\Local\uninstall_temp.ico
2020-01-15 11:31 - 2020-01-15 11:29 - 001767424 _____ () C:\Users\27845\AppData\Local\Zimsoft.exe
2020-01-15 11:31 - 2020-01-15 11:31 - 002157848 _____ () C:\Users\27845\AppData\Local\Zimsoft.tst
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
AlternateDataStreams: C:\Users\27845\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
EmptyTemp:
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:


*****************


========= Type C:\Windows\wotsuper.reg =========

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare"="\"C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCTray.exe\" /Auto"
"wotsuper"=""


========= End of CMD: =========

C:\Windows\wotsuper.reg => moved successfully
C:\Program Files (x86)\Beo => moved successfully
"C:\Users\27845\AppData\Local\Temp\3184765357.exe" => not found
C:\Users\27845\AppData\Local\Temp\msbd4xpflf1 => moved successfully
C:\Users\27845\AppData\Local\Temp\ulq4x0uyp0p => moved successfully
C:\Users\27845\AppData\Local\Temp\ypiu4vd4gnz => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\k4ksywwbmgn" => not found
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09da0e7a-84c6-11e9-a533-8c89a59f49e3} => removed successfully
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a5b42c6-9931-11e9-a537-d46e0e010e39} => removed successfully
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\Software\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft..../?LinkId=54896"=> value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
"HKU\S-1-5-21-1433173932-3963356919-369050832-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js => moved successfully
C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg => moved successfully
"Firefox homepage" => removed successfully
"FF NewTab: Mozilla\Firefox\Profiles\q6lhne0s.default -> file:///C:/ProgramData/Voyasollams/ff.NT" => not found
"Firefox HomepageOverride ([email protected]) " => removed successfully
"Firefox NewTabOverride ({a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}) " => removed successfully
"Firefox NewTabOverride ([email protected]) " => removed successfully
HKLM\System\CurrentControlSet\Services\bkwzglic => removed successfully
bkwzglic => service removed successfully
C:\Users\27845\Desktop\Garbage Cleaner.lnk => moved successfully
C:\ProgramData\Garbage Cleaner => moved successfully
C:\ProgramData\0KZNVGKEGG770ZJSKZHSHS2JP => moved successfully
C:\Program Files (x86)\wotsuper => moved successfully
C:\ProgramData\7M9M0TDBY4L4O1J2VR5AJDFY8 => moved successfully
C:\ProgramData\CGQNHC7T6GKTA6UOU2Z8NT2CK => moved successfully
C:\ProgramData\J2SZZ27BLSEH18K6HW3G3NPII => moved successfully
C:\ProgramData\L2W3LCU7AVIGVJJD5AD4WP8JU => moved successfully
C:\ProgramData\DSI2XKSEKNN8MWE1E8D9QKCDM => moved successfully
C:\ProgramData\CS82ZZ0S0XZRNNXEASNVYWCJ7 => moved successfully
C:\ProgramData\456C36BR2D44WJ1NQSTUJUKC6 => moved successfully
C:\Windows\system32\e92G0.exe => moved successfully
C:\ProgramData\KZEVI3HGKU5TA6T9NL28EXZEQ => moved successfully
C:\ProgramData\KUKPX4VLJ67XYC1SDHJVWYVW6 => moved successfully
"C:\Users\27845\AppData\Local\Istech.bin" => not found
C:\Windows\SysWOW64\jwvaxflh => moved successfully
"C:\Users\27845\AppData\Local\agent.dat" => not found
"C:\Users\27845\AppData\Local\Zimsoft.tst" => not found
C:\Windows\system32\61dzW5w9.exe => moved successfully
"C:\Users\27845\AppData\Local\noah.dat" => not found
"C:\Users\27845\AppData\Local\Config.xml" => not found
"C:\Users\27845\AppData\Local\Zimsoft.exe" => not found
"C:\Users\27845\AppData\Local\md.xml" => not found
Could not move "C:\Windows\system32\Drivers\Wdf66150.sys" => Scheduled to move on reboot.
"C:\Users\27845\AppData\Local\installer.dat" => not found
"C:\Users\27845\AppData\Local\lobby.dat" => not found
"C:\Users\27845\AppData\Local\Bioflex.tst" => not found
"C:\Users\27845\AppData\Local\ApplicationHosting.dat" => not found
C:\ProgramData\I2PWNYQQ6KB0AOEUMD6APQ8KB => moved successfully
"C:\Users\27845\AppData\Local\Bioflex.exe" => not found
"C:\Program Files (x86)\Beo" => not found
"C:\Users\27845\AppData\Roaming\scvrrv.exe" => not found
"C:\Users\27845\AppData\Roaming\ervdetbrvyb.exe" => not found
"C:\Windows\wotsuper.reg" => not found
C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-shm => moved successfully
C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-shm => moved successfully
C:\Windows\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb-shm => moved successfully
C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-wal => moved successfully
C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-wal => moved successfully
"C:\Users\27845\AppData\Roaming\dthritw" => not found
"C:\Users\27845\AppData\Roaming\ervdetbrvyb.exe" => not found
"C:\Users\27845\AppData\Roaming\scdsvfc" => not found
"C:\Users\27845\AppData\Roaming\scvrrv.exe" => not found
C:\Users\27845\AppData\Roaming\trtcjua => moved successfully
"C:\Users\27845\AppData\Local\agent.dat" => not found
"C:\Users\27845\AppData\Local\ApplicationHosting.dat" => not found
"C:\Users\27845\AppData\Local\Bioflex.exe" => not found
"C:\Users\27845\AppData\Local\Bioflex.tst" => not found
"C:\Users\27845\AppData\Local\Config.xml" => not found
"C:\Users\27845\AppData\Local\installer.dat" => not found
"C:\Users\27845\AppData\Local\Istech.bin" => not found
"C:\Users\27845\AppData\Local\lobby.dat" => not found
"C:\Users\27845\AppData\Local\md.xml" => not found
"C:\Users\27845\AppData\Local\noah.dat" => not found
"C:\Users\27845\AppData\Local\uninstall_temp.ico" => not found
"C:\Users\27845\AppData\Local\Zimsoft.exe" => not found
"C:\Users\27845\AppData\Local\Zimsoft.tst" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
C:\Users\27845\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS could not remove.
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log DebugChannel.
The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled.
Failed to clear log Microsoft-Windows-LiveId/Analytic.
Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational.
Access is denied.

========= End 1 CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16844449 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => 417068 B
Edge => 11641869 B
Chrome => 0 B
Firefox => 8484330 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 6344 B
NetworkService => 6344 B
27845 => 194667234 B

RecycleBin => 0 B
EmptyTemp: => 231.6 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-01-2020 15:26:21)

