Good Day
I have somehow infected my computer with the Worsuper2.1 virus. Kaspersky shows it as a Trojan.
I have looked up the removal of the programme on the internet and tried to remove it in the method suggested without any success. Some of the files mentioned in the article do not show on my machine.
Please can you assist me.
Here is the FRST.txt log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2020
Ran by 27845 (administrator) on DESKTOP-5VOB4P7 (MSI MS-7680) (17-01-2020 12:12:19)
Running from C:\Users\27845\Desktop
Loaded Profiles: 27845 (Available Profiles: 27845)
Platform: Windows 10 Pro Version 1809 17763.973 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\Beo\90678640.exe
() [File not signed] C:\Users\27845\AppData\Local\Temp\3184765357.exe
() [File not signed] D:\Program Files\AutoSpec\assb.exe
() [File not signed] D:\Program Files\AutoSpec\mysql\bin\mysqld-opt.exe
() [File not signed] D:\Program Files\AutoSpec\NetsyncV2\AutoSpecNetsync.exe
(Access Denied) [File not signed] C:\Users\27845\AppData\Local\Temp\msbd4xpflf1\wotsuper1.exe
(Access Denied) [File not signed] C:\Users\27845\AppData\Local\Temp\ulq4x0uyp0p\wotsuper1.exe
(Access Denied) [File not signed] C:\Users\27845\AppData\Local\Temp\ypiu4vd4gnz\wotsuper1.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\27845\AppData\Roaming\BitTorrent Web\helper.exe
(Epic Games Inc. -> Epic Games, Inc.) D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) D:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\btweb.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\transport_proxy.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksdeui.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Lotus Development Corporation) [File not signed] E:\lotus\organize\easyclip.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\27845\AppData\Local\Microsoft\OneDrive\19.222.1110.0006\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\27845\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation -> Mozilla Corporation) E:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRPE.EXE
(SOFTPERFECT PTY. LTD. -> SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) E:\WPS Office\11.2.0.9127\office6\wpscenter.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6637776 2015-03-26] (SOFTPERFECT PTY. LTD. -> SoftPerfect Research)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-31] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AutoSpecNetsync2] => D:\Program Files\AutoSpec\NetsyncV2\AutoSpecNetsync.exe [1166336 2019-03-06] () [File not signed]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [k4ksywwbmgn] => C:\Program Files (x86)\Beo\90678640.exe [615424 2020-01-15] () [File not signed]
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIRPE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [btweb] => C:\Users\27845\AppData\Roaming\BitTorrent Web\btweb.exe [5463768 2019-12-20] (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [EpicGamesLauncher] => D:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36074896 2020-01-14] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm.exe [580048 2019-12-16] (Kaspersky Lab -> AO Kaspersky Lab)
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\MountPoints2: {09da0e7a-84c6-11e9-a533-8c89a59f49e3} - "N:\Setup.exe"
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\MountPoints2: {9a5b42c6-9931-11e9-a537-d46e0e010e39} - "N:\Setup.exe"
HKU\S-1-5-18\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-09] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\27845\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar980.lnk [2020-01-16]
ShortcutTarget: Sidebar980.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2019-05-16]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk [2019-05-15]
ShortcutTarget: Lotus Organizer EasyClip.lnk -> E:\lotus\organize\easyclip.exe (Lotus Development Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus QuickStart.lnk [2019-05-15]
ShortcutTarget: Lotus QuickStart.lnk -> E:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {18F4A969-48E2-458B-82E5-24D95CC8FE19} - System32\Tasks\WpsExternal_27845_20200104045407 => E:\WPS Office\11.2.0.9127\office6\wps.exe [1073832 2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {1B06D1E9-0A23-48FA-928E-A390DB064F6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {1C835AC6-DB51-4A0E-B87F-ACB98BF4FFF2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
Task: {27A91D4F-85B9-47EF-9A44-9E37D77958A0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2E728C34-5EAC-4766-8564-16A92D88219E} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
Task: {B2452D6C-5DC3-44D6-90F4-B7815ABCB0C8} - System32\Tasks\Auslogics\Registry Cleaner\Start Registry Cleaner on 27845 logon => C:\Program Files (x86)\Auslogics\Registry Cleaner\Integrator.exe [3127160 2019-12-26] (Auslogics Labs Pty Ltd -> Auslogics)
Task: {C8D3FE9A-88F7-459A-A2BC-2CC9BAB974F6} - System32\Tasks\WpsUpdateTask_27845 => E:\WPS Office\11.2.0.9127\office6\wpsupdate.exe [157864 2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> )
Task: {E3195DB3-38FD-4067-BF8E-4DFFA1C46952} - System32\Tasks\EPSON L386 Series Update {394B0EFC-6B7C-4F2C-8205-E6873C1D9F0C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\EPSON L386 Series Update {394B0EFC-6B7C-4F2C-8205-E6873C1D9F0C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE:/EXE:{394B0EFC-6B7C-4F2C-8205-E6873C1D9F0C} /F:UpdateWORKGROUP\DESKTOP-5VOB4P7$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6676de20-6a9b-423c-bc53-a907df6e849a}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{a55e343d-5dd5-4f53-85cc-d66fa3368c81}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Internet Explorer:
==================
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxl1oRC_xS3_uy7wBCFXcBUJsi9iCnwRohuO6nwNkfBWrhragj_BDnL2aIerEGzk8Q_o3EmaJ4jBImulj6m0f6VAeMDWwyJo2ThWXgeO8RwE62FnfOmrf5zvogV_fw1DvWXBMCSIV46r4dRRBUB80X4YhJCU9WNOq_Y-iyMBumA,,&q={searchTerms}
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.za/
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-31] (Logitech Inc -> Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\x64\ie_engine.dll [2019-12-16] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-31] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\ie_engine.dll [2019-12-16] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1433173932-3963356919-369050832-1001 -> Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-10-28] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1433173932-3963356919-369050832-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Edge:
======
Edge Notifications: HKU\S-1-5-21-1433173932-3963356919-369050832-1001 -> hxxps://www.kaspersky.co.za
FireFox:
========
FF DefaultProfile: q6lhne0s.default
FF ProfilePath: C:\Users\27845\AppData\Roaming\Mozilla\Firefox\Profiles\q6lhne0s.default [2020-01-17]
FF Homepage: Mozilla\Firefox\Profiles\q6lhne0s.default -> file:///C:/ProgramData/Voyasollams/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\q6lhne0s.default -> file:///C:/ProgramData/Voyasollams/ff.NT
FF HomepageOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF NewTabOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: [email protected]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\27845\AppData\Roaming\Mozilla\Firefox\Profiles\q6lhne0s.default\Extensions\[email protected] [2020-01-10]
