Solved Possible Malware drive by download

europhile · Feb 14, 2019

I keep getting this prompt from Kaspersky (4 times) every time I open Chrome - Cannot guarantee the Authenticity of the encrypted connections..Invalid certificates.
I also observed that the Webcam is getting activated of its own
Computer slowing down
Net bandwidth being consumed during surfing
Also observed some dos scripts running at start up
I am uploading the FRST files for intial system review.
Pls assist
Thanks in Advance

Broni · Feb 14, 2019

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

Please observe forum rules. All logs have to be pasted not attached.

europhile · Feb 19, 2019

Would you like me to paste the FRST logs here

Broni · Feb 19, 2019

Yes, right here.

europhile · Feb 20, 2019

Im now also getting a malicious link trying to autodownload to my pc while opening new pages in Chrome. It's being blocked repeatedly by Kaspersky
Thanks in advance!

FRST Logs-
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.02.2019
Ran by Karl Fernandes (administrator) on DESKTOP-MTBUMQG (20-02-2019 22:19:25)
Running from C:\Users\Karl Fernandes\Desktop
Loaded Profiles: Karl Fernandes (Available Profiles: Karl Fernandes)
Platform: Windows 10 Pro Version 1803 17134.590 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Siber Systems\GoodSync\gs-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(johnsadventures.com) C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
(PrivacyRoot.com) C:\Program Files\Wipe\Wipe.exe
(BitTorrent Inc.) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe
(BitTorrent Inc.) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe
(Opera Software) C:\Program Files\Opera\58.0.3135.65\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe
(Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe
(Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe
(Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe
(Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Opera Software) C:\Program Files\Opera\58.0.3135.65\opera.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [466224 2015-06-10] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1235497104-709031345-4186220094-1001\...\Run: [BackgroundSwitcher] => C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [121688 2017-06-23] (John Conners -> johnsadventures.com)
HKU\S-1-5-21-1235497104-709031345-4186220094-1001\...\Run: [GoogleChromeAutoLaunch_5503555C4D2F4136D50FB29005E00F7F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1708016 2019-02-13] (Google LLC -> Google Inc.)
HKU\S-1-5-21-1235497104-709031345-4186220094-1001\...\Run: [Wipe Maintance] => C:\Program Files\Wipe\net1.exe [879376 2019-02-13] (Yury Saprykin -> privacyroot.com)
HKU\S-1-5-21-1235497104-709031345-4186220094-1001\...\Run: [uTorrent] => C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\uTorrent.exe [1908920 2019-01-20] (BitTorrent Inc -> BitTorrent Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-14] (Google LLC -> Google Inc.)
Startup: C:\Users\Karl Fernandes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk [2019-02-13]
ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe (PrivacyRoot.com)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 202.88.131.90 202.88.131.89 202.88.130.67
Tcpip\..\Interfaces\{33dab65e-4018-405f-9c0b-1f63a44b4e5c}: [DhcpNameServer] 202.88.131.90 202.88.131.89 202.88.130.67

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1235497104-709031345-4186220094-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-01-12]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-10] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-08] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://in.search.yahoo.com/?type=407453&fr=yo-yhp-ch
CHR Profile: C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default [2019-02-20]
CHR Extension: (Google Translate) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-12-11]
CHR Extension: (Slides) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-06]
CHR Extension: (Kaspersky Protection) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2019-01-12]
CHR Extension: (Docs) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-06]
CHR Extension: (Google Drive) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-06]
CHR Extension: (Turn Off the Lights) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2019-02-10]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-07-24]
CHR Extension: (YouTube) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-06]
CHR Extension: (Sheets) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-02-02]
CHR Extension: (Grammarly for Chrome) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-02-14]
CHR Extension: (WhatsGreen Multi Messenger) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbhfoiaobflocffnclkigpkeoagheimn [2019-01-14]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2019-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2019-02-12]
CHR Extension: (Speedtest by Ookla) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2018-05-23]
CHR Extension: (Gmail) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-03]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