C:\Windows\system32\Drivers\Wdf66150.sys => Could not move

==== End of Fixlog 15:26:21 ====

Here is the FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2020
Ran by 27845 (administrator) on DESKTOP-5VOB4P7 (MSI MS-7680) (19-01-2020 15:31:32)
Running from C:\Users\27845\Desktop
Loaded Profiles: 27845 (Available Profiles: 27845)
Platform: Windows 10 Pro Version 1809 17763.973 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] D:\Program Files\AutoSpec\NetsyncV2\AutoSpecNetsync.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Registry Cleaner\TabReports.exe
(Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Registry Cleaner\ActionCenter.exe
(Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Registry Cleaner\RegistryCleaner.exe
(Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Registry Cleaner\Integrator.exe
(Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Registry Cleaner\TabMakePortable.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\27845\AppData\Roaming\BitTorrent Web\helper.exe
(Epic Games Inc. -> Epic Games, Inc.) D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) D:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\btweb.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_isolation.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\transport_proxy.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksdeui.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Lotus Development Corporation) [File not signed] E:\lotus\organize\easyclip.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\27845\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRPE.EXE
(SOFTPERFECT PTY. LTD. -> SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6637776 2015-03-26] (SOFTPERFECT PTY. LTD. -> SoftPerfect Research)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-31] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AutoSpecNetsync2] => D:\Program Files\AutoSpec\NetsyncV2\AutoSpecNetsync.exe [1166336 2019-03-06] () [File not signed]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIRPE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [btweb] => C:\Users\27845\AppData\Roaming\BitTorrent Web\btweb.exe [5463768 2019-12-20] (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [EpicGamesLauncher] => D:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36074896 2020-01-14] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe [580048 2019-12-16] (Kaspersky Lab -> AO Kaspersky Lab)
HKU\S-1-5-18\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-09] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\27845\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar915.lnk [2020-01-19]
ShortcutTarget: Sidebar915.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2019-05-16]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk [2019-05-15]
ShortcutTarget: Lotus Organizer EasyClip.lnk -> E:\lotus\organize\easyclip.exe (Lotus Development Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus QuickStart.lnk [2019-05-15]
ShortcutTarget: Lotus QuickStart.lnk -> E:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18F4A969-48E2-458B-82E5-24D95CC8FE19} - System32\Tasks\WpsExternal_27845_20200104045407 => E:\WPS Office\11.2.0.9127\office6\wps.exe [1073832 2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {1B06D1E9-0A23-48FA-928E-A390DB064F6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {1C835AC6-DB51-4A0E-B87F-ACB98BF4FFF2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
Task: {27A91D4F-85B9-47EF-9A44-9E37D77958A0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2E728C34-5EAC-4766-8564-16A92D88219E} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
Task: {B2452D6C-5DC3-44D6-90F4-B7815ABCB0C8} - System32\Tasks\Auslogics\Registry Cleaner\Start Registry Cleaner on 27845 logon => C:\Program Files (x86)\Auslogics\Registry Cleaner\Integrator.exe [3127160 2019-12-26] (Auslogics Labs Pty Ltd -> Auslogics)
Task: {C8D3FE9A-88F7-459A-A2BC-2CC9BAB974F6} - System32\Tasks\WpsUpdateTask_27845 => E:\WPS Office\11.2.0.9127\office6\wpsupdate.exe [157864 2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> )
Task: {E3195DB3-38FD-4067-BF8E-4DFFA1C46952} - System32\Tasks\EPSON L386 Series Update {394B0EFC-6B7C-4F2C-8205-E6873C1D9F0C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON L386 Series Update {394B0EFC-6B7C-4F2C-8205-E6873C1D9F0C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE:/EXE:{394B0EFC-6B7C-4F2C-8205-E6873C1D9F0C} /F:UpdateWORKGROUP\DESKTOP-5VOB4P7$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6676de20-6a9b-423c-bc53-a907df6e849a}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{a55e343d-5dd5-4f53-85cc-d66fa3368c81}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.za/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-31] (Logitech Inc -> Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\x64\ie_engine.dll [2019-12-16] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-31] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\ie_engine.dll [2019-12-16] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1433173932-3963356919-369050832-1001 -> Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1433173932-3963356919-369050832-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

Edge:
======
Edge Notifications: HKU\S-1-5-21-1433173932-3963356919-369050832-1001 -> hxxps://www.kaspersky.co.za
Edge Extension: (Kaspersky Password Manager) -> EdgeExtension_KasperskyLabKasperskyPasswordManagerExtension_8jx5e25qw3tdc => C:\Program Files\WindowsApps\KasperskyLab.KasperskyPasswordManagerExtension_2.9.1.0_x64__8jx5e25qw3tdc [2019-12-18]