FF Extension: (Mozilla Official) - C:\Users\27845\AppData\Roaming\Mozilla\Firefox\Profiles\q6lhne0s.default\Extensions\{14553439-2741-4e9d-b474-784f336f58c9} [2020-01-15] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-10-28]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-05-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2019-05-09] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2019-05-11] [Legacy] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-05-09] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-05-09] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-03] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2020-01-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2020-01-10] <==== ATTENTION
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"BcastDVRUserService_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\BcastDVRUserService_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"BluetoothUserService_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\BluetoothUserService_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"CaptureService_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\CaptureService_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"cbdhsvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\cbdhsvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"CDPUserSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\CDPUserSvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"ConsentUxUserSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\ConsentUxUserSvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"DevicePickerUserSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\DevicePickerUserSvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"DevicesFlowUserSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\DevicesFlowUserSvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"MessagingService_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MessagingService_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"OneSyncSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\OneSyncSvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"PimIndexMaintenanceSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\PimIndexMaintenanceSvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"PrintWorkflowUserSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\PrintWorkflowUserSvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"UnistoreSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\UnistoreSvc_4e1c5 => C:\Windows\System32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"UserDataSvc_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\UserDataSvc_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"WpnUserService_4e1c5" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\WpnUserService_4e1c5 => C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (Rootkit!/Locked Service)
"{45487F67-EC9F-4449-A6F2-2D0970F9B80B}" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\{45487F67-EC9F-4449-A6F2-2D0970F9B80B} => C:\Windows\System32\drivers\Wdf66150.sys [6504336 2020-01-15] (Access Denied) [File not signed] <==== ATTENTION (Rootkit!/Locked Service)
R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2017-02-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2019-05-09] (Kaspersky Lab -> AO Kaspersky Lab)
R2 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [354008 2019-02-08] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE4.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe [619752 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5378320 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11795800 2019-04-15] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-01-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wpscloudsvr; E:\WPS Office\wpscloudsvr.exe [790184 2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [75600 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [126288 2019-08-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [91472 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [236672 2019-08-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [1093240 2019-08-05] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [201280 2019-12-10] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1168000 2019-08-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [58704 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [60536 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [60784 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50304 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [46416 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\drivers\kltap.sys [48592 2018-03-16] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [251256 2019-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [99152 2019-05-08] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [306248 2019-10-17] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [119744 2019-10-17] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [204520 2019-10-09] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [104576 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [184960 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [218240 2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 networx; C:\Windows\System32\drivers\networx.sys [60736 2015-03-17] (SOFTPERFECT PTY. LTD. -> NetFilterSDK.com)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [9860816 2019-05-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [45664 2020-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [355760 2020-01-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-06] (Microsoft Windows -> Microsoft Corporation)
S1 bkwzglic; \??\C:\Windows\system32\drivers\bkwzglic.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-01-17 12:12 - 2020-01-17 12:14 - 000038555 _____ C:\Users\27845\Desktop\FRST.txt
2020-01-17 12:11 - 2020-01-17 12:13 - 000000000 ____D C:\FRST
2020-01-17 12:11 - 2020-01-17 12:11 - 002573312 _____ (Farbar) C:\Users\27845\Desktop\FRST64.exe
2020-01-16 21:23 - 2020-01-16 21:23 - 000001756 _____ C:\Users\27845\Desktop\Garbage Cleaner.lnk
2020-01-16 21:20 - 2020-01-16 21:23 - 000000000 ____D C:\ProgramData\Garbage Cleaner
2020-01-16 15:02 - 2020-01-17 11:13 - 000000000 ____D C:\ProgramData\0KZNVGKEGG770ZJSKZHSHS2JP
2020-01-16 15:02 - 2020-01-16 15:02 - 000000000 ____D C:\Program Files (x86)\wotsuper
2020-01-16 14:27 - 2020-01-16 14:27 - 000000000 ___HD C:\OneDriveTemp
2020-01-16 14:26 - 2020-01-16 14:27 - 000610316 _____ C:\Windows\Minidump\011620-19187-01.dmp
2020-01-16 14:20 - 2020-01-16 14:26 - 529495121 _____ C:\Windows\MEMORY.DMP
2020-01-16 14:20 - 2020-01-16 14:21 - 000610636 _____ C:\Windows\Minidump\011620-18656-01.dmp
2020-01-16 14:18 - 2020-01-17 00:22 - 018874368 ____N C:\Windows\system32\config\SYSTEM
2020-01-16 14:06 - 2020-01-16 14:06 - 000000000 ____D C:\Windows\system32\Tasks\Auslogics
2020-01-16 14:06 - 2020-01-16 14:06 - 000000000 ____D C:\Program Files (x86)\Auslogics
2020-01-16 14:00 - 2020-01-16 14:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamTrips
2020-01-16 14:00 - 2020-01-16 14:00 - 000000000 ____D C:\Program Files (x86)\Seed Trade
2020-01-16 14:00 - 2020-01-16 14:00 - 000000000 ____D C:\Program Files (x86)\DreamTrips
2020-01-16 12:27 - 2020-01-16 13:28 - 015348488 _____ (Auslogics ) C:\Users\27845\Downloads\registry-cleaner-setup.exe
2020-01-16 12:12 - 2020-01-16 12:13 - 000000000 ____D C:\AdwCleaner