europhile · Feb 20, 2019

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [7509216 2019-02-16] (Siber Systems -> )
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [317416 2018-10-11] (Intel Corporation -> Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2018-05-03] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
S3 klvssbridge64_18.0.0; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\vssbridge64.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
S3 csrusbfilter; C:\WINDOWS\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R1 epp; C:\EEK\bin64\epp.sys [142952 2019-02-13] (Emsisoft Ltd -> Emsisoft Ltd)
R3 FwLnk; C:\WINDOWS\System32\drivers\FwLnk.sys [17920 2017-12-06] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
S3 HPMoA407; C:\WINDOWS\System32\drivers\HPMoA407.sys [25088 2011-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
S3 HPubA407; C:\WINDOWS\System32\Drivers\HPubA407.sys [18944 2012-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-02-12] (Martin Malik - REALiX -> REALiX(tm))
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [73416 2018-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [123152 2018-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [89168 2018-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [219744 2018-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [1214752 2018-10-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [190784 2019-02-14] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1113696 2018-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-02-12] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50648 2017-05-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45768 2018-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [244544 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [100136 2019-02-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [301336 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116096 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [198464 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [176976 2018-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [203968 2018-02-24] (Kaspersky Lab -> AO Kaspersky Lab)
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [162024 2018-07-01] (Rivet Networks LLC -> Qualcomm Atheros, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-02-20] (Malwarebytes Corporation -> Malwarebytes)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [430016 2018-10-11] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [8429416 2018-10-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2017-12-06] (Synaptics Incorporated -> Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45944 2018-07-19] (TOSHIBA CLIENT SOLUTIONS CO., LTD. -> Toshiba Client Solutions Co., Ltd.)
S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [439576 2019-02-13] (Bitdefender SRL -> BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2019-02-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [250024 2019-01-20] (Zemana Ltd. -> Copyright 2017.)
S3 MFE_RR; \??\C:\Users\KARLFE~1\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-20 22:19 - 2019-02-20 22:21 - 000023554 _____ C:\Users\Karl Fernandes\Desktop\FRST.txt
2019-02-20 22:16 - 2019-02-20 22:16 - 000000000 ____D C:\Users\Karl Fernandes\Desktop\FRST-OlderVersion
2019-02-20 22:08 - 2019-02-20 22:08 - 000000000 ____D C:\Users\Karl Fernandes\AppData\LocalLow\uTorrent
2019-02-20 12:47 - 2019-02-20 12:47 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-02-20 12:34 - 2019-02-20 12:35 - 000000000 ____D C:\AdwCleaner
2019-02-20 12:34 - 2019-02-20 12:34 - 007316688 _____ (Malwarebytes) C:\Users\Karl Fernandes\Desktop\adwcleaner_7.2.7.0.exe
2019-02-19 22:40 - 2019-02-19 22:40 - 000100136 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2019-02-18 21:50 - 2019-02-18 21:50 - 000301336 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2019-02-18 21:49 - 2019-02-18 21:49 - 000116096 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2019-02-18 12:57 - 2019-02-18 21:49 - 000198464 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2019-02-18 12:57 - 2019-02-18 12:57 - 000244544 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2019-02-18 12:50 - 2019-02-18 12:51 - 012934387 _____ C:\Users\Karl Fernandes\Desktop\MusicBeeSetup_3_2_Update3.zip
2019-02-17 15:01 - 2019-02-17 15:02 - 000036739 _____ C:\Users\Karl Fernandes\Desktop\[FireBit.org]_richard-elliot-collection-1986-2009-mp3.torrent
2019-02-17 14:31 - 2019-02-17 14:31 - 000034847 _____ C:\Users\Karl Fernandes\Desktop\[FireBit.org]_dave-koz-collection-1990-2011-mp3.torrent
2019-02-16 12:15 - 2019-02-16 12:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodSync
2019-02-14 22:08 - 2019-02-20 22:16 - 002435072 _____ (Farbar) C:\Users\Karl Fernandes\Desktop\FRST64.exe
2019-02-14 22:05 - 2019-02-20 22:19 - 000000000 ____D C:\FRST
2019-02-14 14:27 - 2019-02-14 14:27 - 000003392 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2019-02-14 14:26 - 2019-02-14 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2019-02-14 14:26 - 2019-01-12 01:43 - 000002223 _____ C:\Users\Public\Desktop\Safe Money.lnk
2019-02-14 14:26 - 2019-01-12 01:43 - 000002199 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2019-02-14 00:05 - 2019-02-06 08:30 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-14 00:05 - 2019-02-06 08:12 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-14 00:05 - 2019-02-06 08:08 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-14 00:05 - 2019-02-06 07:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-14 00:05 - 2019-02-06 07:57 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-14 00:05 - 2019-02-06 07:57 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-14 00:05 - 2019-01-12 07:58 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-14 00:05 - 2019-01-09 11:14 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-14 00:05 - 2019-01-09 11:13 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-14 00:05 - 2019-01-09 11:12 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-14 00:05 - 2019-01-09 11:10 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-14 00:05 - 2019-01-09 11:09 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-14 00:05 - 2019-01-09 10:57 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-14 00:05 - 2019-01-09 10:56 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-14 00:05 - 2019-01-09 10:55 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-14 00:05 - 2019-01-09 10:54 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-14 00:05 - 2019-01-09 10:53 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-14 00:05 - 2019-01-09 10:53 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-14 00:05 - 2019-01-09 10:52 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-14 00:05 - 2019-01-09 10:52 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-14 00:05 - 2019-01-09 10:52 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-14 00:05 - 2019-01-09 10:50 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-14 00:05 - 2019-01-09 10:50 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-14 00:05 - 2019-01-09 10:50 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-14 00:05 - 2019-01-09 10:49 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-14 00:05 - 2019-01-09 10:49 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-14 00:05 - 2019-01-09 10:48 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-14 00:05 - 2019-01-08 08:36 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-14 00:04 - 2019-02-06 13:24 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-14 00:04 - 2019-02-06 13:23 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-14 00:04 - 2019-02-06 13:02 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-14 00:04 - 2019-02-06 13:00 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-14 00:04 - 2019-02-06 12:41 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-14 00:04 - 2019-02-06 12:22 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-14 00:04 - 2019-02-06 12:22 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-14 00:04 - 2019-02-06 08:31 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-14 00:04 - 2019-02-06 08:31 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-14 00:04 - 2019-02-06 08:31 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-14 00:04 - 2019-02-06 08:31 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-14 00:04 - 2019-02-06 08:31 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-14 00:04 - 2019-02-06 08:30 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-14 00:04 - 2019-02-06 08:30 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-14 00:04 - 2019-02-06 08:30 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-14 00:04 - 2019-02-06 08:30 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-14 00:04 - 2019-02-06 08:30 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-14 00:04 - 2019-02-06 08:30 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-14 00:04 - 2019-02-06 08:30 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-14 00:04 - 2019-02-06 08:30 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-14 00:04 - 2019-02-06 08:30 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-14 00:04 - 2019-02-06 08:30 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-14 00:04 - 2019-02-06 08:30 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-14 00:04 - 2019-02-06 08:29 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-14 00:04 - 2019-02-06 08:22 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-14 00:04 - 2019-02-06 08:15 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-14 00:04 - 2019-02-06 08:11 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-14 00:04 - 2019-02-06 08:11 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-14 00:04 - 2019-02-06 08:10 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-14 00:04 - 2019-02-06 08:08 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-14 00:04 - 2019-02-06 08:07 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-14 00:04 - 2019-02-06 08:07 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-14 00:04 - 2019-02-06 08:03 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-14 00:04 - 2019-02-06 07:59 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-14 00:04 - 2019-02-06 07:58 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-14 00:04 - 2019-02-06 07:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-14 00:04 - 2019-02-06 07:56 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-14 00:04 - 2019-02-06 07:56 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-14 00:04 - 2019-02-06 07:56 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-14 00:04 - 2019-02-06 07:56 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-14 00:04 - 2019-02-06 07:55 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-14 00:04 - 2019-02-06 07:55 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-14 00:04 - 2019-02-06 07:54 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-14 00:04 - 2019-02-06 07:54 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-14 00:04 - 2019-02-06 07:52 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-14 00:04 - 2019-02-06 07:52 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-14 00:04 - 2019-01-09 23:12 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-14 00:04 - 2019-01-09 23:11 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-14 00:04 - 2019-01-09 23:10 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-14 00:04 - 2019-01-09 23:06 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-14 00:04 - 2019-01-09 15:25 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-14 00:04 - 2019-01-09 15:25 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-14 00:04 - 2019-01-09 14:25 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-14 00:04 - 2019-01-09 14:18 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-14 00:04 - 2019-01-09 11:29 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-14 00:04 - 2019-01-09 11:13 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-14 00:04 - 2019-01-09 11:13 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-14 00:04 - 2019-01-09 11:13 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-14 00:04 - 2019-01-09 11:13 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-14 00:04 - 2019-01-09 11:13 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-14 00:04 - 2019-01-09 11:13 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-14 00:04 - 2019-01-09 11:12 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-14 00:04 - 2019-01-09 11:10 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-14 00:04 - 2019-01-09 11:10 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-14 00:04 - 2019-01-09 11:09 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-14 00:04 - 2019-01-09 11:09 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-14 00:04 - 2019-01-09 11:09 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-14 00:04 - 2019-01-09 11:09 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-14 00:04 - 2019-01-09 11:09 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-14 00:04 - 2019-01-09 11:09 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-14 00:04 - 2019-01-09 11:09 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-14 00:04 - 2019-01-09 11:09 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-14 00:04 - 2019-01-09 11:03 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-14 00:04 - 2019-01-09 11:02 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-14 00:04 - 2019-01-09 10:59 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-14 00:04 - 2019-01-09 10:57 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-14 00:04 - 2019-01-09 10:57 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-14 00:04 - 2019-01-09 10:56 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-14 00:04 - 2019-01-09 10:56 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-14 00:04 - 2019-01-09 10:52 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-14 00:04 - 2019-01-09 10:52 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-14 00:04 - 2019-01-09 10:51 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-14 00:04 - 2019-01-09 10:49 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-14 00:04 - 2019-01-09 10:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-14 00:03 - 2019-02-06 13:05 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-14 00:03 - 2019-02-06 13:00 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-14 00:03 - 2019-02-06 13:00 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-14 00:03 - 2019-02-06 12:27 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-14 00:03 - 2019-02-06 12:22 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-14 00:03 - 2019-02-06 08:31 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-14 00:03 - 2019-02-06 08:31 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-14 00:03 - 2019-02-06 08:31 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-14 00:03 - 2019-02-06 08:30 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-14 00:03 - 2019-02-06 08:30 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-14 00:03 - 2019-02-06 08:30 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-14 00:03 - 2019-02-06 08:30 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-14 00:03 - 2019-02-06 08:29 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-14 00:03 - 2019-02-06 08:29 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-14 00:03 - 2019-02-06 08:29 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-14 00:03 - 2019-02-06 08:10 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-14 00:03 - 2019-02-06 07:58 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-14 00:03 - 2019-02-06 07:56 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-14 00:03 - 2019-02-06 07:53 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-14 00:03 - 2019-02-06 07:51 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-14 00:03 - 2019-02-06 06:34 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-14 00:03 - 2019-01-12 14:26 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-14 00:03 - 2019-01-09 23:38 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-14 00:03 - 2019-01-09 23:27 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-14 00:03 - 2019-01-09 23:11 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-14 00:03 - 2019-01-09 23:05 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-14 00:03 - 2019-01-09 15:44 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-14 00:03 - 2019-01-09 11:13 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-14 00:03 - 2019-01-09 11:13 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-14 00:03 - 2019-01-09 11:13 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-14 00:03 - 2019-01-09 11:13 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-14 00:03 - 2019-01-09 11:10 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-14 00:03 - 2019-01-09 11:10 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-14 00:03 - 2019-01-09 11:09 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-14 00:03 - 2019-01-09 11:09 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-14 00:03 - 2019-01-09 11:09 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-14 00:03 - 2019-01-09 10:59 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-14 00:03 - 2019-01-09 10:54 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-14 00:03 - 2019-01-09 10:54 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-14 00:03 - 2019-01-09 10:53 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-14 00:03 - 2019-01-09 10:53 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-14 00:03 - 2019-01-09 10:53 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-14 00:03 - 2019-01-09 10:53 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-14 00:03 - 2019-01-09 10:53 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-14 00:03 - 2019-01-09 10:53 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-14 00:03 - 2019-01-09 10:52 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-14 00:03 - 2019-01-09 10:52 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-14 00:03 - 2019-01-09 10:52 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-14 00:03 - 2019-01-09 10:51 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-14 00:03 - 2019-01-09 10:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-14 00:03 - 2019-01-09 10:50 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-14 00:03 - 2019-01-09 10:04 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-14 00:03 - 2019-01-09 10:04 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-14 00:03 - 2019-01-08 14:38 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-14 00:03 - 2019-01-08 08:36 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-14 00:03 - 2019-01-08 08:36 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-13 23:34 - 2019-02-13 23:34 - 000000000 ____D C:\ProgramData\Emsisoft
2019-02-13 23:21 - 2019-02-16 22:04 - 000000000 ____D C:\EEK
2019-02-13 23:08 - 2018-09-20 09:42 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-02-13 16:37 - 2019-02-13 16:56 - 000000056 _____ C:\WINDOWS\Lic.xxx
2019-02-13 15:03 - 2019-02-13 15:03 - 000655872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr90.dll
2019-02-13 15:03 - 2019-02-13 15:03 - 000632064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr80.dll
2019-02-13 15:03 - 2019-02-13 15:03 - 000572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp90.dll
2019-02-13 15:03 - 2019-02-13 15:03 - 000554240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp80.dll
2019-02-13 15:03 - 2019-02-13 15:03 - 000439576 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2019-02-13 15:03 - 2019-02-13 15:03 - 000176760 _____ (MicroWorld Technologies Inc.) C:\WINDOWS\SysWOW64\eEmpty.exe
2019-02-13 15:02 - 2019-02-13 15:02 - 000001096 _____ C:\Users\Karl Fernandes\Desktop\MWAVSCAN.lnk
2019-02-13 15:02 - 2019-02-13 15:02 - 000000000 ____D C:\ProgramData\MicroWorld
2019-02-13 12:07 - 2019-02-13 12:07 - 000000000 ____D C:\Users\Karl Fernandes\AppData\Roaming\Macromedia
2019-02-13 12:02 - 2019-02-20 15:15 - 000000000 ____D C:\Users\Karl Fernandes\AppData\Roaming\Wipe
2019-02-13 12:02 - 2019-02-13 12:02 - 000001828 _____ C:\Users\Karl Fernandes\Desktop\Wipe.lnk
2019-02-13 12:02 - 2019-02-13 12:02 - 000000220 _____ C:\Users\Karl Fernandes\Desktop\PrivacyRoot Software.url
2019-02-13 12:02 - 2019-02-13 12:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wipe
2019-02-13 12:02 - 2019-02-13 12:02 - 000000000 ____D C:\Program Files\Wipe
2019-02-06 21:12 - 2019-02-06 21:12 - 000001965 _____ C:\Users\Public\Desktop\Media Preview Configuration.lnk
2019-02-06 21:12 - 2019-02-06 21:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BabelSoft
2019-02-06 21:12 - 2019-02-06 21:12 - 000000000 ____D C:\Program Files\Media Preview
2019-02-06 21:12 - 2019-02-06 21:12 - 000000000 ____D C:\Program Files (x86)\Media Preview