FireFox:
========
FF DefaultProfile: q6lhne0s.default
FF ProfilePath: C:\Users\27845\AppData\Roaming\Mozilla\Firefox\Profiles\q6lhne0s.default [2020-01-19]
FF HomepageOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF NewTabOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: [email protected]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\27845\AppData\Roaming\Mozilla\Firefox\Profiles\q6lhne0s.default\Extensions\[email protected] [2020-01-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-10-28]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-05-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2019-05-09] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2019-05-11] [Legacy] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-05-09] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-05-09] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-03] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2017-02-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2019-05-09] (Kaspersky Lab -> AO Kaspersky Lab)
R2 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [354008 2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE4.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe [619752 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5378320 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11795800 2019-04-15] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wpscloudsvr; E:\WPS Office\wpscloudsvr.exe [790184 2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [75600 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [126288 2019-08-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [91472 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [236672 2019-08-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [1093240 2019-08-05] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [201280 2019-12-10] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1168000 2019-08-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [58704 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [60536 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [60784 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50304 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [46416 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\drivers\kltap.sys [48592 2018-03-16] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [251256 2019-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [99152 2019-05-08] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [306248 2019-10-17] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [119744 2019-10-17] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [204520 2019-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [104576 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [184960 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [218240 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 networx; C:\Windows\System32\drivers\networx.sys [60736 2015-03-17] (SOFTPERFECT PTY. LTD. -> NetFilterSDK.com)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [9860816 2019-05-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [45664 2020-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [355760 2020-01-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-06] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-19 15:31 - 2020-01-19 15:32 - 000027894 _____ C:\Users\27845\Desktop\FRST.txt
2020-01-19 15:27 - 2020-01-19 15:27 - 000000000 ___HD C:\OneDriveTemp
2020-01-19 15:27 - 2020-01-19 15:27 - 000000000 ____D C:\Users\27845\Downloads\MicroSoft Office
2020-01-19 15:26 - 2020-01-19 15:26 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-shm
2020-01-19 15:26 - 2020-01-19 15:26 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb-shm
2020-01-19 15:26 - 2020-01-19 15:26 - 000032768 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-shm
2020-01-19 15:26 - 2020-01-19 15:26 - 000000000 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-wal
2020-01-19 15:26 - 2020-01-19 15:26 - 000000000 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-wal
2020-01-19 15:25 - 2020-01-19 15:25 - 019398656 ____N C:\Windows\system32\config\SYSTEM
2020-01-19 15:15 - 2020-01-19 15:26 - 000017781 _____ C:\Users\27845\Desktop\Fixlog.txt
2020-01-19 12:49 - 2020-01-19 12:51 - 000053489 _____ C:\Users\27845\Desktop\Addition-1.txt
2020-01-19 12:47 - 2020-01-19 12:51 - 000053073 _____ C:\Users\27845\Desktop\FRST-1.txt
2020-01-19 12:47 - 2020-01-19 12:47 - 000000000 ____D C:\Users\27845\Desktop\FRST-OlderVersion
2020-01-19 12:32 - 2020-01-19 12:32 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\743352A5.sys
2020-01-19 12:03 - 2020-01-19 12:03 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\6423C25A.sys
2020-01-19 12:03 - 2020-01-19 12:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-01-19 12:02 - 2020-01-19 15:25 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2020-01-19 12:02 - 2020-01-19 12:46 - 000000000 ____D C:\Users\27845\Desktop\mbar
2020-01-19 12:02 - 2020-01-19 12:28 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2020-01-19 12:02 - 2020-01-19 12:02 - 014178840 _____ (Malwarebytes Corp.) C:\Users\27845\Downloads\mbar-1.10.3.1001.exe
2020-01-17 18:46 - 2020-01-17 18:46 - 000604160 _____ C:\Windows\system32\2Yyxb.exe
2020-01-17 15:41 - 2020-01-17 15:44 - 000604160 _____ C:\Windows\system32\Asd1g5U8g2.exe
2020-01-17 12:52 - 2020-01-19 12:23 - 000000000 ____D C:\ProgramData\SYW1O8FEHEIJGS9SBZ9BFCN7K
2020-01-17 12:18 - 2020-01-17 12:52 - 000053263 _____ C:\Users\27845\Desktop\Addition-Old.txt
2020-01-17 12:12 - 2020-01-17 12:20 - 000064262 _____ C:\Users\27845\Desktop\FRST-Old.txt
2020-01-17 12:11 - 2020-01-19 15:32 - 000000000 ____D C:\FRST
2020-01-17 12:11 - 2020-01-19 12:47 - 002572800 _____ (Farbar) C:\Users\27845\Desktop\FRST64.exe
2020-01-16 14:26 - 2020-01-16 14:27 - 000610316 _____ C:\Windows\Minidump\011620-19187-01.dmp
2020-01-16 14:20 - 2020-01-16 14:26 - 529495121 _____ C:\Windows\MEMORY.DMP
2020-01-16 14:20 - 2020-01-16 14:21 - 000610636 _____ C:\Windows\Minidump\011620-18656-01.dmp
2020-01-16 14:06 - 2020-01-16 14:06 - 000000000 ____D C:\Windows\system32\Tasks\Auslogics
2020-01-16 14:06 - 2020-01-16 14:06 - 000000000 ____D C:\Program Files (x86)\Auslogics
2020-01-16 14:00 - 2020-01-16 14:00 - 000000000 ____D C:\Program Files (x86)\Seed Trade
2020-01-16 12:27 - 2020-01-16 13:28 - 015348488 _____ (Auslogics ) C:\Users\27845\Downloads\registry-cleaner-setup.exe
2020-01-16 12:12 - 2020-01-16 12:13 - 000000000 ____D C:\AdwCleaner
2020-01-15 17:23 - 2020-01-15 17:23 - 009668408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 008905728 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 007922688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 007645392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 006543736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 005436696 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 004588544 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 003637248 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 002707968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 002469440 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 002419712 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 002323896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 002149160 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001936520 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001721144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001701888 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001677088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001670800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001665712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001258296 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 001200920 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001084416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001050624 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 001049400 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000949248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000930816 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000878080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000839680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\MdmDiagnostics.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000677144 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000673792 _____ (Microsoft Corporation) C:\Windows\system32\wiaaut.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000651776 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\SppExtComObj.Exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaaut.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000541264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000410616 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000405304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 000378368 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000350416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000326144 _____ (Microsoft Corporation) C:\Windows\system32\DiagnosticLogCSP.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000322048 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\ConhostV1.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000289792 _____ (Microsoft Corporation) C:\Windows\system32\provops.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000228864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000189440 _____ (Microsoft Corporation) C:\Windows\system32\sti_ci.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000154976 _____ (Microsoft Corporation) C:\Windows\system32\dmcmnutils.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\wiadss.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsusbhub.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000122568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmcmnutils.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadss.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\enterpriseresourcemanager.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\wiarpc.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\provtool.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\enterpriseresourcemanager.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\LSCSHostPolicy.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2020-01-15 14:30 - 2020-01-15 14:30 - 000028690 _____ C:\Users\27845\Documents\cc_20200115_143041.reg