2020-01-15 19:21 - 2020-01-16 09:43 - 000000000 ____D C:\ProgramData\7M9M0TDBY4L4O1J2VR5AJDFY8
2020-01-15 17:23 - 2020-01-15 17:23 - 009668408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 008905728 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 007922688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 007645392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 006543736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 005436696 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 004588544 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 003637248 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 002707968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 002469440 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 002419712 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 002323896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 002149160 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001936520 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001721144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001701888 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001677088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001670800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001665712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001258296 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 001200920 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001084416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 001050624 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 001049400 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000949248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000930816 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000878080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000839680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\MdmDiagnostics.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000677144 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000673792 _____ (Microsoft Corporation) C:\Windows\system32\wiaaut.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000651776 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\SppExtComObj.Exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaaut.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000541264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000410616 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000405304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 000378368 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000350416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000326144 _____ (Microsoft Corporation) C:\Windows\system32\DiagnosticLogCSP.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000322048 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\ConhostV1.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000289792 _____ (Microsoft Corporation) C:\Windows\system32\provops.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000228864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000189440 _____ (Microsoft Corporation) C:\Windows\system32\sti_ci.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000154976 _____ (Microsoft Corporation) C:\Windows\system32\dmcmnutils.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\wiadss.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tsusbhub.sys
2020-01-15 17:23 - 2020-01-15 17:23 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000122568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmcmnutils.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadss.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\enterpriseresourcemanager.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\wiarpc.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\provtool.exe
2020-01-15 17:23 - 2020-01-15 17:23 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\enterpriseresourcemanager.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\LSCSHostPolicy.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2020-01-15 17:23 - 2020-01-15 17:23 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2020-01-15 15:32 - 2020-01-15 15:36 - 000000000 ____D C:\ProgramData\CGQNHC7T6GKTA6UOU2Z8NT2CK
2020-01-15 15:23 - 2020-01-15 15:26 - 000000000 ____D C:\ProgramData\J2SZZ27BLSEH18K6HW3G3NPII
2020-01-15 15:12 - 2020-01-15 15:15 - 000000000 ____D C:\ProgramData\L2W3LCU7AVIGVJJD5AD4WP8JU
2020-01-15 15:02 - 2020-01-15 15:05 - 000000000 ____D C:\ProgramData\DSI2XKSEKNN8MWE1E8D9QKCDM
2020-01-15 14:30 - 2020-01-15 14:30 - 000028690 _____ C:\Users\27845\Documents\cc_20200115_143041.reg
2020-01-15 14:25 - 2020-01-15 14:55 - 000000000 ____D C:\ProgramData\CS82ZZ0S0XZRNNXEASNVYWCJ7
2020-01-15 14:15 - 2020-01-15 14:15 - 000000000 ____D C:\ProgramData\456C36BR2D44WJ1NQSTUJUKC6
2020-01-15 13:58 - 2020-01-15 13:58 - 000602112 _____ C:\Windows\system32\e92G0.exe
2020-01-15 12:14 - 2020-01-16 14:25 - 018874368 _____ C:\Windows\system32\C_32770.NLS
2020-01-15 12:13 - 2020-01-15 12:14 - 000000000 ____D C:\ProgramData\KZEVI3HGKU5TA6T9NL28EXZEQ
2020-01-15 12:05 - 2020-01-15 12:06 - 000000000 ____D C:\ProgramData\KUKPX4VLJ67XYC1SDHJVWYVW6
2020-01-15 11:44 - 2020-01-15 12:02 - 000000000 ____D C:\Users\27845\AppData\LocalLow\AdLibs
2020-01-15 11:44 - 2020-01-15 11:44 - 000000266 _____ C:\Users\27845\AppData\LocalLow\thunderbird.txt
2020-01-15 11:32 - 2020-01-15 11:32 - 001895384 _____ C:\Users\27845\AppData\Local\Istech.bin
2020-01-15 11:32 - 2020-01-15 11:32 - 000000000 ____D C:\Windows\SysWOW64\jwvaxflh
2020-01-15 11:31 - 2020-01-15 11:31 - 008460288 _____ C:\Users\27845\AppData\Local\agent.dat
2020-01-15 11:31 - 2020-01-15 11:31 - 002157848 _____ C:\Users\27845\AppData\Local\Zimsoft.tst
2020-01-15 11:31 - 2020-01-15 11:31 - 000602112 _____ C:\Windows\system32\61dzW5w9.exe
2020-01-15 11:31 - 2020-01-15 11:31 - 000126464 _____ C:\Users\27845\AppData\Local\noah.dat
2020-01-15 11:31 - 2020-01-15 11:31 - 000070992 _____ C:\Users\27845\AppData\Local\Config.xml
2020-01-15 11:31 - 2020-01-15 11:29 - 001767424 _____ C:\Users\27845\AppData\Local\Zimsoft.exe
2020-01-15 11:30 - 2020-01-15 19:23 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2020-01-15 11:30 - 2020-01-15 19:23 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-01-15 11:30 - 2020-01-15 11:31 - 000005568 _____ C:\Users\27845\AppData\Local\md.xml
2020-01-15 11:30 - 2020-01-15 11:30 - 006504336 ____N C:\Windows\system32\Drivers\Wdf66150.sys
2020-01-15 11:30 - 2020-01-15 11:30 - 000140800 _____ C:\Users\27845\AppData\Local\installer.dat
2020-01-15 11:30 - 2020-01-15 11:30 - 000126464 _____ C:\Users\27845\AppData\Local\lobby.dat
2020-01-15 11:30 - 2020-01-15 11:30 - 000068317 _____ C:\Users\27845\AppData\Local\Bioflex.tst
2020-01-15 11:30 - 2020-01-15 11:30 - 000044032 _____ C:\Users\27845\AppData\Local\ApplicationHosting.dat
2020-01-15 11:30 - 2020-01-15 11:30 - 000000000 ____D C:\ProgramData\I2PWNYQQ6KB0AOEUMD6APQ8KB
2020-01-15 11:30 - 2020-01-15 11:29 - 001767424 _____ C:\Users\27845\AppData\Local\Bioflex.exe
2020-01-15 11:29 - 2020-01-15 11:30 - 000000000 ____D C:\Program Files (x86)\Beo
2020-01-15 11:29 - 2020-01-15 11:29 - 000000000 ____D C:\Users\27845\AppData\Roaming\Novicorp
2020-01-15 11:29 - 2020-01-15 11:29 - 000000000 ____D C:\Users\27845\AppData\Local\Novicorp
2020-01-15 11:29 - 2020-01-15 11:29 - 000000000 ____D C:\Program Files (x86)\Novicorp WinToFlash
2020-01-15 11:27 - 2020-01-15 11:28 - 001728000 _____ C:\Users\27845\AppData\Roaming\scvrrv.exe