europhile · Feb 20, 2019

=================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-20 22:22 - 2018-04-12 05:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-20 22:22 - 2017-12-29 20:50 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-02-20 22:22 - 2017-12-07 21:37 - 000000000 ____D C:\Users\Karl Fernandes\AppData\Roaming\uTorrent
2019-02-20 22:19 - 2019-01-20 14:36 - 000085429 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-02-20 22:07 - 2017-12-06 17:10 - 000000000 __SHD C:\Users\Karl Fernandes\IntelGraphicsProfiles
2019-02-20 14:46 - 2018-04-12 05:08 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-20 14:46 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-20 12:54 - 2018-05-27 04:30 - 000838564 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-20 12:54 - 2018-04-12 05:06 - 000000000 ____D C:\WINDOWS\INF
2019-02-20 12:46 - 2018-05-27 04:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-20 12:46 - 2018-04-12 02:34 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-02-20 12:35 - 2018-02-12 13:45 - 000000000 ____D C:\Users\Karl Fernandes\AppData\Roaming\IObit
2019-02-19 23:29 - 2018-04-12 05:00 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-19 22:48 - 2018-05-27 04:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-18 22:41 - 2017-12-11 22:53 - 000000000 ____D C:\Users\Karl Fernandes\AppData\Roaming\AIMP
2019-02-18 12:57 - 2018-02-15 15:07 - 000000000 ____D C:\Users\Karl Fernandes\AppData\Roaming\MusicBee
2019-02-18 12:52 - 2018-02-15 15:07 - 000001094 _____ C:\Users\Karl Fernandes\Desktop\MusicBee.lnk
2019-02-16 12:15 - 2018-09-20 22:31 - 000001955 _____ C:\Users\Public\Desktop\GoodSync Explorer.lnk
2019-02-16 12:15 - 2018-09-20 22:31 - 000001891 _____ C:\Users\Public\Desktop\GoodSync.lnk
2019-02-16 12:15 - 2018-09-20 22:30 - 000000000 ____D C:\Program Files\Siber Systems
2019-02-16 12:15 - 2018-09-20 22:28 - 000000000 ____D C:\ProgramData\GoodSync
2019-02-16 01:59 - 2017-12-29 20:51 - 000000000 ____D C:\Program Files\Common Files\AV
2019-02-15 23:40 - 2018-05-27 04:40 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1512664732
2019-02-15 23:40 - 2017-12-07 22:08 - 000001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-02-15 23:40 - 2017-12-07 22:04 - 000000000 ____D C:\Program Files\Opera
2019-02-15 23:35 - 2017-12-06 21:56 - 000000000 ____D C:\Program Files\rempl
2019-02-14 16:51 - 2018-04-12 02:34 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-02-14 14:26 - 2017-12-29 20:50 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2019-02-14 14:07 - 2017-12-06 14:09 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-14 14:07 - 2017-12-06 14:09 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-14 13:45 - 2018-05-27 04:11 - 000317016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-14 01:46 - 2018-04-12 05:08 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-14 01:46 - 2018-04-12 05:08 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-14 01:46 - 2018-04-12 05:08 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-14 01:46 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-14 01:46 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-14 01:46 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-14 00:02 - 2017-12-06 22:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-13 23:57 - 2017-12-06 22:00 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-13 22:49 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-13 21:16 - 2019-01-20 14:36 - 001935778 _____ C:\WINDOWS\ZAM.krnl.trace
2019-02-13 21:16 - 2019-01-20 14:31 - 000000000 ____D C:\WINDOWS\System32\Tasks\Phoenix360
2019-02-13 16:48 - 2018-05-27 04:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-02-13 16:38 - 2015-07-10 16:34 - 000000545 _____ C:\WINDOWS\win.ini
2019-02-13 15:03 - 2018-11-17 22:13 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-02-13 00:46 - 2017-12-11 23:09 - 000000000 ____D C:\Users\Karl Fernandes\AppData\Roaming\vlc
2019-02-12 22:02 - 2018-05-27 04:17 - 000000000 ____D C:\Users\Karl Fernandes
2019-02-10 18:50 - 2018-05-27 04:40 - 000003394 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1235497104-709031345-4186220094-1001
2019-02-10 18:50 - 2018-05-27 04:17 - 000002390 _____ C:\Users\Karl Fernandes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-10 18:50 - 2017-12-06 14:05 - 000000000 ___RD C:\Users\Karl Fernandes\OneDrive
2019-02-10 13:08 - 2018-07-12 22:15 - 000000000 ____D C:\ProgramData\Packages
2019-02-08 22:35 - 2019-01-20 19:42 - 000001029 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2019-02-08 22:35 - 2019-01-20 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2019-02-08 22:35 - 2019-01-20 19:42 - 000000000 ____D C:\Program Files (x86)\Calibre2
2019-02-06 13:49 - 2018-10-06 21:46 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-03 04:23 - 2019-01-09 13:17 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-03 04:23 - 2019-01-09 13:17 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-25 15:06 - 2017-12-06 14:01 - 000000000 ____D C:\Users\Karl Fernandes\AppData\Local\Packages

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-27 04:11

==================== End of FRST.txt ============================

europhile · Feb 20, 2019

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019
Ran by Karl Fernandes (20-02-2019 22:23:12)
Running from C:\Users\Karl Fernandes\Desktop
Windows 10 Pro Version 1803 17134.590 (X64) (2018-05-26 23:12:03)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1235497104-709031345-4186220094-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1235497104-709031345-4186220094-503 - Limited - Disabled)
Guest (S-1-5-21-1235497104-709031345-4186220094-501 - Limited - Disabled)
Karl Fernandes (S-1-5-21-1235497104-709031345-4186220094-1001 - Administrator - Enabled) => C:\Users\Karl Fernandes
WDAGUtilityAccount (S-1-5-21-1235497104-709031345-4186220094-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1235497104-709031345-4186220094-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
AIMP (HKLM-x32\...\AIMP) (Version: v4.51.2084, 01.12.2018 - AIMP DevTeam)
Ashampoo Burning Studio FREE (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
calibre (HKLM-x32\...\{133AA70C-DB58-48DB-90AE-3A7033C896A7}) (Version: 3.39.1 - Kovid Goyal)
CDex - Digital Audio CD Extractor and Converter (HKLM-x32\...\CDex) (Version: 1.99.0.2018 - CDex.mu)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.2.0 - IObit)
FairStars CD Ripper 1.90 (HKLM-x32\...\FairStars CD Ripper_is1) (Version: - FairStars Soft)
FastStone Image Viewer 6.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.2 - FastStone Soft)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.4.0.16811 - Foxit Software Inc.)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 10.9.24.4 - Siber Systems Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP DeskJet 2130 series Basic Device Software (HKLM\...\{A81ACE32-12C9-43C8-BFD6-BEA725ACB9F4}) (Version: 40.11.1124.17107 - HP Inc.)
HP DeskJet 2130 series Help (HKLM-x32\...\{1CDFD3C9-BDF8-4DDC-BDA2-EBC53F938B5F}) (Version: 35.0.0 - Hewlett Packard)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5059 - Intel Corporation)
John's Background Switcher 4.15 (HKLM-x32\...\{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1) (Version: 4.15 - johnsadventures.com)
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Kobo (HKLM-x32\...\Kobo) (Version: 4.6.8458 - Rakuten Kobo Inc.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Media Preview (HKLM\...\{52AFC3E1-0FAA-4C05-88FF-373911EA68F5}) (Version: 1.4.3.429 - BabelSoft)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1235497104-709031345-4186220094-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mixxx 2.0.0 (64-bit) (HKLM-x32\...\Mixxx (2.0.0)) (Version: 2.0.0 - The Mixxx Development Team)
MusicBee 3.2 (HKLM-x32\...\MusicBee) (Version: 3.2 - Steven Mayall)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 58.0.3135.65 (HKLM-x32\...\Opera 58.0.3135.65) (Version: 58.0.3135.65 - Opera Software)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Product Improvement Study for HP DeskJet 2130 series (HKLM\...\{0AF24D23-22CC-44D8-B0B5-D8222C92D1EB}) (Version: 40.11.1124.17107 - HP Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8549 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SD Card Formatter (HKLM-x32\...\{10C16E01-F739-4093-89A7-E570589FA0F6}) (Version: 5.0.0 - SD Association)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.58 - Synaptics Incorporated)
System Mechanic (HKLM-x32\...\{95129D61-FF52-4FA8-A403-3E31FC5D9696}) (Version: 18.5.1.208 - iolo technologies, LLC)
TOSHIBA Function Key (HKLM\...\{ABB33FFD-6D6C-4670-9EF4-6181BB4D0DF2}) (Version: 1.1.15.6404 - Toshiba Corporation)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.0 - VideoLAN)
Windows 10 Permanent Activator Ultimate v2.4 (HKLM\...\{DEAA82EE-A9D5-4343-B8AB-A89F8D595751}_is1) (Version: v2.4 - )
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22314 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wipe (HKLM\...\wipe) (Version: 17.32 - PrivacyRoot.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1235497104-709031345-4186220094-1001_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {18017515-9468-D082-43E5-70E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-1235497104-709031345-4186220094-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1235497104-709031345-4186220094-1001_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {579CDE80-9468-D082-D64E-EDA685889A47} => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2019-01-20] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\x64\Incinerator.dll [2018-12-14] (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2019-01-20] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\x64\Incinerator.dll [2018-12-14] (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