2020-01-15 12:14 - 2020-01-19 15:25 - 019660800 _____ C:\Windows\system32\C_32770.NLS
2020-01-15 11:44 - 2020-01-15 12:02 - 000000000 ____D C:\Users\27845\AppData\LocalLow\AdLibs
2020-01-15 11:44 - 2020-01-15 11:44 - 000000266 _____ C:\Users\27845\AppData\LocalLow\thunderbird.txt
2020-01-15 11:30 - 2020-01-15 19:23 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2020-01-15 11:30 - 2020-01-15 19:23 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-01-15 11:30 - 2020-01-15 11:30 - 006504336 ____N C:\Windows\system32\Drivers\Wdf66150.sys
2020-01-15 11:29 - 2020-01-19 12:23 - 000000000 ____D C:\Program Files (x86)\Novicorp WinToFlash
2020-01-15 11:29 - 2020-01-15 11:29 - 000000000 ____D C:\Users\27845\AppData\Roaming\Novicorp
2020-01-15 11:29 - 2020-01-15 11:29 - 000000000 ____D C:\Users\27845\AppData\Local\Novicorp
2020-01-15 11:26 - 2020-01-19 12:23 - 000000000 ____D C:\ProgramData\UBlockPlugin
2020-01-15 11:26 - 2020-01-15 14:12 - 000000000 ____D C:\Windows\system32\Tasks\System
2020-01-15 11:26 - 2020-01-15 14:12 - 000000000 ____D C:\Users\27845\AppData\Roaming\Intel Rapid
2020-01-15 11:24 - 2020-01-15 14:52 - 000000000 ____D C:\Program Files (x86)\Copa
2020-01-15 11:23 - 2020-01-15 11:23 - 000000000 ____D C:\ProgramData\Newfol
2020-01-07 23:18 - 2020-01-07 23:18 - 003794953 _____ C:\Users\27845\Desktop\Construction-Cost-Guide-2019.pdf
2020-01-06 15:13 - 2020-01-06 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2020-01-06 15:13 - 2020-01-06 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2020-01-06 15:13 - 2020-01-06 15:13 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2020-01-06 15:12 - 2020-01-06 15:12 - 000000000 ____D C:\Windows\PCHEALTH
2020-01-06 15:12 - 2020-01-06 15:12 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2020-01-06 15:12 - 2020-01-06 15:12 - 000000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2020-01-06 15:12 - 2020-01-06 15:12 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2020-01-06 15:11 - 2020-01-06 15:13 - 000000000 ____D C:\Windows\SHELLNEW
2020-01-06 15:11 - 2020-01-06 15:11 - 000000000 __RHD C:\MSOCache
2020-01-06 15:11 - 2020-01-06 15:11 - 000000000 ____D C:\Program Files\Microsoft Office
2020-01-06 15:11 - 2020-01-06 15:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2020-01-06 15:07 - 2020-01-06 15:07 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2020-01-06 13:04 - 2020-01-06 13:04 - 000005114 _____ C:\Users\27845\Documents\cc_20200106_130358.reg
2020-01-06 13:00 - 2020-01-06 13:00 - 000039834 _____ C:\Users\27845\Documents\cc_20200106_130003.reg
2020-01-04 04:54 - 2020-01-04 04:54 - 000003988 _____ C:\Windows\system32\Tasks\WpsExternal_27845_20200104045407
2020-01-04 04:54 - 2020-01-04 04:54 - 000000000 ____D C:\Users\27845\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-19 15:32 - 2019-05-13 18:44 - 000000000 ____D C:\Users\27845\AppData\Roaming\BitTorrent Web
2020-01-19 15:32 - 2019-05-07 18:36 - 000840852 _____ C:\Windows\system32\PerfStringBackup.INI
2020-01-19 15:32 - 2018-09-15 09:31 - 000000000 ____D C:\Windows\INF
2020-01-19 15:31 - 2019-09-05 09:00 - 000000000 ____D C:\Users\27845\AppData\Local\BitTorrentHelper
2020-01-19 15:28 - 2019-05-08 23:25 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-01-19 15:27 - 2019-05-07 18:50 - 000000000 ___RD C:\Users\27845\OneDrive
2020-01-19 15:26 - 2019-05-13 18:23 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-01-19 15:26 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-19 15:25 - 2019-07-31 17:23 - 000000000 ____D C:\ProgramData\NVIDIA
2020-01-19 15:25 - 2019-05-07 21:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-01-19 15:25 - 2019-05-07 18:27 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-19 15:25 - 2018-09-15 08:09 - 000786432 _____ C:\Windows\system32\config\BBI
2020-01-19 15:16 - 2019-05-09 00:26 - 000000000 ____D C:\Users\27845\AppData\LocalLow\Temp
2020-01-19 15:15 - 2019-05-07 22:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-01-19 13:59 - 2019-05-07 22:23 - 000000000 ____D C:\Users\27845\AppData\LocalLow\Mozilla
2020-01-19 12:57 - 2019-05-30 12:13 - 000000925 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2020-01-19 12:57 - 2019-05-07 21:56 - 000000925 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2020-01-19 11:48 - 2019-05-07 18:27 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-01-17 22:50 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-17 22:50 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\AppReadiness
2020-01-16 14:26 - 2019-09-09 10:34 - 000000000 ____D C:\Windows\Minidump
2020-01-16 14:07 - 2019-05-07 23:48 - 000000000 ____D C:\Users\27845\Desktop\TOOLS
2020-01-16 14:07 - 2019-05-07 23:25 - 000000000 ____D C:\ProgramData\Auslogics
2020-01-16 14:06 - 2019-05-07 23:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2020-01-16 13:36 - 2019-05-09 00:54 - 000000000 ____D C:\Users\27845\AppData\Local\Microsoft Help
2020-01-16 12:14 - 2019-05-07 18:41 - 000000000 ____D C:\Users\27845
2020-01-16 12:13 - 2019-05-13 18:49 - 000000000 ____D C:\Users\27845\AppData\Roaming\Lavasoft
2020-01-16 12:13 - 2019-05-13 18:49 - 000000000 ____D C:\Users\27845\AppData\Local\Lavasoft
2020-01-16 12:13 - 2019-05-13 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2020-01-16 12:13 - 2019-05-13 18:49 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2020-01-16 12:13 - 2019-05-13 18:44 - 000000000 ____D C:\ProgramData\Lavasoft
2020-01-16 12:13 - 2019-05-09 01:02 - 000002324 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-16 12:13 - 2019-05-09 01:02 - 000002283 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-01-15 18:23 - 2019-06-18 04:43 - 000000000 ____D C:\Program Files\UNP
2020-01-15 18:20 - 2019-05-07 18:27 - 000614344 _____ C:\Windows\system32\FNTCACHE.DAT
2020-01-15 18:18 - 2018-09-15 09:33 - 000000000 ___SD C:\Windows\system32\UNP
2020-01-15 18:18 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\ShellExperiences
2020-01-15 18:18 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\bcastdvr
2020-01-15 17:39 - 2019-05-08 00:37 - 000000000 ____D C:\Windows\system32\MRT
2020-01-15 17:27 - 2019-05-08 00:37 - 120202352 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-01-15 17:27 - 2018-09-15 09:23 - 000000000 ____D C:\Windows\CbsTemp
2020-01-15 16:22 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\LiveKernelReports
2020-01-15 14:05 - 2019-05-07 23:38 - 000000000 ____D C:\Program Files\CCleaner
2020-01-15 11:30 - 2018-09-15 08:09 - 017973248 _____ C:\Windows\system32\C_3389.NLS
2020-01-11 15:37 - 2018-09-15 08:09 - 018087936 _____ C:\Windows\system32\config\BCD00000000
2020-01-11 14:42 - 2019-05-07 18:50 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1433173932-3963356919-369050832-1001
2020-01-11 14:42 - 2019-05-07 18:41 - 000002374 _____ C:\Users\27845\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-11 11:56 - 2019-05-07 23:38 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-01-10 23:15 - 2019-05-07 22:23 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-01-10 14:00 - 2019-05-07 19:06 - 000001613 _____ C:\Users\27845\Desktop\IExplore.lnk
2020-01-08 23:44 - 2018-09-15 08:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-01-06 15:15 - 2018-09-15 09:31 - 000000167 _____ C:\Windows\win.ini
2020-01-06 15:13 - 2019-05-13 14:05 - 000000000 ____D C:\Program Files (x86)\MSBuild
2020-01-06 15:13 - 2019-05-07 18:27 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-01-06 15:12 - 2019-05-09 00:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-01-06 15:12 - 2018-09-15 09:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-01-06 15:03 - 2019-05-07 23:07 - 000748816 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2020-01-06 13:03 - 2019-05-07 18:47 - 000000000 ____D C:\Users\27845\AppData\Local\Packages
2020-01-06 13:00 - 2019-05-08 21:55 - 000000000 ___RD C:\Users\27845\Documents\MEGA
2020-01-06 13:00 - 2019-05-08 21:18 - 000000000 ____D C:\Windows\system32\Tasks\MEGA
2020-01-06 12:52 - 2019-05-08 04:10 - 000000000 ____D C:\Windows\Panther
2020-01-05 18:04 - 2019-07-10 00:24 - 000001908 _____ C:\Users\27845\Desktop\BitTorrent Web.lnk
2020-01-05 18:04 - 2019-05-13 18:44 - 000001894 _____ C:\Users\27845\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk
2020-01-04 04:54 - 2019-05-11 01:39 - 000003574 _____ C:\Windows\system32\Tasks\WpsUpdateTask_27845
2020-01-02 11:15 - 2019-05-07 19:39 - 000000000 ____D C:\Users\27845\AppData\Local\PlaceholderTileLogoFolder
2020-01-02 11:15 - 2019-05-07 18:48 - 000000000 ____D C:\Users\27845\AppData\Local\Publishers
2019-12-20 12:10 - 2019-05-09 01:01 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories ========