2020-01-15 11:26 - 2020-01-15 14:12 - 000000000 ____D C:\Windows\system32\Tasks\System
2020-01-15 11:26 - 2020-01-15 14:12 - 000000000 ____D C:\Users\27845\AppData\Roaming\Intel Rapid
2020-01-15 11:26 - 2020-01-15 11:26 - 016061440 _____ C:\Users\27845\AppData\Roaming\ervdetbrvyb.exe
2020-01-15 11:26 - 2020-01-15 11:26 - 000000000 ____D C:\ProgramData\UBlockPlugin
2020-01-15 11:24 - 2020-01-15 14:52 - 000000000 ____D C:\Program Files (x86)\Copa
2020-01-15 11:23 - 2020-01-15 11:23 - 000000000 ____D C:\ProgramData\Newfol
2020-01-07 23:18 - 2020-01-07 23:18 - 003794953 _____ C:\Users\27845\Desktop\Construction-Cost-Guide-2019.pdf
2020-01-06 15:13 - 2020-01-06 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2020-01-06 15:13 - 2020-01-06 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2020-01-06 15:13 - 2020-01-06 15:13 - 000000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2020-01-06 15:12 - 2020-01-06 15:12 - 000000000 ____D C:\Windows\PCHEALTH
2020-01-06 15:12 - 2020-01-06 15:12 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2020-01-06 15:12 - 2020-01-06 15:12 - 000000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2020-01-06 15:12 - 2020-01-06 15:12 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2020-01-06 15:11 - 2020-01-06 15:13 - 000000000 ____D C:\Windows\SHELLNEW
2020-01-06 15:11 - 2020-01-06 15:11 - 000000000 __RHD C:\MSOCache
2020-01-06 15:11 - 2020-01-06 15:11 - 000000000 ____D C:\Program Files\Microsoft Office
2020-01-06 15:11 - 2020-01-06 15:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2020-01-06 15:07 - 2020-01-06 15:07 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2020-01-06 13:04 - 2020-01-06 13:04 - 000005114 _____ C:\Users\27845\Documents\cc_20200106_130358.reg
2020-01-06 13:00 - 2020-01-06 13:00 - 000039834 _____ C:\Users\27845\Documents\cc_20200106_130003.reg
2020-01-04 04:54 - 2020-01-04 04:54 - 000003988 _____ C:\Windows\system32\Tasks\WpsExternal_27845_20200104045407
2020-01-04 04:54 - 2020-01-04 04:54 - 000000000 ____D C:\Users\27845\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2019-12-20 16:11 - 2019-12-20 16:11 - 000000450 _____ C:\Windows\wotsuper.reg
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-01-17 12:13 - 2019-05-13 18:44 - 000000000 ____D C:\Users\27845\AppData\Roaming\BitTorrent Web
2020-01-17 12:10 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-17 11:59 - 2019-05-08 23:25 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-01-17 11:11 - 2019-05-07 18:27 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-01-16 15:19 - 2019-05-07 22:23 - 000000000 ____D C:\Users\27845\AppData\LocalLow\Mozilla
2020-01-16 14:32 - 2019-05-07 18:36 - 000840852 _____ C:\Windows\system32\PerfStringBackup.INI
2020-01-16 14:32 - 2018-09-15 09:31 - 000000000 ____D C:\Windows\INF
2020-01-16 14:27 - 2019-11-11 09:56 - 000032768 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-shm
2020-01-16 14:27 - 2019-11-11 09:55 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-shm
2020-01-16 14:27 - 2019-11-11 09:55 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb-shm
2020-01-16 14:27 - 2019-09-05 09:00 - 000000000 ____D C:\Users\27845\AppData\Local\BitTorrentHelper
2020-01-16 14:27 - 2019-05-07 18:50 - 000000000 ___RD C:\Users\27845\OneDrive
2020-01-16 14:26 - 2019-09-09 10:34 - 000000000 ____D C:\Windows\Minidump
2020-01-16 14:26 - 2019-07-31 17:23 - 000000000 ____D C:\ProgramData\NVIDIA
2020-01-16 14:26 - 2019-05-13 18:23 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-01-16 14:26 - 2019-05-07 18:27 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-16 14:18 - 2018-09-15 08:09 - 000786432 _____ C:\Windows\system32\config\BBI
2020-01-16 14:07 - 2019-05-07 23:48 - 000000000 ____D C:\Users\27845\Desktop\TOOLS
2020-01-16 14:07 - 2019-05-07 23:25 - 000000000 ____D C:\ProgramData\Auslogics
2020-01-16 14:06 - 2019-05-07 23:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2020-01-16 13:36 - 2019-05-09 00:54 - 000000000 ____D C:\Users\27845\AppData\Local\Microsoft Help
2020-01-16 12:46 - 2019-11-11 09:56 - 000086552 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-wal
2020-01-16 12:14 - 2019-05-07 18:41 - 000000000 ____D C:\Users\27845
2020-01-16 12:13 - 2019-05-13 18:49 - 000000000 ____D C:\Users\27845\AppData\Roaming\Lavasoft
2020-01-16 12:13 - 2019-05-13 18:49 - 000000000 ____D C:\Users\27845\AppData\Local\Lavasoft
2020-01-16 12:13 - 2019-05-13 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2020-01-16 12:13 - 2019-05-13 18:49 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2020-01-16 12:13 - 2019-05-13 18:44 - 000000000 ____D C:\ProgramData\Lavasoft
2020-01-16 12:13 - 2019-05-09 01:02 - 000002324 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-16 12:13 - 2019-05-09 01:02 - 000002283 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-01-16 12:13 - 2019-05-09 01:02 - 000002283 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-01-15 18:23 - 2019-06-18 04:43 - 000000000 ____D C:\Program Files\UNP
2020-01-15 18:20 - 2019-05-07 18:27 - 000614344 _____ C:\Windows\system32\FNTCACHE.DAT
2020-01-15 18:18 - 2018-09-15 09:33 - 000000000 ___SD C:\Windows\system32\UNP
2020-01-15 18:18 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\ShellExperiences
2020-01-15 18:18 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\bcastdvr
2020-01-15 17:39 - 2019-05-08 00:37 - 000000000 ____D C:\Windows\system32\MRT
2020-01-15 17:27 - 2019-05-08 00:37 - 120202352 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-01-15 17:27 - 2018-09-15 09:23 - 000000000 ____D C:\Windows\CbsTemp
2020-01-15 16:22 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\LiveKernelReports
2020-01-15 14:05 - 2019-05-07 23:38 - 000000000 ____D C:\Program Files\CCleaner
2020-01-15 11:30 - 2018-09-15 08:09 - 017973248 _____ C:\Windows\system32\C_3389.NLS
2020-01-15 11:29 - 2019-05-07 22:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-01-14 22:24 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-14 22:24 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\AppReadiness
2020-01-11 15:38 - 2019-05-07 21:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-01-11 15:37 - 2018-09-15 08:09 - 018087936 _____ C:\Windows\system32\config\BCD00000000
2020-01-11 14:42 - 2019-05-07 18:50 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1433173932-3963356919-369050832-1001
2020-01-11 14:42 - 2019-05-07 18:41 - 000002374 _____ C:\Users\27845\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-11 11:56 - 2019-05-07 23:38 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-01-10 23:15 - 2019-05-07 22:23 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-01-10 14:00 - 2019-05-07 19:06 - 000001613 _____ C:\Users\27845\Desktop\IExplore.lnk
2020-01-08 23:44 - 2018-09-15 08:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-01-06 15:15 - 2018-09-15 09:31 - 000000167 _____ C:\Windows\win.ini
2020-01-06 15:13 - 2019-05-13 14:05 - 000000000 ____D C:\Program Files (x86)\MSBuild
2020-01-06 15:13 - 2019-05-07 18:27 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-01-06 15:12 - 2019-05-09 00:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-01-06 15:12 - 2018-09-15 09:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-01-06 15:03 - 2019-05-07 23:07 - 000748816 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2020-01-06 13:32 - 2019-11-11 09:55 - 000057712 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-wal