europhile · Feb 20, 2019

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A48B9B-1B43-4B7D-82B5-6A7CF5E4FE9D} - System32\Tasks\Phoenix360\ActiveMessenger-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveBridge.exe (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC)
Task: {32D8F182-D667-4EFC-B65F-6CD2F71F8D44} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
Task: {46426DE7-DC13-497A-BA61-5FD49855CD19} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4710DB45-23AA-42D7-921F-D22ED378FE63} - System32\Tasks\Phoenix360\ActiveSync-MalwareKiller => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activebridge.exe (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC)
Task: {772F2268-3B0A-4908-A31E-6AF2F0C80E99} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {7E8A3ECE-29CA-4324-A7CB-6A3311CB62F6} - System32\Tasks\HPCustParticipation HP DeskJet 2130 series => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe (Hewlett Packard -> HP Inc.)
Task: {862B9C68-9802-485C-A941-A35E7D17E0A0} - System32\Tasks\Phoenix360\ActiveMessenger-MalwareKiller => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveBridge.exe (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC)
Task: {936AE1A5-A729-44B4-A417-1F024B096A1E} - System32\Tasks\Opera scheduled Autoupdate 1512664732 => c:\program files\opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {987FB993-5D96-4AFF-A834-4E0B4DF5C088} - System32\Tasks\Driver Booster SkipUAC (Karl Fernandes) => C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe (IObit Information Technology -> IObit)
Task: {9B4C0F50-8D11-45CA-A221-C2F1C1D42DA7} - System32\Tasks\Phoenix360\ActiveSync-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activebridge.exe (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC)
Task: {C73F7959-5D7F-4497-916E-E872AB27F942} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {CCBC45EB-0A5F-4AFA-8583-C9BFD60625FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {EB42B287-CF13-4C27-BE97-8F0B770D3F7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-10-06 21:46 - 2019-02-06 13:48 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-12 05:04 - 2018-04-12 05:04 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2019-02-16 12:15 - 2019-02-16 12:15 - 007509216 _____ () C:\Program Files\Siber Systems\GoodSync\gs-server.exe
2018-04-12 05:04 - 2018-04-12 05:04 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2019-01-09 00:42 - 2018-11-09 07:47 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-02-14 00:04 - 2019-02-06 07:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-04 21:32 - 2018-10-04 21:34 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-02-15 23:34 - 2019-02-15 23:34 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-02-15 23:34 - 2019-02-15 23:34 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2019-02-15 23:34 - 2019-02-15 23:34 - 010541568 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-02-15 23:34 - 2019-02-15 23:34 - 002933760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\skypert.dll
2019-02-15 23:34 - 2019-02-15 23:34 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2012-07-18 18:38 - 2012-07-18 18:38 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2019-02-14 14:07 - 2019-02-13 10:44 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll
2019-02-14 14:07 - 2019-02-13 10:44 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll
2019-02-15 23:40 - 2019-02-15 23:39 - 000701016 _____ () C:\Program Files\Opera\58.0.3135.65\opera_elf.dll
2019-02-15 23:40 - 2019-02-15 23:39 - 109943384 _____ () C:\Program Files\Opera\58.0.3135.65\opera_browser.dll
2019-02-15 23:40 - 2019-02-15 23:35 - 005212760 _____ () C:\Program Files\Opera\58.0.3135.65\libglesv2.dll
2019-02-15 23:40 - 2019-02-15 23:34 - 000117336 _____ () C:\Program Files\Opera\58.0.3135.65\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 16:34 - 2015-07-10 16:32 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1235497104-709031345-4186220094-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Karl Fernandes\AppData\Roaming\johnsadventures.com\Background Switcher\ActiveBackground.jpg
DNS Servers: 202.88.131.90 - 202.88.131.89
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1235497104-709031345-4186220094-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_5503555C4D2F4136D50FB29005E00F7F"
HKU\S-1-5-21-1235497104-709031345-4186220094-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

europhile · Feb 20, 2019

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{31139541-2049-4DF0-995E-119CC1F73C61}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe (IObit Information Technology -> IObit)
FirewallRules: [{F1318004-54BA-498C-BB1B-1A60AE8FA9EE}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe (IObit Information Technology -> IObit)
FirewallRules: [{6B7A65E3-DE7C-4045-9194-14E66D67AAC2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{F49694CE-FFB7-45FE-BAAE-5538D45590A7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{74A8EEC0-70C5-46E6-AEDD-120AF626517D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe (IObit Information Technology -> IObit)
FirewallRules: [{9342B114-F74E-4181-AD38-1AAE4A24FD5E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe (IObit Information Technology -> IObit)
FirewallRules: [{F539D54D-9DBA-4DEB-8DC0-E04587798755}] => (Allow) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{9A107F50-9669-4E59-8784-C9E7CCD1FF03}] => (Allow) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{34C08E47-AA98-40FA-A440-C7B16DC585EC}] => (Allow) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{7470D53C-6DD3-436A-9EF4-329AAA14E219}] => (Allow) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{9C78CF31-2178-446F-BB20-4FA9B6201662}] => (Allow) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A681FD47-DFB8-4750-AF84-2C6EDF31EA97}] => (Allow) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{900171B0-D0B1-4BDE-9EE5-DBB55D9DF34A}] => (Allow) C:\Program Files\Windows 10 Permanent Activator Ultimate v2.4\Windows 10 Permanent Activator Ultimate v2.4.exe ()
FirewallRules: [{4FD34E40-478A-4CDC-B93D-22C55D1E096B}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{AE391433-6D98-4784-ABA4-A758F77281F5}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{9E9E0526-B0C2-4C2A-B930-34A42AB189F5}] => (Allow) c:\program files\opera\57.0.3098.116\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{0846EF43-C834-4FEF-8D10-5AB432B66331}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{E6D644F0-6ACB-4A8F-AE23-B39F7DF7BD90}] => (Allow) c:\program files\opera\58.0.3135.65\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{5360E899-77D4-44C1-8AC2-67A1310D2FC7}] => (Allow) C:\Program Files\Siber Systems\GoodSync\gs-server.exe (Siber Systems -> )

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2019 10:10:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/20/2019 10:10:15 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (02/20/2019 10:10:04 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/20/2019 02:42:53 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/20/2019 02:42:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (02/20/2019 12:49:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/20/2019 12:49:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/20/2019 12:40:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

System errors:
=============
Error: (02/20/2019 10:09:54 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MTBUMQG)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-MTBUMQG\Karl Fernandes SID (S-1-5-21-1235497104-709031345-4186220094-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2019 10:08:31 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MTBUMQG)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-MTBUMQG\Karl Fernandes SID (S-1-5-21-1235497104-709031345-4186220094-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2019 10:07:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2019 10:07:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2019 10:07:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2019 02:43:56 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MTBUMQG)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-MTBUMQG\Karl Fernandes SID (S-1-5-21-1235497104-709031345-4186220094-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2019 02:42:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: 9NBLGGH4QGHW-Microsoft.MicrosoftStickyNotes.

Error: (02/20/2019 02:42:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

europhile · Feb 20, 2019

Windows Defender:
===================================
Date: 2018-11-26 22:40:33.489
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {51354D40-59F0-4E14-B606-4EA8D3DAF19A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-26 22:33:33.133
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A662765F-D94D-4C72-B799-99C0AA56E270}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-25 23:07:57.142
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B6A6BA2E-0836-448B-BF6F-E68CD52331BC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-25 23:00:46.807
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EA1F277D-7B82-4ABA-901E-1553FADFABA2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-25 22:41:26.442
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B8A3B3C0-BF09-499E-856E-C7AD222FEE1A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-20 20:42:16.021
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.293.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80070643
Error description: Fatal error during installation.

Date: 2018-11-20 20:42:11.832
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

CodeIntegrity:
===================================

Date: 2018-08-09 20:36:45.146
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-09 20:36:45.106
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-09 20:36:42.229
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-09 20:36:42.161
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 1037U @ 1.80GHz
Percentage of memory in use: 72%
Total physical RAM: 3978.35 MB
Available physical RAM: 1074.63 MB
Total Virtual: 6666.35 MB
Available Virtual: 3444.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:14.82 GB) NTFS
Drive e: (Data) (Fixed) (Total:284.19 GB) (Free:96.51 GB) NTFS
Drive f: (Music) (Fixed) (Total:80.22 GB) (Free:18.56 GB) NTFS

\\?\Volume{3ee912a2-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.19 GB) NTFS
\\?\Volume{3ee912a2-0000-0000-0000-003f74000000}\ () (Fixed) (Total:0.78 GB) (Free:0.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 3EE912A2)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=364.4 GB) - (Type=0F Extended)
Partition 4: (Not Active) - (Size=794 MB) - (Type=27)

==================== End of Addition.txt ============================

Broni · Feb 20, 2019

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Remove Selected.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

europhile · Feb 22, 2019

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-22-2019
# Duration: 00:00:23
# OS: Windows 10 Pro
# Scanned: 31818
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

AdwCleaner[S00].txt - [1641 octets] - [20/02/2019 12:35:27]
AdwCleaner[C00].txt - [1729 octets] - [20/02/2019 12:35:50]
AdwCleaner[S01].txt - [1371 octets] - [20/02/2019 12:45:28]
AdwCleaner[C01].txt - [1557 octets] - [20/02/2019 12:45:47]
AdwCleaner[S02].txt - [1493 octets] - [21/02/2019 23:33:57]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########

europhile · Feb 22, 2019

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/21/19
Scan Time: 11:07 PM
Log File: 606b105e-35ff-11e9-b7aa-008cfa6e80b6.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.527
Update Package Version: 1.0.9374
License: Free

-System Information-
OS: Windows 10 (Build 17134.590)
CPU: x64
File System: NTFS
User: DESKTOP-MTBUMQG\Karl Fernandes