2020-01-15 11:30 - 2020-01-15 19:23 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-01-15 11:30 - 2020-01-15 19:23 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll

==================== FLock ==============================

2020-01-19 15:25 C:\Windows\system32\config\SYSTEM
2020-01-15 11:30 C:\Windows\system32\Drivers\Wdf66150.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Here is the Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2020
Ran by 27845 (19-01-2020 15:33:34)
Running from C:\Users\27845\Desktop
Windows 10 Pro Version 1809 17763.973 (X64) (2019-05-07 16:30:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

27845 (S-1-5-21-1433173932-3963356919-369050832-1001 - Administrator - Enabled) => C:\Users\27845
Administrator (S-1-5-21-1433173932-3963356919-369050832-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1433173932-3963356919-369050832-503 - Limited - Disabled)
Guest (S-1-5-21-1433173932-3963356919-369050832-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1433173932-3963356919-369050832-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
8GadgetPack (HKLM-x32\...\{9B9D3CF8-D10A-4A8D-8630-37ED01E9A37D}) (Version: 28.0.0 - 8GadgetPack.net)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 8.0.1.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 8.3.0.0 - Auslogics Labs Pty Ltd)
BitTorrent Web (HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\btweb) (Version: 1.0.7 - BitTorrent, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
Corel Graphics - Windows Shell Extension (HKLM\...\_{3CAAE169-6001-48ED-B2C6-5B6F511552FD}) (Version: 18.0.0.448 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{3CAAE169-6001-48ED-B2C6-5B6F511552FD}) (Version: 18.0.448 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{C8730B1A-133D-4546-8E21-9EC186341F20}) (Version: 18.0.448 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (HKLM-x32\...\{5D0275EA-F3CE-450A-A5A3-F852E30CA46F}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (HKLM-x32\...\{994F3055-8433-46A7-8E1F-6CC7B68B01F0}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (HKLM-x32\...\{EFB8E269-0619-475B-8C5B-96F98551AA33}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (HKLM-x32\...\{84749C5C-FA80-4779-BD96-544165A8CD31}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (HKLM-x32\...\{30FAE453-9F77-4F70-928E-042BEF00D011}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (HKLM-x32\...\{41263A64-D276-484F-9056-AD58C8995E35}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (HKLM-x32\...\{8DADD35F-49CE-4D18-AE6D-135DD150E74F}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (HKLM-x32\...\{7F5DE3F2-5865-4D4A-89D1-AAEFE1F96E50}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (HKLM-x32\...\{657EAD32-8E7A-43C0-A794-3BB31B00DC34}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (HKLM-x32\...\{D29A4F85-0FB7-4E54-B591-044652C4295F}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (HKLM-x32\...\{0A0143FF-ECB5-4960-A2E0-DC3150ABBBE0}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (HKLM-x32\...\{950055ED-DC61-4874-8EDB-E5CDE1D218CD}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (HKLM-x32\...\{F3286FA3-DF68-4948-8D1D-ED3A539077B3}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (HKLM-x32\...\{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (HKLM-x32\...\{877522BE-A318-4603-9B00-DF319C6FA2B1}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (HKLM-x32\...\{4C614BD3-607E-4289-BB51-4D87EC7BBD62}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (HKLM-x32\...\{246FE426-2661-4DD6-9603-DF2E6832387C}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (HKLM-x32\...\_{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.1.0.572 - Corel Corporation)
CorelDRAW Graphics Suite X7 (HKLM-x32\...\{08A60D9D-C206-46BF-9602-1F2616878CF7}) (Version: 17.1 - Corel Corporation) Hidden
DataCAD 16 (HKLM-x32\...\{0E9D81AE-03F0-42B2-A9BE-75D347CFF537}) (Version: 16.04.01 - DATACAD LLC)
DataCAD 16 Setup (HKLM-x32\...\{8A80DF77-CC7A-45D6-81BD-12C2CE4289C4}) (Version: 16.04.01 - DATACAD LLC) Hidden
DataCAD 19 (HKLM-x32\...\{65C9BB7F-1A20-4133-9167-9999518E1773}) (Version: 19.03.03.01 - DATACAD LLC)
Epic Games Launcher (HKLM-x32\...\{5B340CD5-07E3-41AA-9117-0A0EC863E454}) (Version: 1.1.220.0 - Epic Games, Inc.)
Epson Easy Photo Print 2 (HKLM-x32\...\{F05A434E-D3CF-4B44-9D3E-779D42090781}) (Version: 2.8.0.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON L386 Series Printer Uninstall (HKLM\...\EPSON L386 Series) (Version: - Seiko Epson Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.56.1.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{0854CD22-DF5E-4587-B977-6FC9DB57B63D}) (Version: 4.5.0 - Seiko Epson Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky Lab)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.126 - Logitech)
Lotus NotesSQL 3.01 driver (HKLM-x32\...\{113EECD6-9A04-11D4-811D-00805F923B86}) (Version: - )
Lotus SmartSuite - English (HKLM-x32\...\{536D6172-7453-7569-7465-392E37300409}) (Version: 9.7.0 - Lotus Development Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Mozilla Firefox 72.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 72.0.1 (x64 en-US)) (Version: 72.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.4.1 - Mozilla)
Mozilla Thunderbird 68.4.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 68.4.1 (x86 en-US)) (Version: 68.4.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetWorx 5.3.4 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research)
Novicorp WinToFlash Lite version 1.13.0000 (HKLM-x32\...\{A1A1FF24-34C6-4B77-BDB7-A689979F018C}_is1) (Version: 1.13.0000 - Novicorp)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
OpenOffice 4.1.6 (HKLM-x32\...\{16E4FF6B-31E8-4037-B627-D87CF872E32B}) (Version: 4.16.9790 - Apache Software Foundation)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
pdfreader2019 version 20.01 (HKLM-x32\...\{624C8304-BA22-422C-97D6-A1233BC1167E}_is1) (Version: 20.01 - )
SketchUp 2013 (HKLM-x32\...\{72B622C9-AA10-47D7-A10C-377CF9BC8502}) (Version: 13.0.4124 - Trimble Navigation Limited)
SketchUp 2017 (HKLM\...\{BCA90A4C-9C6A-49D1-91F9-594A0BE02432}) (Version: 17.1.174 - Trimble, Inc.)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.8352 - TeamViewer)
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unreal Datasmith Exporter for SketchUp Pro (HKLM\...\{E73898B2-FF0E-4AEB-BA67-8B67CF9A6213}) (Version: 4.23.0.0 - Epic Games, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
wotsuper 2.1 (HKLM-x32\...\wotsuper 2.1) (Version: 2.1 - wotsuper)
WPS Office (11.2.0.9127) (HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Kingsoft Office) (Version: 11.2.0.9127 - Kingsoft Corp.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

Packages:
=========
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [2019-11-16] (Dolby Laboratories)
Jewels of Rome: Match gems to restore the city -> C:\Program Files\WindowsApps\828B5831.JewelsofRomeMatchgemstorestorethecity_1.7.701.0_x86__ytsefhwckbdv6 [2020-01-07] (G5 Entertainment AB)
Kaspersky Password Manager Extension -> C:\Program Files\WindowsApps\KasperskyLab.KasperskyPasswordManagerExtension_2.9.1.0_x64__8jx5e25qw3tdc [2019-12-18] (Kaspersky Lab)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-05-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-05-07] (Microsoft Corporation) [MS Ad]
Microsoft Jigsaw -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJigsaw_1.9.1911.0_x86__8wekyb3d8bbwe [2019-12-19] (Microsoft Studios) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.12130.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Studios) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-13] (Microsoft Studios) [MS Ad]
Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.6.10070.0_x64__8wekyb3d8bbwe [2019-12-25] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
Photo Editor | Polarr -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.10.7.0_x64__jb41c8remg0x2 [2019-12-24] (Polarr)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1433173932-3963356919-369050832-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\27845\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-1433173932-3963356919-369050832-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\27845\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-1433173932-3963356919-369050832-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> E:\WPS Office\11.2.0.9127\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1433173932-3963356919-369050832-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> E:\Program Files\WinZip\adxloader64.dll () [File not signed]
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6718864 2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => E:\Program Files\WinZip\wzshls64.dll [2013-07-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => E:\Program Files\WinZip\wzshls64.dll [2013-07-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => E:\Program Files\WinZip\wzshls64.dll [2013-07-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers1_S-1-5-21-1433173932-3963356919-369050832-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => E:\WPS Office\11.2.0.9127\office6\kwpsmenushellext64.dll [2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-1433173932-3963356919-369050832-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => E:\WPS Office\11.2.0.9127\office6\kwpsmenushellext64.dll [2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\27845\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
ShortcutWithArgument: C:\Users\27845\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