2020-01-06 13:03 - 2019-05-07 18:47 - 000000000 ____D C:\Users\27845\AppData\Local\Packages
2020-01-06 13:00 - 2019-05-08 21:55 - 000000000 ___RD C:\Users\27845\Documents\MEGA
2020-01-06 13:00 - 2019-05-08 21:18 - 000000000 ____D C:\Windows\system32\Tasks\MEGA
2020-01-06 12:52 - 2019-05-08 04:10 - 000000000 ____D C:\Windows\Panther
2020-01-05 18:04 - 2019-07-10 00:24 - 000001908 _____ C:\Users\27845\Desktop\BitTorrent Web.lnk
2020-01-05 18:04 - 2019-05-13 18:44 - 000001894 _____ C:\Users\27845\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk
2020-01-04 04:54 - 2019-05-11 01:39 - 000003574 _____ C:\Windows\system32\Tasks\WpsUpdateTask_27845
2020-01-02 11:15 - 2019-05-07 19:39 - 000000000 ____D C:\Users\27845\AppData\Local\PlaceholderTileLogoFolder
2020-01-02 11:15 - 2019-05-07 18:48 - 000000000 ____D C:\Users\27845\AppData\Local\Publishers
2019-12-22 11:10 - 2019-05-30 12:13 - 000000925 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2019-12-22 11:10 - 2019-05-07 21:56 - 000000925 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2019-12-22 11:10 - 2019-05-07 21:56 - 000000925 _____ C:\ProgramData\Desktop\Mozilla Thunderbird.lnk
2019-12-20 12:10 - 2019-05-09 01:01 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories ========
2020-01-15 11:30 - 2020-01-15 19:23 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2020-01-15 11:30 - 2020-01-15 19:23 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2018-09-15 09:28 - 2018-09-15 09:28 - 000232960 ___SH () C:\Users\27845\AppData\Roaming\dthritw
2020-01-15 11:26 - 2020-01-15 11:26 - 016061440 _____ () C:\Users\27845\AppData\Roaming\ervdetbrvyb.exe
2018-09-15 09:28 - 2018-09-15 09:28 - 000000270 ___SH () C:\Users\27845\AppData\Roaming\scdsvfc
2020-01-15 11:27 - 2020-01-15 11:28 - 001728000 _____ () C:\Users\27845\AppData\Roaming\scvrrv.exe
2018-09-15 09:28 - 2018-09-15 09:28 - 000314570 ___SH () C:\Users\27845\AppData\Roaming\trtcjua
2020-01-15 11:31 - 2020-01-15 11:31 - 008460288 _____ () C:\Users\27845\AppData\Local\agent.dat
2020-01-15 11:30 - 2020-01-15 11:30 - 000044032 _____ () C:\Users\27845\AppData\Local\ApplicationHosting.dat
2020-01-15 11:30 - 2020-01-15 11:29 - 001767424 _____ () C:\Users\27845\AppData\Local\Bioflex.exe
2020-01-15 11:30 - 2020-01-15 11:30 - 000068317 _____ () C:\Users\27845\AppData\Local\Bioflex.tst
2020-01-15 11:31 - 2020-01-15 11:31 - 000070992 _____ () C:\Users\27845\AppData\Local\Config.xml
2020-01-15 11:30 - 2020-01-15 11:30 - 000140800 _____ () C:\Users\27845\AppData\Local\installer.dat
2020-01-15 11:32 - 2020-01-15 11:32 - 001895384 _____ () C:\Users\27845\AppData\Local\Istech.bin
2020-01-15 11:30 - 2020-01-15 11:30 - 000126464 _____ () C:\Users\27845\AppData\Local\lobby.dat
2020-01-15 11:30 - 2020-01-15 11:31 - 000005568 _____ () C:\Users\27845\AppData\Local\md.xml
2020-01-15 11:31 - 2020-01-15 11:31 - 000126464 _____ () C:\Users\27845\AppData\Local\noah.dat
2020-01-15 11:32 - 2020-01-15 11:32 - 000032038 _____ () C:\Users\27845\AppData\Local\uninstall_temp.ico
2020-01-15 11:31 - 2020-01-15 11:29 - 001767424 _____ () C:\Users\27845\AppData\Local\Zimsoft.exe
2020-01-15 11:31 - 2020-01-15 11:31 - 002157848 _____ () C:\Users\27845\AppData\Local\Zimsoft.tst
==================== FLock ==============================
2020-01-17 00:22 C:\Windows\system32\config\SYSTEM
2020-01-15 11:30 C:\Windows\system32\Drivers\Wdf66150.sys
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Here is the Addition.txt log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2020
Ran by 27845 (17-01-2020 12:18:15)
Running from C:\Users\27845\Desktop
Windows 10 Pro Version 1809 17763.973 (X64) (2019-05-07 16:30:37)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
27845 (S-1-5-21-1433173932-3963356919-369050832-1001 - Administrator - Enabled) => C:\Users\27845
Administrator (S-1-5-21-1433173932-3963356919-369050832-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1433173932-3963356919-369050832-503 - Limited - Disabled)
Guest (S-1-5-21-1433173932-3963356919-369050832-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1433173932-3963356919-369050832-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
8GadgetPack (HKLM-x32\...\{9B9D3CF8-D10A-4A8D-8630-37ED01E9A37D}) (Version: 28.0.0 - 8GadgetPack.net)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 8.0.1.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 8.3.0.0 - Auslogics Labs Pty Ltd)
BitTorrent Web (HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\btweb) (Version: 1.0.7 - BitTorrent, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
Corel Graphics - Windows Shell Extension (HKLM\...\_{3CAAE169-6001-48ED-B2C6-5B6F511552FD}) (Version: 18.0.0.448 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{3CAAE169-6001-48ED-B2C6-5B6F511552FD}) (Version: 18.0.448 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{C8730B1A-133D-4546-8E21-9EC186341F20}) (Version: 18.0.448 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (HKLM-x32\...\{5D0275EA-F3CE-450A-A5A3-F852E30CA46F}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (HKLM-x32\...\{994F3055-8433-46A7-8E1F-6CC7B68B01F0}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (HKLM-x32\...\{EFB8E269-0619-475B-8C5B-96F98551AA33}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (HKLM-x32\...\{84749C5C-FA80-4779-BD96-544165A8CD31}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (HKLM-x32\...\{30FAE453-9F77-4F70-928E-042BEF00D011}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (HKLM-x32\...\{41263A64-D276-484F-9056-AD58C8995E35}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (HKLM-x32\...\{8DADD35F-49CE-4D18-AE6D-135DD150E74F}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (HKLM-x32\...\{7F5DE3F2-5865-4D4A-89D1-AAEFE1F96E50}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (HKLM-x32\...\{657EAD32-8E7A-43C0-A794-3BB31B00DC34}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (HKLM-x32\...\{D29A4F85-0FB7-4E54-B591-044652C4295F}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (HKLM-x32\...\{0A0143FF-ECB5-4960-A2E0-DC3150ABBBE0}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (HKLM-x32\...\{950055ED-DC61-4874-8EDB-E5CDE1D218CD}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (HKLM-x32\...\{F3286FA3-DF68-4948-8D1D-ED3A539077B3}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (HKLM-x32\...\{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (HKLM-x32\...\{877522BE-A318-4603-9B00-DF319C6FA2B1}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (HKLM-x32\...\{4C614BD3-607E-4289-BB51-4D87EC7BBD62}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (HKLM-x32\...\{246FE426-2661-4DD6-9603-DF2E6832387C}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (HKLM-x32\...\_{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.1.0.572 - Corel Corporation)
CorelDRAW Graphics Suite X7 (HKLM-x32\...\{08A60D9D-C206-46BF-9602-1F2616878CF7}) (Version: 17.1 - Corel Corporation) Hidden
DataCAD 16 (HKLM-x32\...\{0E9D81AE-03F0-42B2-A9BE-75D347CFF537}) (Version: 16.04.01 - DATACAD LLC)
DataCAD 16 Setup (HKLM-x32\...\{8A80DF77-CC7A-45D6-81BD-12C2CE4289C4}) (Version: 16.04.01 - DATACAD LLC) Hidden
DataCAD 19 (HKLM-x32\...\{65C9BB7F-1A20-4133-9167-9999518E1773}) (Version: 19.03.03.01 - DATACAD LLC)
DreamTrips version 2.12 (HKLM-x32\...\{13E374E4-E610-4F9E-ACC4-E461DA17D869}_is1) (Version: 2.12 - DreamTrips Inc)
Epic Games Launcher (HKLM-x32\...\{5B340CD5-07E3-41AA-9117-0A0EC863E454}) (Version: 1.1.220.0 - Epic Games, Inc.)