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 277577
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 24 min, 10 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

europhile · Feb 22, 2019

RogueKiller Anti-Malware V13.1.5.0 (x64) [Feb 18 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : Karl Fernandes [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190204_072850, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/02/21 23:04:35 (Duration : 00:44:46)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Iolo (Potentially Malicious)] Incinerator.dll [IOLO TECHNOLOGIES, LLC] -- %programfiles(x86)%\Phoenix360\System Mechanic\x64\Incinerator.dll -> Unloaded
[Suspicious.Path (Potentially Malicious)] MFE_RR -- %SystemDrive%\Users\KARLFE~1\AppData\Local\Temp\mfe_rr.sys -> Stopped
[PUP.Iolo (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{9081C77F-9FAF-4551-A878-10A4249CD1FA} -- [%programfiles(x86)%\Phoenix360\System Mechanic\x64\Incinerator.dll] -> Deleted
[PUP.Iolo (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{BF2E05D5-4FD3-47D4-B502-6AF23DFF1CF5} -- [%programfiles(x86)%\Phoenix360\System Mechanic\x64\Incinerator.dll] -> Deleted
[PUP.Iolo (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{D90EF6CF-32CB-476D-B57C-1A71E58E8301} -- [%programfiles(x86)%\Phoenix360\System Mechanic\x64\Incinerator.dll] -> Deleted
[PUP.Iolo (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{E8215BEA-3290-4C73-964B-75502B9B41B2} -- [%programfiles(x86)%\Phoenix360\System Mechanic\x64\Incinerator.dll] -> Deleted
[PUP.Iolo (Potentially Malicious)] HKEY_CLASSES_ROOT\CLSID\{F148A78C-91B1-45DC-83A9-291108F3B245} -- [%programfiles(x86)%\Phoenix360\System Mechanic\x64\Incinerator.dll] -> Deleted
[PUP.Iolo (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Phoenix360 -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MFE_RR -- [%SystemDrive%\Users\KARLFE~1\AppData\Local\Temp\mfe_rr.sys] -> Deleted
[PUP.Iolo (Potentially Malicious)] System Mechanic.lnk -- %SystemDrive%\Users\Public\Desktop\System Mechanic.lnk (lnk => C:\PROGRA~2\PHOENI~1\SYSTEM~1\SYSTEM~1.EXE []) -> Deleted
[PUP.Iolo (Potentially Malicious)] Phoenix360 -- %localappdata%\Phoenix360 -> Deleted
[PUP.Iolo (Potentially Malicious)] System Mechanic.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\System Mechanic\System Mechanic.lnk (lnk => C:\PROGRA~2\PHOENI~1\SYSTEM~1\SYSTEM~1.EXE []) -> Deleted
[PUP.Iolo (Potentially Malicious)] Phoenix360 -- %programdata%\Phoenix360 -> Deleted
[PUP.Iolo (Potentially Malicious)] Phoenix360 -- %programfiles(x86)%\Phoenix360 -> Removed at reboot [91]
[PUP.Iolo (Potentially Malicious)] Phoenix360 -- %programfiles(x86)%\Phoenix360 -> Removed at reboot [91]
[PUP.Iolo (Potentially Malicious)] Phoenix360 -- %localappdata%\Phoenix360 -> Found

Broni · Feb 22, 2019

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

europhile · Feb 26, 2019

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.02.2019 01
Ran by Karl Fernandes (administrator) on DESKTOP-MTBUMQG (26-02-2019 20:47:21)
Running from C:\Users\Karl Fernandes\Desktop
Loaded Profiles: Karl Fernandes (Available Profiles: Karl Fernandes)
Platform: Windows 10 Pro Version 1803 17134.590 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Siber Systems -> ) C:\Program Files\Siber Systems\GoodSync\gs-server.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(John Conners -> johnsadventures.com) C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\uTorrent.exe
(Yury Saprykin -> PrivacyRoot.com) C:\Program Files\Wipe\Wipe.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [466224 2015-06-10] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1235497104-709031345-4186220094-1001\...\Run: [BackgroundSwitcher] => C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [121688 2017-06-23] (John Conners -> johnsadventures.com)
HKU\S-1-5-21-1235497104-709031345-4186220094-1001\...\Run: [GoogleChromeAutoLaunch_5503555C4D2F4136D50FB29005E00F7F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1708016 2019-02-20] (Google LLC -> Google Inc.)
HKU\S-1-5-21-1235497104-709031345-4186220094-1001\...\Run: [Wipe Maintance] => C:\Program Files\Wipe\net1.exe [879376 2019-02-13] (Yury Saprykin -> privacyroot.com)
HKU\S-1-5-21-1235497104-709031345-4186220094-1001\...\Run: [uTorrent] => C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\uTorrent.exe [1908920 2019-01-20] (BitTorrent Inc -> BitTorrent Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-26] (Google LLC -> Google Inc.)
Startup: C:\Users\Karl Fernandes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk [2019-02-13]
ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe (Yury Saprykin -> PrivacyRoot.com)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 202.88.131.90 202.88.131.89 202.88.130.67
Tcpip\..\Interfaces\{33dab65e-4018-405f-9c0b-1f63a44b4e5c}: [DhcpNameServer] 202.88.131.90 202.88.131.89 202.88.130.67

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1235497104-709031345-4186220094-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-01-12]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-12-27] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-08] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-08] (Google Inc -> Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://in.search.yahoo.com/?type=407453&fr=yo-yhp-ch
CHR Profile: C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default [2019-02-26]
CHR Extension: (Google Translate) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-12-11]
CHR Extension: (Slides) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-06]
CHR Extension: (Kaspersky Protection) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2019-01-12]
CHR Extension: (Docs) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-06]
CHR Extension: (Google Drive) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-06]
CHR Extension: (Turn Off the Lights) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2019-02-10]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-07-24]
CHR Extension: (YouTube) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-06]
CHR Extension: (Sheets) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-02-02]
CHR Extension: (Grammarly for Chrome) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-02-26]
CHR Extension: (WhatsGreen Multi Messenger) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbhfoiaobflocffnclkigpkeoagheimn [2019-01-14]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2019-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2019-02-26]
CHR Extension: (Speedtest by Ookla) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2018-05-23]
CHR Extension: (Gmail) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\Karl Fernandes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-03]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

Opera:
=======
OPR Extension: (LastPass: Free Password Manager) - C:\Users\Karl Fernandes\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2019-02-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [7509216 2019-02-16] (Siber Systems -> )
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [317416 2018-10-11] (Intel Corporation -> Intel Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [414352 2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2018-05-03] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
S3 klvssbridge64_18.0.0; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\vssbridge64.exe" [X]