==================== Loaded Modules (Whitelisted) =============

2019-05-07 23:16 - 2015-03-03 15:50 - 000758784 _____ () [File not signed] C:\Program Files\NetWorx\sqlite.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 001414656 _____ () [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\avcodec-58.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 000898048 _____ () [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\avformat-58.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 000451072 _____ () [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\avutil-56.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 000151552 _____ () [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\swresample-3.dll
2019-09-03 23:00 - 2019-09-03 23:00 - 098275328 _____ () [File not signed] D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2019-09-03 23:00 - 2019-09-03 23:00 - 000092672 _____ () [File not signed] D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2019-09-03 23:00 - 2019-09-03 23:00 - 003922432 _____ () [File not signed] D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2019-04-16 09:22 - 2002-04-10 11:42 - 000233472 _____ () [File not signed] D:\Program Files\AutoSpec\NetsyncV2\libmySQL.DLL
1998-08-28 16:42 - 1998-08-28 16:42 - 000153088 _____ () [File not signed] E:\lotus\organize\ormmime.dll
1998-08-28 16:42 - 1998-08-28 16:42 - 000138752 _____ () [File not signed] E:\lotus\organize\ormprot.dll
1998-08-28 16:42 - 1998-08-28 16:42 - 000220160 _____ () [File not signed] E:\lotus\organize\ormutil.dll
2019-05-08 00:50 - 2019-01-27 14:34 - 000638464 _____ (Helmut Buhler) [File not signed] C:\Program Files\Windows Sidebar\dwmapi.dll
2001-07-25 14:24 - 2001-07-25 14:24 - 000162816 _____ (Lotus Developement Corp) [File not signed] E:\lotus\organize\orgapi32.dll
1998-01-06 18:49 - 1998-01-06 18:49 - 000125952 _____ (Lotus Development Corporation) [File not signed] E:\lotus\compnent\LTSCSN13.DLL
2001-07-25 14:05 - 2001-07-25 14:05 - 000023040 _____ (Lotus Development Corporation) [File not signed] E:\lotus\organize\ecEN.dll
2001-07-25 14:09 - 2001-07-25 14:09 - 002895872 _____ (Lotus Development Corporation) [File not signed] E:\lotus\organize\OR1C50EN.DLL
2001-07-25 14:09 - 2001-07-25 14:09 - 000886272 _____ (Lotus Development Corporation) [File not signed] E:\lotus\organize\ORBACK.dll
2001-07-25 14:07 - 2001-07-25 14:07 - 000779264 _____ (Lotus Development Corporation) [File not signed] E:\lotus\organize\orutil.dll
2001-05-29 03:38 - 2001-05-29 03:38 - 000330752 _____ (Lotus Development Corporation.) [File not signed] E:\lotus\compnent\LTASWN23.DLL
1998-06-17 11:45 - 1998-06-17 11:45 - 000077878 _____ (Microsoft Corporation) [File not signed] E:\lotus\organize\MSVCIRT.dll
2019-07-31 17:24 - 2017-10-27 18:06 - 000760032 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
2019-07-31 17:24 - 2017-10-27 18:06 - 000874368 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2019-07-31 17:24 - 2017-10-27 18:06 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2016-05-09 09:20 - 2016-05-09 09:20 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2019-09-03 23:00 - 2019-09-03 23:00 - 000547840 _____ (The Chromium Authors) [File not signed] D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 001277952 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\LIBEAY32.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\27845\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 09:31 - 2019-05-11 17:58 - 000006895 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 3dns-2.adobe.com #192.150.22.22
127.0.0.1 3dns-3.adobe.com #192.150.14.21
127.0.0.1 3dns-4.adobe.com #192.150.18.247
127.0.0.1 3dns-5.adobe.com #192.150.22.46
127.0.0.1 adobe-dns.adobe.com #192.150.11.30
127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
127.0.0.1 adobe.activate.com #69.175.22.26
127.0.0.1 activate.adobe.com #192.150.22.40
127.0.0.1 activate.wip3.adobe.com #192.150.22.40
127.0.0.1 activate.wip4.adobe.com #192.150.22.40
127.0.0.1 activate-sea.adobe.com #192.150.22.40
127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
127.0.0.1 ereg.adobe.com #192.150.18.103
127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
127.0.0.1 practivate.adobe.com #192.150.18.54
127.0.0.1 www.wip3.adobe.com #192.150.8.60
127.0.0.1 www.wip4.adobe.com #192.150.18.200
127.0.0.1 www.adobeereg.com #75.125.24.83
127.0.0.1 adobeereg.com #207.66.2.10
127.0.0.1 hl2rcv.adobe.com #192.150.14.174
127.0.0.1 wwis-dubc1-vip30.adobe.com #192.150.8.30
127.0.0.1 wwis-dubc1-vip31.adobe.com #192.150.8.31
127.0.0.1 wwis-dubc1-vip32.adobe.com #192.150.8.32
127.0.0.1 wwis-dubc1-vip33.adobe.com #192.150.8.33
127.0.0.1 wwis-dubc1-vip34.adobe.com #192.150.8.34
127.0.0.1 wwis-dubc1-vip35.adobe.com #192.150.8.35
127.0.0.1 wwis-dubc1-vip36.adobe.com #192.150.8.36
127.0.0.1 wwis-dubc1-vip37.adobe.com #192.150.8.37

There are 89 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2EFAAC53-ED29-4294-A3D8-8EFAFA5423FF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{11ED0506-1D7E-4828-BDB8-7A60C79580CC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5874E804-9F10-4128-AEF3-826322D71230}] => (Allow) C:\Program Files\NetWorx\networx.exe (SOFTPERFECT PTY. LTD. -> SoftPerfect Research)
FirewallRules: [{0FFE1D1A-8AA3-4284-AE29-6DD6E063A755}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{22A12BAD-6D4F-46B2-9F13-2194F01B927E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{0FB2C62D-99F9-40C4-A7DB-6C8B6184BA02}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{5AF23BAC-56FB-4580-8513-D0C32439F714}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{8C7CCBC3-C1B6-4483-A7DC-13723B0B420B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{A943A13E-D3BE-4EF2-BE88-4EA9D99425E3}] => (Allow) E:\WPS Office\11.2.0.9127\office6\wps.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
FirewallRules: [TCP Query User{47D717EF-B8AB-4DA4-9C41-33A8686B60A5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{AFD2556C-22F0-4663-9100-627CCD268C61}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{07F3D827-6BDA-4823-B4DE-9EC0C77193EE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{24C6FABE-D249-44D6-A37D-1C4CE0D7B3AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A2966F60-25C3-468E-AE13-6FBD2D0EB782}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{374183A5-992E-46E8-A819-540E8052DE93}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E374618A-A4D2-4D77-BF8A-EEF972EDE56A}] => (Allow) C:\Users\27845\AppData\Roaming\BitTorrent Web\btweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
FirewallRules: [{2480E7A2-C9CC-401A-8FBA-961B5DB806FF}] => (Allow) C:\Users\27845\AppData\Roaming\BitTorrent Web\btweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
FirewallRules: [{0B7A7E8C-CAAF-4CDD-BF06-AEB51229A077}] => (Block) e:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{3375061E-3C3E-4137-A439-AD51EB086BBE}] => (Block) e:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{5381295C-0AB0-474A-85DD-48F9F0A447B0}] => (Allow) D:\Program Files\AutoSpec\Autospec.exe (NDTec) [File not signed]
FirewallRules: [{D66D08F3-ADD7-45F1-A94E-48C1112814EA}] => (Allow) D:\Program Files\AutoSpec\Autospec.exe (NDTec) [File not signed]
FirewallRules: [{B5BE4A8B-0A92-41C2-AD8D-6A2A1D5168F0}] => (Allow) D:\Program Files\AutoSpec\assb.exe () [File not signed]
FirewallRules: [{60D12B64-D430-4E08-8E21-657814DF020A}] => (Allow) D:\Program Files\AutoSpec\assb.exe () [File not signed]
FirewallRules: [{4C23A3CD-E5FD-4BE6-9AB0-770C46D7AEC2}] => (Allow) D:\Program Files\AutoSpec\asloader.exe () [File not signed]
FirewallRules: [{6337ED56-1403-4CFE-9C7A-6531AE6B7B50}] => (Allow) D:\Program Files\AutoSpec\asloader.exe () [File not signed]
FirewallRules: [{F25E99A3-84E8-4CD7-8712-EAECC71A6C2F}] => (Allow) D:\Program Files\AutoSpec\mysql\bin\mysqld-nt.exe () [File not signed]
FirewallRules: [{2B4984E9-AE18-4306-AFF7-1AA714862D65}] => (Allow) D:\Program Files\AutoSpec\mysql\bin\mysqld-nt.exe () [File not signed]
FirewallRules: [{5F90537E-1A13-4DDB-97D4-62AD9A10BD50}] => (Allow) D:\Program Files\AutoSpec\mysql\bin\mysqld-opt.exe () [File not signed]
FirewallRules: [{E4CB22E8-AEC5-4630-8700-201A9EF00A49}] => (Allow) D:\Program Files\AutoSpec\mysql\bin\mysqld-opt.exe () [File not signed]