Epson Easy Photo Print 2 (HKLM-x32\...\{F05A434E-D3CF-4B44-9D3E-779D42090781}) (Version: 2.8.0.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON L386 Series Printer Uninstall (HKLM\...\EPSON L386 Series) (Version: - Seiko Epson Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.56.1.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{0854CD22-DF5E-4587-B977-6FC9DB57B63D}) (Version: 4.5.0 - Seiko Epson Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{145AE349-477A-45E5-A57C-5F5BF2BB5775}) (Version: 20.0.14.1085 - Kaspersky Lab)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.126 - Logitech)
Lotus NotesSQL 3.01 driver (HKLM-x32\...\{113EECD6-9A04-11D4-811D-00805F923B86}) (Version: - )
Lotus SmartSuite - English (HKLM-x32\...\{536D6172-7453-7569-7465-392E37300409}) (Version: 9.7.0 - Lotus Development Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Mozilla Firefox 72.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 72.0.1 (x64 en-US)) (Version: 72.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.3.0 - Mozilla)
Mozilla Thunderbird 68.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 68.3.0 (x86 en-US)) (Version: 68.3.0 - Mozilla)
Mozilla Thunderbird 68.3.1 (x86 en-US) (HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Mozilla Thunderbird 68.3.1 (x86 en-US)) (Version: 68.3.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetWorx 5.3.4 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research)
Novicorp WinToFlash Lite version 1.13.0000 (HKLM-x32\...\{A1A1FF24-34C6-4B77-BDB7-A689979F018C}_is1) (Version: 1.13.0000 - Novicorp)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
OpenOffice 4.1.6 (HKLM-x32\...\{16E4FF6B-31E8-4037-B627-D87CF872E32B}) (Version: 4.16.9790 - Apache Software Foundation)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
pdfreader2019 version 20.01 (HKLM-x32\...\{624C8304-BA22-422C-97D6-A1233BC1167E}_is1) (Version: 20.01 - )
SketchUp 2013 (HKLM-x32\...\{72B622C9-AA10-47D7-A10C-377CF9BC8502}) (Version: 13.0.4124 - Trimble Navigation Limited)
SketchUp 2017 (HKLM\...\{BCA90A4C-9C6A-49D1-91F9-594A0BE02432}) (Version: 17.1.174 - Trimble, Inc.)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.8352 - TeamViewer)
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unreal Datasmith Exporter for SketchUp Pro (HKLM\...\{E73898B2-FF0E-4AEB-BA67-8B67CF9A6213}) (Version: 4.23.0.0 - Epic Games, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
wotsuper 2.1 (HKLM-x32\...\wotsuper 2.1) (Version: 2.1 - wotsuper)
WPS Office (11.2.0.9127) (HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\Kingsoft Office) (Version: 11.2.0.9127 - Kingsoft Corp.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Packages:
=========
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [2019-11-16] (Dolby Laboratories)
Jewels of Rome: Match gems to restore the city -> C:\Program Files\WindowsApps\828B5831.JewelsofRomeMatchgemstorestorethecity_1.7.701.0_x86__ytsefhwckbdv6 [2020-01-07] (G5 Entertainment AB)
Kaspersky Password Manager Extension -> C:\Program Files\WindowsApps\KasperskyLab.KasperskyPasswordManagerExtension_2.9.1.0_x64__8jx5e25qw3tdc [2019-12-18] (Kaspersky Lab)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-05-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-05-07] (Microsoft Corporation) [MS Ad]
Microsoft Jigsaw -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJigsaw_1.9.1911.0_x86__8wekyb3d8bbwe [2019-12-19] (Microsoft Studios) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.12130.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Studios) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-13] (Microsoft Studios) [MS Ad]
Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.6.10070.0_x64__8wekyb3d8bbwe [2019-12-25] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
Photo Editor | Polarr -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.10.7.0_x64__jb41c8remg0x2 [2019-12-24] (Polarr)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1433173932-3963356919-369050832-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\27845\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-1433173932-3963356919-369050832-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\27845\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-1433173932-3963356919-369050832-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> E:\WPS Office\11.2.0.9127\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-1433173932-3963356919-369050832-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> E:\Program Files\WinZip\adxloader64.dll () [File not signed]
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6718864 2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => E:\Program Files\WinZip\wzshls64.dll [2013-07-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => E:\Program Files\WinZip\wzshls64.dll [2013-07-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-05-11] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => E:\Program Files\WinZip\wzshls64.dll [2013-07-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers1_S-1-5-21-1433173932-3963356919-369050832-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => E:\WPS Office\11.2.0.9127\office6\kwpsmenushellext64.dll [2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-1433173932-3963356919-369050832-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => E:\WPS Office\11.2.0.9127\office6\kwpsmenushellext64.dll [2020-01-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\27845\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
ShortcutWithArgument: C:\Users\27845\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
==================== Loaded Modules (Whitelisted) =============
2019-05-07 23:16 - 2015-03-03 15:50 - 000758784 _____ () [File not signed] C:\Program Files\NetWorx\sqlite.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 001414656 _____ () [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\avcodec-58.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 000898048 _____ () [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\avformat-58.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 000451072 _____ () [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\avutil-56.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 000151552 _____ () [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\swresample-3.dll
2019-09-03 23:00 - 2019-09-03 23:00 - 098275328 _____ () [File not signed] D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2019-09-03 23:00 - 2019-09-03 23:00 - 000092672 _____ () [File not signed] D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2019-09-03 23:00 - 2019-09-03 23:00 - 003922432 _____ () [File not signed] D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2019-04-16 09:22 - 2002-04-10 11:42 - 000233472 _____ () [File not signed] D:\Program Files\AutoSpec\NetsyncV2\libmySQL.DLL
2019-04-16 09:22 - 2014-07-25 15:54 - 000706560 ____N () [File not signed] D:\Program Files\AutoSpec\wombat.dll
1998-08-28 16:42 - 1998-08-28 16:42 - 000153088 _____ () [File not signed] E:\lotus\organize\ormmime.dll
1998-08-28 16:42 - 1998-08-28 16:42 - 000138752 _____ () [File not signed] E:\lotus\organize\ormprot.dll
1998-08-28 16:42 - 1998-08-28 16:42 - 000220160 _____ () [File not signed] E:\lotus\organize\ormutil.dll
2019-05-08 00:50 - 2019-01-27 14:34 - 000638464 _____ (Helmut Buhler) [File not signed] C:\Program Files\Windows Sidebar\dwmapi.dll
2001-07-25 14:24 - 2001-07-25 14:24 - 000162816 _____ (Lotus Developement Corp) [File not signed] E:\lotus\organize\orgapi32.dll
1998-01-06 18:49 - 1998-01-06 18:49 - 000125952 _____ (Lotus Development Corporation) [File not signed] E:\lotus\compnent\LTSCSN13.DLL
2001-07-25 14:05 - 2001-07-25 14:05 - 000023040 _____ (Lotus Development Corporation) [File not signed] E:\lotus\organize\ecEN.dll
2001-07-25 14:09 - 2001-07-25 14:09 - 002895872 _____ (Lotus Development Corporation) [File not signed] E:\lotus\organize\OR1C50EN.DLL
2001-07-25 14:09 - 2001-07-25 14:09 - 000886272 _____ (Lotus Development Corporation) [File not signed] E:\lotus\organize\ORBACK.dll
2001-07-25 14:07 - 2001-07-25 14:07 - 000779264 _____ (Lotus Development Corporation) [File not signed] E:\lotus\organize\orutil.dll
2001-05-29 03:38 - 2001-05-29 03:38 - 000330752 _____ (Lotus Development Corporation.) [File not signed] E:\lotus\compnent\LTASWN23.DLL
1998-06-17 11:45 - 1998-06-17 11:45 - 000077878 _____ (Microsoft Corporation) [File not signed] E:\lotus\organize\MSVCIRT.dll
2019-07-31 17:24 - 2017-10-27 18:06 - 000760032 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
2019-07-31 17:24 - 2017-10-27 18:06 - 000874368 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2019-07-31 17:24 - 2017-10-27 18:06 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2016-05-09 09:20 - 2016-05-09 09:20 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2019-09-03 23:00 - 2019-09-03 23:00 - 000547840 _____ (The Chromium Authors) [File not signed] D:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 001277952 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\LIBEAY32.dll
2019-12-20 02:29 - 2019-12-20 02:29 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\27845\AppData\Roaming\BitTorrent Web\SSLEAY32.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\27845\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\localhost -> localhost
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 09:31 - 2019-05-11 17:58 - 000006895 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 3dns-2.adobe.com #192.150.22.22
127.0.0.1 3dns-3.adobe.com #192.150.14.21
127.0.0.1 3dns-4.adobe.com #192.150.18.247
127.0.0.1 3dns-5.adobe.com #192.150.22.46
127.0.0.1 adobe-dns.adobe.com #192.150.11.30
127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
127.0.0.1 adobe.activate.com #69.175.22.26
127.0.0.1 activate.adobe.com #192.150.22.40
127.0.0.1 activate.wip3.adobe.com #192.150.22.40
127.0.0.1 activate.wip4.adobe.com #192.150.22.40
127.0.0.1 activate-sea.adobe.com #192.150.22.40
127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
127.0.0.1 ereg.adobe.com #192.150.18.103
127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
127.0.0.1 practivate.adobe.com #192.150.18.54
127.0.0.1 www.wip3.adobe.com #192.150.8.60
127.0.0.1 www.wip4.adobe.com #192.150.18.200
127.0.0.1 www.adobeereg.com #75.125.24.83
127.0.0.1 adobeereg.com #207.66.2.10
127.0.0.1 hl2rcv.adobe.com #192.150.14.174
127.0.0.1 wwis-dubc1-vip30.adobe.com #192.150.8.30
127.0.0.1 wwis-dubc1-vip31.adobe.com #192.150.8.31
127.0.0.1 wwis-dubc1-vip32.adobe.com #192.150.8.32
127.0.0.1 wwis-dubc1-vip33.adobe.com #192.150.8.33
127.0.0.1 wwis-dubc1-vip34.adobe.com #192.150.8.34
127.0.0.1 wwis-dubc1-vip35.adobe.com #192.150.8.35
127.0.0.1 wwis-dubc1-vip36.adobe.com #192.150.8.36
127.0.0.1 wwis-dubc1-vip37.adobe.com #192.150.8.37
There are 89 more lines.