europhile · Feb 26, 2019

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
S3 csrusbfilter; C:\WINDOWS\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R1 epp; C:\EEK\bin64\epp.sys [142952 2019-02-13] (Emsisoft Ltd -> Emsisoft Ltd)
R3 FwLnk; C:\WINDOWS\System32\drivers\FwLnk.sys [17920 2017-12-06] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
S3 HPMoA407; C:\WINDOWS\System32\drivers\HPMoA407.sys [25088 2011-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
S3 HPubA407; C:\WINDOWS\System32\Drivers\HPubA407.sys [18944 2012-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-02-12] (Martin Malik - REALiX -> REALiX(tm))
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [73416 2018-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [123152 2018-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [89168 2018-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [219744 2018-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [1214752 2018-10-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [190784 2019-02-14] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1113696 2018-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-02-12] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50648 2017-05-30] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45768 2018-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [244544 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [100136 2019-02-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [301336 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116096 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [198464 2019-02-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [176976 2018-12-11] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [203968 2018-02-24] (Kaspersky Lab -> AO Kaspersky Lab)
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [162024 2018-07-01] (Rivet Networks LLC -> Qualcomm Atheros, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-02-20] (Malwarebytes Corporation -> Malwarebytes)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [430016 2018-10-11] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [8429416 2018-10-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2017-12-06] (Synaptics Incorporated -> Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45944 2018-07-19] (TOSHIBA CLIENT SOLUTIONS CO., LTD. -> Toshiba Client Solutions Co., Ltd.)
S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [439576 2019-02-13] (Bitdefender SRL -> BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2019-02-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [250024 2019-01-20] (Zemana Ltd. -> Copyright 2017.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-26 20:47 - 2019-02-26 20:50 - 000024529 _____ C:\Users\Karl Fernandes\Desktop\FRST.txt
2019-02-26 20:47 - 2019-02-26 20:47 - 000000000 ____D C:\Users\Karl Fernandes\Desktop\FRST-OlderVersion
2019-02-26 20:30 - 2019-02-26 20:30 - 000000000 ____D C:\Users\Karl Fernandes\AppData\LocalLow\uTorrent
2019-02-24 18:35 - 2019-02-25 00:19 - 000000000 ____D C:\ProgramData\Phoenix360
2019-02-22 15:01 - 2019-02-22 15:01 - 000003170 _____ C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
2019-02-21 22:15 - 2019-02-24 13:50 - 000000000 ____D C:\ProgramData\RogueKiller
2019-02-21 22:15 - 2019-02-21 22:15 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-02-21 22:15 - 2019-02-21 22:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-02-21 22:15 - 2019-02-21 22:15 - 000000000 ____D C:\Program Files\RogueKiller
2019-02-20 12:47 - 2019-02-20 12:47 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-02-20 12:34 - 2019-02-20 12:35 - 000000000 ____D C:\AdwCleaner
2019-02-20 12:34 - 2019-02-20 12:34 - 007316688 _____ (Malwarebytes) C:\Users\Karl Fernandes\Desktop\adwcleaner_7.2.7.0.exe
2019-02-19 22:40 - 2019-02-19 22:40 - 000100136 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2019-02-18 21:50 - 2019-02-18 21:50 - 000301336 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2019-02-18 21:49 - 2019-02-18 21:49 - 000116096 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2019-02-18 12:57 - 2019-02-18 21:49 - 000198464 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2019-02-18 12:57 - 2019-02-18 12:57 - 000244544 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2019-02-16 12:15 - 2019-02-16 12:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodSync
2019-02-14 22:08 - 2019-02-26 20:47 - 002433536 _____ (Farbar) C:\Users\Karl Fernandes\Desktop\FRST64.exe
2019-02-14 22:05 - 2019-02-26 20:47 - 000000000 ____D C:\FRST
2019-02-14 14:27 - 2019-02-14 14:27 - 000003392 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2019-02-14 14:26 - 2019-02-14 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2019-02-14 14:26 - 2019-01-12 01:43 - 000002223 _____ C:\Users\Public\Desktop\Safe Money.lnk
2019-02-14 14:26 - 2019-01-12 01:43 - 000002199 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2019-02-14 00:05 - 2019-02-06 08:30 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-14 00:05 - 2019-02-06 08:12 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-14 00:05 - 2019-02-06 08:08 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-14 00:05 - 2019-02-06 07:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-14 00:05 - 2019-02-06 07:57 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-14 00:05 - 2019-02-06 07:57 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-14 00:05 - 2019-01-12 07:58 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-14 00:05 - 2019-01-09 11:14 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-14 00:05 - 2019-01-09 11:13 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-14 00:05 - 2019-01-09 11:12 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-14 00:05 - 2019-01-09 11:10 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-14 00:05 - 2019-01-09 11:09 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-14 00:05 - 2019-01-09 10:57 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-14 00:05 - 2019-01-09 10:56 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-14 00:05 - 2019-01-09 10:55 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-14 00:05 - 2019-01-09 10:54 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-14 00:05 - 2019-01-09 10:53 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-14 00:05 - 2019-01-09 10:53 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-14 00:05 - 2019-01-09 10:52 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-14 00:05 - 2019-01-09 10:52 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-14 00:05 - 2019-01-09 10:52 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-14 00:05 - 2019-01-09 10:50 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-14 00:05 - 2019-01-09 10:50 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-14 00:05 - 2019-01-09 10:50 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-14 00:05 - 2019-01-09 10:49 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-14 00:05 - 2019-01-09 10:49 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-14 00:05 - 2019-01-09 10:48 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-14 00:05 - 2019-01-08 08:36 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-14 00:04 - 2019-02-06 13:24 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-14 00:04 - 2019-02-06 13:23 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-14 00:04 - 2019-02-06 13:02 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-14 00:04 - 2019-02-06 13:00 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-14 00:04 - 2019-02-06 12:41 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-14 00:04 - 2019-02-06 12:22 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-14 00:04 - 2019-02-06 12:22 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-14 00:04 - 2019-02-06 08:31 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-14 00:04 - 2019-02-06 08:31 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-14 00:04 - 2019-02-06 08:31 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-14 00:04 - 2019-02-06 08:31 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-14 00:04 - 2019-02-06 08:31 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-14 00:04 - 2019-02-06 08:30 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-14 00:04 - 2019-02-06 08:30 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-14 00:04 - 2019-02-06 08:30 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-14 00:04 - 2019-02-06 08:30 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-14 00:04 - 2019-02-06 08:30 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-14 00:04 - 2019-02-06 08:30 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-14 00:04 - 2019-02-06 08:30 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-14 00:04 - 2019-02-06 08:30 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-14 00:04 - 2019-02-06 08:30 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-14 00:04 - 2019-02-06 08:30 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-14 00:04 - 2019-02-06 08:30 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-14 00:04 - 2019-02-06 08:29 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-14 00:04 - 2019-02-06 08:22 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-14 00:04 - 2019-02-06 08:15 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-14 00:04 - 2019-02-06 08:11 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-14 00:04 - 2019-02-06 08:11 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-14 00:04 - 2019-02-06 08:10 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-14 00:04 - 2019-02-06 08:08 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-14 00:04 - 2019-02-06 08:07 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-14 00:04 - 2019-02-06 08:07 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-14 00:04 - 2019-02-06 08:03 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-14 00:04 - 2019-02-06 07:59 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-14 00:04 - 2019-02-06 07:58 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-14 00:04 - 2019-02-06 07:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-14 00:04 - 2019-02-06 07:56 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-14 00:04 - 2019-02-06 07:56 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-14 00:04 - 2019-02-06 07:56 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-14 00:04 - 2019-02-06 07:56 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-14 00:04 - 2019-02-06 07:55 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-14 00:04 - 2019-02-06 07:55 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-14 00:04 - 2019-02-06 07:54 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-14 00:04 - 2019-02-06 07:54 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-14 00:04 - 2019-02-06 07:52 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-14 00:04 - 2019-02-06 07:52 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-14 00:04 - 2019-01-09 23:12 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-14 00:04 - 2019-01-09 23:11 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-14 00:04 - 2019-01-09 23:10 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-14 00:04 - 2019-01-09 23:06 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-14 00:04 - 2019-01-09 15:25 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-14 00:04 - 2019-01-09 15:25 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-14 00:04 - 2019-01-09 14:25 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-14 00:04 - 2019-01-09 14:18 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-14 00:04 - 2019-01-09 11:29 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-14 00:04 - 2019-01-09 11:13 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-14 00:04 - 2019-01-09 11:13 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-14 00:04 - 2019-01-09 11:13 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-14 00:04 - 2019-01-09 11:13 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-14 00:04 - 2019-01-09 11:13 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-14 00:04 - 2019-01-09 11:13 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-14 00:04 - 2019-01-09 11:12 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-14 00:04 - 2019-01-09 11:10 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-14 00:04 - 2019-01-09 11:10 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-14 00:04 - 2019-01-09 11:09 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-14 00:04 - 2019-01-09 11:09 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-14 00:04 - 2019-01-09 11:09 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-14 00:04 - 2019-01-09 11:09 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-14 00:04 - 2019-01-09 11:09 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-14 00:04 - 2019-01-09 11:09 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-14 00:04 - 2019-01-09 11:09 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-14 00:04 - 2019-01-09 11:09 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-14 00:04 - 2019-01-09 11:03 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-14 00:04 - 2019-01-09 11:02 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-14 00:04 - 2019-01-09 10:59 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-14 00:04 - 2019-01-09 10:57 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-14 00:04 - 2019-01-09 10:57 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-14 00:04 - 2019-01-09 10:56 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-14 00:04 - 2019-01-09 10:56 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-14 00:04 - 2019-01-09 10:52 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-14 00:04 - 2019-01-09 10:52 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-14 00:04 - 2019-01-09 10:51 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-14 00:04 - 2019-01-09 10:49 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-14 00:04 - 2019-01-09 10:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-14 00:03 - 2019-02-06 13:05 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-14 00:03 - 2019-02-06 13:00 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-14 00:03 - 2019-02-06 13:00 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-14 00:03 - 2019-02-06 12:27 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-14 00:03 - 2019-02-06 12:22 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-14 00:03 - 2019-02-06 08:31 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-14 00:03 - 2019-02-06 08:31 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-14 00:03 - 2019-02-06 08:31 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-14 00:03 - 2019-02-06 08:30 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-14 00:03 - 2019-02-06 08:30 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-14 00:03 - 2019-02-06 08:30 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-14 00:03 - 2019-02-06 08:30 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-14 00:03 - 2019-02-06 08:29 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-14 00:03 - 2019-02-06 08:29 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-14 00:03 - 2019-02-06 08:29 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-14 00:03 - 2019-02-06 08:10 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-14 00:03 - 2019-02-06 07:58 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-14 00:03 - 2019-02-06 07:56 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-14 00:03 - 2019-02-06 07:53 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-14 00:03 - 2019-02-06 07:51 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-14 00:03 - 2019-02-06 06:34 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-14 00:03 - 2019-01-12 14:26 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-14 00:03 - 2019-01-09 23:38 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-14 00:03 - 2019-01-09 23:27 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-14 00:03 - 2019-01-09 23:11 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-14 00:03 - 2019-01-09 23:05 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-14 00:03 - 2019-01-09 15:44 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-14 00:03 - 2019-01-09 11:13 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-14 00:03 - 2019-01-09 11:13 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-14 00:03 - 2019-01-09 11:13 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-14 00:03 - 2019-01-09 11:13 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-14 00:03 - 2019-01-09 11:10 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-14 00:03 - 2019-01-09 11:10 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-14 00:03 - 2019-01-09 11:09 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-14 00:03 - 2019-01-09 11:09 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-14 00:03 - 2019-01-09 11:09 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-14 00:03 - 2019-01-09 10:59 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-14 00:03 - 2019-01-09 10:54 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-14 00:03 - 2019-01-09 10:54 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-14 00:03 - 2019-01-09 10:53 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-14 00:03 - 2019-01-09 10:53 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-14 00:03 - 2019-01-09 10:53 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-14 00:03 - 2019-01-09 10:53 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-14 00:03 - 2019-01-09 10:53 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-14 00:03 - 2019-01-09 10:53 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-14 00:03 - 2019-01-09 10:52 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-14 00:03 - 2019-01-09 10:52 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-14 00:03 - 2019-01-09 10:52 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-14 00:03 - 2019-01-09 10:51 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-14 00:03 - 2019-01-09 10:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-14 00:03 - 2019-01-09 10:50 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-14 00:03 - 2019-01-09 10:04 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-14 00:03 - 2019-01-09 10:04 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-14 00:03 - 2019-01-08 14:38 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-14 00:03 - 2019-01-08 08:36 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-14 00:03 - 2019-01-08 08:36 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-13 23:34 - 2019-02-13 23:34 - 000000000 ____D C:\ProgramData\Emsisoft
2019-02-13 23:21 - 2019-02-16 22:04 - 000000000 ____D C:\EEK
2019-02-13 23:08 - 2018-09-20 09:42 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-02-13 16:37 - 2019-02-13 16:56 - 000000056 _____ C:\WINDOWS\Lic.xxx
2019-02-13 15:03 - 2019-02-13 15:03 - 000655872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr90.dll
2019-02-13 15:03 - 2019-02-13 15:03 - 000632064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr80.dll
2019-02-13 15:03 - 2019-02-13 15:03 - 000572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp90.dll
2019-02-13 15:03 - 2019-02-13 15:03 - 000554240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp80.dll
2019-02-13 15:03 - 2019-02-13 15:03 - 000439576 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2019-02-13 15:03 - 2019-02-13 15:03 - 000176760 _____ (MicroWorld Technologies Inc.) C:\WINDOWS\SysWOW64\eEmpty.exe
2019-02-13 15:02 - 2019-02-13 15:02 - 000000000 ____D C:\ProgramData\MicroWorld
2019-02-13 12:07 - 2019-02-13 12:07 - 000000000 ____D C:\Users\Karl Fernandes\AppData\Roaming\Macromedia
2019-02-13 12:02 - 2019-02-26 20:46 - 000000000 ____D C:\Users\Karl Fernandes\AppData\Roaming\Wipe
2019-02-13 12:02 - 2019-02-13 12:02 - 000001828 _____ C:\Users\Karl Fernandes\Desktop\Wipe.lnk
2019-02-13 12:02 - 2019-02-13 12:02 - 000000220 _____ C:\Users\Karl Fernandes\Desktop\PrivacyRoot Software.url
2019-02-13 12:02 - 2019-02-13 12:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wipe
2019-02-13 12:02 - 2019-02-13 12:02 - 000000000 ____D C:\Program Files\Wipe
2019-02-06 21:12 - 2019-02-06 21:12 - 000001965 _____ C:\Users\Public\Desktop\Media Preview Configuration.lnk
2019-02-06 21:12 - 2019-02-06 21:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BabelSoft
2019-02-06 21:12 - 2019-02-06 21:12 - 000000000 ____D C:\Program Files\Media Preview
2019-02-06 21:12 - 2019-02-06 21:12 - 000000000 ____D C:\Program Files (x86)\Media Preview