==================== Restore Points =========================

19-01-2020 11:59:50 Wotsuper Removal

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/19/2020 03:26:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeSH.exe, version: 11.0.17763.1, time stamp: 0x1244354f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x000000000000008c
Faulting process id: 0x237c
Faulting application start time: 0x01d5cecc10ed2c58
Faulting application path: C:\Windows\system32\MicrosoftEdgeSH.exe
Faulting module path: unknown
Report Id: 7c5d0795-1bdc-4d53-90b6-c808f829b93a
Faulting package full name: Microsoft.MicrosoftEdge_44.17763.831.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge


System errors:
=============
Error: (01/19/2020 03:27:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/19/2020 03:27:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/19/2020 03:26:58 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5VOB4P7)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
and APPID
Unavailable
to the user DESKTOP-5VOB4P7\27845 SID (S-1-5-21-1433173932-3963356919-369050832-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/19/2020 03:25:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126


==================== Memory info ===========================

BIOS: American Megatrends Inc. V11.13B2 03/06/2012
Motherboard: MSI H67MA-E35 (MS-7680)
Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 69%
Total physical RAM: 8172.87 MB
Available physical RAM: 2528.51 MB
Total Virtual: 16364.87 MB
Available Virtual: 10005.37 MB

==================== Drives ================================

Drive c: (Windows SSD) (Fixed) (Total:111.79 GB) (Free:51.25 GB) NTFS
Drive d: (WIN7) (Fixed) (Total:250.89 GB) (Free:40.45 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (PROGRAMMES) (Fixed) (Total:170.13 GB) (Free:125.15 GB) NTFS
Drive f: (CAD) (Fixed) (Total:170.06 GB) (Free:73.49 GB) NTFS
Drive g: (DATA) (Fixed) (Total:165.18 GB) (Free:129.93 GB) NTFS
Drive h: (FILLING) (Fixed) (Total:165.04 GB) (Free:121.5 GB) NTFS
Drive i: (Recovery) (Fixed) (Total:9.77 GB) (Free:3.45 GB) NTFS
Drive k: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
Drive l: (WINDOWS) (Fixed) (Total:232.79 GB) (Free:71.06 GB) NTFS

\\?\Volume{3156db60-0000-0000-0000-a0c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3156DB60)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=250.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=670.4 GB) - (Type=0F Extended)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: E224E224)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 962A40A1)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Thanks
Mike
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Is it any faster booting now?

 

 

Uninstall

Auslogics Registry Cleaner

 

Registry Cleaners do more harm than good.

 

Also

 

Auslogics Disk Defrag

 

Win 10 does a good job on its own plus Auslogics seems to be associated with your infection.

 

You are several updates behind.  Easiest way to get caught up is to go to:

https://www.microsof...nload/windows10

and click on Update Now.

Download, Save and right click and Run As Admin.

then follow the instructions.

 

Once you get updated let's check that all of your system files are healthy:

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/
http://www.eightforu...indows-8-a.html

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:
 

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 


 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
 

sfc  /scannow


This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt

Hit Enter.  Then type::
 

notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)


 


  • 0

#8
MikeBack

MikeBack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hi

I've run the Win 10 update and installed the updates.
I've run the DISM and sfc commands and got the following answer:
"Windows Resource Protection found corrupt files and repaired them'

I've run the Event Viewer Tool and the logs are pasted below:

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 20/01/2020 00:37:46

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/01/2020 18:01:41
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Network List Service service terminated with the following error: The device is not ready.

Log: 'System' Date/Time: 19/01/2020 18:01:41
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 19/01/2020 17:59:41
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Network List Service service terminated with the following error: The device is not ready.

Log: 'System' Date/Time: 19/01/2020 17:58:37
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 19/01/2020 17:56:36
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IP Helper service terminated with the following error: The device is not ready.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/01/2020 22:31:16
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name tracker.vanitycore.co timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 19/01/2020 22:24:35
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5VOB4P7\27845 SID (S-1-5-21-1433173932-3963356919-369050832-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/01/2020 22:24:15
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/01/2020 22:24:15
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/01/2020 22:24:08
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscCloudBackupProvider and APPID Unavailable to the user DESKTOP-5VOB4P7\27845 SID (S-1-5-21-1433173932-3963356919-369050832-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/01/2020 22:23:36
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.

Log: 'System' Date/Time: 19/01/2020 22:23:26
Type: Warning Category: 0
Event: 16001 Source: AFD
A TDI filter (\Driver\networx) was detected. This filter has not been certified by Microsoft and may cause system instability.

Log: 'System' Date/Time: 19/01/2020 22:02:49
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name public.popcorn-tracker.org timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 19/01/2020 21:54:05
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/01/2020 21:54:05
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/01/2020 21:53:32
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.

Log: 'System' Date/Time: 19/01/2020 21:53:23
Type: Warning Category: 0
Event: 16001 Source: AFD
A TDI filter (\Driver\networx) was detected. This filter has not been certified by Microsoft and may cause system instability.

Log: 'System' Date/Time: 19/01/2020 21:50:02
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5VOB4P7\27845 SID (S-1-5-21-1433173932-3963356919-369050832-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/01/2020 21:48:12
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5VOB4P7\27845 SID (S-1-5-21-1433173932-3963356919-369050832-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/01/2020 21:48:06
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5VOB4P7\27845 SID (S-1-5-21-1433173932-3963356919-369050832-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/01/2020 21:46:39
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5VOB4P7\27845 SID (S-1-5-21-1433173932-3963356919-369050832-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/01/2020 20:54:28
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5VOB4P7\27845 SID (S-1-5-21-1433173932-3963356919-369050832-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/01/2020 18:48:42
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5VOB4P7\27845 SID (S-1-5-21-1433173932-3963356919-369050832-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/01/2020 18:48:19
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5VOB4P7\27845 SID (S-1-5-21-1433173932-3963356919-369050832-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/01/2020 18:48:12
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-5VOB4P7\27845 SID (S-1-5-21-1433173932-3963356919-369050832-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

VEWVino's Event Viewer v01c run on Windows 7 in English
Report run at 20/01/2020 00:39:21

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/01/2020 21:55:39
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: MicrosoftEdgeSH.exe, version: 11.0.18362.1, time stamp: 0x3538007c Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000409 Fault offset: 0x000000000000008c Faulting process id: 0x1278 Faulting application start time: 0x01d5cf132fdf3b37 Faulting application path: C:\WINDOWS\system32\MicrosoftEdgeSH.exe Faulting module path: unknown Report Id: a598d199-ce68-4e88-a001-8e52cb341d7c Faulting package full name: Microsoft.MicrosoftEdge_44.18362.449.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: MicrosoftEdge

Log: 'Application' Date/Time: 19/01/2020 18:47:09
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: MicrosoftEdgeSH.exe, version: 11.0.18362.1, time stamp: 0x3538007c Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000409 Fault offset: 0x000000000000008c Faulting process id: 0x368 Faulting application start time: 0x01d5cef8dad06dce Faulting application path: C:\WINDOWS\system32\MicrosoftEdgeSH.exe Faulting module path: unknown Report Id: a9678aa4-11e1-44ab-9203-3a286a32a4b8 Faulting package full name: Microsoft.MicrosoftEdge_44.18362.449.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: MicrosoftEdge

Log: 'Application' Date/Time: 19/01/2020 17:57:36
Type: Error Category: 0
Event: 256 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The error was: -2147418113 (0x8000ffff) : Catastrophic failure .