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{2EFAAC53-ED29-4294-A3D8-8EFAFA5423FF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{11ED0506-1D7E-4828-BDB8-7A60C79580CC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5874E804-9F10-4128-AEF3-826322D71230}] => (Allow) C:\Program Files\NetWorx\networx.exe (SOFTPERFECT PTY. LTD. -> SoftPerfect Research)
FirewallRules: [{0FFE1D1A-8AA3-4284-AE29-6DD6E063A755}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{22A12BAD-6D4F-46B2-9F13-2194F01B927E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{0FB2C62D-99F9-40C4-A7DB-6C8B6184BA02}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{5AF23BAC-56FB-4580-8513-D0C32439F714}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{8C7CCBC3-C1B6-4483-A7DC-13723B0B420B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{A943A13E-D3BE-4EF2-BE88-4EA9D99425E3}] => (Allow) E:\WPS Office\11.2.0.9127\office6\wps.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
FirewallRules: [TCP Query User{47D717EF-B8AB-4DA4-9C41-33A8686B60A5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{AFD2556C-22F0-4663-9100-627CCD268C61}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{07F3D827-6BDA-4823-B4DE-9EC0C77193EE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{24C6FABE-D249-44D6-A37D-1C4CE0D7B3AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A2966F60-25C3-468E-AE13-6FBD2D0EB782}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{374183A5-992E-46E8-A819-540E8052DE93}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E374618A-A4D2-4D77-BF8A-EEF972EDE56A}] => (Allow) C:\Users\27845\AppData\Roaming\BitTorrent Web\btweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
FirewallRules: [{2480E7A2-C9CC-401A-8FBA-961B5DB806FF}] => (Allow) C:\Users\27845\AppData\Roaming\BitTorrent Web\btweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
FirewallRules: [{0B7A7E8C-CAAF-4CDD-BF06-AEB51229A077}] => (Block) e:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{3375061E-3C3E-4137-A439-AD51EB086BBE}] => (Block) e:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{5381295C-0AB0-474A-85DD-48F9F0A447B0}] => (Allow) D:\Program Files\AutoSpec\Autospec.exe (NDTec) [File not signed]
FirewallRules: [{D66D08F3-ADD7-45F1-A94E-48C1112814EA}] => (Allow) D:\Program Files\AutoSpec\Autospec.exe (NDTec) [File not signed]
FirewallRules: [{B5BE4A8B-0A92-41C2-AD8D-6A2A1D5168F0}] => (Allow) D:\Program Files\AutoSpec\assb.exe () [File not signed]
FirewallRules: [{60D12B64-D430-4E08-8E21-657814DF020A}] => (Allow) D:\Program Files\AutoSpec\assb.exe () [File not signed]
FirewallRules: [{4C23A3CD-E5FD-4BE6-9AB0-770C46D7AEC2}] => (Allow) D:\Program Files\AutoSpec\asloader.exe () [File not signed]
FirewallRules: [{6337ED56-1403-4CFE-9C7A-6531AE6B7B50}] => (Allow) D:\Program Files\AutoSpec\asloader.exe () [File not signed]
FirewallRules: [{F25E99A3-84E8-4CD7-8712-EAECC71A6C2F}] => (Allow) D:\Program Files\AutoSpec\mysql\bin\mysqld-nt.exe () [File not signed]
FirewallRules: [{2B4984E9-AE18-4306-AFF7-1AA714862D65}] => (Allow) D:\Program Files\AutoSpec\mysql\bin\mysqld-nt.exe () [File not signed]
FirewallRules: [{5F90537E-1A13-4DDB-97D4-62AD9A10BD50}] => (Allow) D:\Program Files\AutoSpec\mysql\bin\mysqld-opt.exe () [File not signed]
FirewallRules: [{E4CB22E8-AEC5-4630-8700-201A9EF00A49}] => (Allow) D:\Program Files\AutoSpec\mysql\bin\mysqld-opt.exe () [File not signed]
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:111.79 GB) (Free:52.06 GB) (47%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/17/2020 11:59:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.17763.771, time stamp: 0x066482d2
Faulting module name: KERNELBASE.dll, version: 10.0.17763.914, time stamp: 0x6cc9b5fd
Exception code: 0x8007000e
Fault offset: 0x001219b2
Faulting process id: 0x1454
Faulting application start time: 0x01d5cc6f816dbe61
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 20e12b53-fb4c-429b-bec4-3b8ba7d6a3a7
Faulting package full name:
Faulting package-relative application ID:
Error: (01/17/2020 11:13:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.17763.831, time stamp: 0x5d969e25
Faulting module name: twinapi.appcore.dll, version: 10.0.17763.973, time stamp: 0x0d83a788
Exception code: 0xc000027b
Fault offset: 0x00000000000bd578
Faulting process id: 0x11c0
Faulting application start time: 0x01d5cc8c4b94b3cd
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Faulting module path: C:\Windows\SYSTEM32\twinapi.appcore.dll
Report Id: 0a124302-1e47-4e98-b6ab-3db5267496f8
Faulting package full name: Microsoft.MicrosoftEdge_44.17763.831.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (01/16/2020 09:23:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Garbage Cleaner.exe, version: 2.5.1.0, time stamp: 0x9a0def61
Faulting module name: KERNELBASE.dll, version: 10.0.17763.914, time stamp: 0xfb6790ac
Exception code: 0xe0434352
Fault offset: 0x0000000000039159
Faulting process id: 0x1acc
Faulting application start time: 0x01d5cca261cf415f
Faulting application path: C:\ProgramData\Garbage Cleaner\Garbage Cleaner.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: b555d66d-9146-4187-b8af-61329606ee13
Faulting package full name:
Faulting package-relative application ID:
Error: (01/16/2020 09:23:46 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Garbage Cleaner.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.WebException
at System.Net.WebClient.DownloadFile(System.Uri, System.String)
at Garbage_Cleaner.Form1..ctor()
at Garbage_Cleaner.Program.Main()
Error: (01/16/2020 03:02:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeSH.exe, version: 11.0.17763.1, time stamp: 0x1244354f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x000000000000008c
Faulting process id: 0x290c
Faulting application start time: 0x01d5cc6d30b8ef74
Faulting application path: C:\Windows\system32\MicrosoftEdgeSH.exe
Faulting module path: unknown
Report Id: a4330030-b3ac-49ff-be3c-4b03a279e615
Faulting package full name: Microsoft.MicrosoftEdge_44.17763.831.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (01/16/2020 02:17:10 PM) (Source: ESENT) (EventID: 485) (User: )
Description: svchost (3588,D,35) SRUJet: An attempt to delete the file "C:\Windows\system32\sru\SRUDB.jfm" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The delete file operation will fail with error -1032 (0xfffffbf8).
Error: (01/16/2020 02:17:00 PM) (Source: ESENT) (EventID: 530) (User: )
Description: svchost (3588,D,35) SRUJet: The database page read from the file "C:\Windows\system32\sru\SRUDB.dat" at offset 20480 (0x0000000000005000) (database page 4 (0x4)) for 4096 (0x00001000) bytes failed verification due to a lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1).
The flush state on database page 4 (0x4) was 0 while the flush state on flush map page 0 (0x0) was 1.
If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (01/16/2020 02:17:00 PM) (Source: ESENT) (EventID: 476) (User: )
Description: svchost (3588,D,35) SRUJet: The database page read from the file "C:\Windows\system32\sru\SRUDB.dat" at offset 20480 (0x0000000000005000) (database page 4 (0x4)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
System errors:
=============
Error: (01/16/2020 02:27:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/16/2020 02:27:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/16/2020 02:27:28 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000061941, 0x000001ca80000000, 0x000000000000000f, 0xffffad887b8fbb00). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 3e3893a4-f73d-4e60-af44-e620c3b26888.
Error: (01/16/2020 02:27:26 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5VOB4P7)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
and APPID
Unavailable
to the user DESKTOP-5VOB4P7\27845 SID (S-1-5-21-1433173932-3963356919-369050832-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/16/2020 02:26:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (01/16/2020 02:26:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 14:20:55 on 2020/01/16 was unexpected.
Error: (01/16/2020 02:18:16 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-5VOB4P7)
Description: Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error:
"0"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/16/2020 02:18:16 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-5VOB4P7)
Description: Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error:
"0"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Windows Defender:
===================================
Date: 2020-01-15 14:14:29.938
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...85&enterprise=0
Name: Trojan:MSIL/Kryptik.MJ!ibt
ID: 2147744485
Severity: Severe
Category: Trojan
Path: file:_C:\Users\27845\AppData\Local\Temp\ksi1q3jg1gm\mkwm2pbipvb.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Beo\90678640.exe
Signature Version: AV: 1.307.2371.0, AS: 1.307.2371.0, NIS: 1.307.2371.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2020-01-15 14:14:28.237
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...09&enterprise=0
Name: Trojan:MSIL/Adload.B!MSR
ID: 2147748509
Severity: Severe
Category: Trojan
Path: file:_C:\Users\27845\AppData\Local\Temp\flr4fs45jl3\yzahvixlkyx.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Beo\90678640.exe
Signature Version: AV: 1.307.2371.0, AS: 1.307.2371.0, NIS: 1.307.2371.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2020-01-15 13:59:08.953
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...85&enterprise=0
Name: Trojan:MSIL/Kryptik.MJ!ibt
ID: 2147744485
Severity: Severe
Category: Trojan
Path: file:_C:\Users\27845\AppData\Local\Temp\dstwaqw0lak\rperskw0fp4.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Beo\90678640.exe
Signature Version: AV: 1.307.2371.0, AS: 1.307.2371.0, NIS: 1.307.2371.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2020-01-15 13:58:47.562
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...09&enterprise=0
Name: Trojan:MSIL/Adload.B!MSR
ID: 2147748509
Severity: Severe
Category: Trojan
Path: file:_C:\Users\27845\AppData\Local\Temp\52bhcskprra\5dpbm4pqpug.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Beo\90678640.exe
Signature Version: AV: 1.307.2371.0, AS: 1.307.2371.0, NIS: 1.307.2371.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2020-01-15 12:16:30.001
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...85&enterprise=0
Name: Trojan:MSIL/Kryptik.MJ!ibt
ID: 2147744485
Severity: Severe
Category: Trojan
Path: file:_C:\Users\27845\AppData\Local\Temp\scjhtvo2yfg\shcdvrm0dnb.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.307.2371.0, AS: 1.307.2371.0, NIS: 1.307.2371.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2019-05-13 15:07:02.862
Description:
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...97&enterprise=0
Name: SoftwareBundler:Win32/ICLoader.E
ID: 249597
Severity: High
Category: Software Bundler
Path: process:_pid:1900,ProcessStart:132022254638798305
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: C:\Users\27845\AppData\Local\Temp\RFanzSbeQyz1uLTh\e8432142d85606ae54dc7b76449a3456.exe
Action: Quarantine
Action Status: No additional actions required
Error Code: 0x80070005
Error description: Access is denied.
Signature Version: AV: 1.293.1502.0, AS: 1.293.1502.0, NIS: 1.293.1502.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4
CodeIntegrity:
===================================
Date: 2020-01-17 02:29:59.041
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.
Date: 2020-01-16 20:31:18.702
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.
Date: 2020-01-16 14:14:28.829
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.
Date: 2020-01-16 09:44:42.121
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.
Date: 2020-01-16 00:24:01.429
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.
Date: 2020-01-15 14:53:25.921
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.
Date: 2020-01-15 14:06:07.579
Description:
Windows blocked file \Device\HarddiskVolume10\Windows\SysWOW64\scrobj.dll which has been disallowed for protected processes.
Date: 2020-01-15 12:17:55.323
Description:
Code Integrity determined that a process (\Device\HarddiskVolume10\Windows\System32\SearchIndexer.exe) attempted to load \Device\HarddiskVolume10\ProgramData\Voyasollam\Fintop.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. V11.13B2 03/06/2012
Motherboard: MSI H67MA-E35 (MS-7680)
Processor: Intel® Core i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 75%
Total physical RAM: 8172.87 MB
Available physical RAM: 2026.84 MB
Total Virtual: 16364.87 MB
Available Virtual: 8660.81 MB
==================== Drives ================================
Drive c: (Windows SSD) (Fixed) (Total:111.79 GB) (Free:52.06 GB) NTFS
Drive d: (WIN7) (Fixed) (Total:250.89 GB) (Free:40.76 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (PROGRAMMES) (Fixed) (Total:170.13 GB) (Free:125.56 GB) NTFS
Drive f: (CAD) (Fixed) (Total:170.06 GB) (Free:73.83 GB) NTFS
Drive g: (DATA) (Fixed) (Total:165.18 GB) (Free:130.34 GB) NTFS
Drive h: (FILLING) (Fixed) (Total:165.04 GB) (Free:121.9 GB) NTFS
Drive i: (Recovery) (Fixed) (Total:9.77 GB) (Free:3.45 GB) NTFS
Drive k: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
Drive l: (WINDOWS) (Fixed) (Total:232.79 GB) (Free:71.06 GB) NTFS
\\?\Volume{3156db60-0000-0000-0000-a0c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3156DB60)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=250.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=670.4 GB) - (Type=0F Extended)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: E224E224)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 962A40A1)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Thank you for your assistance
MikeBack