europhile · Feb 26, 2019

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-26 20:51 - 2017-12-07 21:37 - 000000000 ____D C:\Users\Karl Fernandes\AppData\Roaming\uTorrent
2019-02-26 20:50 - 2019-01-20 14:36 - 000574016 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-02-26 20:50 - 2017-12-29 20:50 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-02-26 20:46 - 2018-04-12 05:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-26 20:28 - 2018-09-20 22:28 - 000000000 ____D C:\ProgramData\GoodSync
2019-02-26 20:28 - 2017-12-06 17:10 - 000000000 __SHD C:\Users\Karl Fernandes\IntelGraphicsProfiles
2019-02-26 00:20 - 2017-12-06 14:09 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-26 00:20 - 2017-12-06 14:09 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-25 00:17 - 2018-05-27 04:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-24 12:46 - 2017-12-11 22:53 - 000000000 ____D C:\Users\Karl Fernandes\AppData\Roaming\AIMP
2019-02-24 02:33 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-24 02:32 - 2018-04-12 05:08 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-24 00:54 - 2018-05-27 04:40 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1512664732
2019-02-24 00:54 - 2017-12-07 22:08 - 000001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-02-24 00:54 - 2017-12-07 22:04 - 000000000 ____D C:\Program Files\Opera
2019-02-22 00:30 - 2018-04-12 02:34 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-02-21 23:22 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-21 23:04 - 2019-01-20 14:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2019-02-20 12:54 - 2018-05-27 04:30 - 000838564 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-20 12:54 - 2018-04-12 05:06 - 000000000 ____D C:\WINDOWS\INF
2019-02-20 12:46 - 2018-05-27 04:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-20 12:46 - 2018-04-12 02:34 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-02-20 12:35 - 2018-02-12 13:45 - 000000000 ____D C:\Users\Karl Fernandes\AppData\Roaming\IObit
2019-02-19 23:29 - 2018-04-12 05:00 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-18 12:57 - 2018-02-15 15:07 - 000000000 ____D C:\Users\Karl Fernandes\AppData\Roaming\MusicBee
2019-02-18 12:52 - 2018-02-15 15:07 - 000001094 _____ C:\Users\Karl Fernandes\Desktop\MusicBee.lnk
2019-02-16 12:15 - 2018-09-20 22:31 - 000001955 _____ C:\Users\Public\Desktop\GoodSync Explorer.lnk
2019-02-16 12:15 - 2018-09-20 22:31 - 000001891 _____ C:\Users\Public\Desktop\GoodSync.lnk
2019-02-16 12:15 - 2018-09-20 22:30 - 000000000 ____D C:\Program Files\Siber Systems
2019-02-16 01:59 - 2017-12-29 20:51 - 000000000 ____D C:\Program Files\Common Files\AV
2019-02-15 23:35 - 2017-12-06 21:56 - 000000000 ____D C:\Program Files\rempl
2019-02-14 14:26 - 2017-12-29 20:50 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2019-02-14 13:45 - 2018-05-27 04:11 - 000317016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-14 01:46 - 2018-04-12 05:08 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-14 01:46 - 2018-04-12 05:08 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-14 01:46 - 2018-04-12 05:08 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-14 01:46 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-14 01:46 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-14 01:46 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-14 00:02 - 2017-12-06 22:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-13 23:57 - 2017-12-06 22:00 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-13 21:16 - 2019-01-20 14:36 - 001935778 _____ C:\WINDOWS\ZAM.krnl.trace
2019-02-13 21:16 - 2019-01-20 14:31 - 000000000 ____D C:\WINDOWS\System32\Tasks\Phoenix360
2019-02-13 16:48 - 2018-05-27 04:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-02-13 16:38 - 2015-07-10 16:34 - 000000545 _____ C:\WINDOWS\win.ini
2019-02-13 15:03 - 2018-11-17 22:13 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-02-13 00:46 - 2017-12-11 23:09 - 000000000 ____D C:\Users\Karl Fernandes\AppData\Roaming\vlc
2019-02-12 22:02 - 2018-05-27 04:17 - 000000000 ____D C:\Users\Karl Fernandes
2019-02-10 18:50 - 2018-05-27 04:40 - 000003394 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1235497104-709031345-4186220094-1001
2019-02-10 18:50 - 2018-05-27 04:17 - 000002390 _____ C:\Users\Karl Fernandes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-10 18:50 - 2017-12-06 14:05 - 000000000 ___RD C:\Users\Karl Fernandes\OneDrive
2019-02-10 13:08 - 2018-07-12 22:15 - 000000000 ____D C:\ProgramData\Packages
2019-02-08 22:35 - 2019-01-20 19:42 - 000001029 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2019-02-08 22:35 - 2019-01-20 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2019-02-08 22:35 - 2019-01-20 19:42 - 000000000 ____D C:\Program Files (x86)\Calibre2
2019-02-06 13:49 - 2018-10-06 21:46 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-03 04:23 - 2019-01-09 13:17 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-03 04:23 - 2019-01-09 13:17 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-27 04:11

==================== End of FRST.txt ============================

europhile · Feb 26, 2019

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.02.2019 01
Ran by Karl Fernandes (26-02-2019 20:52:09)
Running from C:\Users\Karl Fernandes\Desktop
Windows 10 Pro Version 1803 17134.590 (X64) (2018-05-26 23:12:03)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1235497104-709031345-4186220094-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1235497104-709031345-4186220094-503 - Limited - Disabled)
Guest (S-1-5-21-1235497104-709031345-4186220094-501 - Limited - Disabled)
Karl Fernandes (S-1-5-21-1235497104-709031345-4186220094-1001 - Administrator - Enabled) => C:\Users\Karl Fernandes
WDAGUtilityAccount (S-1-5-21-1235497104-709031345-4186220094-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1235497104-709031345-4186220094-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
AIMP (HKLM-x32\...\AIMP) (Version: v4.51.2084, 01.12.2018 - AIMP DevTeam)
Ashampoo Burning Studio FREE (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
calibre (HKLM-x32\...\{133AA70C-DB58-48DB-90AE-3A7033C896A7}) (Version: 3.39.1 - Kovid Goyal)
CDex - Digital Audio CD Extractor and Converter (HKLM-x32\...\CDex) (Version: 1.99.0.2018 - CDex.mu)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.2.0 - IObit)
FairStars CD Ripper 1.90 (HKLM-x32\...\FairStars CD Ripper_is1) (Version: - FairStars Soft)
FastStone Image Viewer 6.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.2 - FastStone Soft)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.4.0.16811 - Foxit Software Inc.)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 10.9.24.4 - Siber Systems Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.119 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP DeskJet 2130 series Basic Device Software (HKLM\...\{A81ACE32-12C9-43C8-BFD6-BEA725ACB9F4}) (Version: 40.11.1124.17107 - HP Inc.)
HP DeskJet 2130 series Help (HKLM-x32\...\{1CDFD3C9-BDF8-4DDC-BDA2-EBC53F938B5F}) (Version: 35.0.0 - Hewlett Packard)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5059 - Intel Corporation)
John's Background Switcher 4.15 (HKLM-x32\...\{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1) (Version: 4.15 - johnsadventures.com)
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Kobo (HKLM-x32\...\Kobo) (Version: 4.6.8458 - Rakuten Kobo Inc.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Media Preview (HKLM\...\{52AFC3E1-0FAA-4C05-88FF-373911EA68F5}) (Version: 1.4.3.429 - BabelSoft)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1235497104-709031345-4186220094-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mixxx 2.0.0 (64-bit) (HKLM-x32\...\Mixxx (2.0.0)) (Version: 2.0.0 - The Mixxx Development Team)
MusicBee 3.2 (HKLM-x32\...\MusicBee) (Version: 3.2 - Steven Mayall)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 58.0.3135.68 (HKLM-x32\...\Opera 58.0.3135.68) (Version: 58.0.3135.68 - Opera Software)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Product Improvement Study for HP DeskJet 2130 series (HKLM\...\{0AF24D23-22CC-44D8-B0B5-D8222C92D1EB}) (Version: 40.11.1124.17107 - HP Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8549 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RogueKiller version 13.1.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.1.5.0 - Adlice Software)
SD Card Formatter (HKLM-x32\...\{10C16E01-F739-4093-89A7-E570589FA0F6}) (Version: 5.0.0 - SD Association)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.58 - Synaptics Incorporated)
System Mechanic (HKLM-x32\...\{95129D61-FF52-4FA8-A403-3E31FC5D9696}) (Version: 18.5.1.208 - iolo technologies, LLC)
TOSHIBA Function Key (HKLM\...\{ABB33FFD-6D6C-4670-9EF4-6181BB4D0DF2}) (Version: 1.1.15.6404 - Toshiba Corporation)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.0 - VideoLAN)
Windows 10 Permanent Activator Ultimate v2.4 (HKLM\...\{DEAA82EE-A9D5-4343-B8AB-A89F8D595751}_is1) (Version: v2.4 - )
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22314 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wipe (HKLM\...\wipe) (Version: 17.32 - PrivacyRoot.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1235497104-709031345-4186220094-1001_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {18017515-9468-D082-43E5-70E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-1235497104-709031345-4186220094-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1235497104-709031345-4186220094-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1235497104-709031345-4186220094-1001_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {579CDE80-9468-D082-D64E-EDA685889A47} => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2019-01-20] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => -> No File
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2019-01-20] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => -> No File
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2019-01-12] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

europhile · Feb 26, 2019

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A48B9B-1B43-4B7D-82B5-6A7CF5E4FE9D} - System32\Tasks\Phoenix360\ActiveMessenger-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveBridge.exe (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC)
Task: {32D8F182-D667-4EFC-B65F-6CD2F71F8D44} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
Task: {46426DE7-DC13-497A-BA61-5FD49855CD19} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4710DB45-23AA-42D7-921F-D22ED378FE63} - System32\Tasks\Phoenix360\ActiveSync-MalwareKiller => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activebridge.exe (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC)
Task: {772F2268-3B0A-4908-A31E-6AF2F0C80E99} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {7BD547C5-3126-4494-A5FC-CB0F5C54F0E7} - System32\Tasks\Opera scheduled Autoupdate 1512664732 => c:\program files\opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {7E8A3ECE-29CA-4324-A7CB-6A3311CB62F6} - System32\Tasks\HPCustParticipation HP DeskJet 2130 series => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe (Hewlett Packard -> HP Inc.)
Task: {832D10EF-6FF1-4766-BF86-B79F35317B1A} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe (Adlice -> )
Task: {862B9C68-9802-485C-A941-A35E7D17E0A0} - System32\Tasks\Phoenix360\ActiveMessenger-MalwareKiller => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveBridge.exe (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC)
Task: {987FB993-5D96-4AFF-A834-4E0B4DF5C088} - System32\Tasks\Driver Booster SkipUAC (Karl Fernandes) => C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe (IObit Information Technology -> IObit)
Task: {9B4C0F50-8D11-45CA-A221-C2F1C1D42DA7} - System32\Tasks\Phoenix360\ActiveSync-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activebridge.exe (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC)
Task: {C73F7959-5D7F-4497-916E-E872AB27F942} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {CCBC45EB-0A5F-4AFA-8583-C9BFD60625FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {EB42B287-CF13-4C27-BE97-8F0B770D3F7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-10-06 21:46 - 2019-02-06 13:48 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2018-10-06 21:46 - 2019-02-06 13:48 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-10-06 21:46 - 2019-02-06 13:48 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-10-06 21:46 - 2019-02-06 13:48 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-10-06 21:46 - 2019-02-06 13:48 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-10-06 21:46 - 2019-02-06 13:48 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2018-10-06 21:46 - 2019-02-06 13:48 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-10-06 21:46 - 2019-02-06 13:48 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2018-08-18 00:19 - 2019-02-06 13:48 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-02-06 13:50 - 2019-02-06 13:48 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-02-06 13:50 - 2019-02-06 13:48 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-10-06 21:46 - 2019-02-06 13:48 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-02-06 13:50 - 2019-02-06 13:48 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-02-06 13:50 - 2019-02-06 13:48 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-02-06 13:50 - 2019-02-06 13:48 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-02-06 13:50 - 2019-02-06 13:48 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-02-06 13:50 - 2019-02-06 13:49 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-02-06 13:50 - 2019-02-06 13:48 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-02-06 13:50 - 2019-02-06 13:49 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 16:34 - 2015-07-10 16:32 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1235497104-709031345-4186220094-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Karl Fernandes\AppData\Roaming\johnsadventures.com\Background Switcher\ActiveBackground.jpg
DNS Servers: 202.88.131.90 - 202.88.131.89
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1235497104-709031345-4186220094-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_5503555C4D2F4136D50FB29005E00F7F"
HKU\S-1-5-21-1235497104-709031345-4186220094-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{31139541-2049-4DF0-995E-119CC1F73C61}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe (IObit Information Technology -> IObit)
FirewallRules: [{F1318004-54BA-498C-BB1B-1A60AE8FA9EE}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe (IObit Information Technology -> IObit)
FirewallRules: [{6B7A65E3-DE7C-4045-9194-14E66D67AAC2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{F49694CE-FFB7-45FE-BAAE-5538D45590A7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{74A8EEC0-70C5-46E6-AEDD-120AF626517D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe (IObit Information Technology -> IObit)
FirewallRules: [{9342B114-F74E-4181-AD38-1AAE4A24FD5E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe (IObit Information Technology -> IObit)
FirewallRules: [{F539D54D-9DBA-4DEB-8DC0-E04587798755}] => (Allow) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{9A107F50-9669-4E59-8784-C9E7CCD1FF03}] => (Allow) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{34C08E47-AA98-40FA-A440-C7B16DC585EC}] => (Allow) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{7470D53C-6DD3-436A-9EF4-329AAA14E219}] => (Allow) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{9C78CF31-2178-446F-BB20-4FA9B6201662}] => (Allow) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A681FD47-DFB8-4750-AF84-2C6EDF31EA97}] => (Allow) C:\Users\Karl Fernandes\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{900171B0-D0B1-4BDE-9EE5-DBB55D9DF34A}] => (Allow) C:\Program Files\Windows 10 Permanent Activator Ultimate v2.4\Windows 10 Permanent Activator Ultimate v2.4.exe () [File not signed]
FirewallRules: [{4FD34E40-478A-4CDC-B93D-22C55D1E096B}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{AE391433-6D98-4784-ABA4-A758F77281F5}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{E6D644F0-6ACB-4A8F-AE23-B39F7DF7BD90}] => (Allow) c:\program files\opera\58.0.3135.65\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{5360E899-77D4-44C1-8AC2-67A1310D2FC7}] => (Allow) C:\Program Files\Siber Systems\GoodSync\gs-server.exe (Siber Systems -> )
FirewallRules: [{B438284D-2FA6-4965-944B-7C64727D8C32}] => (Allow) c:\program files\opera\58.0.3135.68\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{B0DF6409-55F3-4934-BFBE-6E5ED86B12E9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2019 08:35:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/26/2019 08:33:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/26/2019 08:32:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/26/2019 08:32:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=12

Error: (02/26/2019 12:17:51 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/26/2019 12:17:42 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/26/2019 12:09:26 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/26/2019 12:09:15 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=11

europhile · Feb 26, 2019

System errors:
=============
Error: (02/26/2019 08:48:30 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MTBUMQG)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-MTBUMQG\Karl Fernandes SID (S-1-5-21-1235497104-709031345-4186220094-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/26/2019 08:32:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/26/2019 08:30:37 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MTBUMQG)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-MTBUMQG\Karl Fernandes SID (S-1-5-21-1235497104-709031345-4186220094-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/26/2019 08:30:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MTBUMQG)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-MTBUMQG\Karl Fernandes SID (S-1-5-21-1235497104-709031345-4186220094-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/26/2019 08:28:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/26/2019 08:28:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/26/2019 08:28:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/26/2019 12:10:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Windows Defender:
===================================
Date: 2018-11-26 22:40:33.489
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {51354D40-59F0-4E14-B606-4EA8D3DAF19A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-26 22:33:33.133
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A662765F-D94D-4C72-B799-99C0AA56E270}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-25 23:07:57.142
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B6A6BA2E-0836-448B-BF6F-E68CD52331BC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-25 23:00:46.807
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EA1F277D-7B82-4ABA-901E-1553FADFABA2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-25 22:41:26.442
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B8A3B3C0-BF09-499E-856E-C7AD222FEE1A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-20 20:42:16.021
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.293.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x80070643
Error description: Fatal error during installation.

Date: 2018-11-20 20:42:11.832
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

CodeIntegrity:
===================================

Date: 2018-08-09 20:36:45.146
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-09 20:36:45.106
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-09 20:36:42.229
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-09 20:36:42.161
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klhk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

europhile · Feb 26, 2019

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 1037U @ 1.80GHz
Percentage of memory in use: 89%
Total physical RAM: 3978.35 MB
Available physical RAM: 412.67 MB
Total Virtual: 6666.35 MB
Available Virtual: 2331.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:14.32 GB) NTFS
Drive e: (Data) (Fixed) (Total:284.19 GB) (Free:95.86 GB) NTFS
Drive f: (Music) (Fixed) (Total:80.22 GB) (Free:18.56 GB) NTFS

\\?\Volume{3ee912a2-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.19 GB) NTFS
\\?\Volume{3ee912a2-0000-0000-0000-003f74000000}\ () (Fixed) (Total:0.78 GB) (Free:0.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 3EE912A2)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=364.4 GB) - (Type=0F Extended)
Partition 4: (Not Active) - (Size=794 MB) - (Type=27)

==================== End of Addition.txt ============================

europhile · Feb 26, 2019

Chrome is still making some unauthorised connections from the backend. Kaspersky is warning

Broni · Feb 26, 2019

Reset Chrome...
Click on "Customize and control Google Chrome":

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Close all Chrome windows and tabs.
Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.

Install fresh copy.

=======================================================

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Solved Possible Malware drive by download

Posts: 31 +0

Attachments

Posts: 56,041 +516

Posts: 31 +0

Posts: 56,041 +516

Posts: 31 +0

Posts: 31 +0

Posts: 31 +0

Posts: 31 +0

Posts: 31 +0

Posts: 31 +0

Posts: 31 +0

Posts: 56,041 +516

Posts: 31 +0

Posts: 31 +0

Posts: 31 +0

Posts: 56,041 +516

Posts: 31 +0

Posts: 31 +0

Posts: 31 +0

Posts: 31 +0

Posts: 31 +0

Posts: 31 +0

Posts: 31 +0

Posts: 31 +0

Posts: 56,041 +516

Attachments