Log: 'Application' Date/Time: 19/01/2020 17:57:34
Type: Error Category: 0
Event: 256 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The error was: -2147418113 (0x8000ffff) : Catastrophic failure .

Log: 'Application' Date/Time: 19/01/2020 17:57:33
Type: Error Category: 0
Event: 256 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The error was: -2147418113 (0x8000ffff) : Catastrophic failure .

Log: 'Application' Date/Time: 19/01/2020 17:57:32
Type: Error Category: 0
Event: 256 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The error was: -2147418113 (0x8000ffff) : Catastrophic failure .

Log: 'Application' Date/Time: 19/01/2020 17:57:30
Type: Error Category: 0
Event: 256 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The error was: -2147418113 (0x8000ffff) : Catastrophic failure .

Log: 'Application' Date/Time: 19/01/2020 17:57:20
Type: Error Category: 0
Event: 256 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The error was: -2147418113 (0x8000ffff) : Catastrophic failure .

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/01/2020 18:05:33
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, DSCCoreProviders, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\DesiredStateConfiguration to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:33
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, EventTracingManagement, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\EventTracingManagement to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:32
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, EventTracingManagement, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\EventTracingManagement to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:32
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, EventTracingManagement, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\EventTracingManagement to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:32
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:32
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:32
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ProfileAssociationProviderInterop, has been registered in the Windows Management Instrumentation namespace ROOT\Interop to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:32
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ProfileAssociationProviderInterop, has been registered in the Windows Management Instrumentation namespace ROOT\Interop to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:32
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, NetEventPacketCapture, has been registered in the Windows Management Instrumentation namespace ROOT\StandardCimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:32
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, AssignedAccess, has been registered in the Windows Management Instrumentation namespace ROOT\StandardCimv2\embedded to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:31
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, NetEventPacketCapture, has been registered in the Windows Management Instrumentation namespace ROOT\StandardCimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:31
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, NetEventPacketCapture, has been registered in the Windows Management Instrumentation namespace ROOT\StandardCimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:31
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, MINT, has been registered in the Windows Management Instrumentation namespace ROOT\PEH to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:31
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, MINT, has been registered in the Windows Management Instrumentation namespace ROOT\PEH to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:31
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, MINT, has been registered in the Windows Management Instrumentation namespace ROOT\PEH to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:31
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ProfileAssociationProviderCimV2, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\power to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:31
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, PowerMeterProvider, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\power to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:31
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, PowerWmiProvider, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\power to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:31
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ProfileAssociationProviderCimV2, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\power to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 19/01/2020 18:05:31
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, PowerMeterProvider, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\power to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

When I updated Windows it removed my 8GadgetPack clock and calendar from my desktop as it said that the programme was not compatible with the current version. Do you know where I can get this sort of programme that will be compatible?

Thanks
Mike
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Perhaps if you try the latest version of 8gadgetpack it will work?

 

https://8gadgetpack.net/

 

It says it works for Win 10.

 

You also need a newer version of Networkx if you want to keep using it:

 


Log: 'System' Date/Time: 19/01/2020 21:53:23
Type: Warning Category: 0
Event: 16001 Source: AFD
A TDI filter (\Driver\networx) was detected. This filter has not been certified by Microsoft and may cause system instability.

https://www.softperf...oducts/networx/

 

 

You still have one file leftover from the infection but it doesn't appear to be active.

 

C:\Windows\system32\Drivers\Wdf66150.sys

 

The file is locked so you can't remove it unless you change ownership first.  Let's see if this tool can fix it without the bother:

 

Please download GrantPerms.zip
http://download.blee.../GrantPerms.zip
and save it to your desktop.
Unzip the file and  run GrantPerms.exe by right clicking and Run As Admin
Copy and paste the following in the edit box:

C:\Windows\system32\Drivers\Wdf66150.sys

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

 

Is your Edge browser working?  I see some errors so I'm not sure.  Do you use it or do you use Firefox?  If you use Firefox you should set it to be your default browser.

 

https://support.mozi...default-browser

 

Your Kaspersky should have prevented the infection.

You might want to repair or reinstall your Kaspersky.  Some infections will make changes to your anti-virus so that it doesn't work correctly.

https://support.kaspersky.com/11428

 


 


  • 0

#10
MikeBack

MikeBack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hi RKinner

Gadget pack is now working, found the update after sending the post to you.
I will download an update for Networx and install it.

C:\Windows\system32\Drivers\Wdf66150.sys
GrantPerms by Farbar
Ran by 27845 (administrator) at 2020-01-20 15:32:53

===============================================
ERROR: Parsing the SD of <\\?\C:\Windows\system32\Drivers\Wdf66150.sys> failed with: The system cannot find the file specified.


Operating system error message: The system cannot find the file specified.

I prefer Internet Explorer as my default browser, use Firefox occasionally depending upon the site visited.
Will repair Kaspersky Internet Security.

A couple of months ago, a computer shop transferred my operating system to an SSD drive © but did not remove the original Windows installation which now sits on (D) drive.
How can I remove the old version on (D) drive. I have tried to delete it but windows wont allow it to be deleted.

Thanks for all your help.
MikeBack

Edited by MikeBack, 20 January 2020 - 08:11 AM.

  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Is there anything on the D: that you need?  If not you could try deleting the partition in Disk Management.

https://us.answers.a...drive-partition

 

If you need stuff off the drive then try right clicking on the drive and taking ownership then give administrator full control.

 

https://www.laptopma...g-file-explorer

 

If the take ownership doesn't seem to stick then you will need to enable the hidden administrator:

 

https://www.ghacks.n...trator-account/

 

We may need to enable the hidden admin account and take ownership of C:\Windows\system32\Drivers\Wdf66150.sys anyway since GrantParm can't even see the file.

This is a hidden file location so you probably need to tell windows to let you see it.

http://www.howtogeek...-windows-vista/


 

then reboot and login as the Administrator.  (No password required).


  • 0

#12
MikeBack

MikeBack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hi RKinner

I enabled the hidden admin account and was able to remove Wdf66150.sys.
I do have files and programme on D drive that I need to keep.
I have been able to remove some of the files from the 2nd installation of Windows, but a lot are either asking for SYSTEM Permission or TRUSTED INSTALLER permission.
How do I change from Administrator to either SYSTEM or TRUSTED INSTALLER to be able to remove the final files?

Thank you
MIkeBack
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

You are not System or Trusted Installer so you need to Change Ownership of the folder  (and all subfolders and files) to Administrator.  Then you can give the Administrator Full Control of the file.

Then you can delete the files and folders.

See:

https://winaero.com/...-in-windows-10/


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP